From a67c9e860a36ae67ef340f1d367b68a9f6cc220b Mon Sep 17 00:00:00 2001
From: Mikael Keri <info@prowling.nu>
Date: Wed, 31 Mar 2021 22:21:19 +0200
Subject: [PATCH] Read and use CA Cert settings

The current release of cortexutils does not read nor use the setting for CA Certs from the Cortex UI. This PR is meant to solve this issue. It came about trying to use Cortex behind a MITM capable proxy. Sidenote,the UI should indicate that it's the path to the system CA bundle that should be added, not the whole CA Cert in Base64 format
---
 cortexutils/worker.py | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/cortexutils/worker.py b/cortexutils/worker.py
index f62d406..e586746 100644
--- a/cortexutils/worker.py
+++ b/cortexutils/worker.py
@@ -48,6 +48,11 @@ def __init__(self, job_directory):
 
         self.__set_proxies()
 
+        # Set CA certificate configuration if available
+        self.cacerts = self.get_param('config.cacerts')
+
+        self.__set_cacerts()
+
         # Finally run check tlp
         if not (self.__check_tlp()):
             self.error('TLP is higher than allowed.')
@@ -61,6 +66,10 @@ def __set_proxies(self):
         if self.https_proxy is not None:
             os.environ['https_proxy'] = self.https_proxy
 
+    def __set_cacerts(self):
+        if self.cacerts is not None:
+            os.environ['REQUESTS_CA_BUNDLE'] = self.cacerts
+
     @staticmethod
     def __set_encoding():
         try: