From 35d46f266ab2c8deac8d8899fdde3cd3cd4d6818 Mon Sep 17 00:00:00 2001 From: +++ Date: Tue, 30 Jul 2019 22:06:07 +0200 Subject: [PATCH] statusd.py: add function certs_readable() add a function to test at start, if needed certs are readable --- statusd.py | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/statusd.py b/statusd.py index 454b004..dc68d3c 100755 --- a/statusd.py +++ b/statusd.py @@ -41,6 +41,15 @@ def read_config(CONFIGFILE, CONFIG): return True +def certs_readable(config): + + for i in (config['SERVER_KEY'], config['SERVER_CERT'], config['CLIENT_CERT']): + if os.access(i, os.R_OK) == False: + logging.error('Cant read {}'.format(i)) + return False + return True + + def strip_argument(argument): ''' Becomes a string and strips at first whitespaces, second apostrops and @@ -213,6 +222,10 @@ def main(): read_config(CONFIG_FILE, CONFIG) print_config(CONFIG) + if certs_readable(CONFIG) == False: + logging.error('Cert check failed\nExit') + exit() + context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH) context.options &= ~ssl.PROTOCOL_TLS context.verify_mode = ssl.CERT_REQUIRED