commit b3b5aa37b737fc590e55010ce72ca5408ec212ee
parent 9bcf6fdf6dc14002132e4caebabdd506f5a4bbe9
Author: Joris Vink <joris@coders.se>
Date: Wed, 13 Nov 2019 23:01:24 +0100
Allow acme config via python api
Diffstat:
5 files changed, 54 insertions(+), 15 deletions(-)
diff --git a/include/kore/acme.h b/include/kore/acme.h
@@ -47,6 +47,7 @@ extern "C" {
void kore_acme_init(void);
void kore_acme_run(void);
void kore_acme_setup(void);
+void kore_acme_get_paths(const char *, char **, char **);
int kore_acme_tls_alpn(SSL *, const unsigned char **, unsigned char *,
const unsigned char *, unsigned int, void *);
diff --git a/src/acme.c b/src/acme.c
@@ -369,6 +369,27 @@ kore_acme_tls_alpn(SSL *ssl, const unsigned char **out, unsigned char *outlen,
return (SSL_TLSEXT_ERR_OK);
}
+void
+kore_acme_get_paths(const char *domain, char **key, char **cert)
+{
+ int len;
+ char path[MAXPATHLEN];
+
+ len = snprintf(path, sizeof(path), "%s/%s/fullchain.pem",
+ KORE_ACME_CERTDIR, domain);
+ if (len == -1 || (size_t)len >= sizeof(path))
+ fatal("failed to create certfile path");
+
+ *cert = kore_strdup(path);
+
+ len = snprintf(path, sizeof(path), "%s/%s/key.pem",
+ KORE_ACME_CERTDIR, domain);
+ if (len == -1 || (size_t)len >= sizeof(path))
+ fatal("failed to create certkey path");
+
+ *key = kore_strdup(path);
+}
+
static void
acme_tls_challenge_use_cert(SSL *ssl, struct kore_domain *dom)
{
diff --git a/src/config.c b/src/config.c
@@ -586,9 +586,6 @@ configure_tls(char *yesno)
static int
configure_acme(char *yesno)
{
- int len;
- char path[MAXPATHLEN];
-
if (current_domain == NULL) {
printf("acme directive not inside a domain context\n");
return (KORE_RESULT_ERROR);
@@ -608,19 +605,9 @@ configure_acme(char *yesno)
kore_free(current_domain->certkey);
kore_free(current_domain->certfile);
- len = snprintf(path, sizeof(path), "%s/%s/fullchain.pem",
- KORE_ACME_CERTDIR, current_domain->domain);
- if (len == -1 || (size_t)len >= sizeof(path))
- fatal("failed to create certfile path");
-
- current_domain->certfile = kore_strdup(path);
-
- len = snprintf(path, sizeof(path), "%s/%s/key.pem",
- KORE_ACME_CERTDIR, current_domain->domain);
- if (len == -1 || (size_t)len >= sizeof(path))
- fatal("failed to create certkey path");
+ kore_acme_get_paths(current_domain->domain,
+ ¤t_domain->certkey, ¤t_domain->certfile);
- current_domain->certkey = kore_strdup(path);
} else {
printf("invalid '%s' for yes|no acme option\n", yesno);
return (KORE_RESULT_ERROR);
diff --git a/src/kore.c b/src/kore.c
@@ -150,6 +150,9 @@ version(void)
#if defined(KORE_USE_PYTHON)
printf("python-%s ", PY_VERSION);
#endif
+#if defined(KORE_USE_ACME)
+ printf("acme ");
+#endif
printf("\n");
exit(0);
}
diff --git a/src/python.c b/src/python.c
@@ -39,6 +39,10 @@
#include "curl.h"
#endif
+#if defined(KORE_USE_ACME)
+#include "acme.h"
+#endif
+
#include "python_api.h"
#include "python_methods.h"
@@ -1876,6 +1880,10 @@ python_kore_tracer(PyObject *self, PyObject *args)
static PyObject *
python_kore_domain(PyObject *self, PyObject *args, PyObject *kwargs)
{
+#if defined(KORE_USE_ACME)
+ int acme;
+ char *acert, *akey;
+#endif
struct kore_server *srv;
long depth;
const char *name;
@@ -1912,6 +1920,17 @@ python_kore_domain(PyObject *self, PyObject *args, PyObject *kwargs)
key = python_string_from_dict(kwargs, "key");
cert = python_string_from_dict(kwargs, "cert");
+#if defined(KORE_USE_ACME)
+ acme = 0;
+ python_bool_from_dict(kwargs, "acme", &acme);
+
+ if (acme) {
+ kore_acme_get_paths(name, &akey, &acert);
+ key = akey;
+ cert = acert;
+ }
+#endif
+
if (key == NULL || cert == NULL) {
PyErr_Format(PyExc_RuntimeError,
"missing key or cert keywords for TLS listener");
@@ -1949,6 +1968,14 @@ python_kore_domain(PyObject *self, PyObject *args, PyObject *kwargs)
domain->config->certkey = kore_strdup(key);
domain->config->certfile = kore_strdup(cert);
+#if defined(KORE_USE_ACME)
+ domain->config->acme = acme;
+
+ if (domain->config->acme) {
+ kore_free(akey);
+ kore_free(acert);
+ }
+#endif
if (ca != NULL) {
domain->config->cafile = kore_strdup(ca);
domain->config->x509_verify_depth = depth;
