Skip to content
Snippets Groups Projects
Commit e535aaac authored by Deucе's avatar Deucе :ok_hand_tone4:
Browse files

Keep track of certificate file timestamp and reload if it has changed

With the old method, it was possible for a certificate to remain used
eternally, and letsyncrypt.js can change it relatively often.
parent 46b1f86f
No related branches found
No related tags found
1 merge request!463MRC mods by Codefenix (2024-10-20)
Pipeline #2457 passed
......@@ -620,6 +620,7 @@ typedef struct
// Run-time state information (not configuration)
int tls_certificate;
time_t tls_cert_file_date;
} scfg_t;
......
......@@ -290,12 +290,18 @@ CRYPT_CONTEXT get_ssl_cert(scfg_t *cfg, char **estr, int *level)
if(!do_cryptInit())
return -1;
pthread_mutex_lock(&ssl_cert_mutex);
SAFEPRINTF2(str,"%s%s",cfg->ctrl_dir,"ssl.cert");
time_t fd = fdate(str);
if (cfg->tls_certificate != -1 || !cfg->prepped) {
pthread_mutex_unlock(&ssl_cert_mutex);
return cfg->tls_certificate;
if (fd == cfg->tls_cert_file_date) {
pthread_mutex_unlock(&ssl_cert_mutex);
return cfg->tls_certificate;
}
cfg->tls_cert_file_date = fd;
cryptDestroyContext(cfg->tls_certificate);
}
cfg->tls_cert_file_date = fd;
/* Get the certificate... first try loading it from a file... */
SAFEPRINTF2(str,"%s%s",cfg->ctrl_dir,"ssl.cert");
if(cryptStatusOK(cryptKeysetOpen(&ssl_keyset, CRYPT_UNUSED, CRYPT_KEYSET_FILE, str, CRYPT_KEYOPT_READONLY))) {
if(!DO("getting private key", ssl_keyset, cryptGetPrivateKey(ssl_keyset, &ssl_context, CRYPT_KEYID_NAME, "ssl_cert", cfg->sys_pass))) {
pthread_mutex_unlock(&ssl_cert_mutex);
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment