diff options
| author | Drew DeVault <sir@cmpwn.com> | 2020-09-24 17:55:10 -0400 |
|---|---|---|
| committer | Drew DeVault <sir@cmpwn.com> | 2020-09-24 17:55:10 -0400 |
| commit | 7af04ea4713770cd19cb9659a59f8758e4207c2c (patch) | |
| tree | aa77e290601382805e00417ca917740f2d3d4782 | |
| parent | 0d1137f987d78f83e1222ece29a1438a49658d3c (diff) | |
| download | gmnisrv-7af04ea4713770cd19cb9659a59f8758e4207c2c.tar.gz gmnisrv-7af04ea4713770cd19cb9659a59f8758e4207c2c.tar.xz gmnisrv-7af04ea4713770cd19cb9659a59f8758e4207c2c.zip | |
tls: move cert/key into host structure
We'll later want to set these on the SSL object (rather than SSL_CTX),
so move these into the host struct for later access.
We'll prefer to set it on the SSL object so that we can automatically
use an up-to-date certificate, per ~sircmpwn/gmni#26.
| -rw-r--r-- | include/config.h | 2 | ||||
| -rw-r--r-- | src/tls.c | 13 |
2 files changed, 6 insertions, 9 deletions
diff --git a/include/config.h b/include/config.h index d42a1bf..495db3a 100644 --- a/include/config.h +++ b/include/config.h @@ -13,6 +13,8 @@ struct gmnisrv_host { char *hostname; char *root; SSL_CTX *ssl_ctx; + X509 *x509; + EVP_PKEY *pkey; struct gmnisrv_host *next; }; @@ -86,10 +86,8 @@ tls_host_gencert(struct gmnisrv_tls *tlsconf, struct gmnisrv_host *host, return 1; } - r = SSL_CTX_use_certificate(host->ssl_ctx, x509); - assert(r == 1); - r = SSL_CTX_use_PrivateKey(host->ssl_ctx, pkey); - assert(r == 1); + host->x509 = x509; + host->pkey = pkey; return 0; } @@ -150,11 +148,8 @@ tls_host_init(struct gmnisrv_tls *tlsconf, struct gmnisrv_host *host) goto generate; } - r = SSL_CTX_use_certificate(host->ssl_ctx, x509); - assert(r == 1); - r = SSL_CTX_use_PrivateKey(host->ssl_ctx, pkey); - assert(r == 1); - + host->x509 = x509; + host->pkey = pkey; server_log("loaded certificate for %s", host->hostname); return 0; |
