Commit 4a4da093 authored by Helga Velroyen's avatar Helga Velroyen

Noded: log the certificate and digest on noded startup

This patch adds logging of the filename and the digest of the
certificate which is loaded by noded on startup. This will
help debugging SSL problems as it will make clear whether or
not the noded is still using a stale/replaced/old server
certificate after a renewal.
Signed-off-by: default avatarHelga Velroyen <helgav@google.com>
Reviewed-by: default avatarKlaus Aehlig <aehlig@google.com>
parent 2e795f2c
......@@ -557,6 +557,12 @@ class HttpSslParams(object):
self.ssl_cert_pem = utils.ReadFile(ssl_cert_path)
self.ssl_cert_path = ssl_cert_path
def GetCertificateDigest(self):
return utils.GetCertificateDigest(cert_filename=self.ssl_cert_path)
def GetCertificateFilename(self):
return self.ssl_cert_path
def GetKey(self):
return OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM,
self.ssl_key_pem)
......@@ -615,6 +621,9 @@ class HttpBase(object):
ctx.use_privatekey(self._ssl_key)
ctx.use_certificate(self._ssl_cert)
ctx.check_privatekey()
logging.debug("Certificate digest: %s.", ssl_params.GetCertificateDigest())
logging.debug("Certificate filename: %s.",
ssl_params.GetCertificateFilename())
if ssl_verify_peer:
ctx.set_verify(OpenSSL.SSL.VERIFY_PEER |
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment