#include <utility>
#include <vector>
+#include "tlse.h"
+
#include "acceptor.h"
#include "accesslog.h"
#include "config.h"
}
};
+// An arbitrary ordering.
+struct AcceptorConfigCompare {
+ bool operator() (const AcceptorConfig &a, const AcceptorConfig &b) const {
+ int cmp = a.certificate_chain.compare(b.certificate_chain);
+ if (cmp != 0) {
+ return cmp < 0;
+ }
+
+ cmp = a.private_key.compare(b.private_key);
+ if (cmp != 0) {
+ return cmp < 0;
+ }
+
+ return Sockaddr6Compare()(a.addr, b.addr);
+ }
+};
+
} // namespace
struct InputWithRefcount {
return state;
}
-// Find all port statements in the configuration file, and create acceptors for htem.
+// Find all port statements in the configuration file, and create acceptors for them.
vector<Acceptor *> create_acceptors(
const Config &config,
- map<sockaddr_in6, Acceptor *, Sockaddr6Compare> *deserialized_acceptors)
+ map<AcceptorConfig, Acceptor *, AcceptorConfigCompare> *deserialized_acceptors)
{
vector<Acceptor *> acceptors;
for (unsigned i = 0; i < config.acceptors.size(); ++i) {
const AcceptorConfig &acceptor_config = config.acceptors[i];
Acceptor *acceptor = NULL;
- map<sockaddr_in6, Acceptor *, Sockaddr6Compare>::iterator deserialized_acceptor_it =
- deserialized_acceptors->find(acceptor_config.addr);
+ map<AcceptorConfig, Acceptor *, AcceptorConfigCompare>::iterator deserialized_acceptor_it =
+ deserialized_acceptors->find(acceptor_config);
if (deserialized_acceptor_it != deserialized_acceptors->end()) {
acceptor = deserialized_acceptor_it->second;
deserialized_acceptors->erase(deserialized_acceptor_it);
} else {
int server_sock = create_server_socket(acceptor_config.addr, TCP_SOCKET);
- acceptor = new Acceptor(server_sock, acceptor_config.addr);
+ acceptor = new Acceptor(server_sock, acceptor_config.addr,
+ acceptor_config.certificate_chain,
+ acceptor_config.private_key);
}
acceptor->run();
acceptors.push_back(acceptor);
}
// Close all acceptors that are no longer in the configuration file.
- for (map<sockaddr_in6, Acceptor *, Sockaddr6Compare>::iterator
+ for (map<AcceptorConfig, Acceptor *, AcceptorConfigCompare>::iterator
acceptor_it = deserialized_acceptors->begin();
acceptor_it != deserialized_acceptors->end();
++acceptor_it) {
signal(SIGINT, hup);
signal(SIGUSR1, do_nothing); // Used in internal signalling.
signal(SIGPIPE, SIG_IGN);
+
+ tls_init();
// Parse options.
int state_fd = -1;
CubemapStateProto loaded_state;
timespec serialize_start;
set<string> deserialized_urls;
- map<sockaddr_in6, Acceptor *, Sockaddr6Compare> deserialized_acceptors;
+ map<AcceptorConfig, Acceptor *, AcceptorConfigCompare> deserialized_acceptors;
multimap<InputKey, InputWithRefcount> inputs; // multimap due to older versions without deduplication.
if (state_fd != -1) {
log(INFO, "Deserializing state from previous process...");
// Deserialize the acceptors.
for (int i = 0; i < loaded_state.acceptors_size(); ++i) {
- sockaddr_in6 sin6 = extract_address_from_acceptor_proto(loaded_state.acceptors(i));
+ AcceptorConfig config;
+ config.addr = extract_address_from_acceptor_proto(loaded_state.acceptors(i));
+ config.certificate_chain = loaded_state.acceptors(i).certificate_chain();
+ config.private_key = loaded_state.acceptors(i).private_key();
deserialized_acceptors.insert(make_pair(
- sin6,
+ config,
new Acceptor(loaded_state.acceptors(i))));
}
create_streams(config, deserialized_urls, &inputs);
vector<Acceptor *> acceptors = create_acceptors(config, &deserialized_acceptors);
- // Convert old-style timestamps to new-style timestamps for all clients;
- // this simplifies the sort below.
- {
- timespec now_monotonic;
- if (clock_gettime(CLOCK_MONOTONIC_COARSE, &now_monotonic) == -1) {
- log(ERROR, "clock_gettime(CLOCK_MONOTONIC_COARSE) failed.");
- exit(1);
- }
- long delta_sec = now_monotonic.tv_sec - time(NULL);
-
- for (int i = 0; i < loaded_state.clients_size(); ++i) {
- ClientProto* client = loaded_state.mutable_clients(i);
- if (client->has_connect_time_old()) {
- client->set_connect_time_sec(client->connect_time_old() + delta_sec);
- client->set_connect_time_nsec(now_monotonic.tv_nsec);
- client->clear_connect_time_old();
- }
+ // Make all the servers create TLS contexts for every TLS keypair we have.
+ for (Acceptor *acceptor : acceptors) {
+ if (acceptor->is_tls()) {
+ servers->create_tls_context_for_acceptor(acceptor);
}
}