From a03b12319a8901cdd3b879605870ac62cc9b848c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lo=C3=AFc=20Gomez?= <bip@animanova.fr>
Date: Sun, 4 Feb 2024 14:49:35 +0900
Subject: [PATCH] Also reload SSL context on bip reload, allowing for SSL cert
 updates
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- on BIP reload, check if SSL files are readable, and try to load new
  SSL context.
- on success only, update SSL context for new client connections

This allows for SSL certificate/key updates on /BIP reload or SIGHUP.

Signed-off-by: Loïc Gomez <bip@animanova.fr>
---
 src/bip_main.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/src/bip_main.c b/src/bip_main.c
index 7558d7e..fabed51 100644
--- a/src/bip_main.c
+++ b/src/bip_main.c
@@ -340,6 +340,24 @@ int main(int argc, char **argv)
 
 		/* re-open to allow logfile rotate */
 		log_file_setup();
+
+#ifdef HAVE_LIBSSL
+		/*
+         * reload SSL context if server-side SSL is enabled and SSL files
+		 * seem accessible.
+         */
+		if (conf_css) {
+			if (check_ssl_files(SOFT_FAIL)) {
+				if (set_ssl_context(SSLCTX_FORCE_UPDATE) == 1)
+				    mylog(LOG_DEBUG, "SSL context has been updated");
+                else
+				    mylog(LOG_DEBUG, "SSL context has not been updated");
+            } else {
+				mylog(LOG_ERROR, "Unable to update SSL context, "
+								"file checks failed");
+            }
+		}
+#endif
 	}
 	return 1;
 }