dexter has uploaded this change for review.
certificates: add checks to make sure cert and key files are readable
In cas a certificate or key file is not reachable, the failure symptoms
may not be immediately obvious. Let's add checks to make sure all
certificate and key files are readable.
Change-Id: Icaea4aae6188bcdecbc44558aefd2609706be56f
Related: SYS#7093
---
M src/crypto_utils.erl
M src/onomondo_eim_app.erl
2 files changed, 21 insertions(+), 1 deletion(-)
git pull ssh://gerrit.osmocom.org:29418/onomondo-eim refs/changes/33/42833/1
diff --git a/src/crypto_utils.erl b/src/crypto_utils.erl
index 9d0cd0f..1bba9ab 100644
--- a/src/crypto_utils.erl
+++ b/src/crypto_utils.erl
@@ -211,7 +211,12 @@
error;
get_root_cert(EumCertificate, RootCiCertPaths) ->
[RootCiCertPath | RootCiCertPathsTail] = RootCiCertPaths,
- {ok, RootCiCertPem} = file:read_file(RootCiCertPath),
+ RootCiCertPem = case file:read_file(RootCiCertPath) of
+ {ok, FileContent} ->
+ FileContent;
+ _ ->
+ throw({"CI certificate file not readable", RootCiCertPath})
+ end,
[{'Certificate', RootCiCertBer, not_encrypted}] = public_key:pem_decode(RootCiCertPem),
{ok, EumCertificateBer} = 'PKIX1Explicit88':encode('Certificate', EumCertificate),
case public_key:pkix_is_issuer(EumCertificateBer, RootCiCertBer) of
diff --git a/src/onomondo_eim_app.erl b/src/onomondo_eim_app.erl
index ffdc68b..960d9f1 100644
--- a/src/onomondo_eim_app.erl
+++ b/src/onomondo_eim_app.erl
@@ -30,6 +30,21 @@
"Starting ESipa HTTPs server at ~p:~p...~ncertificate: ~p~nkey: ~p~n",
[Ip, Port, Cert, Key]
),
+
+ case filelib:is_file(Cert) of
+ true ->
+ ok;
+ _ ->
+ throw({"SSL certificate file not readable", Cert})
+ end,
+
+ case filelib:is_file(Key) of
+ true ->
+ ok;
+ _ ->
+ throw({"SSL private key file not readable", Key})
+ end,
+
cowboy:start_tls(
https_listener_esipa,
[
To view, visit change 42833. To unsubscribe, or for help writing mail filters, visit settings.