Broken SSL certificate handling in Linux packages

sensu / sensu-omnibus

Build full-stack platform-specific Sensu packages

12 stars 16 forks source link

Broken SSL certificate handling in Linux packages #256

Closed stefan-as closed 6 years ago

stefan-as commented 6 years ago

Right now and caused by last package updates, any OpenSSL related code paths dealing with public SSL certs are broken because of missing certificates:

SSL_connect returned=1 errno=0 state=error: certificate verify failed

strace shows cert.pem is missing:

open("/opt/sensu/embedded/ssl/cert.pem", O_RDONLY) = -1 ENOENT (No such file or directory)

Fix is attached as https://github.com/sensu/sensu-omnibus/pull/255

portertech commented 6 years ago

Thanks @stefan-as, 1.3.1-2:

$ ls -l /opt/sensu/embedded/ssl/cert.pem
lrwxrwxrwx 1 root root 40 Apr 13 18:42 /opt/sensu/embedded/ssl/cert.pem -> /opt/sensu/embedded/ssl/certs/cacert.pem

portertech commented 6 years ago

$ /opt/sensu/embedded/bin/check-http.rb -u https://sensu.io
CheckHttp OK: 200, 33931 bytes