registrar TLS related config uptions prefixed with registrar_ seems not to be used

[kkaarreell]

Is your an issue a feature request? If so, please raise it as an enhancement

Environment

• OS / version: RHEL-9 / CentOS Stream 9
• Processor architecture: x86_64
• TPM Manufacturer: IBM emulator
• Keylime version: current upstream Nov 1, 2021

Description

https://github.com/keylime/keylime/blob/master/keylime.conf#L190
The following options withing the [registrar] section of keylime.conf doesn't seem to have any use:

registrar_tls_dir
registrar_ca_cert
registrar_my_cert
registrar_private_key

I have confirmed that by setting it to wrong values, like registrar_tls_dir = /no-such-diretc.

Expected behavior vs. actual behavior

there are no registrar_* TLS options withing [registrar] section (if they are really not used).

Steps to reproduce problem

Relevant logs

Attach any relevant log files that can help to debug your issue.

[kkaarreell]

Additionally,
https://github.com/keylime/keylime/blob/master/keylime.conf#L168
and
https://github.com/keylime/keylime/blob/master/keylime.conf#L490
mentions <fully_qualified_domain_name>-public.pem as a default filename for the private key,
I assume it should state -private.pem instead (since it is a private key). The code in keylime/ca_util.py seems to load keys properly (public from -public.pem, private from -private.pem).

[THS-on]

The first issue is now fixed with #792. I couldn't find any part of the registrar code that uses those options.

For the -public.pem issue it makes sense and in our setup we also explicitly specify -private.pem,
but I'll have to check that all code actually assumes that.