kore

a fork of the worlds most advanced web framework
Log | Files | Refs | README | LICENSE

commit d6b05bcff7037c63c52c5f10444be3cac30ef9cc
parent 73cdbd1a0147a9377bef7c8363f9749f413bf2dc
Author: Joris Vink <joris@coders.se>
Date:   Mon, 14 Jan 2019 20:57:40 +0100

always force reload cert so we get a new x509 store.

Otherwise older OpenSSL or current LibreSSL will fail to add the new
CRL as they still match on subject name rather then hash of the CRL data.

Diffstat:
Minclude/kore/kore.h | 2--
Msrc/domain.c | 3---
Msrc/keymgr.c | 20+++++---------------
3 files changed, 5 insertions(+), 20 deletions(-)

diff --git a/include/kore/kore.h b/include/kore/kore.h @@ -411,9 +411,7 @@ struct kore_domain { #if !defined(KORE_NO_TLS) char *cafile; char *crlfile; - time_t crl_mtime; char *certfile; - time_t cert_mtime; char *certkey; SSL_CTX *ssl_ctx; int x509_verify_depth; diff --git a/src/domain.c b/src/domain.c @@ -210,9 +210,6 @@ kore_domain_new(char *domain) dom->ssl_ctx = NULL; dom->certfile = NULL; dom->crlfile = NULL; - - dom->crl_mtime = 0; - dom->cert_mtime = 0; dom->x509_verify_depth = 1; #endif dom->domain = kore_strdup(domain); diff --git a/src/keymgr.c b/src/keymgr.c @@ -73,7 +73,7 @@ static void keymgr_entropy_request(struct kore_msg *, const void *); static void keymgr_certificate_request(struct kore_msg *, const void *); static void keymgr_submit_certificates(struct kore_domain *, u_int16_t); static void keymgr_submit_file(u_int8_t, struct kore_domain *, - const char *, u_int16_t, time_t *, int); + const char *, u_int16_t, int); static void keymgr_rsa_encrypt(struct kore_msg *, const void *, struct key *); @@ -197,18 +197,15 @@ keymgr_reload(void) static void keymgr_submit_certificates(struct kore_domain *dom, u_int16_t dst) { - keymgr_submit_file(KORE_MSG_CERTIFICATE, - dom, dom->certfile, dst, &dom->cert_mtime, 0); + keymgr_submit_file(KORE_MSG_CERTIFICATE, dom, dom->certfile, dst, 0); - if (dom->crlfile != NULL) { - keymgr_submit_file(KORE_MSG_CRL, - dom, dom->crlfile, dst, &dom->crl_mtime, 1); - } + if (dom->crlfile != NULL) + keymgr_submit_file(KORE_MSG_CRL, dom, dom->crlfile, dst, 1); } static void keymgr_submit_file(u_int8_t id, struct kore_domain *dom, - const char *file, u_int16_t dst, time_t *mtime, int can_fail) + const char *file, u_int16_t dst, int can_fail) { int fd; struct stat st; @@ -234,13 +231,6 @@ keymgr_submit_file(u_int8_t id, struct kore_domain *dom, (intmax_t)st.st_size); } - if (st.st_mtime == *mtime) { - close(fd); - return; - } - - *mtime = st.st_mtime; - len = sizeof(*msg) + st.st_size; payload = kore_calloc(1, len);