Also reload SSL context on bip reload, allowing for SSL cert updates
- on BIP reload, check if SSL files are readable, and try to load new SSL context. - on success only, update SSL context for new client connections This allows for SSL certificate/key updates on /BIP reload or SIGHUP. Signed-off-by: Loïc Gomez <bip@animanova.fr>
This commit is contained in:
parent
f797d25e06
commit
6542c2a4e1
@ -324,6 +324,22 @@ int main(int argc, char **argv)
|
|||||||
|
|
||||||
/* re-open to allow logfile rotate */
|
/* re-open to allow logfile rotate */
|
||||||
log_file_setup();
|
log_file_setup();
|
||||||
|
|
||||||
|
#ifdef HAVE_LIBSSL
|
||||||
|
/* reload SSL context if server-side SSL is enabled and SSL files
|
||||||
|
* seem accessible */
|
||||||
|
if (conf_css) {
|
||||||
|
if (check_ssl_files(SOFT_FAIL)) {
|
||||||
|
if (set_ssl_context(SSLCTX_FORCE_UPDATE) == 1)
|
||||||
|
mylog(LOG_DEBUG, "SSL context has been updated");
|
||||||
|
else
|
||||||
|
mylog(LOG_DEBUG, "SSL context has not been updated");
|
||||||
|
} else {
|
||||||
|
mylog(LOG_ERROR, "Unable to update SSL context, "
|
||||||
|
"file checks failed");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user