Skip to content

Commit

Permalink
Merge pull request #2487 from mmussomele/support-keys
Browse files Browse the repository at this point in the history 
socket: Support all private keys OpenSSL supports
  • Loading branch information
@repeatedly
repeatedly authored Jul 10, 2019
2 parents ae1c155 + 43cce25 commit d1ba31a
Show file tree
Hide file tree
Showing 3 changed files with 4 additions and 4 deletions.
2 changes: 1 addition & 1 deletion lib/fluent/command/ca_generate.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,7 @@ def self.generate_ca_pair(opts={})
def self.generate_server_pair(opts={})
key = OpenSSL::PKey::RSA.generate(opts[:private_key_length])

ca_key = OpenSSL::PKey::RSA.new(File.read(opts[:ca_key_path]), opts[:ca_key_passphrase])
ca_key = OpenSSL::PKey::read(File.read(opts[:ca_key_path]), opts[:ca_key_passphrase])
ca_cert = OpenSSL::X509::Certificate.new(File.read(opts[:ca_cert_path]))
issuer = ca_cert.issuer

Expand Down
4 changes: 2 additions & 2 deletions lib/fluent/plugin_helper/cert_option.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@ def cert_option_server_validate!(conf)
end

def cert_option_load(cert_path, private_key_path, private_key_passphrase)
key = OpenSSL::PKey::RSA.new(File.read(private_key_path), private_key_passphrase)
key = OpenSSL::PKey::read(File.read(private_key_path), private_key_passphrase)
certs = cert_option_certificates_from_file(cert_path)
cert = certs.shift
return cert, key, certs
Expand Down Expand Up @@ -137,7 +137,7 @@ def cert_option_generate_ca_pair_self_signed(generate_opts)
end

def cert_option_generate_server_pair_by_ca(ca_cert_path, ca_key_path, ca_key_passphrase, generate_opts)
ca_key = OpenSSL::PKey::RSA.new(File.read(ca_key_path), ca_key_passphrase)
ca_key = OpenSSL::PKey::read(File.read(ca_key_path), ca_key_passphrase)
ca_cert = OpenSSL::X509::Certificate.new(File.read(ca_cert_path))
cert, key = cert_option_generate_pair(generate_opts, ca_cert.subject)
raise "BUG: certificate digest algorithm not set" unless generate_opts[:digest]
Expand Down
2 changes: 1 addition & 1 deletion lib/fluent/plugin_helper/socket.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -139,7 +139,7 @@ def socket_create_tls(
context.cert_store = cert_store
context.verify_hostname = true if verify_fqdn && fqdn && context.respond_to?(:verify_hostname=)
context.cert = OpenSSL::X509::Certificate.new(File.read(cert_path)) if cert_path
context.key = OpenSSL::PKey::RSA.new(File.read(private_key_path), private_key_passphrase) if private_key_path
context.key = OpenSSL::PKey::read(File.read(private_key_path), private_key_passphrase) if private_key_path
end

tcpsock = socket_create_tcp(host, port, **kwargs)
Expand Down

0 comments on commit d1ba31a

Please sign in to comment.