Commit ce0b8f11 authored by Daniel Kahn Gillmor's avatar Daniel Kahn Gillmor Committed by Ondřej Surý

Auto-regenerate ephemeral certificate on hostname change

parent 598408bb
......@@ -174,6 +174,7 @@ int engine_set_hostname(struct engine *engine, const char *hostname) {
free(engine->hostname);
}
engine->hostname = new_hostname;
network_new_hostname(&engine->net, engine);
return 0;
}
......
......@@ -345,3 +345,19 @@ int network_close(struct network *net, const char *addr, uint16_t port)
return kr_ok();
}
void network_new_hostname(struct network *net, struct engine *engine)
{
if (net->tls_credentials &&
net->tls_credentials->ephemeral_servicename) {
struct tls_credentials *newcreds;
newcreds = tls_get_ephemeral_credentials(engine);
if (newcreds) {
tls_credentials_release(net->tls_credentials);
net->tls_credentials = newcreds;
kr_log_info("[tls] Updated ephemeral X.509 cert with new hostname\n");
} else {
kr_log_error("[tls] Failed to update ephemeral X.509 cert with new hostname, using existing one\n");
}
}
}
......@@ -22,6 +22,8 @@
#include "lib/generic/array.h"
#include "lib/generic/map.h"
struct engine;
enum endpoint_flag {
NET_DOWN = 0 << 0,
NET_UDP = 1 << 0,
......@@ -53,3 +55,4 @@ int network_listen(struct network *net, const char *addr, uint16_t port, uint32_
int network_close(struct network *net, const char *addr, uint16_t port);
int network_set_tls_cert(struct network *net, const char *cert);
int network_set_tls_key(struct network *net, const char *key);
void network_new_hostname(struct network *net, struct engine *engine);
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment