1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-04 06:23:13 +02:00

Fix './unrealircd reloadtls' not reloading certificates/keys if

listen::ssl-options, sni::ssl-options or link::outgoing::ssl-options
are used. In short: it only reloaded the ones from set::ssl until
now. Bug reported by Mr_Smoke (#5072)
This commit is contained in:
Bram Matthys
2018-03-25 13:22:19 +02:00
parent 54947ed9b5
commit 9f18118f76
2 changed files with 63 additions and 1 deletions
+1
View File
@@ -68,6 +68,7 @@ extern MODVAR ConfigItem_allow *conf_allow;
extern MODVAR ConfigItem_except *conf_except;
extern MODVAR ConfigItem_vhost *conf_vhost;
extern MODVAR ConfigItem_link *conf_link;
extern MODVAR ConfigItem_sni *conf_sni;
extern MODVAR ConfigItem_ban *conf_ban;
extern MODVAR ConfigItem_deny_dcc *conf_deny_dcc;
extern MODVAR ConfigItem_deny_channel *conf_deny_channel;
+62 -1
View File
@@ -427,7 +427,10 @@ int init_ssl(void)
void reinit_ssl(aClient *acptr)
{
SSL_CTX *tmp;
SSL_CTX *tmp;
ConfigItem_listen *listen;
ConfigItem_sni *sni;
ConfigItem_link *link;
if (!acptr)
mylog("Reloading all SSL related data (./unrealircd reloadtls)");
@@ -461,6 +464,64 @@ SSL_CTX *tmp;
SSL_CTX_free(tmp);
SSL_CTX_free(ctx_client);
ctx_client = init_ctx(iConf.ssl_options, 0);
/* listen::ssl-options.... */
for (listen = conf_listen; listen; listen = listen->next)
{
if (listen->ssl_options)
{
tmp = init_ctx(listen->ssl_options, 1);
if (!tmp)
{
config_error("SSL Reload partially failed. listen::ssl-options error, see above");
config_report_ssl_error();
return;
}
/* free and do it for real */
SSL_CTX_free(tmp);
SSL_CTX_free(listen->ssl_ctx);
listen->ssl_ctx = init_ctx(listen->ssl_options, 1);
}
}
/* sni::ssl-options.... */
for (sni = conf_sni; sni; sni = sni->next)
{
if (sni->ssl_options)
{
tmp = init_ctx(sni->ssl_options, 1);
if (!tmp)
{
config_error("SSL Reload partially failed. sni::ssl-options error, see above");
config_report_ssl_error();
return;
}
/* free and do it for real */
SSL_CTX_free(tmp);
SSL_CTX_free(sni->ssl_ctx);
sni->ssl_ctx = init_ctx(sni->ssl_options, 1);
}
}
/* link::outgoing::ssl-options.... */
for (link = conf_link; link; link = link->next)
{
if (link->ssl_options)
{
tmp = init_ctx(link->ssl_options, 1);
if (!tmp)
{
config_error("SSL Reload partially failed. link::outgoing::ssl-options error in link %s { }, see above",
link->servername);
config_report_ssl_error();
return;
}
/* free and do it for real */
SSL_CTX_free(tmp);
SSL_CTX_free(link->ssl_ctx);
link->ssl_ctx = init_ctx(link->ssl_options, 1);
}
}
}
#define CHK_NULL(x) if ((x)==NULL) {\