From 111ca7c6780b752bd1bb3190b5c45b5650465cc3 Mon Sep 17 00:00:00 2001 From: Bertrand Roussel Date: Thu, 6 Jun 2019 10:46:45 -0700 Subject: [PATCH] Do not assume type of private key The only type of private key supported at the moment are RSA keys. Since there are multiple types (RSA, DSA, EC ...), it would be best not to assume. Seems like the OpenSSL::PKey.read(string [,pwd]) does exactly what we need to have that abstraction: Reads a DER or PEM encoded string from string or io and returns an instance of the appropriate PKey class. --- CHANGELOG.md | 1 + bin/check-etcd-peer-count.rb | 2 +- bin/check-etcd.rb | 2 +- bin/check-flannel-subnet-count.rb | 2 +- bin/metrics-etcd.rb | 2 +- 5 files changed, 5 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 89f1b2a..fb3e6aa 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,7 @@ This CHANGELOG follows the format listed at [Keep A Changelog](http://keepachang ## [Unreleased] ### Changed - Updated Travis configuration to include Ruby 2.4.1 +- Updated to be compatible with other type of private keys than RSA ### Removed - Ruby 1.9.3 from deploy-time testing (@eheydrick) diff --git a/bin/check-etcd-peer-count.rb b/bin/check-etcd-peer-count.rb index 9f38153..5b11a9a 100755 --- a/bin/check-etcd-peer-count.rb +++ b/bin/check-etcd-peer-count.rb @@ -87,7 +87,7 @@ def run r = RestClient::Resource.new("#{protocol}://#{config[:server]}:#{config[:port]}/v2/members", timeout: 5, ssl_client_cert: (OpenSSL::X509::Certificate.new(File.read(config[:cert])) unless config[:cert].nil?), - ssl_client_key: (OpenSSL::PKey::RSA.new(File.read(config[:key]), config[:passphrase]) unless config[:key].nil?), + ssl_client_key: (OpenSSL::PKey.read(File.read(config[:key]), config[:passphrase]) unless config[:key].nil?), ssl_ca_file: config[:ca], verify_ssl: config[:insecure] ? 0 : 1).get peers = JSON.parse(r.to_str)['members'].length diff --git a/bin/check-etcd.rb b/bin/check-etcd.rb index 0ed22e5..9023d87 100755 --- a/bin/check-etcd.rb +++ b/bin/check-etcd.rb @@ -124,7 +124,7 @@ def request(path, server) RestClient::Resource.new("#{protocol}://#{server}:#{config[:port]}/#{path}", timeout: 5, ssl_client_cert: (OpenSSL::X509::Certificate.new(File.read(config[:cert])) unless config[:cert].nil?), - ssl_client_key: (OpenSSL::PKey::RSA.new(File.read(config[:key]), config[:passphrase]) unless config[:key].nil?), + ssl_client_key: (OpenSSL::PKey.read(File.read(config[:key]), config[:passphrase]) unless config[:key].nil?), ssl_ca_file: config[:ca], verify_ssl: config[:insecure] ? 0 : 1).get end diff --git a/bin/check-flannel-subnet-count.rb b/bin/check-flannel-subnet-count.rb index 963d54f..c7f5aa6 100755 --- a/bin/check-flannel-subnet-count.rb +++ b/bin/check-flannel-subnet-count.rb @@ -122,7 +122,7 @@ def request(path, server) "#{protocol}://#{server}:#{config[:port]}/#{path}", timeout: 5, ssl_client_cert: (OpenSSL::X509::Certificate.new(File.read(config[:cert])) unless config[:cert].nil?), - ssl_client_key: (OpenSSL::PKey::RSA.new(File.read(config[:key]), config[:passphrase]) unless config[:key].nil?), + ssl_client_key: (OpenSSL::PKey.read(File.read(config[:key]), config[:passphrase]) unless config[:key].nil?), ssl_ca_file: config[:ca], verify_ssl: config[:insecure] ? 0 : 1 ).get diff --git a/bin/metrics-etcd.rb b/bin/metrics-etcd.rb index eb8b96d..d4022e1 100755 --- a/bin/metrics-etcd.rb +++ b/bin/metrics-etcd.rb @@ -96,7 +96,7 @@ def run verify_mode: (config[:insecure] ? OpenSSL::SSL::VERIFY_NONE : OpenSSL::SSL::VERIFY_PEER), ca_file: config[:ca], ssl_cert: (OpenSSL::X509::Certificate.new(File.read(config[:cert])) unless config[:cert].nil?), - ssl_key: (OpenSSL::PKey::RSA.new(File.read(config[:key]), config[:passphrase]) unless config[:key].nil?) + ssl_key: (OpenSSL::PKey.read(File.read(config[:key]), config[:passphrase]) unless config[:key].nil?) ) else client = Etcd.client(host: config[:etcd_host], port: config[:etcd_port])