summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/journal/journal-gatewayd.c32
1 files changed, 30 insertions, 2 deletions
diff --git a/src/journal/journal-gatewayd.c b/src/journal/journal-gatewayd.c
index 7e97a3588c..862ee79030 100644
--- a/src/journal/journal-gatewayd.c
+++ b/src/journal/journal-gatewayd.c
@@ -900,8 +900,9 @@ static int help(void) {
"HTTP server for journal events.\n\n"
" -h --help Show this help\n"
" --version Show package version\n"
- " --cert=CERT.PEM Specify server certificate in PEM format\n"
- " --key=KEY.PEM Specify server key in PEM format\n",
+ " --cert=CERT.PEM Server certificate in PEM format\n"
+ " --key=KEY.PEM Server key in PEM format\n"
+ " --trust=CERT.PEM Certificat authority certificate in PEM format\n",
program_invocation_short_name);
return 0;
@@ -909,12 +910,14 @@ static int help(void) {
static char *key_pem = NULL;
static char *cert_pem = NULL;
+static char *trust_pem = NULL;
static int parse_argv(int argc, char *argv[]) {
enum {
ARG_VERSION = 0x100,
ARG_KEY,
ARG_CERT,
+ ARG_TRUST,
};
int r, c;
@@ -924,6 +927,7 @@ static int parse_argv(int argc, char *argv[]) {
{ "version", no_argument, NULL, ARG_VERSION },
{ "key", required_argument, NULL, ARG_KEY },
{ "cert", required_argument, NULL, ARG_CERT },
+ { "trust", required_argument, NULL, ARG_TRUST },
{}
};
@@ -968,6 +972,19 @@ static int parse_argv(int argc, char *argv[]) {
assert(cert_pem);
break;
+ case ARG_TRUST:
+ if (trust_pem) {
+ log_error("CA certificate file specified twice");
+ return -EINVAL;
+ }
+ r = read_full_file(optarg, &trust_pem, NULL);
+ if (r < 0) {
+ log_error("Failed to read CA certificate file: %s", strerror(-r));
+ return r;
+ }
+ assert(trust_pem);
+ break;
+
case '?':
return -EINVAL;
@@ -985,6 +1002,11 @@ static int parse_argv(int argc, char *argv[]) {
return -EINVAL;
}
+ if (trust_pem && !key_pem) {
+ log_error("CA certificate can only be used with certificate file");
+ return -EINVAL;
+ }
+
return 1;
}
@@ -1018,6 +1040,7 @@ int main(int argc, char *argv[]) {
{ MHD_OPTION_END, 0, NULL },
{ MHD_OPTION_END, 0, NULL },
{ MHD_OPTION_END, 0, NULL },
+ { MHD_OPTION_END, 0, NULL },
{ MHD_OPTION_END, 0, NULL }};
int opts_pos = 2;
int flags = MHD_USE_THREAD_PER_CONNECTION|MHD_USE_POLL|MHD_USE_DEBUG;
@@ -1033,6 +1056,11 @@ int main(int argc, char *argv[]) {
{MHD_OPTION_HTTPS_MEM_CERT, 0, cert_pem};
flags |= MHD_USE_SSL;
}
+ if (trust_pem) {
+ assert(flags & MHD_USE_SSL);
+ opts[opts_pos++] = (struct MHD_OptionItem)
+ {MHD_OPTION_HTTPS_MEM_TRUST, 0, trust_pem};
+ }
d = MHD_start_daemon(flags, 19531,
NULL, NULL,