X-Git-Url: https://code.citadel.org/?a=blobdiff_plain;f=citadel%2Fmodules%2Fcrypto%2Fserv_crypto.c;h=98cded3c9f273364f227ffc1bd06ab14cd9e60f8;hb=ab376f8217b148b8d0896a31e6a2502100f134ac;hp=16be6d5677a6a79f9e0a19b74a2e084b7639c53e;hpb=6085834c9009a4188ba009ec7585af0491622159;p=citadel.git

diff --git a/citadel/modules/crypto/serv_crypto.c b/citadel/modules/crypto/serv_crypto.c
index 16be6d567..98cded3c9 100644
--- a/citadel/modules/crypto/serv_crypto.c
+++ b/citadel/modules/crypto/serv_crypto.c
@@ -110,6 +110,28 @@ void bind_to_key_and_certificate(void) {
 }
 
 
+// Check the modification time of the key and certificate -- reload if they changed
+void update_key_and_cert_if_needed(void) {
+	static time_t cert_mtime = 0;
+	struct stat keystat;
+	struct stat certstat;
+
+	if (stat(file_crpt_file_key, &keystat) != 0) {
+		syslog(LOG_ERR, "%s: %s", file_crpt_file_key, strerror(errno));
+		return;
+	}
+	if (stat(file_crpt_file_cer, &certstat) != 0) {
+		syslog(LOG_ERR, "%s: %s", file_crpt_file_cer, strerror(errno));
+		return;
+	}
+
+	if ((keystat.st_mtime > cert_mtime) || (certstat.st_mtime > cert_mtime)) {
+		bind_to_key_and_certificate();
+		cert_mtime = certstat.st_mtime;
+	}
+}
+
+
 void init_ssl(void) {
 	const SSL_METHOD *ssl_method;
 	RSA *rsa = NULL;
@@ -499,6 +521,9 @@ void CtdlStartTLS(char *ok_response, char *nosup_response, char *error_response)
 		}
 		return;
 	}
+
+	update_key_and_cert_if_needed();		// did someone update the key or cert?  if so, re-bind them
+
 	if (!(CC->ssl = SSL_new(ssl_ctx))) {
 		syslog(LOG_ERR, "crypto: SSL_new failed: %s", ERR_reason_error_string(ERR_get_error()));
 		if (error_response != NULL) {