summary refs log tree commit diff
path: root/listen.c
diff options
context:
space:
mode:
authorJune McEnroe <june@causal.agency>2019-10-27 21:50:56 -0400
committerJune McEnroe <june@causal.agency>2019-11-01 01:01:17 -0400
commit0c667f1dc709c0104f244169983289ef1164f862 (patch)
treee229ab9daf6ed61a6a3dd3d3ad5521fe6c59ed97 /listen.c
parentUse capsicum (diff)
downloadpounce-0c667f1dc709c0104f244169983289ef1164f862.tar.gz
pounce-0c667f1dc709c0104f244169983289ef1164f862.zip
Re-read cert and key from the same FILEs
Diffstat (limited to 'listen.c')
-rw-r--r--listen.c37
1 files changed, 31 insertions, 6 deletions
diff --git a/listen.c b/listen.c
index 1797acf..9fc2443 100644
--- a/listen.c
+++ b/listen.c
@@ -17,8 +17,10 @@
 #include <err.h>
 #include <netdb.h>
 #include <netinet/in.h>
+#include <stdio.h>
 #include <stdlib.h>
 #include <sys/socket.h>
+#include <sys/stat.h>
 #include <sysexits.h>
 #include <tls.h>
 #include <unistd.h>
@@ -27,7 +29,23 @@
 
 static struct tls *server;
 
-void listenConfig(const char *cert, const char *priv) {
+static byte *reread(size_t *len, FILE *file) {
+	struct stat stat;
+	int error = fstat(fileno(file), &stat);
+	if (error) err(EX_IOERR, "fstat");
+
+	byte *buf = malloc(stat.st_size);
+	if (!buf) err(EX_OSERR, "malloc");
+
+	fpurge(file);
+	rewind(file);
+	*len = fread(buf, 1, stat.st_size, file);
+	if (ferror(file)) err(EX_IOERR, "fread");
+
+	return buf;
+}
+
+void listenConfig(FILE *cert, FILE *priv) {
 	tls_free(server);
 	server = tls_server();
 	if (!server) errx(EX_SOFTWARE, "tls_server");
@@ -35,13 +53,20 @@ void listenConfig(const char *cert, const char *priv) {
 	struct tls_config *config = tls_config_new();
 	if (!config) errx(EX_SOFTWARE, "tls_config_new");
 
-	int error = tls_config_set_keypair_file(config, cert, priv);
+	size_t len;
+	byte *buf = reread(&len, cert);
+	int error = tls_config_set_cert_mem(config, buf, len);
+	if (error) {
+		errx(EX_CONFIG, "tls_config_set_cert_mem: %s", tls_config_error(config));
+	}
+	free(buf);
+
+	buf = reread(&len, priv);
+	error = tls_config_set_key_mem(config, buf, len);
 	if (error) {
-		errx(
-			EX_CONFIG, "tls_config_set_keypair_file: %s",
-			tls_config_error(config)
-		);
+		errx(EX_CONFIG, "tls_config_set_key_mem: %s", tls_config_error(config));
 	}
+	free(buf);
 
 	error = tls_configure(server, config);
 	if (error) errx(EX_SOFTWARE, "tls_configure: %s", tls_error(server));