mirror of https://git.kore.io/kore.git
Introduce certfile and certkey in the configuration to specify where the certificate file and keys are located on a system.
Free unused vars in the main process after starting.
This commit is contained in:
parent
32a2035ce9
commit
a74fffe40c
|
@ -2,6 +2,8 @@
|
|||
|
||||
# Server configuration.
|
||||
bind 10.211.55.3 443
|
||||
certfile /etc/kore/server.crt
|
||||
certkey /etc/kore/server.key
|
||||
|
||||
# The path worker processes will chroot too after starting.
|
||||
chroot /home/joris/src/kore
|
||||
|
|
|
@ -132,6 +132,8 @@ extern char *chroot_path;
|
|||
extern char *runas_user;
|
||||
extern char *kore_module_onload;
|
||||
extern char *kore_pidfile;
|
||||
extern char *kore_certfile;
|
||||
extern char *kore_certkey;
|
||||
extern u_int8_t worker_count;
|
||||
extern pid_t mypid;
|
||||
|
||||
|
|
35
src/config.c
35
src/config.c
|
@ -47,6 +47,8 @@ static int configure_chroot(char **);
|
|||
static int configure_runas(char **);
|
||||
static int configure_workers(char **);
|
||||
static int configure_pidfile(char **);
|
||||
static int configure_certfile(char **);
|
||||
static int configure_certkey(char **);
|
||||
|
||||
static struct {
|
||||
const char *name;
|
||||
|
@ -62,6 +64,8 @@ static struct {
|
|||
{ "runas", configure_runas },
|
||||
{ "workers", configure_workers },
|
||||
{ "pidfile", configure_pidfile },
|
||||
{ "certfile", configure_certfile },
|
||||
{ "certkey", configure_certkey },
|
||||
{ NULL, NULL },
|
||||
};
|
||||
|
||||
|
@ -267,3 +271,34 @@ configure_pidfile(char **argv)
|
|||
kore_pidfile = kore_strdup(argv[1]);
|
||||
return (KORE_RESULT_OK);
|
||||
}
|
||||
|
||||
static int
|
||||
configure_certfile(char **argv)
|
||||
{
|
||||
if (argv[1] == NULL)
|
||||
return (KORE_RESULT_ERROR);
|
||||
|
||||
if (kore_certfile != NULL) {
|
||||
kore_debug("duplicate kore_certfile directive specified");
|
||||
return (KORE_RESULT_ERROR);
|
||||
}
|
||||
|
||||
kore_certfile = kore_strdup(argv[1]);
|
||||
return (KORE_RESULT_OK);
|
||||
}
|
||||
|
||||
static int
|
||||
configure_certkey(char **argv)
|
||||
{
|
||||
if (argv[1] == NULL)
|
||||
return (KORE_RESULT_ERROR);
|
||||
|
||||
if (kore_certkey != NULL) {
|
||||
kore_debug("duplicate kore_certkey directive specified");
|
||||
return (KORE_RESULT_ERROR);
|
||||
}
|
||||
|
||||
kore_certkey = kore_strdup(argv[1]);
|
||||
return (KORE_RESULT_OK);
|
||||
}
|
||||
|
||||
|
|
18
src/kore.c
18
src/kore.c
|
@ -67,8 +67,10 @@ int kore_debug = 0;
|
|||
int server_port = 0;
|
||||
u_int8_t worker_count = 0;
|
||||
char *server_ip = NULL;
|
||||
char *chroot_path = NULL;
|
||||
char *runas_user = NULL;
|
||||
char *chroot_path = NULL;
|
||||
char *kore_certkey = NULL;
|
||||
char *kore_certfile = NULL;
|
||||
char *kore_pidfile = KORE_PIDFILE_DEFAULT;
|
||||
|
||||
static void usage(void);
|
||||
|
@ -141,6 +143,9 @@ main(int argc, char *argv[])
|
|||
fatal("missing a username to run as");
|
||||
if ((pw = getpwnam(runas_user)) == NULL)
|
||||
fatal("user '%s' does not exist", runas_user);
|
||||
if (kore_certfile == NULL || kore_certkey == NULL)
|
||||
fatal("missing certificate information");
|
||||
|
||||
if ((cpu_count = sysconf(_SC_NPROCESSORS_ONLN)) == -1) {
|
||||
kore_debug("could not get number of cpu's falling back to 1");
|
||||
cpu_count = 1;
|
||||
|
@ -163,8 +168,13 @@ main(int argc, char *argv[])
|
|||
kore_debug("cannot set process title");
|
||||
|
||||
sig_recv = 0;
|
||||
signal(SIGQUIT, kore_signal);
|
||||
signal(SIGHUP, kore_signal);
|
||||
signal(SIGQUIT, kore_signal);
|
||||
|
||||
free(server_ip);
|
||||
free(runas_user);
|
||||
free(kore_certkey);
|
||||
free(kore_certfile);
|
||||
|
||||
for (;;) {
|
||||
if (sig_recv != 0) {
|
||||
|
@ -226,12 +236,12 @@ kore_server_sslstart(void)
|
|||
return (KORE_RESULT_ERROR);
|
||||
}
|
||||
|
||||
if (!SSL_CTX_use_certificate_chain_file(ssl_ctx, "cert/server.crt")) {
|
||||
if (!SSL_CTX_use_certificate_chain_file(ssl_ctx, kore_certfile)) {
|
||||
kore_debug("SSL_CTX_use_certificate_file(): %s", ssl_errno_s);
|
||||
return (KORE_RESULT_ERROR);
|
||||
}
|
||||
|
||||
if (!SSL_CTX_use_PrivateKey_file(ssl_ctx, "cert/server.key",
|
||||
if (!SSL_CTX_use_PrivateKey_file(ssl_ctx, kore_certkey,
|
||||
SSL_FILETYPE_PEM)) {
|
||||
kore_debug("SSL_CTX_use_PrivateKey_file(): %s", ssl_errno_s);
|
||||
return (KORE_RESULT_ERROR);
|
||||
|
|
Loading…
Reference in New Issue