Branch: Tag:

2020-04-27

2020-04-27 13:28:40 by Henrik Grubbström (Grubba) <grubba@grubba.org>

StartTLSProtocol: Changed ssl_keys to contain names of key pairs.

This changes ssl_keys from being a set of keypair identifier numbers
to a set of keypair names. This should make updating certificates
on the fly (with eg Let's Encrypt) behave more like users expect.

Previously if the certificate switched to a new key it was regarded
as a new certificate and manual configuration was needed. Now the
new certificate and key will most likely have the same name, and
will thus be used automatically.

Fixes [WS-580].

502:   //!   //! @seealso   //! @[register_pem_file()] - array(int) register_pem_files(array(string) pem_files, string|void password) + array(string) register_pem_files(array(string) pem_files, string|void password)   {    Sql.Sql db = DBManager.cached_get("roxen");   
519:       // FIXME: Move the following code to a separate function to improve API?    // (And instead just return pem_ids)? -  array(int) keypairs = ({}); +  array(string) keypair_names = ({});       foreach(Array.uniq(pem_ids), int pem_id) { -  keypairs += -  db->typed_query("SELECT cert_keypairs.id AS id" +  keypair_names += +  db->typed_query("SELECT cert_keypairs.name AS name"    " FROM cert_keys, cert_keypairs "    " WHERE pem_id = %d "    " AND cert_keypairs.key_id = cert_keys.id", -  pem_id)->id; +  pem_id)->name;    } -  return sort(keypairs); +  return Array.uniq(sort(keypair_names));   }      //! Get the private key and the list of certificates given a keypair id.