charm-openstack-service-checks

Overview
Code
Bugs
Blueprints
Translations
Answers

Bug #2008452
Comment #0

Comment 0 for bug 2008452

Revision history for this message

Chi Wai CHAN (raychan96) wrote on 2023-02-24: Need to support combined certificate in "trusted_ssl_cert" option

Currently, "trusted_ssl_ca" is only effective when there's only one certificate in it. If a combined certificate is set in "trusted_ssl_ca", the certificates' symbolic links will not be properly created in "/etc/ssl/certs" because `update-ca-certificates` [0] does not support more than one certificates (see man page of `update-ca-certificates`). However, the symbolic links are important to `check_ssl_cert` in verifying the certificates chain.

We need supports for setting multiple certificates in "trusted_ssl_ca". For example, the charm code should be able to split the combined certificates input into multiple files containing single certificates.

[0] https://git.launchpad.net/charm-openstack-service-checks/tree/src/reactive/openstack_service_checks.py#n207