summary refs log tree commit diff
diff options
context:
space:
mode:
authorJune McEnroe <june@causal.agency>2019-10-27 00:44:14 -0400
committerJune McEnroe <june@causal.agency>2019-10-27 00:44:14 -0400
commit755de4c9500fa9fdafc5ac82ee16dd7a19013b9f (patch)
treefc2d702cc44fb4a2d872d0c7990bba7f8a3f1a42
parentDrop clients on zero-length reads (diff)
downloadpounce-755de4c9500fa9fdafc5ac82ee16dd7a19013b9f.tar.gz
pounce-755de4c9500fa9fdafc5ac82ee16dd7a19013b9f.zip
Reload certificate on SIGUSR1
-rw-r--r--bounce.c8
-rw-r--r--listen.c8
-rw-r--r--pounce.115
3 files changed, 24 insertions, 7 deletions
diff --git a/bounce.c b/bounce.c
index b96326b..1015625 100644
--- a/bounce.c
+++ b/bounce.c
@@ -159,14 +159,20 @@ int main(int argc, char *argv[]) {
 
 	signal(SIGINT, signalHandler);
 	signal(SIGTERM, signalHandler);
+	signal(SIGUSR1, signalHandler);
 
 	size_t clients = 0;
 	for (;;) {
 		int nfds = poll(event.fds, event.len, -1);
 		if (nfds < 0 && errno != EINTR) err(EX_IOERR, "poll");
+
 		if (signals[SIGINT] || signals[SIGTERM]) break;
-		if (nfds < 0) continue;
+		if (signals[SIGUSR1]) {
+			listenConfig(certPath, privPath);
+			signals[SIGUSR1] = 0;
+		}
 
+		if (nfds < 0) continue;
 		for (size_t i = 0; i < event.len; ++i) {
 			short revents = event.fds[i].revents;
 			if (!revents) continue;
diff --git a/listen.c b/listen.c
index d6e561f..952d798 100644
--- a/listen.c
+++ b/listen.c
@@ -27,8 +27,11 @@
 
 static struct tls *server;
 
-// TODO: Make this callable more than once to reload certificates?
 void listenConfig(const char *cert, const char *priv) {
+	tls_free(server);
+	server = tls_server();
+	if (!server) errx(EX_SOFTWARE, "tls_server");
+
 	struct tls_config *config = tls_config_new();
 	if (!config) errx(EX_SOFTWARE, "tls_config_new");
 
@@ -40,9 +43,6 @@ void listenConfig(const char *cert, const char *priv) {
 		);
 	}
 
-	server = tls_server();
-	if (!server) errx(EX_SOFTWARE, "tls_server");
-
 	error = tls_configure(server, config);
 	if (error) errx(EX_SOFTWARE, "tls_configure: %s", tls_error(server));
 	tls_config_free(config);
diff --git a/pounce.1 b/pounce.1
index b76d819..34f10d2 100644
--- a/pounce.1
+++ b/pounce.1
@@ -1,4 +1,4 @@
-.Dd October 26, 2019
+.Dd October 27, 2019
 .Dt POUNCE 1
 .Os
 .
@@ -152,9 +152,20 @@ to the first line read from
 When using
 .Xr certbot 8
 to obtain TLS certificates,
-is it sufficient to specify the domain with
+it is sufficient to specify the domain with
 .Fl H .
 .
+.Pp
+Upon receiving the
+.Dv SIGUSR1
+signal,
+the certificate and private key
+will be reloaded from the paths
+specified by
+.Fl C
+and
+.Fl K .
+.
 .Sh ENVIRONMENT
 .Bl -tag -width Ds
 .It Ev USER
2022-10-16NetBSD: include text.tar.xz man pages 2063.8Štěpán Němec 2022-10-16Update to Linux man-mages 6.00Štěpán Němec Relax FILES pattern to include the newly added man2type, man3const, man3head and man3type. 2022-10-16Update to NetBSD 9.3Štěpán Němec 2022-09-18Make copyrights and AUTHORS consistentJune McEnroe 2022-07-27Update to FreeBSD 13.1 2062.83June McEnroe 2022-07-27openbsd: Include man pages from baseXX.tgzKeith Whitney A number of OpenBSD man pages are currently missing in exman, since they reside in OpenBSD's baseXX.tgz [1]: - help(1) - man(1) - pkg_add(1) - OpenBSD::BaseState(3p) - packages(7) - adduser(8) - afterboot(8) - user(8) - useradd(8) - userdel(8) - userinfo(8) - usermod(8) This patch adds baseXX.tgz to the OpenBSD distfiles, which begrudgingly adds ~330 MiB to the install. I figure this might acceptable since base.txz is similarly fetched for FreeBSD. Since this isn't ideal, I'll look into whether these man pages are intended to be in baseXX.tgz or not. If not, I'll see about changing this upstream, and this patch can be reverted. [1] Lines 2876-2931: https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib/sets/lists/base/mi?annotate=1.1065 2022-05-08Update to OpenBSD 7.1 2062.73June McEnroe 2021-10-15Update to OpenBSD 7.0 2062.63June McEnroe 2021-08-29Update to Linux man-pages 5.13 2062.53Štěpán Němec 2021-08-26Update to NetBSD 9.2 2062.52June McEnroe 2021-08-26Support DESTDIR in install/uninstallJune McEnroe 2021-08-26Add version number generatorJune McEnroe 2021-08-22Add ISC license headerJune McEnroe 2021-08-22Update to Linux man-pages 5.12Štěpán Němec 2021-06-21Add manuals for macOS 11.3June McEnroe 2021-05-08Update to OpenBSD 6.9June McEnroe 2021-04-26Update to Linux man-pages 5.11June McEnroe 2021-04-26Update to FreeBSD 13.0June McEnroe 2021-01-27Completely rewrite how manuals are fetched and installedJune McEnroe Also add section 6 manuals from NetBSD and OpenBSD! 2020-12-14Update to man-pages-posix 2017-aJune McEnroe 2020-12-14Update to OpenBSD 6.8June McEnroe 2020-12-14Update to NetBSD 9.1June McEnroe 2020-12-14Update to man-pages 5.09June McEnroe 2020-12-14Update to FreeBSD 12.2June McEnroe 2020-06-08Update to OpenBSD 6.7June McEnroe 2020-05-04Add hack for macOS to search extra man sectionsJune McEnroe 2020-05-04Don't clear MANSECTJune McEnroe