X-Git-Url: https://git.tokkee.org/?p=sysdb.git;a=blobdiff_plain;f=src%2Ffrontend%2Fsock.c;h=1f3ec5fd74b70ee903a68ce8678bd2fb69c4a87b;hp=c9d28b1bf16365fa4c86853fc4b74a54a9da0bc4;hb=ed2c9fc3e4ca6840a5a31c735f0cfc02fd21d4fc;hpb=7b81a859a6137d551ef6eee002c2cc6dcc0d5522

diff --git a/src/frontend/sock.c b/src/frontend/sock.c
index c9d28b1..1f3ec5f 100644
--- a/src/frontend/sock.c
+++ b/src/frontend/sock.c
@@ -80,6 +80,7 @@ typedef struct {
 	int   type;
 
 	/* optional SSL settings */
+	sdb_ssl_options_t ssl_opts;
 	sdb_ssl_server_t *ssl;
 
 	/* listener configuration */
@@ -290,8 +291,7 @@ open_tcp(listener_t *listener)
 
 	assert(listener);
 
-	/* TODO: make options configurable */
-	listener->ssl = sdb_ssl_server_create(NULL);
+	listener->ssl = sdb_ssl_server_create(&listener->ssl_opts);
 	if (! listener->ssl)
 		return -1;
 
@@ -393,6 +393,7 @@ listener_listen(listener_t *listener)
 				listener->address, sdb_strerror(errno, buf, sizeof(buf)));
 		return -1;
 	}
+	sdb_log(SDB_LOG_INFO, "frontend: Listening on %s", listener->address);
 	return 0;
 } /* listener_listen */
 
@@ -433,7 +434,8 @@ get_type(const char *address)
 			return impl->type;
 		}
 	}
-	return -1;
+	/* don't report an error, this could be an IPv6 address */
+	return listener_impls[0].type;
 } /* get_type */
 
 static void
@@ -443,6 +445,7 @@ listener_destroy(listener_t *listener)
 		return;
 
 	listener_close(listener);
+	sdb_ssl_free_options(&listener->ssl_opts);
 
 	if (listener->address)
 		free(listener->address);
@@ -479,6 +482,7 @@ listener_create(sdb_fe_socket_t *sock, const char *address)
 	if ((! strncmp(address, listener_impls[type].prefix, len))
 			&& (address[len] == ':'))
 		address += strlen(listener_impls[type].prefix) + 1;
+	memset(listener, 0, sizeof(*listener));
 
 	listener->sock_fd = -1;
 	listener->address = strdup(address);
@@ -493,12 +497,6 @@ listener_create(sdb_fe_socket_t *sock, const char *address)
 	listener->setup = NULL;
 	listener->ssl = NULL;
 
-	if (listener_impls[type].open(listener)) {
-		/* prints error */
-		listener_destroy(listener);
-		return NULL;
-	}
-
 	++sock->listeners_num;
 	return listener;
 } /* listener_create */
@@ -572,7 +570,11 @@ connection_handler(void *data)
 					"connection %s to list of open connections",
 					SDB_OBJ(conn)->name);
 		}
-		write(sock->trigger[TRIGGER_WRITE], "", 1);
+		if (write(sock->trigger[TRIGGER_WRITE], "", 1) <= 0) {
+			/* This shouldn't happen and it's not critical; in the worst cases
+			 * it slows us down. */
+			sdb_log(SDB_LOG_WARNING, "frontend: Failed to trigger main loop");
+		}
 
 		/* pass ownership back to list; or destroy in case of an error */
 		sdb_object_deref(SDB_OBJ(conn));
@@ -713,7 +715,8 @@ sdb_fe_sock_destroy(sdb_fe_socket_t *sock)
 } /* sdb_fe_sock_destroy */
 
 int
-sdb_fe_sock_add_listener(sdb_fe_socket_t *sock, const char *address)
+sdb_fe_sock_add_listener(sdb_fe_socket_t *sock, const char *address,
+		const sdb_ssl_options_t *opts)
 {
 	listener_t *listener;
 
@@ -723,6 +726,44 @@ sdb_fe_sock_add_listener(sdb_fe_socket_t *sock, const char *address)
 	listener = listener_create(sock, address);
 	if (! listener)
 		return -1;
+
+	if (opts) {
+		int ret = 0;
+
+		if (opts->ca_file) {
+			listener->ssl_opts.ca_file = strdup(opts->ca_file);
+			if (! listener->ssl_opts.ca_file)
+				ret = -1;
+		}
+		if (opts->key_file) {
+			listener->ssl_opts.key_file = strdup(opts->key_file);
+			if (! listener->ssl_opts.key_file)
+				ret = -1;
+		}
+		if (opts->cert_file) {
+			listener->ssl_opts.cert_file = strdup(opts->cert_file);
+			if (! listener->ssl_opts.cert_file)
+				ret = -1;
+		}
+		if (opts->crl_file) {
+			listener->ssl_opts.crl_file = strdup(opts->crl_file);
+			if (! listener->ssl_opts.crl_file)
+				ret = -1;
+		}
+
+		if (ret) {
+			listener_destroy(listener);
+			--sock->listeners_num;
+			return ret;
+		}
+	}
+
+	if (listener_impls[listener->type].open(listener)) {
+		/* prints error */
+		listener_destroy(listener);
+		--sock->listeners_num;
+		return -1;
+	}
 	return 0;
 } /* sdb_fe_sock_add_listener */