[io]mrelp: support for certificate parameters

2 files changed, 46 insertions, 0 deletions

diff --git a/plugins/imrelp/imrelp.c b/plugins/imrelp/imrelp.c
index 32f6a042..a566799f 100644
--- a/plugins/imrelp/imrelp.c
+++ b/plugins/imrelp/imrelp.c
@@ -78,6 +78,9 @@ struct instanceConf_s {
 	sbool bEnableTLSZip;
 	int dhBits;
 	uchar *pristring;		/* GnuTLS priority string (NULL if not to be provided) */
+	uchar *caCertFile;
+	uchar *myCertFile;
+	uchar *myPrivKeyFile;
 	struct instanceConf_s *next;
 };
 
@@ -108,6 +111,9 @@ static struct cnfparamdescr inppdescr[] = {
 	{ "tls", eCmdHdlrBinary, 0 },
 	{ "tls.dhbits", eCmdHdlrInt, 0 },
 	{ "tls.prioritystring", eCmdHdlrString, 0 },
+	{ "tls.cacert", eCmdHdlrString, 0 },
+	{ "tls.mycert", eCmdHdlrString, 0 },
+	{ "tls.myprivkey", eCmdHdlrString, 0 },
 	{ "tls.compression", eCmdHdlrBinary, 0 }
 };
 static struct cnfparamblk inppblk =
@@ -250,6 +256,12 @@ addListner(modConfData_t __attribute__((unused)) *modConf, instanceConf_t *inst)
 			relpSrvSetDHBits(pSrv, inst->dhBits);
 		}
 		relpSrvSetGnuTLSPriString(pSrv, (char*)inst->pristring);
+		if(relpSrvSetCACert(pSrv, (char*) inst->caCertFile) != RELP_RET_OK)
+			ABORT_FINALIZE(RS_RET_RELP_ERR);
+		if(relpSrvSetOwnCert(pSrv, (char*) inst->myCertFile) != RELP_RET_OK)
+			ABORT_FINALIZE(RS_RET_RELP_ERR);
+		if(relpSrvSetPrivKey(pSrv, (char*) inst->myPrivKeyFile) != RELP_RET_OK)
+			ABORT_FINALIZE(RS_RET_RELP_ERR);
 	}
 	CHKiRet(relpEngineListnerConstructFinalize(pRelpEngine, pSrv));
 
@@ -290,8 +302,15 @@ CODESTARTnewInpInst
 			inst->dhBits = (unsigned) pvals[i].val.d.n;
 		} else if(!strcmp(inppblk.descr[i].name, "tls.prioritystring")) {
 			inst->pristring = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
+dbgprintf("DDDD: prioritystring set is '%s'\n", inst->pristring);
 		} else if(!strcmp(inppblk.descr[i].name, "tls.compression")) {
 			inst->bEnableTLSZip = (unsigned) pvals[i].val.d.n;
+		} else if(!strcmp(inppblk.descr[i].name, "tls.cacert")) {
+			inst->caCertFile = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
+		} else if(!strcmp(inppblk.descr[i].name, "tls.mycert")) {
+			inst->myCertFile = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
+		} else if(!strcmp(inppblk.descr[i].name, "tls.myprivkey")) {
+			inst->myPrivKeyFile = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
 		} else {
 			dbgprintf("imrelp: program error, non-handled "
 			  "param '%s'\n", inppblk.descr[i].name);
diff --git a/plugins/omrelp/omrelp.c b/plugins/omrelp/omrelp.c
index 27b1c5a6..e0650c62 100644
--- a/plugins/omrelp/omrelp.c
+++ b/plugins/omrelp/omrelp.c
@@ -72,6 +72,9 @@ typedef struct _instanceData {
 	sbool bEnableTLS;
 	sbool bEnableTLSZip;
 	uchar *pristring;		/* GnuTLS priority string (NULL if not to be provided) */
+	uchar *caCertFile;
+	uchar *myCertFile;
+	uchar *myPrivKeyFile;
 	uchar *tplName;
 } instanceData;
 
