c7b2752739
- Set supplementary groups when dropping privileges - Show more descriptive error messages on missing files errors - Create /usr/libexec/keylime directory Related: rhbz#2084552 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
21 lines
747 B
Diff
21 lines
747 B
Diff
--- a/src/main.rs 2022-06-28 16:54:37.559307146 +0200
|
|
+++ b/src/main.rs 2022-06-28 17:37:39.512350575 +0200
|
|
@@ -512,7 +512,16 @@
|
|
let ssl_context;
|
|
if config.mtls_enabled {
|
|
let keylime_ca_cert =
|
|
- crypto::load_x509(Path::new(&config.keylime_ca_path))?;
|
|
+ match crypto::load_x509(Path::new(&config.keylime_ca_path)) {
|
|
+ Ok(t) => Ok(t),
|
|
+ Err(e) => {
|
|
+ error!(
|
|
+ "Certificate not installed: {}",
|
|
+ config.keylime_ca_path
|
|
+ );
|
|
+ Err(e)
|
|
+ }
|
|
+ }?;
|
|
|
|
cert = crypto::generate_x509(&nk_priv, &config.agent_uuid)?;
|
|
mtls_cert = Some(&cert);
|