Keep track of certificate file timestamp and reload if it has changed

With the old method, it was possible for a certificate to remain used eternally, and letsyncrypt.js can change it relatively often.

Keep track of certificate file timestamp and reload if it has changed
With the old method, it was possible for a certificate to remain used eternally, and letsyncrypt.js can change it relatively often.
e535aaac · Deucе · 46b1f86f · e535aaac · e535aaac
Commit e535aaac authored Nov 08, 2021 by Deucе 👌🏾
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 3 deletions

src/sbbs3/scfgdefs.h src/sbbs3/scfgdefs.h +1 -0

src/sbbs3/ssl.c src/sbbs3/ssl.c +9 -3

No files found.
--- a/src/sbbs3/scfgdefs.h
+++ b/src/sbbs3/scfgdefs.h
@@ -620,6 +620,7 @@ typedef struct

 	// Run-time state information (not configuration)
 	int				tls_certificate;
+	time_t                  tls_cert_file_date;

 } scfg_t;


--- a/src/sbbs3/ssl.c
+++ b/src/sbbs3/ssl.c
@@ -290,12 +290,18 @@ CRYPT_CONTEXT get_ssl_cert(scfg_t *cfg, char **estr, int *level)
 	if(!do_cryptInit())
 		return -1;
 	pthread_mutex_lock(&ssl_cert_mutex);
+	SAFEPRINTF2(str,"%s%s",cfg->ctrl_dir,"ssl.cert");
+	time_t fd = fdate(str);
 	if (cfg->tls_certificate != -1 || !cfg->prepped) {
-		pthread_mutex_unlock(&ssl_cert_mutex);
-		return cfg->tls_certificate;
+		if (fd == cfg->tls_cert_file_date) {
+			pthread_mutex_unlock(&ssl_cert_mutex);
+			return cfg->tls_certificate;
+		}
+		cfg->tls_cert_file_date = fd;
+		cryptDestroyContext(cfg->tls_certificate);
 	}
+	cfg->tls_cert_file_date = fd;
 	/* Get the certificate... first try loading it from a file... */
-	SAFEPRINTF2(str,"%s%s",cfg->ctrl_dir,"ssl.cert");
 	if(cryptStatusOK(cryptKeysetOpen(&ssl_keyset, CRYPT_UNUSED, CRYPT_KEYSET_FILE, str, CRYPT_KEYOPT_READONLY))) {
 		if(!DO("getting private key", ssl_keyset, cryptGetPrivateKey(ssl_keyset, &ssl_context, CRYPT_KEYID_NAME, "ssl_cert", cfg->sys_pass))) {
 			pthread_mutex_unlock(&ssl_cert_mutex);