Roxen.git / server / base_server / roxen.pike

version» Context lines:

Roxen.git/server/base_server/roxen.pike:2608:   #endif   #endif /* SSL.ServerConnection */   #ifdef ROXEN_SSL_DEBUG    report_debug("SSL: Cipher suites enabled for %O:\n"    "%s\n",    this_object(),    fmt_cipher_suites(ctx->preferred_suites));   #endif    }    +  protected string low_decode_keypair_id(mixed val) { +  if (intp(val)) { +  // Convert from cert keypair id to cert keypair name. +  mapping md = CertDB.get_keypair_metadata(val); +  if (md) return md->name; +  } +  return val; +  } +     void certificates_changed(Variable.Variable|void ignored,    void|int ignore_eaddrinuse)    {    int old_cert_failure = cert_failure;    cert_failure = 0;    -  Variable.Variable Keys = getvar("ssl_keys"); +  Variable.Variable Keys = getvar("ssl_certs");       array(string) keypair_names = Keys->query(); -  +     if (!sizeof(keypair_names)) {    // No new-style certificates configured.    -  +  // Check if there are old-style keypair ids; in case of which +  // this is probably an upgrade from Roxen 6.2. +  Variable.Variable Keypairs = getvar("ssl_keys"); +  array(int) keypair_ids = Keypairs->query(); +  if (sizeof(keypair_ids)) { +  keypair_names = +  filter(map(keypair_ids, low_decode_keypair_id), stringp); +  if (sizeof(keypair_names)) { +  // Certificates found. +  Keys->set(keypair_names); +  +  save(); +  } +  } +  } +  +  if (!sizeof(keypair_names)) { +  // No new-style certificates configured. +     // Check if there are old-style certificates; in case of which -  // this is probably an upgrade. +  // this is probably an upgrade from Roxen 6.1 or earlier.    Variable.Variable Certificates = getvar("ssl_cert_file");    Variable.Variable KeyFile = getvar("ssl_key_file");       keypair_names =    CertDB.register_pem_files(Certificates->query() + ({ KeyFile->query() }),    query("ssl_password"));       if (!sizeof(keypair_names)) {    // No Old-style certificate configuration found.    // Fall back to using all known certs.
Roxen.git/server/base_server/roxen.pike:3000:    filter_preferred_suites(ctx);       certificates_changed (0, ignore_eaddrinuse);       // Install the change callbacks here to avoid duplicate calls    // above.    // FIXME: Both variables ought to be updated on save before the    // changed callback is called. Currently you can get warnings    // that the files don't match if you update both variables    // at the same time. +  getvar ("ssl_certs")->set_changed_callback(certificates_changed);    getvar ("ssl_keys")->set_changed_callback(certificates_changed);    getvar ("ssl_cert_file")->set_changed_callback (certificates_changed);    getvar ("ssl_key_file")->set_changed_callback (certificates_changed);      #if constant(SSL.Constants.CIPHER_aead)    getvar("ssl_key_bits")->set_changed_callback(filter_preferred_suites);   #endif   #if constant(SSL.ServerConnection)    getvar("ssl_suite_filter")->set_changed_callback(filter_preferred_suites);   #endif