kore

An easy to use, scalable and secure web application framework for writing web APIs in C.
Commits | Files | Refs | README | LICENSE | git clone https://git.kore.io/kore.git

commit a74fffe40c7d8e0a04d0fa76becd16dcba710927
parent 32a2035ce9d1c82dd8af72400f8af0cd10cfa1d3
Author: Joris Vink <joris@coders.se>
Date:   Wed,  5 Jun 2013 09:47:08 +0200

Introduce certfile and certkey in the configuration to specify where the certificate file and keys are located on a system.

Free unused vars in the main process after starting.

Diffstat:
example.conf | 2++
includes/kore.h | 2++
src/config.c | 35+++++++++++++++++++++++++++++++++++
src/kore.c | 18++++++++++++++----
4 files changed, 53 insertions(+), 4 deletions(-)

diff --git a/example.conf b/example.conf @@ -2,6 +2,8 @@ # Server configuration. bind 10.211.55.3 443 +certfile /etc/kore/server.crt +certkey /etc/kore/server.key # The path worker processes will chroot too after starting. chroot /home/joris/src/kore diff --git a/includes/kore.h b/includes/kore.h @@ -132,6 +132,8 @@ extern char *chroot_path; extern char *runas_user; extern char *kore_module_onload; extern char *kore_pidfile; +extern char *kore_certfile; +extern char *kore_certkey; extern u_int8_t worker_count; extern pid_t mypid; diff --git a/src/config.c b/src/config.c @@ -47,6 +47,8 @@ static int configure_chroot(char **); static int configure_runas(char **); static int configure_workers(char **); static int configure_pidfile(char **); +static int configure_certfile(char **); +static int configure_certkey(char **); static struct { const char *name; @@ -62,6 +64,8 @@ static struct { { "runas", configure_runas }, { "workers", configure_workers }, { "pidfile", configure_pidfile }, + { "certfile", configure_certfile }, + { "certkey", configure_certkey }, { NULL, NULL }, }; @@ -267,3 +271,34 @@ configure_pidfile(char **argv) kore_pidfile = kore_strdup(argv[1]); return (KORE_RESULT_OK); } + +static int +configure_certfile(char **argv) +{ + if (argv[1] == NULL) + return (KORE_RESULT_ERROR); + + if (kore_certfile != NULL) { + kore_debug("duplicate kore_certfile directive specified"); + return (KORE_RESULT_ERROR); + } + + kore_certfile = kore_strdup(argv[1]); + return (KORE_RESULT_OK); +} + +static int +configure_certkey(char **argv) +{ + if (argv[1] == NULL) + return (KORE_RESULT_ERROR); + + if (kore_certkey != NULL) { + kore_debug("duplicate kore_certkey directive specified"); + return (KORE_RESULT_ERROR); + } + + kore_certkey = kore_strdup(argv[1]); + return (KORE_RESULT_OK); +} + diff --git a/src/kore.c b/src/kore.c @@ -67,8 +67,10 @@ int kore_debug = 0; int server_port = 0; u_int8_t worker_count = 0; char *server_ip = NULL; -char *chroot_path = NULL; char *runas_user = NULL; +char *chroot_path = NULL; +char *kore_certkey = NULL; +char *kore_certfile = NULL; char *kore_pidfile = KORE_PIDFILE_DEFAULT; static void usage(void); @@ -141,6 +143,9 @@ main(int argc, char *argv[]) fatal("missing a username to run as"); if ((pw = getpwnam(runas_user)) == NULL) fatal("user '%s' does not exist", runas_user); + if (kore_certfile == NULL || kore_certkey == NULL) + fatal("missing certificate information"); + if ((cpu_count = sysconf(_SC_NPROCESSORS_ONLN)) == -1) { kore_debug("could not get number of cpu's falling back to 1"); cpu_count = 1; @@ -163,8 +168,13 @@ main(int argc, char *argv[]) kore_debug("cannot set process title"); sig_recv = 0; - signal(SIGQUIT, kore_signal); signal(SIGHUP, kore_signal); + signal(SIGQUIT, kore_signal); + + free(server_ip); + free(runas_user); + free(kore_certkey); + free(kore_certfile); for (;;) { if (sig_recv != 0) { @@ -226,12 +236,12 @@ kore_server_sslstart(void) return (KORE_RESULT_ERROR); } - if (!SSL_CTX_use_certificate_chain_file(ssl_ctx, "cert/server.crt")) { + if (!SSL_CTX_use_certificate_chain_file(ssl_ctx, kore_certfile)) { kore_debug("SSL_CTX_use_certificate_file(): %s", ssl_errno_s); return (KORE_RESULT_ERROR); } - if (!SSL_CTX_use_PrivateKey_file(ssl_ctx, "cert/server.key", + if (!SSL_CTX_use_PrivateKey_file(ssl_ctx, kore_certkey, SSL_FILETYPE_PEM)) { kore_debug("SSL_CTX_use_PrivateKey_file(): %s", ssl_errno_s); return (KORE_RESULT_ERROR);