diff --git a/include/kore/acme.h b/include/kore/acme.h index 110c682..9f5cecd 100644 --- a/include/kore/acme.h +++ b/include/kore/acme.h @@ -47,6 +47,7 @@ extern "C" { void kore_acme_init(void); void kore_acme_run(void); void kore_acme_setup(void); +void kore_acme_get_paths(const char *, char **, char **); int kore_acme_tls_alpn(SSL *, const unsigned char **, unsigned char *, const unsigned char *, unsigned int, void *); diff --git a/src/acme.c b/src/acme.c index 337b714..04ecda2 100644 --- a/src/acme.c +++ b/src/acme.c @@ -369,6 +369,27 @@ kore_acme_tls_alpn(SSL *ssl, const unsigned char **out, unsigned char *outlen, return (SSL_TLSEXT_ERR_OK); } +void +kore_acme_get_paths(const char *domain, char **key, char **cert) +{ + int len; + char path[MAXPATHLEN]; + + len = snprintf(path, sizeof(path), "%s/%s/fullchain.pem", + KORE_ACME_CERTDIR, domain); + if (len == -1 || (size_t)len >= sizeof(path)) + fatal("failed to create certfile path"); + + *cert = kore_strdup(path); + + len = snprintf(path, sizeof(path), "%s/%s/key.pem", + KORE_ACME_CERTDIR, domain); + if (len == -1 || (size_t)len >= sizeof(path)) + fatal("failed to create certkey path"); + + *key = kore_strdup(path); +} + static void acme_tls_challenge_use_cert(SSL *ssl, struct kore_domain *dom) { diff --git a/src/config.c b/src/config.c index e18c4a7..7e54c71 100644 --- a/src/config.c +++ b/src/config.c @@ -586,9 +586,6 @@ configure_tls(char *yesno) static int configure_acme(char *yesno) { - int len; - char path[MAXPATHLEN]; - if (current_domain == NULL) { printf("acme directive not inside a domain context\n"); return (KORE_RESULT_ERROR); @@ -608,19 +605,9 @@ configure_acme(char *yesno) kore_free(current_domain->certkey); kore_free(current_domain->certfile); - len = snprintf(path, sizeof(path), "%s/%s/fullchain.pem", - KORE_ACME_CERTDIR, current_domain->domain); - if (len == -1 || (size_t)len >= sizeof(path)) - fatal("failed to create certfile path"); + kore_acme_get_paths(current_domain->domain, + ¤t_domain->certkey, ¤t_domain->certfile); - current_domain->certfile = kore_strdup(path); - - len = snprintf(path, sizeof(path), "%s/%s/key.pem", - KORE_ACME_CERTDIR, current_domain->domain); - if (len == -1 || (size_t)len >= sizeof(path)) - fatal("failed to create certkey path"); - - current_domain->certkey = kore_strdup(path); } else { printf("invalid '%s' for yes|no acme option\n", yesno); return (KORE_RESULT_ERROR); diff --git a/src/kore.c b/src/kore.c index f56e21f..7be1deb 100644 --- a/src/kore.c +++ b/src/kore.c @@ -149,6 +149,9 @@ version(void) #endif #if defined(KORE_USE_PYTHON) printf("python-%s ", PY_VERSION); +#endif +#if defined(KORE_USE_ACME) + printf("acme "); #endif printf("\n"); exit(0); diff --git a/src/python.c b/src/python.c index 9210e7b..84aaf4d 100644 --- a/src/python.c +++ b/src/python.c @@ -39,6 +39,10 @@ #include "curl.h" #endif +#if defined(KORE_USE_ACME) +#include "acme.h" +#endif + #include "python_api.h" #include "python_methods.h" @@ -1876,6 +1880,10 @@ python_kore_tracer(PyObject *self, PyObject *args) static PyObject * python_kore_domain(PyObject *self, PyObject *args, PyObject *kwargs) { +#if defined(KORE_USE_ACME) + int acme; + char *acert, *akey; +#endif struct kore_server *srv; long depth; const char *name; @@ -1912,6 +1920,17 @@ python_kore_domain(PyObject *self, PyObject *args, PyObject *kwargs) key = python_string_from_dict(kwargs, "key"); cert = python_string_from_dict(kwargs, "cert"); +#if defined(KORE_USE_ACME) + acme = 0; + python_bool_from_dict(kwargs, "acme", &acme); + + if (acme) { + kore_acme_get_paths(name, &akey, &acert); + key = akey; + cert = acert; + } +#endif + if (key == NULL || cert == NULL) { PyErr_Format(PyExc_RuntimeError, "missing key or cert keywords for TLS listener"); @@ -1949,6 +1968,14 @@ python_kore_domain(PyObject *self, PyObject *args, PyObject *kwargs) domain->config->certkey = kore_strdup(key); domain->config->certfile = kore_strdup(cert); +#if defined(KORE_USE_ACME) + domain->config->acme = acme; + + if (domain->config->acme) { + kore_free(akey); + kore_free(acert); + } +#endif if (ca != NULL) { domain->config->cafile = kore_strdup(ca); domain->config->x509_verify_depth = depth;