|Titel||cmk-update-agent: Fixed certificate verification issues in case openssl tools are not available|
|Check_MK Edition||Check_MK Enterprise Edition (CEE)|
|Level||1 - Triviale Änderung|
|Kompatibilität||Compatible - no manual interaction needed|
When communicating via HTTPS with the update server, the cmk-update-agent script needs to verify the certificates of the server. The allowed certificates are stored at /var/lib/check_mk_agent/cas.
In this directory there need to be the certificates (.pem files) and symlinks named with the "subject hashes" of the certificates. In previous versions these symlinks were created by the c_rehash command which is not available on all plaftforms.
We have changed that now to use the python OpenSSL bindings (if available) and fallback to the c_rehash command only in case they are not available.