kore

An easy to use, scalable and secure web application framework for writing web APIs in C.
Commits | Files | Refs | README | LICENSE | git clone https://git.kore.io/kore.git

commit b3b5aa37b737fc590e55010ce72ca5408ec212ee
parent 9bcf6fdf6dc14002132e4caebabdd506f5a4bbe9
Author: Joris Vink <joris@coders.se>
Date:   Wed, 13 Nov 2019 23:01:24 +0100

Allow acme config via python api

Diffstat:
include/kore/acme.h | 1+
src/acme.c | 21+++++++++++++++++++++
src/config.c | 17++---------------
src/kore.c | 3+++
src/python.c | 27+++++++++++++++++++++++++++
5 files changed, 54 insertions(+), 15 deletions(-)

diff --git a/include/kore/acme.h b/include/kore/acme.h @@ -47,6 +47,7 @@ extern "C" { void kore_acme_init(void); void kore_acme_run(void); void kore_acme_setup(void); +void kore_acme_get_paths(const char *, char **, char **); int kore_acme_tls_alpn(SSL *, const unsigned char **, unsigned char *, const unsigned char *, unsigned int, void *); diff --git a/src/acme.c b/src/acme.c @@ -369,6 +369,27 @@ kore_acme_tls_alpn(SSL *ssl, const unsigned char **out, unsigned char *outlen, return (SSL_TLSEXT_ERR_OK); } +void +kore_acme_get_paths(const char *domain, char **key, char **cert) +{ + int len; + char path[MAXPATHLEN]; + + len = snprintf(path, sizeof(path), "%s/%s/fullchain.pem", + KORE_ACME_CERTDIR, domain); + if (len == -1 || (size_t)len >= sizeof(path)) + fatal("failed to create certfile path"); + + *cert = kore_strdup(path); + + len = snprintf(path, sizeof(path), "%s/%s/key.pem", + KORE_ACME_CERTDIR, domain); + if (len == -1 || (size_t)len >= sizeof(path)) + fatal("failed to create certkey path"); + + *key = kore_strdup(path); +} + static void acme_tls_challenge_use_cert(SSL *ssl, struct kore_domain *dom) { diff --git a/src/config.c b/src/config.c @@ -586,9 +586,6 @@ configure_tls(char *yesno) static int configure_acme(char *yesno) { - int len; - char path[MAXPATHLEN]; - if (current_domain == NULL) { printf("acme directive not inside a domain context\n"); return (KORE_RESULT_ERROR); @@ -608,19 +605,9 @@ configure_acme(char *yesno) kore_free(current_domain->certkey); kore_free(current_domain->certfile); - len = snprintf(path, sizeof(path), "%s/%s/fullchain.pem", - KORE_ACME_CERTDIR, current_domain->domain); - if (len == -1 || (size_t)len >= sizeof(path)) - fatal("failed to create certfile path"); - - current_domain->certfile = kore_strdup(path); - - len = snprintf(path, sizeof(path), "%s/%s/key.pem", - KORE_ACME_CERTDIR, current_domain->domain); - if (len == -1 || (size_t)len >= sizeof(path)) - fatal("failed to create certkey path"); + kore_acme_get_paths(current_domain->domain, + &current_domain->certkey, &current_domain->certfile); - current_domain->certkey = kore_strdup(path); } else { printf("invalid '%s' for yes|no acme option\n", yesno); return (KORE_RESULT_ERROR); diff --git a/src/kore.c b/src/kore.c @@ -150,6 +150,9 @@ version(void) #if defined(KORE_USE_PYTHON) printf("python-%s ", PY_VERSION); #endif +#if defined(KORE_USE_ACME) + printf("acme "); +#endif printf("\n"); exit(0); } diff --git a/src/python.c b/src/python.c @@ -39,6 +39,10 @@ #include "curl.h" #endif +#if defined(KORE_USE_ACME) +#include "acme.h" +#endif + #include "python_api.h" #include "python_methods.h" @@ -1876,6 +1880,10 @@ python_kore_tracer(PyObject *self, PyObject *args) static PyObject * python_kore_domain(PyObject *self, PyObject *args, PyObject *kwargs) { +#if defined(KORE_USE_ACME) + int acme; + char *acert, *akey; +#endif struct kore_server *srv; long depth; const char *name; @@ -1912,6 +1920,17 @@ python_kore_domain(PyObject *self, PyObject *args, PyObject *kwargs) key = python_string_from_dict(kwargs, "key"); cert = python_string_from_dict(kwargs, "cert"); +#if defined(KORE_USE_ACME) + acme = 0; + python_bool_from_dict(kwargs, "acme", &acme); + + if (acme) { + kore_acme_get_paths(name, &akey, &acert); + key = akey; + cert = acert; + } +#endif + if (key == NULL || cert == NULL) { PyErr_Format(PyExc_RuntimeError, "missing key or cert keywords for TLS listener"); @@ -1949,6 +1968,14 @@ python_kore_domain(PyObject *self, PyObject *args, PyObject *kwargs) domain->config->certkey = kore_strdup(key); domain->config->certfile = kore_strdup(cert); +#if defined(KORE_USE_ACME) + domain->config->acme = acme; + + if (domain->config->acme) { + kore_free(akey); + kore_free(acert); + } +#endif if (ca != NULL) { domain->config->cafile = kore_strdup(ca); domain->config->x509_verify_depth = depth;