From 9064f7b9c347f913089bfea94d65ad3afc11ccf4 Mon Sep 17 00:00:00 2001 From: Luke Bratch Date: Sun, 12 May 2019 21:41:49 +0100 Subject: Make certificate and key file paths configurable. --- blabouncer.c | 16 +++++++++++++++- blabouncer.conf | 6 ++++++ sockets.c | 6 +++--- sockets.h | 2 +- 4 files changed, 25 insertions(+), 5 deletions(-) diff --git a/blabouncer.c b/blabouncer.c index 13e91c1..dcfdd1b 100644 --- a/blabouncer.c +++ b/blabouncer.c @@ -104,6 +104,8 @@ struct settings { char ircserver[HOST_NAME_MAX]; char ircserverport[MAXPORTLEN]; char conffile[PATH_MAX]; + char certfile[PATH_MAX]; + char keyfile[PATH_MAX]; }; // Return index of requested client FD within arr_clients @@ -1080,7 +1082,7 @@ void dochat(int *serversockfd, int *clientsockfd, struct settings *settings) { // Initialise OpenSSL init_openssl(); ctx = create_context(); - configure_context(ctx); + configure_context(ctx, settings->certfile, settings->keyfile); while (1) { printf("top of loop, fdmax %d.\n", fdmax); @@ -1328,6 +1330,18 @@ int main(int argc, char *argv[]) { exit(1); } + // What is the certificate file path? + if (!getconfstr("certfile", settings.conffile, settings.certfile)) { + printf("main(): error getting 'certfile' from configuration file.\n"); + exit(1); + } + + // What is the certificate key file path? + if (!getconfstr("keyfile", settings.conffile, settings.keyfile)) { + printf("main(): error getting 'keyfile' from configuration file.\n"); + exit(1); + } + // TODO: see if any of this can be shared (i.e. 1. avoid code duplication, and 2. see if variables can be shared between client/server sockets) // TODO: track fdmax - kind of doing this now with arr_clients and num_clients but might be pointlessly tracking both in some places (?) diff --git a/blabouncer.conf b/blabouncer.conf index 466fb37..3428960 100644 --- a/blabouncer.conf +++ b/blabouncer.conf @@ -22,3 +22,9 @@ ircserver = "irc.blatech.net" # Real IRC server port ircserverport = "6667" + +# Certificate file +certfile = "cert.pem" + +# Certificate key file +keyfile = "key.pem" diff --git a/sockets.c b/sockets.c index fd733b8..0f78b21 100644 --- a/sockets.c +++ b/sockets.c @@ -151,16 +151,16 @@ SSL_CTX *create_context() { return ctx; } -void configure_context(SSL_CTX *ctx) { +void configure_context(SSL_CTX *ctx, char *certfile, char *keyfile) { SSL_CTX_set_ecdh_auto(ctx, 1); /* Set the key and cert */ - if (SSL_CTX_use_certificate_file(ctx, "cert.pem", SSL_FILETYPE_PEM) <= 0) { + if (SSL_CTX_use_certificate_file(ctx, certfile, SSL_FILETYPE_PEM) <= 0) { ERR_print_errors_fp(stderr); exit(EXIT_FAILURE); } - if (SSL_CTX_use_PrivateKey_file(ctx, "key.pem", SSL_FILETYPE_PEM) <= 0 ) { + if (SSL_CTX_use_PrivateKey_file(ctx, keyfile, SSL_FILETYPE_PEM) <= 0 ) { ERR_print_errors_fp(stderr); exit(EXIT_FAILURE); } diff --git a/sockets.h b/sockets.h index 523d609..c342de2 100644 --- a/sockets.h +++ b/sockets.h @@ -32,6 +32,6 @@ void cleanup_openssl(); SSL_CTX *create_context(); -void configure_context(SSL_CTX *ctx); +void configure_context(SSL_CTX *ctx, char *certfile, char *keyfile); #endif -- cgit v1.2.3