Werk #8647: cmk-update-agent: Fixed certificate verification issues in case openssl tools are not available
Komponente | Agent bakery |
Titel | cmk-update-agent: Fixed certificate verification issues in case openssl tools are not available |
Datum | 15.12.2016 |
Checkmk Edition | Checkmk Enterprise (CEE) |
Checkmk-Version | 1.4.0i3 |
Level | Kleine Änderung |
Klasse | Bugfix |
Kompatibilität | Kompatibel - benötigt kein manuelles Eingreifen |
When communicating via HTTPS with the update server, the cmk-update-agent script needs to verify the certificates of the server. The allowed certificates are stored at /var/lib/check_mk_agent/cas.
In this directory there need to be the certificates (.pem files) and symlinks named with the "subject hashes" of the certificates. In previous versions these symlinks were created by the c_rehash command which is not available on all plaftforms.
We have changed that now to use the python OpenSSL bindings (if available) and fallback to the c_rehash command only in case they are not available.