TLS certificates for the server are now reloaded on SIGHUP.

5 years ago · e6dd08074d
parent b2560f5e06
commit e6dd08074d
4 changed files with 23 additions and 0 deletions
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@ -63,6 +63,7 @@ Broker:
 - Add the `bridge_max_packet_size` option. Closes #265.
 - Add the `bridge_bind_address` option. Closes #1311.
 - Fix crash on Windows if loading a plugin fails. Closes #1866.
+- TLS certificates for the server are now reloaded on SIGHUP.

 Client library:
 - Client no longer generates random client ids for v3.1.1 clients, these are
--- a/src/loop.c
+++ b/src/loop.c
@ -199,6 +199,7 @@ int mosquitto_main_loop(struct mosquitto_db *db, mosq_sock_t *listensock, int li
 		if(flag_reload){
 			log__printf(NULL, MOSQ_LOG_INFO, "Reloading config.");
 			config__read(db, db->config, true);
+			listeners__reload_all_certificates(db);
 			mosquitto_security_cleanup(db, true);
 			mosquitto_security_init(db, true);
 			mosquitto_security_apply(db);
--- a/src/mosquitto.c
+++ b/src/mosquitto.c
@ -217,6 +217,25 @@ void listener__set_defaults(struct mosquitto__listener *listener)
 }


+void listeners__reload_all_certificates(struct mosquitto_db *db)
+{
+	int i;
+	int rc;
+	struct mosquitto__listener *listener;
+
+	for(i=0; i<db->config->listener_count; i++){
+		listener = &db->config->listeners[i];
+		if(listener->ssl_ctx && listener->certfile && listener->keyfile){
+			rc = net__load_certificates(listener);
+			if(rc){
+				log__printf(NULL, MOSQ_LOG_ERR, "Error when reloading certificate '%s' or key '%s'.",
+						listener->certfile, listener->keyfile);
+			}
+		}
+	}
+}
+
+
 int listeners__start_single_mqtt(struct mosquitto_db *db, mosq_sock_t **listensock, int *listensock_count, int *listensock_index, struct mosquitto__listener *listener)
 {
 	int i;
--- a/src/mosquitto_broker_internal.h
+++ b/src/mosquitto_broker_internal.h
@ -663,6 +663,7 @@ int net__socket_listen(struct mosquitto__listener *listener);
 int net__socket_get_address(mosq_sock_t sock, char *buf, size_t len);
 int net__tls_load_verify(struct mosquitto__listener *listener);
 int net__tls_server_ctx(struct mosquitto__listener *listener);
+int net__load_certificates(struct mosquitto__listener *listener);

 /* ============================================================
 * Read handling functions
@ -795,6 +796,7 @@ int mux__cleanup(struct mosquitto_db *db);
 * Listener related functions
 * ============================================================ */
 void listener__set_defaults(struct mosquitto__listener *listener);
+void listeners__reload_all_certificates(struct mosquitto_db *db);

 /* ============================================================
 * Plugin related functions