From 44593728dbb10317a8ec0ca60e1ca7bbb8989d98 Mon Sep 17 00:00:00 2001
From: Sunil Nimmagadda <sunil@esdenera.com>
Date: Mon, 9 Jan 2017 15:30:35 +0500
Subject: Provide an option to specify cert/key on commandline.

While here, document new options and fix mandoc lint warnings.
---
 ssl.c | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

(limited to 'ssl.c')

diff --git a/ssl.c b/ssl.c
index fce300f..9d1af2a 100644
--- a/ssl.c
+++ b/ssl.c
@@ -33,8 +33,6 @@
 
 #define SSL_CIPHERS		"HIGH"
 #define SSL_SESSION_TIMEOUT	300
-#define CERTFILE		"/etc/ssl/server.crt"
-#define KEYFILE			"/etc/ssl/private/server.key"
 
 static char *ssl_load_file(const char *, off_t *);
 
@@ -52,7 +50,7 @@ ssl_init(void)
 }
 
 void *
-ssl_setup(void)
+ssl_setup(const char *certfile, const char *keyfile)
 {
 	SSL_CTX *ctx = NULL;
 	char	*cert, *key;
@@ -73,13 +71,13 @@ ssl_setup(void)
 	    SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
 
 	/* SSL certificate, key loading */
-	cert = ssl_load_file(CERTFILE, &cert_len);
+	cert = ssl_load_file(certfile, &cert_len);
 	if (cert == NULL)
-		fatal("ssl_load_file: Unable to load " CERTFILE);
+		fatal("ssl_load_file: certificate");
 
-	key = ssl_load_file(KEYFILE, &key_len);
+	key = ssl_load_file(keyfile, &key_len);
 	if (key == NULL)
-		fatal("ssl_load_file: Unable to load " KEYFILE);
+		fatal("ssl_load_file: key");
 
 	if (!SSL_CTX_set_cipher_list(ctx, SSL_CIPHERS))
 		goto err;
-- 
cgit v1.2.3