X-Git-Url: https://git.sesse.net/?p=cubemap;a=blobdiff_plain;f=main.cpp;h=33ed9dfba726bc8b5332d42a3fcae2e4ceca54f5;hp=0b8825a9da595b6f36bf7247cd75cfd25bdb619a;hb=b10d63c534fda113e65e24d252e509e616067ef9;hpb=029aca758029094d6e9d59e8d88babce94c412e4

diff --git a/main.cpp b/main.cpp
index 0b8825a..33ed9df 100644
--- a/main.cpp
+++ b/main.cpp
@@ -18,6 +18,8 @@
 #include <utility>
 #include <vector>
 
+#include "tlse.h"
+
 #include "acceptor.h"
 #include "accesslog.h"
 #include "config.h"
@@ -51,6 +53,23 @@ struct OrderByConnectionTime {
 	}
 };
 
+// An arbitrary ordering.
+struct AcceptorConfigCompare {
+	bool operator() (const AcceptorConfig &a, const AcceptorConfig &b) const {
+		int cmp = a.certificate_chain.compare(b.certificate_chain);
+		if (cmp != 0) {
+			return cmp < 0;
+		}
+
+		cmp = a.private_key.compare(b.private_key);
+		if (cmp != 0) {
+			return cmp < 0;
+		}
+
+		return Sockaddr6Compare()(a.addr, b.addr);
+	}
+};
+
 }  // namespace
 
 struct InputWithRefcount {
@@ -92,30 +111,32 @@ CubemapStateProto collect_state(const timespec &serialize_start,
 	return state;
 }
 
-// Find all port statements in the configuration file, and create acceptors for htem.
+// Find all port statements in the configuration file, and create acceptors for them.
 vector<Acceptor *> create_acceptors(
 	const Config &config,
-	map<sockaddr_in6, Acceptor *, Sockaddr6Compare> *deserialized_acceptors)
+	map<AcceptorConfig, Acceptor *, AcceptorConfigCompare> *deserialized_acceptors)
 {
 	vector<Acceptor *> acceptors;
 	for (unsigned i = 0; i < config.acceptors.size(); ++i) {
 		const AcceptorConfig &acceptor_config = config.acceptors[i];
 		Acceptor *acceptor = NULL;
-		map<sockaddr_in6, Acceptor *, Sockaddr6Compare>::iterator deserialized_acceptor_it =
-			deserialized_acceptors->find(acceptor_config.addr);
+		map<AcceptorConfig, Acceptor *, AcceptorConfigCompare>::iterator deserialized_acceptor_it =
+			deserialized_acceptors->find(acceptor_config);
 		if (deserialized_acceptor_it != deserialized_acceptors->end()) {
 			acceptor = deserialized_acceptor_it->second;
 			deserialized_acceptors->erase(deserialized_acceptor_it);
 		} else {
 			int server_sock = create_server_socket(acceptor_config.addr, TCP_SOCKET);
-			acceptor = new Acceptor(server_sock, acceptor_config.addr);
+			acceptor = new Acceptor(server_sock, acceptor_config.addr,
+			                        acceptor_config.certificate_chain,
+			                        acceptor_config.private_key);
 		}
 		acceptor->run();
 		acceptors.push_back(acceptor);
 	}
 
 	// Close all acceptors that are no longer in the configuration file.
-	for (map<sockaddr_in6, Acceptor *, Sockaddr6Compare>::iterator
+	for (map<AcceptorConfig, Acceptor *, AcceptorConfigCompare>::iterator
 	         acceptor_it = deserialized_acceptors->begin();
 	     acceptor_it != deserialized_acceptors->end();
 	     ++acceptor_it) {
@@ -318,6 +339,8 @@ int main(int argc, char **argv)
 	signal(SIGINT, hup);
 	signal(SIGUSR1, do_nothing);  // Used in internal signalling.
 	signal(SIGPIPE, SIG_IGN);
+
+	tls_init();
 	
 	// Parse options.
 	int state_fd = -1;
@@ -406,7 +429,7 @@ start:
 	CubemapStateProto loaded_state;
 	timespec serialize_start;
 	set<string> deserialized_urls;
-	map<sockaddr_in6, Acceptor *, Sockaddr6Compare> deserialized_acceptors;
+	map<AcceptorConfig, Acceptor *, AcceptorConfigCompare> deserialized_acceptors;
 	multimap<InputKey, InputWithRefcount> inputs;  // multimap due to older versions without deduplication.
 	if (state_fd != -1) {
 		log(INFO, "Deserializing state from previous process...");
@@ -462,9 +485,12 @@ start:
 
 		// Deserialize the acceptors.
 		for (int i = 0; i < loaded_state.acceptors_size(); ++i) {
-			sockaddr_in6 sin6 = extract_address_from_acceptor_proto(loaded_state.acceptors(i));
+			AcceptorConfig config;
+			config.addr = extract_address_from_acceptor_proto(loaded_state.acceptors(i));
+			config.certificate_chain = loaded_state.acceptors(i).certificate_chain();
+			config.private_key = loaded_state.acceptors(i).private_key();
 			deserialized_acceptors.insert(make_pair(
-				sin6,
+				config,
 				new Acceptor(loaded_state.acceptors(i))));
 		}
 
@@ -477,6 +503,13 @@ start:
 	// Find all streams in the configuration file, create them, and connect to the inputs.
 	create_streams(config, deserialized_urls, &inputs);
 	vector<Acceptor *> acceptors = create_acceptors(config, &deserialized_acceptors);
+
+	// Make all the servers create TLS contexts for every TLS keypair we have.
+	for (Acceptor *acceptor : acceptors) {
+		if (acceptor->is_tls()) {
+			servers->create_tls_context_for_acceptor(acceptor);
+		}
+	}
 	
 	// Put back the existing clients. It doesn't matter which server we
 	// allocate them to, so just do round-robin. However, we need to sort them