Kyoshiro/bip
1
0
Fork 0
forked from bip/bip
Code Pull Requests Activity

Also reload SSL context on bip reload, allowing for SSL cert updates

Browse Source 
- on BIP reload, check if SSL files are readable, and try to load new
  SSL context.
- on success only, update SSL context for new client connections

This allows for SSL certificate/key updates on /BIP reload or SIGHUP.

Signed-off-by: Loïc Gomez <bip@animanova.fr>
This commit is contained in:
Loïc Gomez 2024-02-04 14:49:35 +09:00
parent 428c1b6173
commit a03b12319a
Signed by: Kyoshiro
GPG Key ID: F80C2F71E89B990A
1 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/bip_main.c
View File

@ -340,6 +340,24 @@ int main(int argc, char **argv)
/* re-open to allow logfile rotate */ /* re-open to allow logfile rotate */
log_file_setup(); log_file_setup();
#ifdef HAVE_LIBSSL
/*
* reload SSL context if server-side SSL is enabled and SSL files
* seem accessible.
*/
if (conf_css) {
if (check_ssl_files(SOFT_FAIL)) {
if (set_ssl_context(SSLCTX_FORCE_UPDATE) == 1)
mylog(LOG_DEBUG, "SSL context has been updated");
else
mylog(LOG_DEBUG, "SSL context has not been updated");
} else {
mylog(LOG_ERROR, "Unable to update SSL context, "
"file checks failed");
}
}
#endif
} }
return 1; return 1;
} }