From 2a5f4bed78a3f5f0860c1556535e526e84eb7892 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Fabian=20Gr=C3=BCnbichler?= Date: Mon, 27 Nov 2017 09:48:03 +0100 Subject: [PATCH] handle Net::SSLeay errors correctly --- data/PVE/Cluster.pm | 27 ++++++++++++--------------- 1 file changed, 12 insertions(+), 15 deletions(-) diff --git a/data/PVE/Cluster.pm b/data/PVE/Cluster.pm index 69f04d9..9a248ed 100644 --- a/data/PVE/Cluster.pm +++ b/data/PVE/Cluster.pm @@ -1497,18 +1497,18 @@ sub initialize_cert_cache { sub read_ssl_cert_fingerprint { my ($cert_path) = @_; - my $cert; - eval { - my $bio = Net::SSLeay::BIO_new_file($cert_path, 'r'); - $cert = Net::SSLeay::PEM_read_bio_X509($bio); + my $bio = Net::SSLeay::BIO_new_file($cert_path, 'r') + or die "unable to read '$cert_path' - $!\n"; + + my $cert = Net::SSLeay::PEM_read_bio_X509($bio); + if (!$cert) { Net::SSLeay::BIO_free($bio); - }; - die "unable to read certificate '$cert_path' - $@\n" if $@; - die "unable to read certificate '$cert_path' - got empty value\n" - if !defined($cert); + die "unable to read certificate from '$cert_path'\n"; + } + + my $fp = Net::SSLeay::X509_get_fingerprint($cert, 'sha256'); + Net::SSLeay::X509_free($cert); - my $fp = eval { Net::SSLeay::X509_get_fingerprint($cert, 'sha256') }; - die "unable to get fingerprint for '$cert_path' - $@\n" if $@; die "unable to get fingerprint for '$cert_path' - got empty value\n" if !defined($fp) || $fp eq ''; @@ -1534,11 +1534,8 @@ sub check_cert_fingerprint { update_cert_cache(undef, 1) if time() - $cert_cache_timestamp >= 60*30; # get fingerprint of server certificate - my $fp; - eval { - $fp = Net::SSLeay::X509_get_fingerprint($cert, 'sha256'); - }; - return 0 if $@ || !defined($fp) || $fp eq ''; # error + my $fp = Net::SSLeay::X509_get_fingerprint($cert, 'sha256'); + return 0 if !defined($fp) || $fp eq ''; # error my $check = sub { for my $expected (keys %$cert_cache_fingerprints) { -- 2.39.2