handle Net::SSLeay errors correctly

diff --git a/data/PVE/Cluster.pm b/data/PVE/Cluster.pm
index 69f04d9b742c3bdad54e2ce52361ed8208c08880..9a248edf5c478e1ef8d087223d87d8151d6a0f2d 100644 (file)
--- a/data/PVE/Cluster.pm
+++ b/data/PVE/Cluster.pm
@@ -1497,18 +1497,18 @@ sub initialize_cert_cache {
 sub read_ssl_cert_fingerprint {
     my ($cert_path) = @_;
 
-    my $cert;
-    eval {
-       my $bio = Net::SSLeay::BIO_new_file($cert_path, 'r');
-       $cert = Net::SSLeay::PEM_read_bio_X509($bio);
+    my $bio = Net::SSLeay::BIO_new_file($cert_path, 'r')
+       or die "unable to read '$cert_path' - $!\n";
+
+    my $cert = Net::SSLeay::PEM_read_bio_X509($bio);
+    if (!$cert) {
        Net::SSLeay::BIO_free($bio);
-    };
-    die "unable to read certificate '$cert_path' - $@\n" if  $@;
-    die "unable to read certificate '$cert_path' - got empty value\n"
-       if !defined($cert);
+       die "unable to read certificate from '$cert_path'\n";
+    }
+
+    my $fp = Net::SSLeay::X509_get_fingerprint($cert, 'sha256');
+    Net::SSLeay::X509_free($cert);
 
-    my $fp = eval { Net::SSLeay::X509_get_fingerprint($cert, 'sha256') };
-    die "unable to get fingerprint for '$cert_path' - $@\n" if $@;
     die "unable to get fingerprint for '$cert_path' - got empty value\n"
        if !defined($fp) || $fp eq '';
 
@@ -1534,11 +1534,8 @@ sub check_cert_fingerprint {
     update_cert_cache(undef, 1) if time() - $cert_cache_timestamp >= 60*30;
 
     # get fingerprint of server certificate
-    my $fp;
-    eval {
-       $fp = Net::SSLeay::X509_get_fingerprint($cert, 'sha256');
-    };
-    return 0 if $@ || !defined($fp) || $fp eq ''; # error
+    my $fp = Net::SSLeay::X509_get_fingerprint($cert, 'sha256');
+    return 0 if !defined($fp) || $fp eq ''; # error
 
     my $check = sub {
        for my $expected (keys %$cert_cache_fingerprints) {