Skip to content
This repository was archived by the owner on Jan 29, 2022. It is now read-only.

Commit cc662a5

Browse files
dhollingerdhollinger
committed
Ensure that the ssl cert/key content is sent to WEBrick, not the path
1 parent 7d26e8d commit cc662a5

File tree

1 file changed

+12
-6
lines changed

1 file changed

+12
-6
lines changed

bin/puppet_webhook

Lines changed: 12 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -48,11 +48,11 @@ optparse = OptionParser.new do |opts| # rubocop:disable Metrics/BlockLength
4848
end
4949

5050
opts.on('--ssl-cert FILE', 'Specify the SSL cert to use. Pair with --ssl-key.') do |arg|
51-
ssl_opts[:ssl_cert] = OpenSSL::X509::Certificate.new(File.open(arg).read)
51+
ssl_opts[:ssl_cert] = arg
5252
end
5353

5454
opts.on('--ssl-key FILE', 'Specify the SSL key to use. Pair with --ssl-cert.') do |arg|
55-
ssl_opts[:ssl_key] = OpenSSL::PKey::RSA.new(File.open(arg))
55+
ssl_opts[:ssl_key] = arg
5656
end
5757

5858
opts.on('-c FILE', '--configfile FILE', 'Specifies a configuration file to use.') do |arg|
@@ -84,7 +84,13 @@ if @server_config
8484
ssl_opts[:enable_ssl] = settings.enable_ssl if settings.respond_to? :enable_ssl=
8585
ssl_opts[:ssl_verify] = settings.ssl_verify if settings.respond_to? :ssl_verify=
8686
ssl_opts[:ssl_cert] = settings.ssl_cert if settings.respond_to? :ssl_cert=
87-
ssl_opts[:ssl_key] = settings.enable_ssl if settings.respond_to? :ssl_key=
87+
ssl_opts[:ssl_key] = settings.ssl_key if settings.respond_to? :ssl_key=
88+
end
89+
90+
def ssl_verify(ssl_opts)
91+
return OpenSSL::SSL::VERIFY_NONE unless ssl_opts[:ssl_verify]
92+
93+
OpenSSL::SSL::VERIFY_PEER
8894
end
8995

9096
LOGGER = WEBrick::Log.new(options[:logfile], Object.const_get("WEBrick::Log::#{options[:loglevel]}"))
@@ -99,9 +105,9 @@ webrick_opts = {
99105

100106
if ssl_opts[:enable_ssl]
101107
webrick_opts[:SSLEnable] = ssl_opts[:enable_ssl]
102-
webrick_opts[:SSLVerifyClient] = ssl_opts[:ssl_verify]
103-
webrick_opts[:SSLCertificate] = ssl_opts[:ssl_cert]
104-
webrick_opts[:SSLPrivateKey] = ssl_opts[:ssl_key]
108+
webrick_opts[:SSLVerifyClient] = ssl_verify(ssl_opts)
109+
webrick_opts[:SSLCertificate] = OpenSSL::X509::Certificate.new(File.read(ssl_opts[:ssl_cert]))
110+
webrick_opts[:SSLPrivateKey] = OpenSSL::PKey::RSA.new(File.read(ssl_opts[:ssl_key]))
105111
webrick_opts[:SSLCertName] = [['CN', WEBrick::Utils.getservername]]
106112
end
107113

0 commit comments

Comments
 (0)