summaryrefslogtreecommitdiff
path: root/src/journal-remote
diff options
context:
space:
mode:
Diffstat (limited to 'src/journal-remote')
-rw-r--r--src/journal-remote/journal-remote.c2
-rw-r--r--src/journal-remote/journal-upload.c62
2 files changed, 63 insertions, 1 deletions
diff --git a/src/journal-remote/journal-remote.c b/src/journal-remote/journal-remote.c
index 09144eaa97..437e0b05d1 100644
--- a/src/journal-remote/journal-remote.c
+++ b/src/journal-remote/journal-remote.c
@@ -1201,7 +1201,7 @@ static int parse_argv(int argc, char *argv[]) {
}
if (arg_listen_https && !(key_pem && cert_pem)) {
- log_error("Options --key and --cert must be used when https sources are specified");
+ log_error("Options --key and --cert must be used when using HTTPS.");
return -EINVAL;
}
diff --git a/src/journal-remote/journal-upload.c b/src/journal-remote/journal-upload.c
index e82f440eca..538ba8b650 100644
--- a/src/journal-remote/journal-upload.c
+++ b/src/journal-remote/journal-upload.c
@@ -36,6 +36,10 @@ static const char* arg_url;
static void close_fd_input(Uploader *u);
+static const char *arg_key = NULL;
+static const char *arg_cert = NULL;
+static const char *arg_trust = NULL;
+
#define easy_setopt(curl, opt, value, level, cmd) \
{ \
code = curl_easy_setopt(curl, opt, value); \
@@ -111,6 +115,23 @@ int start_upload(Uploader *u,
"systemd-journal-upload " PACKAGE_STRING,
LOG_WARNING, );
+ if (arg_key) {
+ assert(arg_cert);
+
+ easy_setopt(curl, CURLOPT_SSLKEY, arg_key,
+ LOG_ERR, return -EXFULL);
+ easy_setopt(curl, CURLOPT_SSLCERT, arg_cert,
+ LOG_ERR, return -EXFULL);
+ }
+
+ if (arg_trust)
+ easy_setopt(curl, CURLOPT_CAINFO, arg_trust,
+ LOG_ERR, return -EXFULL);
+
+ if (arg_key || arg_trust)
+ easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1,
+ LOG_WARNING, );
+
u->easy = curl;
}
@@ -248,6 +269,9 @@ static void help(void) {
"Upload journal events to a remote server.\n\n"
"Options:\n"
" --url=URL Upload to this address\n"
+ " --key=FILENAME Specify key in PEM format\n"
+ " --cert=FILENAME Specify certificate in PEM format\n"
+ " --trust=FILENAME Specify CA certificate in PEM format\n"
" -h --help Show this help and exit\n"
" --version Print version string and exit\n"
, program_invocation_short_name);
@@ -256,12 +280,18 @@ static void help(void) {
static int parse_argv(int argc, char *argv[]) {
enum {
ARG_VERSION = 0x100,
+ ARG_KEY,
+ ARG_CERT,
+ ARG_TRUST,
};
static const struct option options[] = {
{ "help", no_argument, NULL, 'h' },
{ "version", no_argument, NULL, ARG_VERSION },
{ "url", required_argument, NULL, 'u' },
+ { "key", required_argument, NULL, ARG_KEY },
+ { "cert", required_argument, NULL, ARG_CERT },
+ { "trust", required_argument, NULL, ARG_TRUST },
{}
};
@@ -292,6 +322,33 @@ static int parse_argv(int argc, char *argv[]) {
arg_url = optarg;
break;
+ case ARG_KEY:
+ if (arg_key) {
+ log_error("cannot use more than one --key");
+ return -EINVAL;
+ }
+
+ arg_key = optarg;
+ break;
+
+ case ARG_CERT:
+ if (arg_cert) {
+ log_error("cannot use more than one --cert");
+ return -EINVAL;
+ }
+
+ arg_cert = optarg;
+ break;
+
+ case ARG_TRUST:
+ if (arg_trust) {
+ log_error("cannot use more than one --trust");
+ return -EINVAL;
+ }
+
+ arg_trust = optarg;
+ break;
+
case '?':
log_error("Unknown option %s.", argv[optind-1]);
return -EINVAL;
@@ -309,6 +366,11 @@ static int parse_argv(int argc, char *argv[]) {
return -EINVAL;
}
+ if (!!arg_key != !!arg_cert) {
+ log_error("Options --key and --cert must be used together.");
+ return -EINVAL;
+ }
+
if (optind >= argc) {
log_error("Input argument missing.");
return -EINVAL;