Skip to content
Snippets Groups Projects
Commit 8b831a80 authored by Adrien Béraud's avatar Adrien Béraud
Browse files

certstore: catch exceptions loading certificates 

Change-Id: I341b698bf4feb3fa494124cc614b6014ac24467c
parent 84bf4184
Branches
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
src/connectionmanager.cpp
+ 2
2
View file @ 8b831a80
...@@ -1452,7 +1452,7 @@ ConnectionManager::Impl::foundPeerDevice(const std::shared_ptr<dht::crypto::Cert ...@@ -1452,7 +1452,7 @@ ConnectionManager::Impl::foundPeerDevice(const std::shared_ptr<dht::crypto::Cert
// Device certificate can't be self-signed // Device certificate can't be self-signed
if (top_issuer == crt) { if (top_issuer == crt) {
if (logger) if (logger)
logger->warn("Found invalid peer device: {}", crt->getLongId()); logger->warn("Found invalid (self-signed) peer device: {}", crt->getLongId());
return false; return false;
} }
...@@ -1469,7 +1469,7 @@ ConnectionManager::Impl::foundPeerDevice(const std::shared_ptr<dht::crypto::Cert ...@@ -1469,7 +1469,7 @@ ConnectionManager::Impl::foundPeerDevice(const std::shared_ptr<dht::crypto::Cert
// Check cached OCSP response // Check cached OCSP response
if (crt->ocspResponse and crt->ocspResponse->getCertificateStatus() != GNUTLS_OCSP_CERT_GOOD) { if (crt->ocspResponse and crt->ocspResponse->getCertificateStatus() != GNUTLS_OCSP_CERT_GOOD) {
if (logger) if (logger)
logger->error("Certificate %s is disabled by cached OCSP response", crt->getLongId()); logger->error("Certificate {} is disabled by cached OCSP response", crt->getLongId());
return false; return false;
} }
......
src/security/certstore.cpp
+ 21
11
View file @ 8b831a80
...@@ -165,12 +165,17 @@ CertificateStore::getCertificate(const std::string& k) ...@@ -165,12 +165,17 @@ CertificateStore::getCertificate(const std::string& k)
std::shared_ptr<crypto::Certificate> std::shared_ptr<crypto::Certificate>
CertificateStore::getCertificateLegacy(const std::string& dataDir, const std::string& k) CertificateStore::getCertificateLegacy(const std::string& dataDir, const std::string& k)
{ {
try {
auto oldPath = fmt::format("{}/certificates/{}", dataDir, k); auto oldPath = fmt::format("{}/certificates/{}", dataDir, k);
if (fileutils::isFile(oldPath)) { if (fileutils::isFile(oldPath)) {
auto crt = std::make_shared<crypto::Certificate>(oldPath); auto crt = std::make_shared<crypto::Certificate>(oldPath);
pinCertificate(crt, true); pinCertificate(crt, true);
return crt; return crt;
} }
} catch (const std::exception& e) {
if (logger_)
logger_->warn("Can't load certificate: {:s}", e.what());
}
return {}; return {};
} }
...@@ -273,12 +278,17 @@ CertificateStore::pinCertificatePath(const std::string& path, ...@@ -273,12 +278,17 @@ CertificateStore::pinCertificatePath(const std::string& path,
std::lock_guard<std::mutex> l(lock_); std::lock_guard<std::mutex> l(lock_);
for (auto& cert : certs) { for (auto& cert : certs) {
try {
auto shared = std::make_shared<crypto::Certificate>(std::move(cert)); auto shared = std::make_shared<crypto::Certificate>(std::move(cert));
scerts.emplace_back(shared); scerts.emplace_back(shared);
auto e = certs_.emplace(shared->getId().toString(), shared); auto e = certs_.emplace(shared->getId().toString(), shared);
ids.emplace_back(e.first->first); ids.emplace_back(e.first->first);
e = certs_.emplace(shared->getLongId().toString(), shared); e = certs_.emplace(shared->getLongId().toString(), shared);
ids.emplace_back(e.first->first); ids.emplace_back(e.first->first);
} catch (const std::exception& e) {
if (logger_)
logger_->warn("Can't load certificate: {:s}", e.what());
}
} }
paths_.emplace(path, std::move(scerts)); paths_.emplace(path, std::move(scerts));
} }
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment