diff options
| author | Rainer Gerhards <rgerhards@adiscon.com> | 2013-06-13 16:02:23 +0200 |
|---|---|---|
| committer | Rainer Gerhards <rgerhards@adiscon.com> | 2013-06-13 16:02:23 +0200 |
| commit | c86916b45b87b2124cf63b626ad8a1f43ec92dc7 (patch) | |
| tree | 5d41d095d16e85db890f2738b9438147c7f33fe2 /plugins/omrelp/omrelp.c | |
| parent | 8985141464f70c0cbcaa569fea6abb54642f003f (diff) | |
| download | rsyslog-c86916b45b87b2124cf63b626ad8a1f43ec92dc7.tar.gz rsyslog-c86916b45b87b2124cf63b626ad8a1f43ec92dc7.tar.bz2 rsyslog-c86916b45b87b2124cf63b626ad8a1f43ec92dc7.zip | |
[io]mrelp: support for certificate parameters
Diffstat (limited to 'plugins/omrelp/omrelp.c')
| -rw-r--r-- | plugins/omrelp/omrelp.c | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/plugins/omrelp/omrelp.c b/plugins/omrelp/omrelp.c index 27b1c5a6..e0650c62 100644 --- a/plugins/omrelp/omrelp.c +++ b/plugins/omrelp/omrelp.c @@ -72,6 +72,9 @@ typedef struct _instanceData { sbool bEnableTLS; sbool bEnableTLSZip; uchar *pristring; /* GnuTLS priority string (NULL if not to be provided) */ + uchar *caCertFile; + uchar *myCertFile; + uchar *myPrivKeyFile; uchar *tplName; } instanceData; @@ -88,6 +91,9 @@ static struct cnfparamdescr actpdescr[] = { { "tls", eCmdHdlrBinary, 0 }, { "tls.compression", eCmdHdlrBinary, 0 }, { "tls.prioritystring", eCmdHdlrString, 0 }, + { "tls.cacert", eCmdHdlrString, 0 }, + { "tls.mycert", eCmdHdlrString, 0 }, + { "tls.myprivkey", eCmdHdlrString, 0 }, { "port", eCmdHdlrGetWord, 0 }, { "rebindinterval", eCmdHdlrInt, 0 }, { "timeout", eCmdHdlrInt, 0 }, @@ -133,6 +139,12 @@ doCreateRelpClient(instanceData *pData) } if(relpCltSetGnuTLSPriString(pData->pRelpClt, (char*) pData->pristring) != RELP_RET_OK) ABORT_FINALIZE(RS_RET_RELP_ERR); + if(relpCltSetCACert(pData->pRelpClt, (char*) pData->caCertFile) != RELP_RET_OK) + ABORT_FINALIZE(RS_RET_RELP_ERR); + if(relpCltSetOwnCert(pData->pRelpClt, (char*) pData->myCertFile) != RELP_RET_OK) + ABORT_FINALIZE(RS_RET_RELP_ERR); + if(relpCltSetPrivKey(pData->pRelpClt, (char*) pData->myPrivKeyFile) != RELP_RET_OK) + ABORT_FINALIZE(RS_RET_RELP_ERR); } if(glbl.GetSourceIPofLocalClient() == NULL) { /* ar Do we have a client IP set? */ if(relpCltSetClientIP(pData->pRelpClt, glbl.GetSourceIPofLocalClient()) != RELP_RET_OK) @@ -152,6 +164,9 @@ CODESTARTcreateInstance pData->bEnableTLS = DFLT_ENABLE_TLS; pData->bEnableTLSZip = DFLT_ENABLE_TLSZIP; pData->pristring = NULL; + pData->caCertFile = NULL; + pData->myCertFile = NULL; + pData->myPrivKeyFile = NULL; ENDcreateInstance BEGINfreeInstance @@ -162,6 +177,9 @@ CODESTARTfreeInstance free(pData->port); free(pData->tplName); free(pData->pristring); + free(pData->caCertFile); + free(pData->myCertFile); + free(pData->myPrivKeyFile); ENDfreeInstance static inline void @@ -175,6 +193,9 @@ setInstParamDefaults(instanceData *pData) pData->bEnableTLS = DFLT_ENABLE_TLS; pData->bEnableTLSZip = DFLT_ENABLE_TLSZIP; pData->pristring = NULL; + pData->caCertFile = NULL; + pData->myCertFile = NULL; + pData->myPrivKeyFile = NULL; } @@ -208,6 +229,12 @@ CODESTARTnewActInst pData->bEnableTLSZip = (unsigned) pvals[i].val.d.n; } else if(!strcmp(actpblk.descr[i].name, "tls.prioritystring")) { pData->pristring = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL); + } else if(!strcmp(actpblk.descr[i].name, "tls.cacert")) { + pData->caCertFile = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL); + } else if(!strcmp(actpblk.descr[i].name, "tls.mycert")) { + pData->myCertFile = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL); + } else if(!strcmp(actpblk.descr[i].name, "tls.myprivkey")) { + pData->myPrivKeyFile = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL); } else { dbgprintf("omrelp: program error, non-handled " "param '%s'\n", actpblk.descr[i].name); |