From: Francis Dupont Date: Tue, 31 May 2022 22:26:06 +0000 (+0200) Subject: [#1706] Added TLS server side to HA X-Git-Tag: Kea-2.1.7~50 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c66d120c9ed350d4e7a7cd78b9d371a3cf05ef2f;p=thirdparty%2Fkea.git [#1706] Added TLS server side to HA --- diff --git a/src/hooks/dhcp/high_availability/ha_config.cc b/src/hooks/dhcp/high_availability/ha_config.cc index e673fddff4..c56d9691d5 100644 --- a/src/hooks/dhcp/high_availability/ha_config.cc +++ b/src/hooks/dhcp/high_availability/ha_config.cc @@ -334,8 +334,13 @@ HAConfig::validate() { << " is missing or empty: all or none of" << " TLS parameters must be set"); } + TlsRole tls_role = TlsRole::CLIENT; + // The peer entry for myself will be used for the server side. + if (p->second->getName() == getThisServerName()) { + tls_role = TlsRole::SERVER; + } TlsContext::configure(p->second->tls_context_, - TlsRole::CLIENT, + tls_role, ca.get(), cert.get(), key.get()); diff --git a/src/hooks/dhcp/high_availability/ha_service.cc b/src/hooks/dhcp/high_availability/ha_service.cc index bdb9996650..416bf052f3 100644 --- a/src/hooks/dhcp/high_availability/ha_service.cc +++ b/src/hooks/dhcp/high_availability/ha_service.cc @@ -108,9 +108,12 @@ HAService::HAService(const IOServicePtr& io_service, const NetworkStatePtr& netw // Fetch how many threads the listener will use. uint32_t listener_threads = config_->getHttpListenerThreads(); + // Fetch the TLS context. + auto tls_context = config_->getThisServerConfig()->getTlsContext(); + // Instantiate the listener. listener_.reset(new CmdHttpListener(server_address, my_url.getPort(), - listener_threads)); + listener_threads, tls_context)); } }