in LCM/dsc/engine/ca/CAInfrastructure/WebPullClient.c [118:262]
static MI_Result GetSSLOptions(_Outptr_result_maybenull_ MI_Instance **extendedError)
{
Conf* conf = NULL;
MI_Char* text;
g_sslOptions.DoNotCheckCertificate = MI_FALSE;
g_sslOptions.NoSSLv3 = MI_FALSE;
g_sslOptions.cipherList[0] = '\0';
g_sslOptions.CABundle[0] = '\0';
g_sslOptions.Proxy[0] = '\0';
conf = Conf_Open(OMI_CONF_FILE_PATH);
if (!conf)
{
return GetCimMIError(MI_RESULT_NOT_FOUND, extendedError, ID_PULL_DSCCONF_NOTOPENABLE);
}
for (;;)
{
const char* key;
const char* value;
int r = Conf_Read(conf, &key, &value);
if (r == -1)
{
Conf_Close(conf);
return GetCimMIError1Param(MI_RESULT_NOT_FOUND, extendedError, ID_PULL_DSCCONF_NOTREADABLE, scs(Conf_Error(conf)));
}
if (r == 1)
{
break;
}
if (strcasecmp(key, "DoNotCheckCertificate") == 0)
{
if (strcasecmp(value, "true") == 0)
{
g_sslOptions.DoNotCheckCertificate = MI_TRUE;
}
else if (strcasecmp(value, "false") == 0)
{
g_sslOptions.DoNotCheckCertificate = MI_FALSE;
}
else
{
Conf_Close(conf);
return GetCimMIError2Params(MI_RESULT_INVALID_PARAMETER, extendedError, ID_PULL_DSCCONF_INVALIDVALUE, key, value);
}
}
else if (strcasecmp(key, "NoSSLv3") == 0)
{
if (strcasecmp(value, "true") == 0)
{
g_sslOptions.NoSSLv3 = MI_TRUE;
}
else if (strcasecmp(value, "false") == 0)
{
g_sslOptions.NoSSLv3 = MI_FALSE;
}
else
{
Conf_Close(conf);
return GetCimMIError2Params(MI_RESULT_INVALID_PARAMETER, extendedError, ID_PULL_DSCCONF_INVALIDVALUE, key, value);
}
}
else if (strcasecmp(key, "sslciphersuite") == 0)
{
size_t valueLength = strlen(value);
if (valueLength > MAX_SSLOPTION_STRING_LENGTH)
{
Conf_Close(conf);
return GetCimMIError(MI_RESULT_SERVER_LIMITS_EXCEEDED, extendedError, ID_PULL_SSLCIPHERLISTTOOLONG);
}
memcpy(g_sslOptions.cipherList, value, valueLength);
g_sslOptions.cipherList[valueLength] = '\0';
}
else if (strcasecmp(key, "CURL_CA_BUNDLE") == 0)
{
size_t valueLength = strlen(value);
if (valueLength > MAX_SSLOPTION_STRING_LENGTH)
{
Conf_Close(conf);
return GetCimMIError(MI_RESULT_SERVER_LIMITS_EXCEEDED, extendedError, ID_PULL_CABUNDLETOOLONG);
}
memcpy(g_sslOptions.CABundle, value, valueLength);
g_sslOptions.CABundle[valueLength] = '\0';
}
#if !defined(BUILD_OMS)
else if (strcasecmp(key, "PROXY") == 0)
{
size_t valueLength = strlen(value);
if (valueLength > MAX_SSLOPTION_STRING_LENGTH)
{
Conf_Close(conf);
return GetCimMIError(MI_RESULT_SERVER_LIMITS_EXCEEDED, extendedError, ID_PULL_PROXYTOOLONG);
}
memcpy(g_sslOptions.Proxy, value, valueLength);
g_sslOptions.Proxy[valueLength] = '\0';
}
#endif
else
{
continue;
}
}
Conf_Close(conf);
#if defined(BUILD_OMS)
// TODO: read from OMS's config file to read in the Proxy info
size_t valueLength;
// If the user has setup proxy, a conf file will be in one of these two locations
// If the user has not setup proxy, no conf file will exist; this is valid
const char* legacyOMSProxyFileLocation = "/etc/opt/microsoft/omsagent/conf/proxy.conf";
const char* omsProxyFileLocation = "/etc/opt/microsoft/omsagent/proxy.conf";
char* proxyFileLocationToUse = NULL;
if (File_ExistT(omsProxyFileLocation) != -1)
{
proxyFileLocationToUse = omsProxyFileLocation;
}
else if (File_ExistT(legacyOMSProxyFileLocation) != -1)
{
proxyFileLocationToUse = legacyOMSProxyFileLocation;
}
if (proxyFileLocationToUse != NULL)
{
text = InhaleTextFile(proxyFileLocationToUse);
valueLength = strlen(text);
if (valueLength > MAX_SSLOPTION_STRING_LENGTH)
{
DSC_free(text);
return GetCimMIError(MI_RESULT_SERVER_LIMITS_EXCEEDED, extendedError, ID_PULL_PROXYTOOLONG);
}
memcpy(g_sslOptions.Proxy, text, valueLength);
g_sslOptions.Proxy[valueLength] = '\0';
DSC_free(text);
}
#endif
return MI_RESULT_OK;
}