1
0
forked from aniani/gmnisrv

tls: move cert/key into host structure

We'll later want to set these on the SSL object (rather than SSL_CTX),
so move these into the host struct for later access.

We'll prefer to set it on the SSL object so that we can automatically
use an up-to-date certificate, per ~sircmpwn/gmni#26.
This commit is contained in:
Drew DeVault 2020-09-24 17:55:10 -04:00
parent 0d1137f987
commit 7af04ea471
2 changed files with 6 additions and 9 deletions

View File

@ -13,6 +13,8 @@ struct gmnisrv_host {
char *hostname;
char *root;
SSL_CTX *ssl_ctx;
X509 *x509;
EVP_PKEY *pkey;
struct gmnisrv_host *next;
};

View File

@ -86,10 +86,8 @@ tls_host_gencert(struct gmnisrv_tls *tlsconf, struct gmnisrv_host *host,
return 1;
}
r = SSL_CTX_use_certificate(host->ssl_ctx, x509);
assert(r == 1);
r = SSL_CTX_use_PrivateKey(host->ssl_ctx, pkey);
assert(r == 1);
host->x509 = x509;
host->pkey = pkey;
return 0;
}
@ -150,11 +148,8 @@ tls_host_init(struct gmnisrv_tls *tlsconf, struct gmnisrv_host *host)
goto generate;
}
r = SSL_CTX_use_certificate(host->ssl_ctx, x509);
assert(r == 1);
r = SSL_CTX_use_PrivateKey(host->ssl_ctx, pkey);
assert(r == 1);
host->x509 = x509;
host->pkey = pkey;
server_log("loaded certificate for %s", host->hostname);
return 0;