@@ -88,6 +91,9 @@ static struct cnfparamdescr actpdescr[] = {
 	{ "tls", eCmdHdlrBinary, 0 },
 	{ "tls.compression", eCmdHdlrBinary, 0 },
 	{ "tls.prioritystring", eCmdHdlrString, 0 },
+	{ "tls.cacert", eCmdHdlrString, 0 },
+	{ "tls.mycert", eCmdHdlrString, 0 },
+	{ "tls.myprivkey", eCmdHdlrString, 0 },
 	{ "port", eCmdHdlrGetWord, 0 },
 	{ "rebindinterval", eCmdHdlrInt, 0 },
 	{ "timeout", eCmdHdlrInt, 0 },
@@ -133,6 +139,12 @@ doCreateRelpClient(instanceData *pData)
 		}
 		if(relpCltSetGnuTLSPriString(pData->pRelpClt, (char*) pData->pristring) != RELP_RET_OK)
 			ABORT_FINALIZE(RS_RET_RELP_ERR);
+		if(relpCltSetCACert(pData->pRelpClt, (char*) pData->caCertFile) != RELP_RET_OK)
+			ABORT_FINALIZE(RS_RET_RELP_ERR);
+		if(relpCltSetOwnCert(pData->pRelpClt, (char*) pData->myCertFile) != RELP_RET_OK)
+			ABORT_FINALIZE(RS_RET_RELP_ERR);
+		if(relpCltSetPrivKey(pData->pRelpClt, (char*) pData->myPrivKeyFile) != RELP_RET_OK)
+			ABORT_FINALIZE(RS_RET_RELP_ERR);
 	}
 	if(glbl.GetSourceIPofLocalClient() == NULL) {	/* ar Do we have a client IP set? */
 		if(relpCltSetClientIP(pData->pRelpClt, glbl.GetSourceIPofLocalClient()) != RELP_RET_OK)
@@ -152,6 +164,9 @@ CODESTARTcreateInstance
 	pData->bEnableTLS = DFLT_ENABLE_TLS;
 	pData->bEnableTLSZip = DFLT_ENABLE_TLSZIP;
 	pData->pristring = NULL;
+	pData->caCertFile = NULL;
+	pData->myCertFile = NULL;
+	pData->myPrivKeyFile = NULL;
 ENDcreateInstance
 
 BEGINfreeInstance
@@ -162,6 +177,9 @@ CODESTARTfreeInstance
 	free(pData->port);
 	free(pData->tplName);
 	free(pData->pristring);
+	free(pData->caCertFile);
+	free(pData->myCertFile);
+	free(pData->myPrivKeyFile);
 ENDfreeInstance
 
 static inline void
@@ -175,6 +193,9 @@ setInstParamDefaults(instanceData *pData)
 	pData->bEnableTLS = DFLT_ENABLE_TLS;
 	pData->bEnableTLSZip = DFLT_ENABLE_TLSZIP;
 	pData->pristring = NULL;
+	pData->caCertFile = NULL;
+	pData->myCertFile = NULL;
+	pData->myPrivKeyFile = NULL;
 }
 
 
@@ -208,6 +229,12 @@ CODESTARTnewActInst
 			pData->bEnableTLSZip = (unsigned) pvals[i].val.d.n;
 		} else if(!strcmp(actpblk.descr[i].name, "tls.prioritystring")) {
 			pData->pristring = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
+		} else if(!strcmp(actpblk.descr[i].name, "tls.cacert")) {
+			pData->caCertFile = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
+		} else if(!strcmp(actpblk.descr[i].name, "tls.mycert")) {
+			pData->myCertFile = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
+		} else if(!strcmp(actpblk.descr[i].name, "tls.myprivkey")) {
+			pData->myPrivKeyFile = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
 		} else {
 			dbgprintf("omrelp: program error, non-handled "
 			  "param '%s'\n", actpblk.descr[i].name);