summaryrefslogtreecommitdiffhomepage
path: root/https.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'https.cpp')
-rw-r--r--https.cpp56
1 files changed, 9 insertions, 47 deletions
diff --git a/https.cpp b/https.cpp
index 0cbce8e..e56af9a 100644
--- a/https.cpp
+++ b/https.cpp
@@ -43,8 +43,6 @@ using tcp = boost::asio::ip::tcp; // from <boost/asio/ip/tcp.hpp>
namespace {
- // reload certs once a day: may be updated by certbot
- const int32_t certificates_timer_seconds { 24 * 60*60 };
//------------------------------------------------------------------------------
// Report a failure
@@ -200,7 +198,7 @@ public:
)
{
if(ec)
- return fail(ec, "handshake");
+ return fail(ec, "https handshake");
do_read();
}
@@ -254,7 +252,7 @@ public:
return do_close();
if(ec)
- return fail(ec, "read");
+ return fail(ec, "https read");
req_ = parser_->get();
@@ -278,7 +276,7 @@ public:
boost::ignore_unused(bytes_transferred);
if(ec)
- return fail(ec, "write");
+ return fail(ec, "https write");
if(close)
{
@@ -321,7 +319,7 @@ public:
on_shutdown(beast::error_code ec)
{
if(ec)
- return fail(ec, "shutdown");
+ return fail(ec, "https shutdown");
// At this point the connection is closed gracefully
}
@@ -368,7 +366,7 @@ public:
acceptor_.open(endpoint.protocol(), ec);
if(ec)
{
- fail(ec, "open");
+ fail(ec, "https open");
return;
}
@@ -376,7 +374,7 @@ public:
acceptor_.set_option(net::socket_base::reuse_address(true), ec);
if(ec)
{
- fail(ec, "set_option");
+ fail(ec, "https set_option");
return;
}
@@ -384,7 +382,7 @@ public:
acceptor_.bind(endpoint, ec);
if(ec)
{
- fail(ec, "bind");
+ fail(ec, "https bind");
return;
}
@@ -393,7 +391,7 @@ public:
net::socket_base::max_listen_connections, ec);
if(ec)
{
- fail(ec, "listen");
+ fail(ec, "https listen");
return;
}
}
@@ -439,7 +437,7 @@ private:
{
if(ec)
{
- fail(ec, "accept");
+ fail(ec, "https accept");
}
else
{
@@ -631,20 +629,8 @@ namespace HTTPS {
Server::Server(Config& config, boost::asio::io_context& ioc, const Socket& socket, plugins_container_type& plugins, Statistics& statistics)
: ::Server(config, ioc, socket, plugins, statistics)
- , m_certificates_timer(ioc, boost::asio::chrono::seconds(certificates_timer_seconds))
-#if 0 // problem: at this point, privileges are dropped and access to certbot keys is limited. File re-load fails with exception.
- , m_certificates_timer_callback {
- [&](const boost::system::error_code& error){
- reload_certificates();
- m_certificates_timer.expires_at(m_certificates_timer.expires_at() + boost::asio::chrono::seconds(certificates_timer_seconds));
- m_certificates_timer.async_wait(m_certificates_timer_callback);
- }}
-#endif
{
load_certificates(); // load initially
-
- // Reload certs once a day, maybe updated by certbot
- m_certificates_timer.async_wait(m_certificates_timer_callback);
}
Server::~Server()
@@ -679,30 +665,6 @@ void Server::load_certificates()
}
}
-void Server::reload_certificates()
-{
- for (const auto& serve_site: m_socket.serve_sites) {
- for (const auto& site: m_config.Sites()) {
- if (site.first == serve_site) {
-
- std::cout << "Updating SSL context/cert for site " << serve_site << " on port " << m_socket.port << std::endl;
-
- auto it_host {site.second.hosts.begin()};
- if (it_host == site.second.hosts.end()) {
- std::cout << " Warning: No configured host found." << std::endl;
- } else {
- auto it_ctx {m_ctx.find(*it_host)};
- if (it_ctx == m_ctx.end()) {
- std::cout << " Warning: No context found for configured host." << std::endl;
- } else {
- load_server_certificate(*it_ctx->second, site.second.cert_path, site.second.key_path);
- }
- }
- }
- }
- }
-}
-
int Server::start()
{
auto const address = net::ip::make_address(m_socket.address);