diff options
author | Mikkel Krautz <mikkel@krautz.dk> | 2017-02-26 21:25:39 +0300 |
---|---|---|
committer | Mikkel Krautz <mikkel@krautz.dk> | 2017-02-26 21:25:39 +0300 |
commit | 250a93bbf4c17f6c32621f7c067ed708e0c70854 (patch) | |
tree | fa6b0f59b24f0d1067bb2824b3835e2832ed1385 /src/murmur/Cert.cpp | |
parent | 4fbbdda070f6e25fe4222f2ea93ae501ccf54d86 (diff) |
Server: add bUsingMetaCert flag.
This flag is necessary for hot certificate reload.
We need to know which servers are using the Meta certificate/key,
since we will only be able to live-reload SSL settings via SIGUSR1
for those servers. Servers that use their own SSL certificate/key
can't be reloaded via the SIGUSR1 mechanism.
This is because servers that use their own SSL certificate/key store
them in the database. Thus, it is only possible to update those via
RPC using the updateCertificate() method.
Diffstat (limited to 'src/murmur/Cert.cpp')
-rw-r--r-- | src/murmur/Cert.cpp | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/src/murmur/Cert.cpp b/src/murmur/Cert.cpp index 1e4706ea7..8b9c7fbda 100644 --- a/src/murmur/Cert.cpp +++ b/src/murmur/Cert.cpp @@ -159,6 +159,10 @@ void Server::initializeCert() { qscCert = Meta::mp.qscCert; qskKey = Meta::mp.qskKey; qlIntermediates = Meta::mp.qlIntermediates; + + if (!qscCert.isNull() && !qskKey.isNull()) { + bUsingMetaCert = true; + } } // If we still don't have a certificate by now, try to load the one from Meta @@ -166,10 +170,15 @@ void Server::initializeCert() { if (! key.isEmpty() || ! crt.isEmpty()) { log("Certificate specified, but failed to load."); } + qskKey = Meta::mp.qskKey; qscCert = Meta::mp.qscCert; qlIntermediates = Meta::mp.qlIntermediates; + if (!qscCert.isNull() && !qskKey.isNull()) { + bUsingMetaCert = true; + } + // If loading from Meta doesn't work, build+sign a new one if (qscCert.isNull() || qskKey.isNull()) { log("Generating new server certificate."); |