statusd.py: add function certs_readable()

add a function to test at start, if needed certs are readable
2019-07-30 22:06:07 +02:00 · 2019-07-30 22:06:07 +02:00 · 35d46f266a
parent 7d5753c879
commit 35d46f266a
1 changed files with 13 additions and 0 deletions
--- a/statusd.py
+++ b/statusd.py
@ -41,6 +41,15 @@ def read_config(CONFIGFILE, CONFIG):
    return True


+def certs_readable(config):
+
+    for i in (config['SERVER_KEY'], config['SERVER_CERT'], config['CLIENT_CERT']):
+        if os.access(i, os.R_OK) == False:
+            logging.error('Cant read {}'.format(i))
+            return False
+    return True
+
+
 def strip_argument(argument):
    '''
    Becomes a string and strips at first whitespaces, second apostrops and
@ -213,6 +222,10 @@ def main():
    read_config(CONFIG_FILE, CONFIG)
    print_config(CONFIG)

+    if certs_readable(CONFIG) == False:
+        logging.error('Cert check failed\nExit')
+        exit()
+
    context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
    context.options &= ~ssl.PROTOCOL_TLS
    context.verify_mode = ssl.CERT_REQUIRED