[pve-devel] [PATCH cluster 1/2] Refactor host fingerprint calculation in two extra subs

Wed Nov 22 09:49:10 CET 2017

This will be used later for feeding an extra API call

Signed-off-by: Emmanuel Kasper <e.kasper at proxmox.com>
---
 data/PVE/Cluster.pm | 51 ++++++++++++++++++++++++++++++++++++++++-----------
 1 file changed, 40 insertions(+), 11 deletions(-)

diff --git a/data/PVE/Cluster.pm b/data/PVE/Cluster.pm
index fef5842..5d69f0c 100644
--- a/data/PVE/Cluster.pm
+++ b/data/PVE/Cluster.pm
@@ -1443,6 +1443,42 @@ cfs_register_file('datacenter.cfg',
 		  \&parse_datacenter_config,
 		  \&write_datacenter_config);
 
+sub get_node_ssl_cert {
+    my ($node) = @_;
+
+    my $cert_path = "/etc/pve/nodes/$node/pve-ssl.pem";
+    my $custom_cert_path = "/etc/pve/nodes/$node/pveproxy-ssl.pem";
+
+    my $cert;
+
+    eval {
+	my $bio = Net::SSLeay::BIO_new_file($cert_path, 'r');
+	$cert = Net::SSLeay::PEM_read_bio_X509($bio);
+	Net::SSLeay::BIO_free($bio);
+    };
+
+    my $err = $@;
+
+    if ($err || !defined($cert)) {
+	die "unable to read host SSL cert at $cert_path $err\n";
+    }
+    return $cert;
+}
+
+sub get_cert_fingerprint {
+    my ($cert) = @_;
+    my $fingerprint;
+    eval {
+	$fingerprint = Net::SSLeay::X509_get_fingerprint($cert, 'sha256');
+    };
+
+    my $err = $@;
+    if ($err || !defined($fingerprint) || $fingerprint eq '') {
+	die "unable to fingerprint the SSL cert $err\n";
+    }
+    return $fingerprint;
+}
+
 # X509 Certificate cache helper
 
 my $cert_cache_nodes = {};
@@ -1470,29 +1506,22 @@ sub update_cert_cache {
 	    }
 	};
 
-	my $cert_path = "/etc/pve/nodes/$node/pve-ssl.pem";
-	my $custom_cert_path = "/etc/pve/nodes/$node/pveproxy-ssl.pem";
-
-	$cert_path = $custom_cert_path if -f $custom_cert_path;
-
 	my $cert;
 	eval {
-	    my $bio = Net::SSLeay::BIO_new_file($cert_path, 'r');
-	    $cert = Net::SSLeay::PEM_read_bio_X509($bio);
-	    Net::SSLeay::BIO_free($bio);
+	    $cert = get_node_ssl_cert($node);
 	};
 	my $err = $@;
-	if ($err || !defined($cert)) {
+	if ($err) {
 	    &$clear_old() if $clear;
 	    next;
 	}
 
 	my $fp;
 	eval {
-	    $fp = Net::SSLeay::X509_get_fingerprint($cert, 'sha256');
+	    $fp = get_cert_fingerprint($cert);
 	};
 	$err = $@;
-	if ($err || !defined($fp) || $fp eq '') {
+	if ($err) {
 	    &$clear_old() if $clear;
 	    next;
 	}
-- 
2.11.0



