Skip to content

Self-signed certificate support #2270

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jreidinger merged 25 commits into from
Apr 24, 2025
Merged

Self-signed certificate support #2270

Changes from 1 commit
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
67d2585
Implement initial question to import certificate
jreidinger Apr 11, 2025
31b1e37
Merge remote-tracking branch 'origin/master' into initial_certificates
jreidinger Apr 15, 2025
72873ff
experiment with paragraphs
jreidinger Apr 16, 2025
abf9ff0
add fingerprint storage and use it in registration
jreidinger Apr 16, 2025
65ceb8d
service: add data to certificate question
joseivanlopez Apr 16, 2025
5946bbb
allow registration url be redefined and also add ssl fingerprints
jreidinger Apr 16, 2025
930f816
update dbus doc and fix typo
jreidinger Apr 17, 2025
a57e474
add proxies for security
jreidinger Apr 17, 2025
7b65d88
Add registration url to rust part
jreidinger Apr 17, 2025
6901bae
implement for security in rust part that communicate with dbus
jreidinger Apr 19, 2025
48e5991
service: fix registration certificate question
joseivanlopez Apr 22, 2025
4cb3cf9
web: add question for registration certificate
joseivanlopez Apr 22, 2025
41663b2
Merge remote-tracking branch 'origin/master' into initial_certificates
jreidinger Apr 22, 2025
90d795d
add web part of security
jreidinger Apr 22, 2025
d8c0b16
rename key in profile
jreidinger Apr 23, 2025
9354ceb
apply clippy suggestion
jreidinger Apr 23, 2025
f1b0180
make rubocop happy
jreidinger Apr 23, 2025
6d0d98a
fix rust unit test
jreidinger Apr 23, 2025
64ba358
adjust dbus doc to make ci happy
jreidinger Apr 23, 2025
9214f64
Apply suggestions from code review
jreidinger Apr 23, 2025
caa3559
changes from code review
jreidinger Apr 23, 2025
6696dee
changes from review
jreidinger Apr 24, 2025
22a03c9
cargo fmt
jreidinger Apr 24, 2025
6eb69ae
changes
jreidinger Apr 24, 2025
2fa3f3d
Apply suggestions from code review
jreidinger Apr 24, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
57 changes: 25 additions & 32 deletions service/lib/agama/registration.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -333,42 +333,35 @@ def handle_ssl_error(_error, certificate_imported)
return false if certificate_imported

cert = SSL::Errors.instance.ssl_failed_cert
error_code = SSL::Errors.instance.ssl_error_code

if cert
SSL::Storage.instance.fingerprints.each do |fp|
# import certificate if it match predefined fingerprint
return true if cert.match_fingerprint?(fp)
end
end

if cert && SSL::ErrorCodes::IMPORT_ERROR_CODES.include?(error_code)
error_msg = format(
_("Secure Connection Error for %{url}: %{error}."),
url: registration_url || "https://scc.suse.com",
error: SSL::ErrorCodes::OPENSSL_ERROR_MESSAGES[error_code],
)
cert_details = format(
_("Certificate details %{details}."),
details: SSL::CertificateDetails.new(cert).summary
)
return false unless cert

message = "<p>#{error_msg}</p><p>#{cert_details}</p>"
# Import certificate if it matches predefined fingerprint.
return true if SSL::Storage.instance.fingerprints.any? { |f| cert.match_fingerprint?(f) }

question = Agama::Question.new(
qclass: "registration.certificate",
text: message,
options: [:Import, :Abort],
default_option: :Abort
)
error_code = SSL::Errors.instance.ssl_error_code
return false unless SSL::ErrorCodes::IMPORT_ERROR_CODES.include?(error_code)

details = SSL::CertificateDetails.new(cert)

question = Agama::Question.new(
qclass: "registration.certificate",
text: _("Secure connection error. Import certificate?"),
options: [:Import, :Abort],
default_option: :Abort,
data: {
url: registration_url || "https://scc.suse.com",
error: SSL::ErrorCodes::OPENSSL_ERROR_MESSAGES[error_code],
subject: details.subject,
issuer: details.issuer,
summary: details.summary,
fingerprints: SSL::Storage.instance.fingerprints
}
)

questions_client = Agama::DBus::Clients::Questions.new(logger: @logger)
questions_client.ask(question) do |question_client|
return question_client.answer == :Import
end
questions_client = Agama::DBus::Clients::Questions.new(logger: @logger)
questions_client.ask(question) do |question_client|
return question_client.answer == :Import
end

false
end

# Returns the URL of the registration server
Expand Down
Loading