Unified the openssl library initialization code

[citadel.git] / webcit-ng / tls.c

diff --git a/webcit-ng/tls.c b/webcit-ng/tls.c
index b82f8b34ffedcae7980c1be09a0eba58a6b0392d..4a939a90084e35ea93dcea248fdd911f5bdb8460 100644 (file)
--- a/webcit-ng/tls.c
+++ b/webcit-ng/tls.c
@@ -24,6 +24,19 @@ char *ssl_cipher_list = DEFAULT_SSL_CIPHER_LIST;
 // Set the private key and certificate chain for the global SSL Context.
 // This is called during initialization, and can be called again later if the certificate changes.
 void bind_to_key_and_certificate(void) {
+       SSL_CTX *old_ctx, *new_ctx;
+
+       if (!(new_ctx = SSL_CTX_new(TLS_server_method()))) {
+               syslog(LOG_WARNING, "SSL_CTX_new failed: %s", ERR_reason_error_string(ERR_get_error()));
+               return;
+       }
+
+       syslog(LOG_INFO, "Requesting cipher list: %s", ssl_cipher_list);
+       if (!(SSL_CTX_set_cipher_list(new_ctx, ssl_cipher_list))) {
+               syslog(LOG_WARNING, "SSL_CTX_set_cipher_list failed: %s", ERR_reason_error_string(ERR_get_error()));
+               return;
+       }
+
        if (IsEmptyStr(key_file)) {
                snprintf(key_file, sizeof key_file, "%s/keys/citadel.key", ctdl_dir);
        }
@@ -33,40 +46,28 @@ void bind_to_key_and_certificate(void) {
 
        syslog(LOG_DEBUG, "crypto: [re]installing key \"%s\" and certificate \"%s\"", key_file, cert_file);
 
-       SSL_CTX_use_certificate_chain_file(ssl_ctx, cert_file);
-       SSL_CTX_use_PrivateKey_file(ssl_ctx, key_file, SSL_FILETYPE_PEM);
+       SSL_CTX_use_certificate_chain_file(new_ctx, cert_file);
+       SSL_CTX_use_PrivateKey_file(new_ctx, key_file, SSL_FILETYPE_PEM);
 
-       if ( !SSL_CTX_check_private_key(ssl_ctx) ) {
+       if ( !SSL_CTX_check_private_key(new_ctx) ) {
                syslog(LOG_WARNING, "crypto: cannot install certificate: %s", ERR_reason_error_string(ERR_get_error()));
        }
+
+       old_ctx = ssl_ctx;
+       ssl_ctx = new_ctx;
+       sleep(1);
+       SSL_CTX_free(old_ctx);
 }
 
 
 // Initialize ssl engine, load certs and initialize openssl internals
 void init_ssl(void) {
-       RSA *rsa = NULL;
-       X509_REQ *req = NULL;
-       X509 *cer = NULL;
-       EVP_PKEY *pk = NULL;
-       EVP_PKEY *req_pkey = NULL;
-       X509_NAME *name = NULL;
-       FILE *fp;
-       char buf[SIZ];
-       int rv = 0;
-
-       // Initialize SSL transport layer
-       SSL_library_init();
-       SSL_load_error_strings();
-       if (!(ssl_ctx = SSL_CTX_new(SSLv23_server_method()))) {
-               syslog(LOG_WARNING, "SSL_CTX_new failed: %s", ERR_reason_error_string(ERR_get_error()));
-               return;
-       }
 
-       syslog(LOG_INFO, "Requesting cipher list: %s", ssl_cipher_list);
-       if (!(SSL_CTX_set_cipher_list(ssl_ctx, ssl_cipher_list))) {
-               syslog(LOG_WARNING, "SSL_CTX_set_cipher_list failed: %s", ERR_reason_error_string(ERR_get_error()));
-               return;
-       }
+       // Initialize the OpenSSL library
+       SSL_load_error_strings();
+       ERR_load_crypto_strings();
+       OpenSSL_add_all_algorithms();
+       SSL_library_init();
 
        // Now try to bind to the key and certificate.
        bind_to_key_and_certificate();