Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

adds feature to detect multiple certificates in PEM bundles #182

Open
wants to merge 1 commit into
base: cmk2.3
Choose a base branch
from
Open

adds feature to detect multiple certificates in PEM bundles #182

wants to merge 1 commit into from

Conversation

mayrstefan
Copy link

If a PEM bundle contains multiple certificates only the first one is detected.

This features adds further certificates to the JSON output:

  • first cert is shown as filename (#0 is omitted to stay compatible to previous outputs)
  • second cert is shown as filename#1
  • third cert is shown as filename#2
  • and so on

This should solve #181

@mayrstefan
adds feature to detect multiple certificates in PEM bundles
f9ea9a3 
If a PEM bundle contains multiple certificates only the first one is
detected.

This features adds further certificates to the JSON output:
- first cert is shown as filename (#0 is omitted to stay compatible to
  previous outputs)
- second cert is shown as filename#1
- third cert is shown as filename#2
- and so on

This should solve HeinleinSupport#181
@mayrstefan
Copy link
Author

@gurubert you closed #181 because of openssls limitation. Does this PR have a chance?

@gurubert
Copy link
Member

gurubert commented Dec 6, 2024

I am currently thinking about re-implementing the whole plugin in Python as all the string handling in Bash is getting out of hand.

@mayrstefan
Copy link
Author

A disadvantage of a python solution on the agent would be the dependency to an addition module to read the certificates. AFAIK python does not include a (public) module to process x509 certificates. I'm no fan of telling people to just use pip install xy and break the package management of traditional linux oses. For me this is dll hell all over again. I like the current plugin because it uses tools that are included in almost any linux installation.

When thinking about this PR I wanted to change or break as little as possible. Another refacoring step could be a refacoring that:

  • gets the PEM output of a single certificate (convert DER to PEM or select one if multiple certificates are chained in one file)
  • replace the occurences of openssl reading the file with echo "$PEM" | openssl ...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mayrstefan @gurubert