diff options
| author | Luke Bratch <luke@bratch.co.uk> | 2024-03-30 16:09:37 +0000 |
|---|---|---|
| committer | Luke Bratch <luke@bratch.co.uk> | 2024-03-30 16:09:37 +0000 |
| commit | 3612ac309895be690c8dc3080898dfb713b8a23e (patch) | |
| tree | 0918a707e2f34a36ef944f02662997de2653a6f7 /functions.c | |
| parent | 6bc5e61f1bd0217618aa799169b5439f013b6921 (diff) | |
Implement changing client-side TLS certificate and key paths, and reloading certificate/key at runtime when doing a REHASH (BLABOUNCER command or SIGHUP).
Diffstat (limited to 'functions.c')
| -rw-r--r-- | functions.c | 35 |
1 files changed, 34 insertions, 1 deletions
diff --git a/functions.c b/functions.c index 377f1af..d0c0341 100644 --- a/functions.c +++ b/functions.c @@ -1076,8 +1076,9 @@ void cleanexit(SSL *server_ssl, struct client *clients, int sourcefd, struct irc } // Re-read the configuration file, setting 'failuremsg' to a failure message on failure. +// 'ctx' is the client OpenSSL context for changing the certificate/key. // Returns 1 on success or 0 on failure. -int rehash(struct settings *settings, char *failuremsg) { +int rehash(struct settings *settings, char *failuremsg, SSL_CTX *ctx) { // TODO - Try to share some/all of this code with the initial main() settings loading // What are the configured nick(s)? @@ -1198,6 +1199,38 @@ int rehash(struct settings *settings, char *failuremsg) { return 0; } + // If clienttls = 1, re-read the certificate and key file paths (we don't support switching between TLS and non-TLS) + if (settings->clienttls) { + + // What is the certificate file path? + char oldcertfile[PATH_MAX]; + strcpy(oldcertfile, settings->certfile); + if (!getconfstr("certfile", settings->conffile, settings->certfile)) { + // If none provided, set to default + if (!snprintf(settings->certfile, PATH_MAX, "%s/cert.pem", settings->basedir)) { + strcpy(settings->certfile, oldcertfile); + strcpy(failuremsg, "didn't get 'certfile' from configuration file and failed to prepare default certfile location"); + return 0; + } + } + + // What is the key file path? + char oldkeyfile[PATH_MAX]; + strcpy(oldkeyfile, settings->keyfile); + if (!getconfstr("keyfile", settings->conffile, settings->keyfile)) { + + // If none provided, set to default + if (!snprintf(settings->keyfile, PATH_MAX, "%s/key.pem", settings->basedir)) { + strcpy(settings->keyfile, oldkeyfile); + strcpy(failuremsg, "didn't get 'keyfile' from configuration file and failed to prepare default keyfile location"); + return 0; + } + } + + // Reconfigure OpenSSL context in case the certificate or the key changed + configure_openssl_context(ctx, settings->certfile, settings->keyfile); + } + // All is good, no failure message, return 1. failuremsg[0] = '\0'; return 1; |