Also reload SSL context on bip reload, allowing for SSL cert updates
- on BIP reload, check if SSL files are readable, and try to load new SSL context. - on success only, update SSL context for new client connections This allows for SSL certificate/key updates on /BIP reload or SIGHUP. Signed-off-by: Loïc Gomez <bip@animanova.fr>
This commit is contained in:
parent
f797d25e06
commit
6542c2a4e1
@ -324,6 +324,22 @@ int main(int argc, char **argv)
|
||||
|
||||
/* re-open to allow logfile rotate */
|
||||
log_file_setup();
|
||||
|
||||
#ifdef HAVE_LIBSSL
|
||||
/* reload SSL context if server-side SSL is enabled and SSL files
|
||||
* seem accessible */
|
||||
if (conf_css) {
|
||||
if (check_ssl_files(SOFT_FAIL)) {
|
||||
if (set_ssl_context(SSLCTX_FORCE_UPDATE) == 1)
|
||||
mylog(LOG_DEBUG, "SSL context has been updated");
|
||||
else
|
||||
mylog(LOG_DEBUG, "SSL context has not been updated");
|
||||
} else {
|
||||
mylog(LOG_ERROR, "Unable to update SSL context, "
|
||||
"file checks failed");
|
||||
}
|
||||
}
|
||||
#endif
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user