Werk #8647: cmk-update-agent: Fixed certificate verification issues in case openssl tools are not available
| Komponente | Agent bakery |
| Titel | cmk-update-agent: Fixed certificate verification issues in case openssl tools are not available |
| Datum | 15.12.2016 |
| Checkmk Edition | Checkmk Enterprise (CEE) |
| Checkmk-Version | 1.4.0i3 |
| Level | Kleine Änderung |
| Klasse | Bugfix |
| Kompatibilität | Kompatibel - benötigt kein manuelles Eingreifen |
When communicating via HTTPS with the update server, the cmk-update-agent script needs to verify the certificates of the server. The allowed certificates are stored at /var/lib/check_mk_agent/cas.
In this directory there need to be the certificates (.pem files) and symlinks named with the "subject hashes" of the certificates. In previous versions these symlinks were created by the c_rehash command which is not available on all plaftforms.
We have changed that now to use the python OpenSSL bindings (if available) and fallback to the c_rehash command only in case they are not available.
