diff --git a/include/h.h b/include/h.h index 6c52e026c..824810fae 100644 --- a/include/h.h +++ b/include/h.h @@ -761,3 +761,4 @@ extern void convert_to_absolute_path(char **path, char *reldir); extern int has_channel_mode(aChannel *chptr, char mode); extern void start_listeners(void); extern void buildvarstring(char *inbuf, char *outbuf, size_t len, char *name[], char *value[]); +extern void reinit_ssl(aClient *); diff --git a/src/ircd.c b/src/ircd.c index fc4f633e7..168d473b5 100644 --- a/src/ircd.c +++ b/src/ircd.c @@ -146,7 +146,7 @@ int debuglevel = 0; /* Server debug level */ int bootopt = 0; /* Server boot option flags */ char *debugmode = ""; /* -"- -"- -"- */ char *sbrk0; /* initial sbrk(0) */ -static int dorehash = 0, dorestart = 0; +static int dorehash = 0, dorestart = 0, doreloadcert = 0; MODVAR int booted = FALSE; MODVAR TS lastlucheck = 0; @@ -230,6 +230,25 @@ VOIDSIG s_rehash() #endif } +#ifndef _WIN32 +static VOIDSIG s_reloadcert() +{ +#ifdef POSIX_SIGNALS + struct sigaction act; +#endif + doreloadcert = 1; +#ifdef POSIX_SIGNALS + act.sa_handler = s_reloadcert; + act.sa_flags = 0; + (void)sigemptyset(&act.sa_mask); + (void)sigaddset(&act.sa_mask, SIGUSR1); + (void)sigaction(SIGUSR1, &act, NULL); +#else + (void)signal(SIGUSR1, s_reloadcert); /* sysV -argv */ +#endif +} +#endif + void restart(char *mesg) { server_reboot(mesg); @@ -1664,6 +1683,11 @@ void SocketLoop(void *dummy) { server_reboot("SIGINT"); } + if (doreloadcert) + { + reinit_ssl(NULL); + doreloadcert = 0; + } } } @@ -1747,6 +1771,10 @@ static void setup_signals() act.sa_handler = s_die; (void)sigaddset(&act.sa_mask, SIGTERM); (void)sigaction(SIGTERM, &act, NULL); + act.sa_handler = s_reloadcert; + (void)sigemptyset(&act.sa_mask); + (void)sigaddset(&act.sa_mask, SIGUSR1); + (void)sigaction(SIGUSR1, &act, NULL); #else # ifndef HAVE_RELIABLE_SIGNALS (void)signal(SIGPIPE, dummy); @@ -1763,6 +1791,7 @@ static void setup_signals() (void)signal(SIGHUP, s_rehash); (void)signal(SIGTERM, s_die); (void)signal(SIGINT, s_restart); + (void)signal(SIGUSR1, s_reloadcert); #endif #ifdef RESTARTING_SYSTEMCALLS /* diff --git a/src/s_serv.c b/src/s_serv.c index a3a77193b..a38530bc7 100644 --- a/src/s_serv.c +++ b/src/s_serv.c @@ -73,7 +73,6 @@ void read_motd_asynch_downloaded(const char *url, const char *filename, const ch extern aMotdLine *Find_file(char *, short); -extern void reinit_ssl(aClient *); void reread_motdsandrules(); diff --git a/src/ssl.c b/src/ssl.c index fa9f2969f..a10844045 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -378,7 +378,9 @@ void reinit_ssl(aClient *acptr) { SSL_CTX *tmp; - if (IsPerson(acptr)) + if (!acptr) + mylog("Reloading all SSL related data (./unrealircd reloadtls)"); + else if (IsPerson(acptr)) mylog("%s (%s@%s) requested a reload of all SSL related data (/rehash -ssl)", acptr->name, acptr->user->username, acptr->user->realhost); else diff --git a/unrealircd.in b/unrealircd.in index b244e1142..b76c5c4c5 100644 --- a/unrealircd.in +++ b/unrealircd.in @@ -100,6 +100,17 @@ elif [ "$1" = "croncheck" ] ; then # PID file not found or found but stale echo "UnrealIRCd is not running. Starting now..." $0 start +elif [ "$1" = "reloadtls" ] ; then + echo "Reloading SSL/TLS certificates" + if [ ! -r $PID_FILE ] ; then + echo "ERROR: UnrealIRCd is not running" + exit 1 + fi + kill -USR1 `cat $PID_FILE` + if [ "$?" != 0 ]; then + echo "ERROR: UnrealIRCd is not running" + exit 1 + fi elif [ "$1" = "mkpasswd" ] ; then @BINDIR@/unrealircd -P $2 $3 elif [ "$1" = "version" ] ; then @@ -193,5 +204,5 @@ __EOF__ echo "" echo "Thanks!" else - echo "Usage: unrealircd start|stop|rehash|restart|mkpasswd|version|croncheck|gencloak|upgrade-conf" + echo "Usage: unrealircd start|stop|rehash|restart|mkpasswd|version|croncheck|gencloak|reloadtls|upgrade-conf" fi