commit a74fffe40c7d8e0a04d0fa76becd16dcba710927
parent 32a2035ce9d1c82dd8af72400f8af0cd10cfa1d3
Author: Joris Vink <joris@coders.se>
Date: Wed, 5 Jun 2013 09:47:08 +0200
Introduce certfile and certkey in the configuration to specify where the certificate file and keys are located on a system.
Free unused vars in the main process after starting.
Diffstat:
4 files changed, 53 insertions(+), 4 deletions(-)
diff --git a/example.conf b/example.conf
@@ -2,6 +2,8 @@
# Server configuration.
bind 10.211.55.3 443
+certfile /etc/kore/server.crt
+certkey /etc/kore/server.key
# The path worker processes will chroot too after starting.
chroot /home/joris/src/kore
diff --git a/includes/kore.h b/includes/kore.h
@@ -132,6 +132,8 @@ extern char *chroot_path;
extern char *runas_user;
extern char *kore_module_onload;
extern char *kore_pidfile;
+extern char *kore_certfile;
+extern char *kore_certkey;
extern u_int8_t worker_count;
extern pid_t mypid;
diff --git a/src/config.c b/src/config.c
@@ -47,6 +47,8 @@ static int configure_chroot(char **);
static int configure_runas(char **);
static int configure_workers(char **);
static int configure_pidfile(char **);
+static int configure_certfile(char **);
+static int configure_certkey(char **);
static struct {
const char *name;
@@ -62,6 +64,8 @@ static struct {
{ "runas", configure_runas },
{ "workers", configure_workers },
{ "pidfile", configure_pidfile },
+ { "certfile", configure_certfile },
+ { "certkey", configure_certkey },
{ NULL, NULL },
};
@@ -267,3 +271,34 @@ configure_pidfile(char **argv)
kore_pidfile = kore_strdup(argv[1]);
return (KORE_RESULT_OK);
}
+
+static int
+configure_certfile(char **argv)
+{
+ if (argv[1] == NULL)
+ return (KORE_RESULT_ERROR);
+
+ if (kore_certfile != NULL) {
+ kore_debug("duplicate kore_certfile directive specified");
+ return (KORE_RESULT_ERROR);
+ }
+
+ kore_certfile = kore_strdup(argv[1]);
+ return (KORE_RESULT_OK);
+}
+
+static int
+configure_certkey(char **argv)
+{
+ if (argv[1] == NULL)
+ return (KORE_RESULT_ERROR);
+
+ if (kore_certkey != NULL) {
+ kore_debug("duplicate kore_certkey directive specified");
+ return (KORE_RESULT_ERROR);
+ }
+
+ kore_certkey = kore_strdup(argv[1]);
+ return (KORE_RESULT_OK);
+}
+
diff --git a/src/kore.c b/src/kore.c
@@ -67,8 +67,10 @@ int kore_debug = 0;
int server_port = 0;
u_int8_t worker_count = 0;
char *server_ip = NULL;
-char *chroot_path = NULL;
char *runas_user = NULL;
+char *chroot_path = NULL;
+char *kore_certkey = NULL;
+char *kore_certfile = NULL;
char *kore_pidfile = KORE_PIDFILE_DEFAULT;
static void usage(void);
@@ -141,6 +143,9 @@ main(int argc, char *argv[])
fatal("missing a username to run as");
if ((pw = getpwnam(runas_user)) == NULL)
fatal("user '%s' does not exist", runas_user);
+ if (kore_certfile == NULL || kore_certkey == NULL)
+ fatal("missing certificate information");
+
if ((cpu_count = sysconf(_SC_NPROCESSORS_ONLN)) == -1) {
kore_debug("could not get number of cpu's falling back to 1");
cpu_count = 1;
@@ -163,8 +168,13 @@ main(int argc, char *argv[])
kore_debug("cannot set process title");
sig_recv = 0;
- signal(SIGQUIT, kore_signal);
signal(SIGHUP, kore_signal);
+ signal(SIGQUIT, kore_signal);
+
+ free(server_ip);
+ free(runas_user);
+ free(kore_certkey);
+ free(kore_certfile);
for (;;) {
if (sig_recv != 0) {
@@ -226,12 +236,12 @@ kore_server_sslstart(void)
return (KORE_RESULT_ERROR);
}
- if (!SSL_CTX_use_certificate_chain_file(ssl_ctx, "cert/server.crt")) {
+ if (!SSL_CTX_use_certificate_chain_file(ssl_ctx, kore_certfile)) {
kore_debug("SSL_CTX_use_certificate_file(): %s", ssl_errno_s);
return (KORE_RESULT_ERROR);
}
- if (!SSL_CTX_use_PrivateKey_file(ssl_ctx, "cert/server.key",
+ if (!SSL_CTX_use_PrivateKey_file(ssl_ctx, kore_certkey,
SSL_FILETYPE_PEM)) {
kore_debug("SSL_CTX_use_PrivateKey_file(): %s", ssl_errno_s);
return (KORE_RESULT_ERROR);
