[pve-devel] [PATCH cluster 03/16] use PVE::Certificate to read fingerprint

Fabian Grünbichler f.gruenbichler at proxmox.com
Wed Nov 6 13:36:08 CET 2019 

instead of duplicating the whole "read certificate from file" code that
we already have in pve-common.

Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
---

Notes:
    requires versioned dependency on libpve-common-perl

 data/PVE/Cluster.pm | 23 ++---------------------
 debian/control      |  2 +-
 2 files changed, 3 insertions(+), 22 deletions(-)

diff --git a/data/PVE/Cluster.pm b/data/PVE/Cluster.pm
index 596d87e..155a639 100644
--- a/data/PVE/Cluster.pm
+++ b/data/PVE/Cluster.pm
@@ -17,6 +17,7 @@ use Socket;
 use Storable qw(dclone);
 use UUID;
 
+use PVE::Certificate;
 use PVE::INotify;
 use PVE::IPCC;
 use PVE::JSONSchema;
@@ -1681,26 +1682,6 @@ sub initialize_cert_cache {
 	if defined($node) && !defined($cert_cache_nodes->{$node});
 }
 
-sub read_ssl_cert_fingerprint {
-    my ($cert_path) = @_;
-
-    my $bio = Net::SSLeay::BIO_new_file($cert_path, 'r')
-	or die "unable to read '$cert_path' - $!\n";
-
-    my $cert = Net::SSLeay::PEM_read_bio_X509($bio);
-    Net::SSLeay::BIO_free($bio);
-
-    die "unable to read certificate from '$cert_path'\n" if !$cert;
-
-    my $fp = Net::SSLeay::X509_get_fingerprint($cert, 'sha256');
-    Net::SSLeay::X509_free($cert);
-
-    die "unable to get fingerprint for '$cert_path' - got empty value\n"
-	if !defined($fp) || $fp eq '';
-
-    return $fp;
-}
-
 sub get_node_fingerprint {
     my ($node) = @_;
 
@@ -1709,7 +1690,7 @@ sub get_node_fingerprint {
 
     $cert_path = $custom_cert_path if -f $custom_cert_path;
 
-    return read_ssl_cert_fingerprint($cert_path);
+    return PVE::Certificate::get_certificate_fingerprint($cert_path);
 }
 
 
diff --git a/debian/control b/debian/control
index 8a068e0..1451c2d 100644
--- a/debian/control
+++ b/debian/control
@@ -35,7 +35,7 @@ Depends: corosync (>= 2.3.4-1),
          libfuse2 (>= 2.9.2-4),
          libglib2.0-0 (>= 2.42.1-1),
          libpve-apiclient-perl,
-         libpve-common-perl (>= 5.0-28),
+         libpve-common-perl (>= 6.0-7~),
          libqb0 (>= 0.17.1-1),
          librrds-perl,
          libsqlite3-0,
-- 
2.20.1

More information about the pve-devel mailing list