diff --git a/src/bin/proxmox-backup-proxy.rs b/src/bin/proxmox-backup-proxy.rs index 46d62194..8d5445da 100644 --- a/src/bin/proxmox-backup-proxy.rs +++ b/src/bin/proxmox-backup-proxy.rs @@ -1,3 +1,6 @@ +use std::io; +use std::path::Path; + use proxmox_backup::try_block; use proxmox_backup::configdir; use proxmox_backup::tools; @@ -24,6 +27,20 @@ fn main() { } } +fn load_certificate, U: AsRef>( + key: T, + cert: U, +) -> Result { + let key = tools::file_get_contents(key)?; + let cert = tools::file_get_contents(cert)?; + + let key = openssl::pkey::PKey::private_key_from_pem(&key)?; + let cert = openssl::x509::X509::from_pem(&cert)?; + + Ok(openssl::pkcs12::Pkcs12::builder() + .build("", "", &key, &cert)?) +} + fn run() -> Result<(), Error> { if let Err(err) = syslog::init( syslog::Facility::LOG_DAEMON, @@ -56,7 +73,14 @@ fn run() -> Result<(), Error> { let rest_server = RestServer::new(config); let cert_path = configdir!("/proxy.pfx"); - let raw_cert = tools::file_get_contents(cert_path)?; + let raw_cert = match std::fs::read(cert_path) { + Ok(pfx) => pfx, + Err(ref err) if err.kind() == io::ErrorKind::NotFound => { + let pkcs12 = load_certificate(configdir!("/proxy.key"), configdir!("/proxy.pem"))?; + pkcs12.to_der()? + } + Err(err) => bail!("unable to read certificate file {} - {}", cert_path, err), + }; let identity = match native_tls::Identity::from_pkcs12(&raw_cert, "") { Ok(data) => data,