diff --git a/samples/bip.conf b/samples/bip.conf index cc49370..5faa8e9 100644 --- a/samples/bip.conf +++ b/samples/bip.conf @@ -16,6 +16,10 @@ port = 7778; # for bip using scripts/bipgenconfig. client_side_ssl = false; +# This is the file containing the SSL cert/key pair bip'll use to +# serve SSL clients. If unset, it defaults to /bip.pem +#client_side_ssl_key = "/path/to/pemfile"; + log_level = 3; #pid_file="/var/run/bip/bip.pid"; diff --git a/samples/bip.vim b/samples/bip.vim index c08fb62..9f761ef 100644 --- a/samples/bip.vim +++ b/samples/bip.vim @@ -54,7 +54,7 @@ syn region bipMain start=/\%^/ end=/\%$/ " Top level elements syn keyword bipKeyword contained nextgroup=bipBoolV client_side_ssl syn keyword bipKeyword contained nextgroup=bipStringV log_root - \ log_format pid_file + \ log_format pid_file client_side_ssl_key syn keyword bipKeyword contained nextgroup=bipNumericV port log_level \ log_sync_interval syn keyword bipKeyword contained nextgroup=bipIPV ip diff --git a/src/bip.c b/src/bip.c index bc81e40..26e80ec 100644 --- a/src/bip.c +++ b/src/bip.c @@ -563,6 +563,11 @@ static int add_connection(bip_t *bip, struct user *user, list_t *data) if (strcmp(t->pdata, "ca") == 0) l->ssl_check_mode = SSL_CHECK_CA; break; +#else + case LEX_SSL_CHECK_MODE: + mylog(LOG_WARN, "Found SSL option whereas bip is " + "not built with SSL support."); + break; #endif default: conf_die(bip, "Unknown keyword in connection " @@ -745,6 +750,12 @@ static int add_user(bip_t *bip, list_t *data, struct historical_directives *hds) case LEX_SSL_CHECK_STORE: MOVE_STRING(u->ssl_check_store, t->pdata); break; +#else + case LEX_SSL_CHECK_MODE: + case LEX_SSL_CHECK_STORE: + mylog(LOG_WARN, "Found SSL option whereas bip is " + "not built with SSL support."); + break; #endif default: conf_die(bip, "Uknown keyword in user statement"); @@ -953,9 +964,20 @@ int fireup(bip_t *bip, FILE *conf) case LEX_PORT: conf_port = t->ndata; break; +#ifdef HAVE_LIBSSL case LEX_CSS: conf_css = t->ndata; break; + case LEX_CSS_KEY: + MOVE_STRING(conf_ssl_certfile, t->pdata); + break; +#else + case LEX_CSS: + case LEX_CSS_KEY: + mylog(LOG_WARN, "Found SSL option whereas bip is " + "not built with SSL support."); + break; +#endif case LEX_PID_FILE: MOVE_STRING(conf_pid_file, t->pdata); break; @@ -1132,6 +1154,9 @@ int main(int argc, char **argv) conf_daemonize = 1; conf_global_log_file = stderr; conf_pid_file = NULL; +#ifdef HAVE_LIBSSL + conf_ssl_certfile = NULL; +#endif while ((ch = getopt(argc, argv, "hvnf:s:")) != -1) { switch (ch) { @@ -1214,18 +1239,13 @@ int main(int argc, char **argv) } #ifdef HAVE_LIBSSL - conf_ssl_certfile = NULL; /* Make into a config option */ if (!conf_ssl_certfile) { char *ap = "/bip.pem"; - if (conf_ssl_certfile) { - free(conf_ssl_certfile); - conf_ssl_certfile = NULL; - } conf_ssl_certfile = malloc(strlen(conf_biphome) + strlen(ap) + 1); strcpy(conf_ssl_certfile, conf_biphome); strcat(conf_ssl_certfile, ap); - mylog(LOG_INFO, "Default SSL certificate file: %s", + mylog(LOG_INFO, "Using default SSL certificate file: %s", conf_ssl_certfile); } #endif diff --git a/src/conf.y b/src/conf.y index 63111c8..a902f50 100644 --- a/src/conf.y +++ b/src/conf.y @@ -68,7 +68,7 @@ struct tuple *tuple_l_new(int type, void *p) %} -%token LEX_IP LEX_EQ LEX_PORT LEX_CSS LEX_SEMICOLON LEX_CONNECTION LEX_NETWORK LEX_LBRA LEX_RBRA LEX_USER LEX_NAME LEX_NICK LEX_SERVER LEX_PASSWORD LEX_SRCIP LEX_HOST LEX_VHOST LEX_SOURCE_PORT LEX_NONE LEX_COMMENT LEX_BUNCH LEX_REALNAME LEX_SSL LEX_SSL_CHECK_MODE LEX_SSL_CHECK_STORE LEX_CHANNEL LEX_KEY LEX_LOG_ROOT LEX_LOG_FORMAT LEX_LOG_LEVEL LEX_BACKLOG_LINES LEX_BACKLOG_NO_TIMESTAMP LEX_BACKLOG LEX_LOG LEX_LOG_SYSTEM LEX_LOG_SYNC_INTERVAL LEX_FOLLOW_NICK LEX_ON_CONNECT_SEND LEX_AWAY_NICK LEX_PID_FILE LEX_IGN_FIRST_NICK LEX_ALWAYS_BACKLOG LEX_BLRESET_ON_TALK LEX_DEFAULT_USER LEX_DEFAULT_NICK LEX_DEFAULT_REALNAME LEX_NO_CLIENT_AWAY_MSG LEX_BL_MSG_ONLY LEX_ADMIN LEX_BIP_USE_NOTICE +%token LEX_IP LEX_EQ LEX_PORT LEX_CSS LEX_SEMICOLON LEX_CONNECTION LEX_NETWORK LEX_LBRA LEX_RBRA LEX_USER LEX_NAME LEX_NICK LEX_SERVER LEX_PASSWORD LEX_SRCIP LEX_HOST LEX_VHOST LEX_SOURCE_PORT LEX_NONE LEX_COMMENT LEX_BUNCH LEX_REALNAME LEX_SSL LEX_SSL_CHECK_MODE LEX_SSL_CHECK_STORE LEX_CHANNEL LEX_KEY LEX_LOG_ROOT LEX_LOG_FORMAT LEX_LOG_LEVEL LEX_BACKLOG_LINES LEX_BACKLOG_NO_TIMESTAMP LEX_BACKLOG LEX_LOG LEX_LOG_SYSTEM LEX_LOG_SYNC_INTERVAL LEX_FOLLOW_NICK LEX_ON_CONNECT_SEND LEX_AWAY_NICK LEX_PID_FILE LEX_IGN_FIRST_NICK LEX_ALWAYS_BACKLOG LEX_BLRESET_ON_TALK LEX_DEFAULT_USER LEX_DEFAULT_NICK LEX_DEFAULT_REALNAME LEX_NO_CLIENT_AWAY_MSG LEX_BL_MSG_ONLY LEX_ADMIN LEX_BIP_USE_NOTICE LEX_CSS_KEY %union { int number; @@ -97,6 +97,7 @@ command: | LEX_IP LEX_EQ LEX_STRING { $$ = tuple_s_new(LEX_IP, $3); } | LEX_PORT LEX_EQ LEX_INT { $$ = tuple_i_new(LEX_PORT, $3); } | LEX_CSS LEX_EQ LEX_BOOL { $$ = tuple_i_new(LEX_CSS, $3); } + | LEX_CSS_KEY LEX_EQ LEX_STRING { $$ = tuple_s_new(LEX_CSS_KEY, $3); } | LEX_LOG LEX_EQ LEX_BOOL { $$ = tuple_i_new(LEX_LOG, $3); } | LEX_LOG_SYSTEM LEX_EQ LEX_BOOL { $$ = tuple_i_new(LEX_LOG_SYSTEM, $3); } | LEX_LOG_SYNC_INTERVAL LEX_EQ LEX_INT { $$ = tuple_i_new( diff --git a/src/lex.l b/src/lex.l index af9a6b5..081794f 100644 --- a/src/lex.l +++ b/src/lex.l @@ -111,6 +111,7 @@ list_t *parse_conf(FILE *file, int *err) "no_client_away_msg" { return LEX_NO_CLIENT_AWAY_MSG; } "pid_file" { return LEX_PID_FILE; } "bip_use_notice" { return LEX_BIP_USE_NOTICE; } +"client_side_ssl_key" { return LEX_CSS_KEY; } \"[^"]*\" { size_t len = strlen(yytext) - 2; yylval.string = malloc(len + 1);