struct rspamd_config *cfg;
/* END OF COMMON PART */
ev_tstamp timeout;
- /* Whether we use ssl for this server */
- gboolean use_ssl;
/* Webui password */
char *password;
/* Privileged password */
0,
"Password for read and write commands");
- rspamd_rcl_register_worker_option(cfg,
- type,
- "ssl",
- rspamd_rcl_parse_struct_boolean,
- ctx,
- G_STRUCT_OFFSET(struct rspamd_controller_worker_ctx, use_ssl),
- 0,
- "Enable SSL for this worker");
-
rspamd_rcl_register_worker_option(cfg,
type,
"ssl_cert",
rspamd_controller_finish_handler, ctx->timeout,
ctx->static_files_dir, ctx->http_ctx);
- if (ctx->use_ssl && ctx->ssl_cert && ctx->ssl_key) {
- gpointer server_ssl_ctx = rspamd_init_ssl_ctx_server(ctx->ssl_cert, ctx->ssl_key);
+ if (rspamd_worker_has_ssl_socket(worker)) {
+ if (ctx->ssl_cert && ctx->ssl_key) {
+ gpointer server_ssl_ctx = rspamd_init_ssl_ctx_server(ctx->ssl_cert, ctx->ssl_key);
- if (server_ssl_ctx) {
- rspamd_ssl_ctx_config(ctx->cfg, server_ssl_ctx);
- rspamd_http_router_set_ssl(ctx->http, server_ssl_ctx);
- msg_info_ctx("enabled SSL for controller worker");
+ if (server_ssl_ctx) {
+ rspamd_ssl_ctx_config(ctx->cfg, server_ssl_ctx);
+ rspamd_http_router_set_ssl(ctx->http, server_ssl_ctx);
+ msg_info_ctx("enabled SSL for controller worker");
+ }
+ else {
+ msg_err_ctx("failed to create SSL context for controller worker");
+ }
}
else {
- msg_err_ctx("failed to create SSL context for controller worker");
+ msg_err_ctx("ssl bind socket configured but ssl_cert or ssl_key is missing");
}
}
return FALSE;
}
+
+gboolean
+rspamd_worker_has_ssl_socket(struct rspamd_worker *worker)
+{
+ struct rspamd_worker_bind_conf *bcf;
+
+ if (worker == NULL || worker->cf == NULL) {
+ return FALSE;
+ }
+
+ LL_FOREACH(worker->cf->bind_conf, bcf)
+ {
+ if (bcf->is_ssl) {
+ return TRUE;
+ }
+ }
+
+ return FALSE;
+}
*/
gboolean rspamd_worker_is_ssl_socket(struct rspamd_worker *worker, int fd);
+/**
+ * Check if any bind socket for this worker has SSL enabled
+ * @param worker
+ * @return TRUE if any socket is SSL
+ */
+gboolean rspamd_worker_has_ssl_socket(struct rspamd_worker *worker);
+
#ifdef WITH_HYPERSCAN
struct rspamd_control_command;
/* Default log tag type for worker */
enum rspamd_proxy_log_tag_type log_tag_type;
struct rspamd_main *srv;
- /* Whether we use ssl for this server */
- gboolean use_ssl;
/* SSL cert */
char *ssl_cert;
/* SSL private key */
G_STRUCT_OFFSET(struct rspamd_proxy_ctx, encrypted_only),
0,
"Allow only encrypted connections");
- rspamd_rcl_register_worker_option(cfg,
- type,
- "ssl",
- rspamd_rcl_parse_struct_boolean,
- ctx,
- G_STRUCT_OFFSET(struct rspamd_proxy_ctx, use_ssl),
- 0,
- "Enable SSL for this worker");
rspamd_rcl_register_worker_option(cfg,
type,
"ssl_cert",
(rspamd_mempool_destruct_t) rspamd_http_context_free,
ctx->http_ctx);
- if (ctx->use_ssl && ctx->ssl_cert && ctx->ssl_key) {
- ctx->server_ssl_ctx = rspamd_init_ssl_ctx_server(ctx->ssl_cert, ctx->ssl_key);
+ if (rspamd_worker_has_ssl_socket(worker)) {
+ if (ctx->ssl_cert && ctx->ssl_key) {
+ ctx->server_ssl_ctx = rspamd_init_ssl_ctx_server(ctx->ssl_cert, ctx->ssl_key);
- if (ctx->server_ssl_ctx) {
- rspamd_ssl_ctx_config(ctx->cfg, ctx->server_ssl_ctx);
- msg_info("enabled SSL for proxy worker");
+ if (ctx->server_ssl_ctx) {
+ rspamd_ssl_ctx_config(ctx->cfg, ctx->server_ssl_ctx);
+ msg_info("enabled SSL for proxy worker");
+ }
+ else {
+ msg_err("failed to create SSL context for proxy worker");
+ }
}
else {
- msg_err("failed to create SSL context for proxy worker");
+ msg_err("ssl bind socket configured but ssl_cert or ssl_key is missing");
}
}
0,
"Encryption keypair");
- rspamd_rcl_register_worker_option(cfg,
- type,
- "ssl",
- rspamd_rcl_parse_struct_boolean,
- ctx,
- G_STRUCT_OFFSET(struct rspamd_worker_ctx, use_ssl),
- 0,
- "Enable SSL for this worker");
-
rspamd_rcl_register_worker_option(cfg,
type,
"ssl_cert",
(rspamd_mempool_destruct_t) rspamd_http_context_free,
ctx->http_ctx);
- if (ctx->use_ssl && ctx->ssl_cert && ctx->ssl_key) {
- ctx->server_ssl_ctx = rspamd_init_ssl_ctx_server(ctx->ssl_cert, ctx->ssl_key);
+ if (rspamd_worker_has_ssl_socket(worker)) {
+ if (ctx->ssl_cert && ctx->ssl_key) {
+ ctx->server_ssl_ctx = rspamd_init_ssl_ctx_server(ctx->ssl_cert, ctx->ssl_key);
- if (ctx->server_ssl_ctx) {
- rspamd_ssl_ctx_config(ctx->cfg, ctx->server_ssl_ctx);
- msg_info_ctx("enabled SSL for normal worker");
+ if (ctx->server_ssl_ctx) {
+ rspamd_ssl_ctx_config(ctx->cfg, ctx->server_ssl_ctx);
+ msg_info_ctx("enabled SSL for normal worker");
+ }
+ else {
+ msg_err_ctx("failed to create SSL context for normal worker");
+ }
}
else {
- msg_err_ctx("failed to create SSL context for normal worker");
+ msg_err_ctx("ssl bind socket configured but ssl_cert or ssl_key is missing");
}
}
gboolean is_mime;
/* Allow encrypted requests only using network */
gboolean encrypted_only;
- /* Whether we use ssl for this server */
- gboolean use_ssl;
/* Limit of tasks */
uint32_t max_tasks;
/* Maximum time for task processing */
projects / thirdparty / rspamd.git / commitdiff
