From 7af04ea4713770cd19cb9659a59f8758e4207c2c Mon Sep 17 00:00:00 2001 From: Drew DeVault Date: Thu, 24 Sep 2020 17:55:10 -0400 Subject: [PATCH] tls: move cert/key into host structure We'll later want to set these on the SSL object (rather than SSL_CTX), so move these into the host struct for later access. We'll prefer to set it on the SSL object so that we can automatically use an up-to-date certificate, per ~sircmpwn/gmni#26. --- include/config.h | 2 ++ src/tls.c | 13 ++++--------- 2 files changed, 6 insertions(+), 9 deletions(-) diff --git a/include/config.h b/include/config.h index d42a1bf..495db3a 100644 --- a/include/config.h +++ b/include/config.h @@ -13,6 +13,8 @@ struct gmnisrv_host { char *hostname; char *root; SSL_CTX *ssl_ctx; + X509 *x509; + EVP_PKEY *pkey; struct gmnisrv_host *next; }; diff --git a/src/tls.c b/src/tls.c index 29bfd24..ad5ed4c 100644 --- a/src/tls.c +++ b/src/tls.c @@ -86,10 +86,8 @@ tls_host_gencert(struct gmnisrv_tls *tlsconf, struct gmnisrv_host *host, return 1; } - r = SSL_CTX_use_certificate(host->ssl_ctx, x509); - assert(r == 1); - r = SSL_CTX_use_PrivateKey(host->ssl_ctx, pkey); - assert(r == 1); + host->x509 = x509; + host->pkey = pkey; return 0; } @@ -150,11 +148,8 @@ tls_host_init(struct gmnisrv_tls *tlsconf, struct gmnisrv_host *host) goto generate; } - r = SSL_CTX_use_certificate(host->ssl_ctx, x509); - assert(r == 1); - r = SSL_CTX_use_PrivateKey(host->ssl_ctx, pkey); - assert(r == 1); - + host->x509 = x509; + host->pkey = pkey; server_log("loaded certificate for %s", host->hostname); return 0;