certstore: catch exceptions loading certificates
Change-Id: I341b698bf4feb3fa494124cc614b6014ac24467c
diff --git a/src/connectionmanager.cpp b/src/connectionmanager.cpp
index 127b55b..94e009d 100644
--- a/src/connectionmanager.cpp
+++ b/src/connectionmanager.cpp
@@ -1452,7 +1452,7 @@
// Device certificate can't be self-signed
if (top_issuer == crt) {
if (logger)
- logger->warn("Found invalid peer device: {}", crt->getLongId());
+ logger->warn("Found invalid (self-signed) peer device: {}", crt->getLongId());
return false;
}
@@ -1469,7 +1469,7 @@
// Check cached OCSP response
if (crt->ocspResponse and crt->ocspResponse->getCertificateStatus() != GNUTLS_OCSP_CERT_GOOD) {
if (logger)
- logger->error("Certificate %s is disabled by cached OCSP response", crt->getLongId());
+ logger->error("Certificate {} is disabled by cached OCSP response", crt->getLongId());
return false;
}
diff --git a/src/security/certstore.cpp b/src/security/certstore.cpp
index 2ef05e4..9b6bb96 100644
--- a/src/security/certstore.cpp
+++ b/src/security/certstore.cpp
@@ -165,11 +165,16 @@
std::shared_ptr<crypto::Certificate>
CertificateStore::getCertificateLegacy(const std::string& dataDir, const std::string& k)
{
- auto oldPath = fmt::format("{}/certificates/{}", dataDir, k);
- if (fileutils::isFile(oldPath)) {
- auto crt = std::make_shared<crypto::Certificate>(oldPath);
- pinCertificate(crt, true);
- return crt;
+ try {
+ auto oldPath = fmt::format("{}/certificates/{}", dataDir, k);
+ if (fileutils::isFile(oldPath)) {
+ auto crt = std::make_shared<crypto::Certificate>(oldPath);
+ pinCertificate(crt, true);
+ return crt;
+ }
+ } catch (const std::exception& e) {
+ if (logger_)
+ logger_->warn("Can't load certificate: {:s}", e.what());
}
return {};
}
@@ -273,12 +278,17 @@
std::lock_guard<std::mutex> l(lock_);
for (auto& cert : certs) {
- auto shared = std::make_shared<crypto::Certificate>(std::move(cert));
- scerts.emplace_back(shared);
- auto e = certs_.emplace(shared->getId().toString(), shared);
- ids.emplace_back(e.first->first);
- e = certs_.emplace(shared->getLongId().toString(), shared);
- ids.emplace_back(e.first->first);
+ try {
+ auto shared = std::make_shared<crypto::Certificate>(std::move(cert));
+ scerts.emplace_back(shared);
+ auto e = certs_.emplace(shared->getId().toString(), shared);
+ ids.emplace_back(e.first->first);
+ e = certs_.emplace(shared->getLongId().toString(), shared);
+ ids.emplace_back(e.first->first);
+ } catch (const std::exception& e) {
+ if (logger_)
+ logger_->warn("Can't load certificate: {:s}", e.what());
+ }
}
paths_.emplace(path, std::move(scerts));
}