Introduce certfile and certkey in the configuration to specify where the certificate file and keys are located on a system.

Free unused vars in the main process after starting.

example.conf

@@ -2,6 +2,8 @@
 
 # Server configuration.
 bind		10.211.55.3 443
+certfile	/etc/kore/server.crt
+certkey		/etc/kore/server.key
 
 # The path worker processes will chroot too after starting.
 chroot		/home/joris/src/kore

includes/kore.h

@@ -132,6 +132,8 @@ extern char	*chroot_path;
 extern char	*runas_user;
 extern char	*kore_module_onload;
 extern char	*kore_pidfile;
+extern char	*kore_certfile;
+extern char	*kore_certkey;
 extern u_int8_t	worker_count;
 extern pid_t	mypid;
 

src/config.c

@@ -47,6 +47,8 @@ static int		configure_chroot(char **);
 static int		configure_runas(char **);
 static int		configure_workers(char **);
 static int		configure_pidfile(char **);
+static int		configure_certfile(char **);
+static int		configure_certkey(char **);
 
 static struct {
 	const char		*name;
@@ -62,6 +64,8 @@ static struct {
 	{ "runas",		configure_runas },
 	{ "workers",		configure_workers },
 	{ "pidfile",		configure_pidfile },
+	{ "certfile",		configure_certfile },
+	{ "certkey",		configure_certkey },
 	{ NULL,			NULL },
 };
 
@@ -267,3 +271,34 @@ configure_pidfile(char **argv)
 	kore_pidfile = kore_strdup(argv[1]);
 	return (KORE_RESULT_OK);
 }
+
+static int
+configure_certfile(char **argv)
+{
+	if (argv[1] == NULL)
+		return (KORE_RESULT_ERROR);
+
+	if (kore_certfile != NULL) {
+		kore_debug("duplicate kore_certfile directive specified");
+		return (KORE_RESULT_ERROR);
+	}
+
+	kore_certfile = kore_strdup(argv[1]);
+	return (KORE_RESULT_OK);
+}
+
+static int
+configure_certkey(char **argv)
+{
+	if (argv[1] == NULL)
+		return (KORE_RESULT_ERROR);
+
+	if (kore_certkey != NULL) {
+		kore_debug("duplicate kore_certkey directive specified");
+		return (KORE_RESULT_ERROR);
+	}
+
+	kore_certkey = kore_strdup(argv[1]);
+	return (KORE_RESULT_OK);
+}
+

src/kore.c

@@ -67,8 +67,10 @@ int			kore_debug = 0;
 int			server_port = 0;
 u_int8_t		worker_count = 0;
 char			*server_ip = NULL;
-char			*chroot_path = NULL;
 char			*runas_user = NULL;
+char			*chroot_path = NULL;
+char			*kore_certkey = NULL;
+char			*kore_certfile = NULL;
 char			*kore_pidfile = KORE_PIDFILE_DEFAULT;
 
 static void	usage(void);
@@ -141,6 +143,9 @@ main(int argc, char *argv[])
 		fatal("missing a username to run as");
 	if ((pw = getpwnam(runas_user)) == NULL)
 		fatal("user '%s' does not exist", runas_user);
+	if (kore_certfile == NULL || kore_certkey == NULL)
+		fatal("missing certificate information");
+
 	if ((cpu_count = sysconf(_SC_NPROCESSORS_ONLN)) == -1) {
 		kore_debug("could not get number of cpu's falling back to 1");
 		cpu_count = 1;
@@ -163,8 +168,13 @@ main(int argc, char *argv[])
 		kore_debug("cannot set process title");
 
 	sig_recv = 0;
-	signal(SIGQUIT, kore_signal);
 	signal(SIGHUP, kore_signal);
+	signal(SIGQUIT, kore_signal);
+
+	free(server_ip);
+	free(runas_user);
+	free(kore_certkey);
+	free(kore_certfile);
 
 	for (;;) {
 		if (sig_recv != 0) {
@@ -226,12 +236,12 @@ kore_server_sslstart(void)
 		return (KORE_RESULT_ERROR);
 	}
 
-	if (!SSL_CTX_use_certificate_chain_file(ssl_ctx, "cert/server.crt")) {
+	if (!SSL_CTX_use_certificate_chain_file(ssl_ctx, kore_certfile)) {
 		kore_debug("SSL_CTX_use_certificate_file(): %s", ssl_errno_s);
 		return (KORE_RESULT_ERROR);
 	}
 
-	if (!SSL_CTX_use_PrivateKey_file(ssl_ctx, "cert/server.key",
+	if (!SSL_CTX_use_PrivateKey_file(ssl_ctx, kore_certkey,
 	    SSL_FILETYPE_PEM)) {
 		kore_debug("SSL_CTX_use_PrivateKey_file(): %s", ssl_errno_s);
 		return (KORE_RESULT_ERROR);