statusd.py: add function certs_readable()

add a function to test at start, if needed certs are readable
This commit is contained in:
+++ 2019-07-30 22:06:07 +02:00
parent 7d5753c879
commit 35d46f266a

View file

@ -41,6 +41,15 @@ def read_config(CONFIGFILE, CONFIG):
return True return True
def certs_readable(config):
for i in (config['SERVER_KEY'], config['SERVER_CERT'], config['CLIENT_CERT']):
if os.access(i, os.R_OK) == False:
logging.error('Cant read {}'.format(i))
return False
return True
def strip_argument(argument): def strip_argument(argument):
''' '''
Becomes a string and strips at first whitespaces, second apostrops and Becomes a string and strips at first whitespaces, second apostrops and
@ -213,6 +222,10 @@ def main():
read_config(CONFIG_FILE, CONFIG) read_config(CONFIG_FILE, CONFIG)
print_config(CONFIG) print_config(CONFIG)
if certs_readable(CONFIG) == False:
logging.error('Cert check failed\nExit')
exit()
context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH) context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
context.options &= ~ssl.PROTOCOL_TLS context.options &= ~ssl.PROTOCOL_TLS
context.verify_mode = ssl.CERT_REQUIRED context.verify_mode = ssl.CERT_REQUIRED