Skip to content

Commit

Permalink
Plugins: TLS: fix configuration loader for relative paths (Fix #225)
Browse files Browse the repository at this point in the history 
The TLS plugin configuration allows to load the certificates and keys
from absolute or relative paths, the relative discovery process was broken.

This patch fixes the usage of relative paths for certificates.

Signed-off-by: Eduardo Silva <eduardo@monkey.io>
  • Loading branch information
@edsiper
edsiper committed Dec 12, 2015
1 parent 28a81f2 commit 9d996eb
Showing 1 changed file with 78 additions and 25 deletions.
103 changes: 78 additions & 25 deletions plugins/tls/tls.c
View file
Expand Up @@ -199,9 +199,12 @@ static int config_parse(const char *confdir, struct polar_config *conf)
{
long unsigned int len;
char *conf_path = NULL;
char *cert_file = NULL;
char *cert_chain_file = NULL;
char *key_file = NULL;
char *dh_param_file = NULL;
struct mk_rconf_section *section;
struct mk_rconf *conf_head;
struct mk_list *head;

mk_api->str_build(&conf_path, &len, "%stls.conf", confdir);
conf_head = mk_api->config_create(conf_path);
Expand All @@ -211,40 +214,90 @@ static int config_parse(const char *confdir, struct polar_config *conf)
goto fallback;
}

mk_list_foreach(head, &conf_head->sections) {
section = mk_list_entry(head, struct mk_rconf_section, _head);

if (strcasecmp(section->name, "TLS")) {
continue;
}
conf->cert_file = mk_api->config_section_get_key(section,
"CertificateFile",
MK_RCONF_STR);
conf->cert_chain_file = mk_api->config_section_get_key(section,
"CertificateChainFile",
MK_RCONF_STR);
conf->key_file = mk_api->config_section_get_key(section,
"RSAKeyFile",
MK_RCONF_STR);
conf->dh_param_file = mk_api->config_section_get_key(section,
"DHParameterFile",
MK_RCONF_STR);
}
mk_api->config_free(conf_head);
section = mk_rconf_section_get(conf_head, "TLS");
if (!section) {
goto fallback;
}

cert_file = mk_api->config_section_get_key(section,
"CertificateFile",
MK_RCONF_STR);
cert_chain_file = mk_api->config_section_get_key(section,
"CertificateChainFile",
MK_RCONF_STR);
key_file = mk_api->config_section_get_key(section,
"RSAKeyFile",
MK_RCONF_STR);
dh_param_file = mk_api->config_section_get_key(section,
"DHParameterFile",
MK_RCONF_STR);
fallback:
if (conf->cert_file == NULL) {
/* Set default name if not specified */
if (!cert_file) {
mk_api->str_build(&conf->cert_file, &len,
"%ssrv_cert.pem", confdir);
}
if (conf->key_file == NULL) {
else {
/* Set absolute path or compose a new one based on the relative */
if (*cert_file == '/') {
conf->cert_file = cert_file;
}
else {
mk_api->str_build(&conf->cert_file, &len,
"%s/%s", confdir, cert_file);
}
}

/* Set default name if not specified */
if (cert_chain_file) {
/* Set absolute path or compose a new one based on the relative */
if (*cert_chain_file == '/') {
conf->cert_chain_file = cert_chain_file;
}
else {
mk_api->str_build(&conf->cert_chain_file, &len,
"%s/%s", confdir, cert_chain_file);
}
}
else {
conf->cert_chain_file = NULL;
}

/* Set default name if not specified */
if (!key_file) {
mk_api->str_build(&conf->key_file, &len,
"%srsa.pem", confdir);
}
if (conf->dh_param_file == NULL) {
else {
/* Set absolute path or compose a new one based on the relative */
if (*key_file == '/') {
conf->key_file = key_file;
}
else {
mk_api->str_build(&conf->key_file, &len,
"%s/%s", confdir, key_file);
}
}

/* Set default name if not specified */
if (!dh_param_file) {
mk_api->str_build(&conf->dh_param_file, &len,
"%sdhparam.pem", confdir);
}
else {
/* Set absolute path or compose a new one based on the relative */
if (*dh_param_file == '/') {
conf->dh_param_file = dh_param_file;
}
else {
mk_api->str_build(&conf->dh_param_file, &len,
"%s/%s", confdir, dh_param_file);
}
}

if (conf_head) {
mk_api->config_free(conf_head);
}

return 0;
}
Expand Down Expand Up @@ -734,7 +787,7 @@ void mk_tls_worker_init(void)
return;

error:
abort();
exit(EXIT_FAILURE);
}

int mk_tls_plugin_exit()
Expand Down

0 comments on commit 9d996eb

Please sign in to comment.