Updated to v2.18.0.0 - Added optional UseAgentCert flag. Fixed bug in openssl RSA.

Author: rlillback

.gitignore

@@ -1,3 +1,6 @@
+# Mac file system
+.DS_Store
+
 # Prerequisites
 *.d
 

README.md

@@ -219,9 +219,11 @@ __VirtualDirectory__ : <required> Set this to KeyfactorAgents if you are not usi
 
 __TrustStore__ : <required> The location of additional certificates that are trusted by the Agent.  This list is appended to the standard CA certificate store located in `/etc/ssl/certs/ca-certificates.crt` for Ubuntu.
 
-__AgentCert__ : <required> The (eventual) location of the Agent's certificate.  This is the certificate used by the Agent to call into the platform.
+__UseAgentCert__ : <optional> Defaults to true if not supplied.  True = use an agent managed cert for mTLS.  False = only use 1-way TLS for the agent. */
 
-__AgentKey__ : <required> The (eventual) location of the Agent's private key.  This is the key used by the Agent to call into the platform.
+__AgentCert__ : <optional/required> The (eventual) location of the Agent's certificate.  This is the certificate used by the Agent to call into the platform.
+
+__AgentKey__ : <optional/required> The (eventual) location of the Agent's private key.  This is the key used by the Agent to call into the platform.
 
 __AgentKeyPassword__ : <optional> An optional passphrase for decoding the Agent Key.  Note, if a TPM, Secure Element, or secure area is used, this **must be defined**.
 

agent.c

@@ -46,7 +46,6 @@
 #include "config.h"
 #include "session.h"
 #include "global.h"
-#include "serialize.h"
 #include "fetchlogs.h"
 #include "utils.h"
 
@@ -311,44 +310,6 @@ static ENGINE* initialize_engine( const char *engine_id )
 } /* initialize_engine */
 #endif /* __TPM__ */
 
-/**                                                                           */
-/* Serialize the AgentName and CSR Subject using a json file.  In practice    */
-/* this is a file that is held on a common data store (i.e. network drive)    */
-/*  @param  : none                                                            */
-/*	@return : success = 1                                                     */
-/*		    : failure = 0                                                     */
-/*                                                                            */
-static int do_serialization( void )
-{
-	struct SerializeData* serial = serialize_load(ConfigData->SerialFile);
-	if(!serial) {
-		log_error("%s::%s(%d) : Unable to load Serialization file: %s",	
-			LOG_INF,ConfigData->SerialFile);
-		return 0;
-	}
-	log_trace("%s::%s(%d) : Freeing AgentName & CSRSubject", LOG_INF);
-	free(ConfigData->AgentName);
-	free(ConfigData->CSRSubject);
-	ConfigData->AgentName = (char *)malloc(50);
-	ConfigData->CSRSubject = (char *)malloc(50);
-	if (!ConfigData->AgentName || !ConfigData->CSRSubject) {
-		log_error("%s::%s(%d) : Out of memory",	LOG_INF);
-		return 0;
-	}
-	sprintf(ConfigData->AgentName, "%s-%d", serial->ModelName,	serial->NextNumber);
-	log_trace("%s::%s(%d) : ConfigData->AgentName set to: %s", LOG_INF,ConfigData->AgentName);
-	sprintf(ConfigData->CSRSubject, "CN=%d", serial->NextNumber);
-	log_trace("%s::%s(%d) : ConfigData->CSRSubject set to: %s", LOG_INF,ConfigData->CSRSubject);
-	serial->NextNumber++;
-	ConfigData->Serialize = false;
-	config_save();
-	if ( !(serialize_save(serial, ConfigData->SerialFile)) ) {
-		log_error("%s::%s(%d) : Failed saving the serialization file", LOG_INF);
-		return 0;
-	}
-	return 1;
-} /* do_serialization */
-
 /******************************************************************************/
 /*********************** GLOBAL FUNCTION DEFINITIONS **************************/
 /******************************************************************************/
@@ -466,19 +427,6 @@ int init_platform( int argc, char* argv[] )
 	}
 	curlLoaded = true;
 
-	/**************************************************************************/
-	/* 7. If required, serialize the agent                                    */
-	/**************************************************************************/
-	if (ConfigData->Serialize) {
-		log_trace("%s::%s(%d) : Serialize -> true", LOG_INF);
-		int x = do_serialization();
-		if ( !x ) 
-		{
-			log_error("%s::%s(%d) : Serialization failed", LOG_INF);
-			return 0;
-		}
-	}
-
 	return 1;
 } /* init_platform */
 

agent.h

@@ -101,6 +101,16 @@ extern struct ScheduledJob* currentJob; /* Defined in schedule.c */
 /* 2.16.0.1 = Updated Makefile for OpenSSL v3.x                               */
 /* 2.16.1.0 = Modified agent to not send GUID capabilities.  Compile bug fix  */
 /* 2.17.0.0 = Modified agent to accept ECDSA as well as ECC for a keytype     */
-#define AGENT_VERSION 0x0002001100000000
+/* 2.18.0.0 = Modified agent to skip using agent certificate & openssl fix    */
+#define AGENT_MAJOR 2ULL
+#define AGENT_MINOR 18ULL
+#define AGENT_MICRO 0ULL
+#define AGENT_BUILD 0ULL
+
+#define AGENT_VERSION \
+((AGENT_MAJOR << 48) | \
+(AGENT_MINOR << 32) | \
+(AGENT_MICRO << 16) | \
+(AGENT_BUILD))
 
 #endif /* AGENT_H_ */