Use /etc/ssl/certs/ca-certificates.crt as a default file to verify secured download

OleksandrChaika · OleksandrChaika · commit 5f57f3695934 · 2023-07-03T18:53:03.000+02:00
diff --git a/.github/actions/build-native-binary/action.yaml b/.github/actions/build-native-binary/action.yaml
@@ -106,6 +106,7 @@ runs:
         -keyout /etc/ssl/private/selfupdateagent.key \
         -out /etc/ssl/certs/selfupdateagent.crt \
         -config utest/sua-certificate.config
+      sudo tee -a /etc/ssl/certs/ca-certificates.crt < /etc/ssl/certs/selfupdateagent.crt > /dev/null
     shell: bash
 
   - name: Install and configure apache2
diff --git a/src/Context.h b/src/Context.h
@@ -57,7 +57,7 @@ namespace sua {
         std::shared_ptr<IBundleChecker>         bundleChecker;
         std::string                             updatesDirectory    = "/data/selfupdates";
         std::string                             tempFileName        = "/temp_file";
-        std::string                             certificateFileName = "/etc/ssl/certs/selfupdateagent.crt";
+        std::string                             certificateFileName = "/etc/ssl/certs/ca-certificates.crt";
         bool                                    downloadMode        = true;
         bool                                    fallbackMode        = false;
 
diff --git a/src/main.cpp b/src/main.cpp
@@ -52,7 +52,7 @@ SUA_SERVER    sets and overrides MQTT server address to connect
 -s, --server    MQTT broker server to connect, has precedence over SUA_SERVER environment variable
                 (default is 'tcp://mosquitto:1883')
 -c, --ca        path to certificate to verify connection with bundle server
-                (default is '/etc/ssl/certs/selfupdateagent.crt')
+                (default is '/etc/ssl/certs/ca-certificates.crt')
 -v, --version   display version (Git hash and build number) used to build SUA and exit
 )";
 
@@ -61,7 +61,7 @@ int main(int argc, char* argv[])
     std::string server{"tcp://mosquitto:1883"};
     std::string installer{"download"};
     std::string hostPathToSelfupdateDir{"/data/selfupdates"};
-    std::string pathToCertificate{"/etc/ssl/certs/selfupdateagent.crt"};
+    std::string pathToCertificate{"/etc/ssl/certs/ca-certificates.crt"};
 
     const char * env_server = std::getenv("SUA_SERVER");
     if(env_server) {
