github_mirrors/openappsec
3
0
Fork 1
mirror of https://github.com/openappsec/openappsec.git synced 2025-09-27 10:18:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

fix ca loading for alpine

Browse Source
This commit is contained in:
Daniel Eisenberg 2025-09-21 12:39:45 +03:00
parent 0c0da6d91b
commit d1418516eb
3 changed files with 39 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
core/include/internal/messaging.h
View File

@ -28,6 +28,7 @@
#include "i_shell_cmd.h" #include "i_shell_cmd.h"
#include "i_rest_api.h" #include "i_rest_api.h"
#include "i_instance_awareness.h" #include "i_instance_awareness.h"
#include "i_details_resolver.h"
#include "config.h" #include "config.h"
@ -43,7 +44,8 @@ class Messaging
Singleton::Consume<I_ShellCmd>, Singleton::Consume<I_ShellCmd>,
Singleton::Consume<I_MainLoop>, Singleton::Consume<I_MainLoop>,
Singleton::Consume<I_RestApi>, Singleton::Consume<I_RestApi>,
Singleton::Consume<I_InstanceAwareness> Singleton::Consume<I_InstanceAwareness>,
Singleton::Consume<I_DetailsResolver>
{ {
public: public:
Messaging(); Messaging();

0
components/include/i_details_resolver.h → core/include/services_sdk/interfaces/i_details_resolver.h
View File

40
core/messaging/connection/connection.cc
View File

@ -262,6 +262,37 @@ public:
} }
private: private:
string
getCertificateDirectory()
{
auto details_ssl_dir = Singleton::Consume<I_AgentDetails>::by<Messaging>()->getOpenSSLDir();
if (details_ssl_dir.ok()) {
return *details_ssl_dir;
}
// Use detail_resolver to determine platform-specific certificate directory
auto maybe_platform = Singleton::Consume<I_DetailsResolver>::by<Messaging>()->getPlatform();
if (!maybe_platform.ok()) {
dbgTrace(D_CONNECTION)
<< "Failed to get platform for default certificate directory: "
<< maybe_platform.getErr();
return "/usr/lib/ssl/certs/"; // Fallback for failed platform detection
}
auto platform = maybe_platform.unpack();
if (platform == "alpine") {
return "/etc/ssl/certs/";
}
if (platform == "linux") {
return "/usr/lib/ssl/certs/";
}
return "/usr/lib/ssl/certs/";
}
Maybe<void> Maybe<void>
setSSLContext() setSSLContext()
{ {
@ -296,10 +327,11 @@ private:
} }
dbgTrace(D_CONNECTION) << "Setting CA authentication"; dbgTrace(D_CONNECTION) << "Setting CA authentication";
auto details_ssl_dir = Singleton::Consume<I_AgentDetails>::by<Messaging>()->getOpenSSLDir();
auto openssl_dir = details_ssl_dir.ok() ? *details_ssl_dir : "/usr/lib/ssl/certs/"; auto default_ssl_dir = getCertificateDirectory();
auto configured_ssl_dir = getConfigurationWithDefault(openssl_dir, "message", "Trusted CA directory"); auto configured_ssl_dir =
const char *ca_dir = configured_ssl_dir.empty() ? nullptr : configured_ssl_dir.c_str(); getProfileAgentSettingWithDefault<string>(default_ssl_dir, "agent.config.message.capath");
const char *ca_dir = configured_ssl_dir.empty() ? "/usr/lib/ssl/certs/" : configured_ssl_dir.c_str();
if (SSL_CTX_load_verify_locations(ssl_ctx.get(), ca_path.c_str(), ca_dir) != 1) { if (SSL_CTX_load_verify_locations(ssl_ctx.get(), ca_path.c_str(), ca_dir) != 1) {
return genError("Failed to load certificate locations"); return genError("Failed to load certificate locations");