5a0b848dcf
- Update to aed51c7 commit - Require keylime-base on Fedora >= 36 - Update clap dependency - Drop rustc-serialize and flate2 dependencies - Make wiremock an optional dependency and re-enable tests - Fix serialization of structures in quotes to fix issue on big-endian - Add systemd services for the agent and secure mount - BuildRequire systemd for the services - Use more descriptive error messages on missing files errors - Set supplementary groups when dropping privileges - Create /usr/libexec/keylime directory Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
21 lines
747 B
Diff
21 lines
747 B
Diff
--- a/src/main.rs 2022-06-28 16:54:37.559307146 +0200
|
|
+++ b/src/main.rs 2022-06-28 17:37:39.512350575 +0200
|
|
@@ -512,7 +512,16 @@
|
|
let ssl_context;
|
|
if config.mtls_enabled {
|
|
let keylime_ca_cert =
|
|
- crypto::load_x509(Path::new(&config.keylime_ca_path))?;
|
|
+ match crypto::load_x509(Path::new(&config.keylime_ca_path)) {
|
|
+ Ok(t) => Ok(t),
|
|
+ Err(e) => {
|
|
+ error!(
|
|
+ "Certificate not installed: {}",
|
|
+ config.keylime_ca_path
|
|
+ );
|
|
+ Err(e)
|
|
+ }
|
|
+ }?;
|
|
|
|
cert = crypto::generate_x509(&nk_priv, &config.agent_uuid)?;
|
|
mtls_cert = Some(&cert);
|