Skip to content

Commit

Permalink
Merge pull request #2890 from pbudner/fix-tls-crlf-certificates
Browse files Browse the repository at this point in the history 
Fixes #2889 by supporting CRLF and LF X.509 certificates
  • Loading branch information
@repeatedly
repeatedly committed Mar 17, 2020
2 parents a51d8dd + dac4931 commit 4d7cb81
Show file tree
Hide file tree
Showing 3 changed files with 25 additions and 1 deletion.
5 changes: 4 additions & 1 deletion lib/fluent/plugin_helper/cert_option.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -171,9 +171,12 @@ def cert_option_generate_server_pair_self_signed(generate_opts)

def cert_option_certificates_from_file(path)
data = File.read(path)
pattern = Regexp.compile('-+BEGIN CERTIFICATE-+\n(?:[^-]*\n)+-+END CERTIFICATE-+\n?', Regexp::MULTILINE)
pattern = Regexp.compile('-+BEGIN CERTIFICATE-+\r?\n(?:[^-]*\r?\n)+-+END CERTIFICATE-+\r?\n?', Regexp::MULTILINE)
list = []
data.scan(pattern){|match| list << OpenSSL::X509::Certificate.new(match) }
if list.length == 0
log.warn "cert_path does not contain a valid certificate"
end
list
end
end
Expand Down
19 changes: 19 additions & 0 deletions test/plugin_helper/data/cert/cert-with-CRLF.pem
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDLDCCAhSgAwIBAgIIEJHFsHrKBGYwDQYJKoZIhvcNAQELBQAwJjEQMA4GA1UE
ChMHRmx1ZW50ZDESMBAGA1UEAxMJbG9jYWxob3N0MB4XDTE5MDYxOTA1MTM0NVoX
DTE5MDkxODExMTg0NVowJjEQMA4GA1UEChMHRmx1ZW50ZDESMBAGA1UEAxMJbG9j
YWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArbUTk5n5RruI
QGhK1T8g/emKonlfWNMSj/J/f/U9NJ14ugIxyHBMqx4WaTyA4zjT2VJO5tRBe385
zlIUf8i+x7Ovt/MgsjiwXyKv7qdsE5KHLq+VXJfA+s5vAAyzBHY/BA7xxh/QqCI8
a/a1OyHyaQ9pFRFXtQBlTH7Fc1qSw5Yg0EXofa6YIBQuDjfqa7FRPj+bEWDO5PUq
OMzH5XKBUPS9GLHOqia0CnzF2a51TArC0Dl1oNFa7myVmjBuNtkG88Fkd7YNzGa+
sNBJPmuGvFXuU3XPEnrtARO/SG4g9/MQUvfMI3jFFOJAMmEKd8QXxO5FgIuEnaNO
hVRVH/e9wwIDAQABo14wXDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB
BQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFPLdOVnVWuuB
7Pnvpgte4BHitzFYMA0GCSqGSIb3DQEBCwUAA4IBAQBp8LAzjWIJapwTBnnivwZk
D6Lr028mZIacbBZKsmmPi0VvDFqCvUAbHN8ytPlRBWnvvkihDkZs1TwcDCXGsWYs
dNNwsYGpk3mQxsHQ9atvy0mQGLDlfaSs/329bfVCw1cPFo9n+MeivSBoE6asdIbH
tOW3kk1XtJZ2qQJJRvexFImZc0z8c2cG0+eR5hQxQd9bLnAczi/8mZ8VzaU/O3UU
OJoVuyp0AA8f2f0f1QDaeH9stWZtJQj3ZX1DWHRE3OmVkoBdlt8EHYGggtvQaLIF
XbHigLHzYztMjmDt4fmRczu/Fu6M4xNro8jLgjiIjqlLBjDZiKrSbOwgyebwFDlv
-----END CERTIFICATE-----
2 changes: 2 additions & 0 deletions test/plugin_helper/test_cert_option.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,5 +12,7 @@ class Dummy < Fluent::Plugin::TestBase
assert_equal(1, certs.length)
certs = d.cert_option_certificates_from_file("test/plugin_helper/data/cert/cert-with-no-newline.pem")
assert_equal(1, certs.length)
certs = d.cert_option_certificates_from_file("test/plugin_helper/data/cert/cert-with-CRLF.pem")
assert_equal(1, certs.length)
end
end

0 comments on commit 4d7cb81

Please sign in to comment.