Allow acme config via python api

include/kore/acme.h

@@ -47,6 +47,7 @@ extern "C" {
 void	kore_acme_init(void);
 void	kore_acme_run(void);
 void	kore_acme_setup(void);
+void	kore_acme_get_paths(const char *, char **, char **);
 
 int	kore_acme_tls_alpn(SSL *, const unsigned char **, unsigned char *,
 	    const unsigned char *, unsigned int, void *);

src/acme.c

@@ -369,6 +369,27 @@ kore_acme_tls_alpn(SSL *ssl, const unsigned char **out, unsigned char *outlen,
 	return (SSL_TLSEXT_ERR_OK);
 }
 
+void
+kore_acme_get_paths(const char *domain, char **key, char **cert)
+{
+	int		len;
+	char		path[MAXPATHLEN];
+
+	len = snprintf(path, sizeof(path), "%s/%s/fullchain.pem",
+	    KORE_ACME_CERTDIR, domain);
+	if (len == -1 || (size_t)len >= sizeof(path))
+		fatal("failed to create certfile path");
+
+	*cert = kore_strdup(path);
+
+	len = snprintf(path, sizeof(path), "%s/%s/key.pem",
+	    KORE_ACME_CERTDIR, domain);
+	if (len == -1 || (size_t)len >= sizeof(path))
+		fatal("failed to create certkey path");
+
+	*key = kore_strdup(path);
+}
+
 static void
 acme_tls_challenge_use_cert(SSL *ssl, struct kore_domain *dom)
 {

src/config.c

@@ -586,9 +586,6 @@ configure_tls(char *yesno)
 static int
 configure_acme(char *yesno)
 {
-	int		len;
-	char		path[MAXPATHLEN];
-
 	if (current_domain == NULL) {
 		printf("acme directive not inside a domain context\n");
 		return (KORE_RESULT_ERROR);
@@ -608,19 +605,9 @@ configure_acme(char *yesno)
 		kore_free(current_domain->certkey);
 		kore_free(current_domain->certfile);
 
-		len = snprintf(path, sizeof(path), "%s/%s/fullchain.pem",
-		    KORE_ACME_CERTDIR, current_domain->domain);
-		if (len == -1 || (size_t)len >= sizeof(path))
-			fatal("failed to create certfile path");
+		kore_acme_get_paths(current_domain->domain,
+		    &current_domain->certkey, &current_domain->certfile);
 
-		current_domain->certfile = kore_strdup(path);
-
-		len = snprintf(path, sizeof(path), "%s/%s/key.pem",
-		    KORE_ACME_CERTDIR, current_domain->domain);
-		if (len == -1 || (size_t)len >= sizeof(path))
-			fatal("failed to create certkey path");
-
-		current_domain->certkey = kore_strdup(path);
 	} else {
 		printf("invalid '%s' for yes|no acme option\n", yesno);
 		return (KORE_RESULT_ERROR);

src/kore.c

@@ -149,6 +149,9 @@ version(void)
 #endif
 #if defined(KORE_USE_PYTHON)
 	printf("python-%s ", PY_VERSION);
+#endif
+#if defined(KORE_USE_ACME)
+	printf("acme ");
 #endif
 	printf("\n");
 	exit(0);

src/python.c

@@ -39,6 +39,10 @@
 #include "curl.h"
 #endif
 
+#if defined(KORE_USE_ACME)
+#include "acme.h"
+#endif
+
 #include "python_api.h"
 #include "python_methods.h"
 
@@ -1876,6 +1880,10 @@ python_kore_tracer(PyObject *self, PyObject *args)
 static PyObject *
 python_kore_domain(PyObject *self, PyObject *args, PyObject *kwargs)
 {
+#if defined(KORE_USE_ACME)
+	int			acme;
+	char			*acert, *akey;
+#endif
 	struct kore_server	*srv;
 	long			depth;
 	const char		*name;
@@ -1912,6 +1920,17 @@ python_kore_domain(PyObject *self, PyObject *args, PyObject *kwargs)
 		key = python_string_from_dict(kwargs, "key");
 		cert = python_string_from_dict(kwargs, "cert");
 
+#if defined(KORE_USE_ACME)
+		acme = 0;
+		python_bool_from_dict(kwargs, "acme", &acme);
+
+		if (acme) {
+			kore_acme_get_paths(name, &akey, &acert);
+			key = akey;
+			cert = acert;
+		}
+#endif
+
 		if (key == NULL || cert == NULL) {
 			PyErr_Format(PyExc_RuntimeError,
 			    "missing key or cert keywords for TLS listener");
@@ -1949,6 +1968,14 @@ python_kore_domain(PyObject *self, PyObject *args, PyObject *kwargs)
 		domain->config->certkey = kore_strdup(key);
 		domain->config->certfile = kore_strdup(cert);
 
+#if defined(KORE_USE_ACME)
+		domain->config->acme = acme;
+
+		if (domain->config->acme) {
+			kore_free(akey);
+			kore_free(acert);
+		}
+#endif
 		if (ca != NULL) {
 			domain->config->cafile = kore_strdup(ca);
 			domain->config->x509_verify_depth = depth;