WIP: Hot-reload of Murmur SSL settings (including runtime certificate-swap for Let's Encrypt) #2850

Open
wants to merge 19 commits into
from

Projects

None yet

2 participants

@mkrautz
Member
mkrautz commented Feb 15, 2017

No description provided.

tycho and others added some commits Sep 12, 2016
@tycho @mkrautz tycho murmur: add support for EC private keys
Signed-off-by: Steven Noonan <steven@uplinklabs.net>
75d1026
@mkrautz mkrautz murmur: refactor QSslKey loading code. 9decdd8
@mkrautz mkrautz MurmurIce: use Server::privateKeyFromPEM in updateCertificate RPC met…
…hod.
7e26310
@mkrautz mkrautz MurmurIce: also look for private key in cert PEM data, to mirror Serv…
…er::initializeCert().
0439120
@mkrautz mkrautz MurmurIce: remove ad-hoc RSA checks in updateCertificate with Server:…
…:isKeyForCert().
04631f2
@mkrautz mkrautz fix typo. 4ba4cb7
@mkrautz mkrautz fix typo 2. 0331ffa
@mkrautz mkrautz Meta: use Server::privateKeyFromPEM. 43e9c7c
@mkrautz mkrautz Add USR1 signal handler. 704ebcc
@mkrautz mkrautz WIP hot cert reload. bfd7ce6
@mkrautz mkrautz Server: add bUsingMetaCert flag. 6d5e321
@mkrautz mkrautz Meta: check bUsingMetaCert flag. 95ca2dc
@mkrautz mkrautz Better error handling. fd9df73
@mkrautz mkrautz balrghg. 05a3eca
@mkrautz mkrautz DH and cipher hot reload.
fe066f0
@mkrautz mkrautz qsCiphers -> tmpCiphers.
4d3d189
@mkrautz mkrautz Meta: move qmConfig.clear(). 10882bf
@mkrautz mkrautz Refactor into loadSSLSettings. 29ae2e5
@mkrautz mkrautz Refactor Meta::read() to use loadSSLSettings().
952a31b
@@ -574,6 +610,27 @@ Meta::~Meta() {
#endif
}
+bool Meta::reloadSSLSettings() {
+ // Reload SSL settings.
+ if (Meta::mp.loadSSLSettings()) {
@mkrautz
mkrautz Feb 17, 2017 Member

Inverted logic

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment