mirror of https://git.kore.io/kore.git
Allow acme config via python api
This commit is contained in:
parent
9bcf6fdf6d
commit
b3b5aa37b7
|
@ -47,6 +47,7 @@ extern "C" {
|
|||
void kore_acme_init(void);
|
||||
void kore_acme_run(void);
|
||||
void kore_acme_setup(void);
|
||||
void kore_acme_get_paths(const char *, char **, char **);
|
||||
|
||||
int kore_acme_tls_alpn(SSL *, const unsigned char **, unsigned char *,
|
||||
const unsigned char *, unsigned int, void *);
|
||||
|
|
21
src/acme.c
21
src/acme.c
|
@ -369,6 +369,27 @@ kore_acme_tls_alpn(SSL *ssl, const unsigned char **out, unsigned char *outlen,
|
|||
return (SSL_TLSEXT_ERR_OK);
|
||||
}
|
||||
|
||||
void
|
||||
kore_acme_get_paths(const char *domain, char **key, char **cert)
|
||||
{
|
||||
int len;
|
||||
char path[MAXPATHLEN];
|
||||
|
||||
len = snprintf(path, sizeof(path), "%s/%s/fullchain.pem",
|
||||
KORE_ACME_CERTDIR, domain);
|
||||
if (len == -1 || (size_t)len >= sizeof(path))
|
||||
fatal("failed to create certfile path");
|
||||
|
||||
*cert = kore_strdup(path);
|
||||
|
||||
len = snprintf(path, sizeof(path), "%s/%s/key.pem",
|
||||
KORE_ACME_CERTDIR, domain);
|
||||
if (len == -1 || (size_t)len >= sizeof(path))
|
||||
fatal("failed to create certkey path");
|
||||
|
||||
*key = kore_strdup(path);
|
||||
}
|
||||
|
||||
static void
|
||||
acme_tls_challenge_use_cert(SSL *ssl, struct kore_domain *dom)
|
||||
{
|
||||
|
|
17
src/config.c
17
src/config.c
|
@ -586,9 +586,6 @@ configure_tls(char *yesno)
|
|||
static int
|
||||
configure_acme(char *yesno)
|
||||
{
|
||||
int len;
|
||||
char path[MAXPATHLEN];
|
||||
|
||||
if (current_domain == NULL) {
|
||||
printf("acme directive not inside a domain context\n");
|
||||
return (KORE_RESULT_ERROR);
|
||||
|
@ -608,19 +605,9 @@ configure_acme(char *yesno)
|
|||
kore_free(current_domain->certkey);
|
||||
kore_free(current_domain->certfile);
|
||||
|
||||
len = snprintf(path, sizeof(path), "%s/%s/fullchain.pem",
|
||||
KORE_ACME_CERTDIR, current_domain->domain);
|
||||
if (len == -1 || (size_t)len >= sizeof(path))
|
||||
fatal("failed to create certfile path");
|
||||
kore_acme_get_paths(current_domain->domain,
|
||||
¤t_domain->certkey, ¤t_domain->certfile);
|
||||
|
||||
current_domain->certfile = kore_strdup(path);
|
||||
|
||||
len = snprintf(path, sizeof(path), "%s/%s/key.pem",
|
||||
KORE_ACME_CERTDIR, current_domain->domain);
|
||||
if (len == -1 || (size_t)len >= sizeof(path))
|
||||
fatal("failed to create certkey path");
|
||||
|
||||
current_domain->certkey = kore_strdup(path);
|
||||
} else {
|
||||
printf("invalid '%s' for yes|no acme option\n", yesno);
|
||||
return (KORE_RESULT_ERROR);
|
||||
|
|
|
@ -149,6 +149,9 @@ version(void)
|
|||
#endif
|
||||
#if defined(KORE_USE_PYTHON)
|
||||
printf("python-%s ", PY_VERSION);
|
||||
#endif
|
||||
#if defined(KORE_USE_ACME)
|
||||
printf("acme ");
|
||||
#endif
|
||||
printf("\n");
|
||||
exit(0);
|
||||
|
|
27
src/python.c
27
src/python.c
|
@ -39,6 +39,10 @@
|
|||
#include "curl.h"
|
||||
#endif
|
||||
|
||||
#if defined(KORE_USE_ACME)
|
||||
#include "acme.h"
|
||||
#endif
|
||||
|
||||
#include "python_api.h"
|
||||
#include "python_methods.h"
|
||||
|
||||
|
@ -1876,6 +1880,10 @@ python_kore_tracer(PyObject *self, PyObject *args)
|
|||
static PyObject *
|
||||
python_kore_domain(PyObject *self, PyObject *args, PyObject *kwargs)
|
||||
{
|
||||
#if defined(KORE_USE_ACME)
|
||||
int acme;
|
||||
char *acert, *akey;
|
||||
#endif
|
||||
struct kore_server *srv;
|
||||
long depth;
|
||||
const char *name;
|
||||
|
@ -1912,6 +1920,17 @@ python_kore_domain(PyObject *self, PyObject *args, PyObject *kwargs)
|
|||
key = python_string_from_dict(kwargs, "key");
|
||||
cert = python_string_from_dict(kwargs, "cert");
|
||||
|
||||
#if defined(KORE_USE_ACME)
|
||||
acme = 0;
|
||||
python_bool_from_dict(kwargs, "acme", &acme);
|
||||
|
||||
if (acme) {
|
||||
kore_acme_get_paths(name, &akey, &acert);
|
||||
key = akey;
|
||||
cert = acert;
|
||||
}
|
||||
#endif
|
||||
|
||||
if (key == NULL || cert == NULL) {
|
||||
PyErr_Format(PyExc_RuntimeError,
|
||||
"missing key or cert keywords for TLS listener");
|
||||
|
@ -1949,6 +1968,14 @@ python_kore_domain(PyObject *self, PyObject *args, PyObject *kwargs)
|
|||
domain->config->certkey = kore_strdup(key);
|
||||
domain->config->certfile = kore_strdup(cert);
|
||||
|
||||
#if defined(KORE_USE_ACME)
|
||||
domain->config->acme = acme;
|
||||
|
||||
if (domain->config->acme) {
|
||||
kore_free(akey);
|
||||
kore_free(acert);
|
||||
}
|
||||
#endif
|
||||
if (ca != NULL) {
|
||||
domain->config->cafile = kore_strdup(ca);
|
||||
domain->config->x509_verify_depth = depth;
|
||||
|
|
Loading…
Reference in New Issue