diff options
| author | June McEnroe <june@causal.agency> | 2019-10-27 00:44:14 -0400 |
|---|---|---|
| committer | June McEnroe <june@causal.agency> | 2019-10-27 00:44:14 -0400 |
| commit | 755de4c9500fa9fdafc5ac82ee16dd7a19013b9f (patch) | |
| tree | fc2d702cc44fb4a2d872d0c7990bba7f8a3f1a42 | |
| parent | Drop clients on zero-length reads (diff) | |
| download | pounce-755de4c9500fa9fdafc5ac82ee16dd7a19013b9f.tar.gz pounce-755de4c9500fa9fdafc5ac82ee16dd7a19013b9f.zip | |
Reload certificate on SIGUSR1
| -rw-r--r-- | bounce.c | 8 | ||||
| -rw-r--r-- | listen.c | 8 | ||||
| -rw-r--r-- | pounce.1 | 15 |
3 files changed, 24 insertions, 7 deletions
diff --git a/bounce.c b/bounce.c index b96326b..1015625 100644 --- a/bounce.c +++ b/bounce.c @@ -159,14 +159,20 @@ int main(int argc, char *argv[]) { signal(SIGINT, signalHandler); signal(SIGTERM, signalHandler); + signal(SIGUSR1, signalHandler); size_t clients = 0; for (;;) { int nfds = poll(event.fds, event.len, -1); if (nfds < 0 && errno != EINTR) err(EX_IOERR, "poll"); + if (signals[SIGINT] || signals[SIGTERM]) break; - if (nfds < 0) continue; + if (signals[SIGUSR1]) { + listenConfig(certPath, privPath); + signals[SIGUSR1] = 0; + } + if (nfds < 0) continue; for (size_t i = 0; i < event.len; ++i) { short revents = event.fds[i].revents; if (!revents) continue; diff --git a/listen.c b/listen.c index d6e561f..952d798 100644 --- a/listen.c +++ b/listen.c @@ -27,8 +27,11 @@ static struct tls *server; -// TODO: Make this callable more than once to reload certificates? void listenConfig(const char *cert, const char *priv) { + tls_free(server); + server = tls_server(); + if (!server) errx(EX_SOFTWARE, "tls_server"); + struct tls_config *config = tls_config_new(); if (!config) errx(EX_SOFTWARE, "tls_config_new"); @@ -40,9 +43,6 @@ void listenConfig(const char *cert, const char *priv) { ); } - server = tls_server(); - if (!server) errx(EX_SOFTWARE, "tls_server"); - error = tls_configure(server, config); if (error) errx(EX_SOFTWARE, "tls_configure: %s", tls_error(server)); tls_config_free(config); diff --git a/pounce.1 b/pounce.1 index b76d819..34f10d2 100644 --- a/pounce.1 +++ b/pounce.1 @@ -1,4 +1,4 @@ -.Dd October 26, 2019 +.Dd October 27, 2019 .Dt POUNCE 1 .Os . @@ -152,9 +152,20 @@ to the first line read from When using .Xr certbot 8 to obtain TLS certificates, -is it sufficient to specify the domain with +it is sufficient to specify the domain with .Fl H . . +.Pp +Upon receiving the +.Dv SIGUSR1 +signal, +the certificate and private key +will be reloaded from the paths +specified by +.Fl C +and +.Fl K . +. .Sh ENVIRONMENT .Bl -tag -width Ds .It Ev USER |