From: Andrei Pavel <andrei@isc.org>
Date: Fri, 3 Nov 2023 13:03:29 +0000 (+0200)
Subject: [#2969] regenerate key to avoid SSL errors in DB
X-Git-Tag: Kea-2.4.1~8
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d4c14d65904b4c6ac4d62a1f3d56ff3303a4e925;p=thirdparty%2Fkea.git

[#2969] regenerate key to avoid SSL errors in DB

Prevents this error that happens on Debian 10:
- SSL error: Unable to get private key from '/etc/mysql/ssl/kea-server.key'
---

diff --git a/hammer.py b/hammer.py
index 59e971f4dd..138553ba10 100755
--- a/hammer.py
+++ b/hammer.py
@@ -1278,6 +1278,13 @@ def _configure_mysql(system, revision, features):
     if 'tls' in features:
         if not os.path.isdir(cert_dir):
             execute('sudo mkdir -p {}'.format(cert_dir))
+        # Some systems, usually old ones, might require a cerain PKCS format
+        # of the key. Try to regenerate it here, but don't stop if it fails.
+        # If the key is wrong, it will fail later anyway.
+        exit_code = execute('openssl rsa -in src/lib/asiolink/testutils/ca/kea-server.key ' \
+                                       '-out src/lib/asiolink/testutils/ca/kea-server.key', raise_error=False)
+        if exit_code != 0:
+            log.warning(f'openssl command failed with exit code {exit_code}, but continuing...')
         for file in [
             './src/lib/asiolink/testutils/ca/kea-ca.crt',
             './src/lib/asiolink/testutils/ca/kea-client.crt',