Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Warn if certificates in trusted_client_ca are not readable #751

Open
THS-on opened this issue Feb 26, 2024 · 2 comments
Open

Warn if certificates in trusted_client_ca are not readable #751

THS-on opened this issue Feb 26, 2024 · 2 comments
Labels
bug Something isn't working

Comments

@THS-on
Copy link
Member

THS-on commented Feb 26, 2024

It seems that this just silently not loads the certificate:

rust-keylime/keylime/src/crypto.rs

Lines 783 to 790 in 2f7b3ad

for cert in ca_certs {
mtls_store_builder
.add_cert(cert)
.map_err(|source| CryptoError::X509StoreBuilderError{
message: "failed to add certificate to X509 trusted certificate store".into(),
source,
})?;
}

@THS-on THS-on added the bug Something isn't working label Feb 26, 2024
@ansasaki
Copy link
Contributor

The culprit is not the part of the code you pointed out: it properly raises the error when the certificate fails to load. The problem is on its caller, which is probably ignoring the error.

This will probably be fixed once I finish the error handling overhaul I'm currently working on.

@THS-on
Copy link
Member Author

THS-on commented Feb 27, 2024

@ansasaki ah I see thanks for taking a deeper look.

This will probably be fixed once I finish the error handling overhaul I'm currently working on.

Awesome thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@THS-on @ansasaki