// initialize ssl engine, load certs and initialize openssl internals
void init_ssl(void) {
- const SSL_METHOD *ssl_method;
-
-#ifndef OPENSSL_NO_EGD
- if (!access("/var/run/egd-pool", F_OK)) {
- RAND_egd("/var/run/egd-pool");
- }
-#endif
-
- if (!RAND_status()) {
- syslog(LOG_WARNING, "PRNG not adequately seeded, won't do SSL/TLS");
- return;
- }
// Initialize SSL transport layer
SSL_library_init();
SSL_load_error_strings();
- ssl_method = SSLv23_server_method();
- if (!(ssl_ctx = SSL_CTX_new(ssl_method))) {
+ if (!(ssl_ctx = SSL_CTX_new(SSLv23_server_method()))) {
syslog(LOG_WARNING, "SSL_CTX_new failed: %s", ERR_reason_error_string(ERR_get_error()));
return;
}
}
-// Check the modification time of the key and certificate -- reload if they changed
+// Check the modification time of the key and certificate -- reload if either one changed
void update_key_and_cert_if_needed(void) {
- static time_t cert_mtime = 0;
+ static time_t previous_mtime = 0;
struct stat keystat;
struct stat certstat;
return;
}
- if ((keystat.st_mtime > cert_mtime) || (certstat.st_mtime > cert_mtime)) {
+ if ((keystat.st_mtime + certstat.st_mtime) != previous_mtime) {
bind_to_key_and_certificate();
- cert_mtime = certstat.st_mtime;
+ previous_mtime = keystat.st_mtime + certstat.st_mtime;
}
}