Mirror
/
acmed
mirror of https://github.com/breard-r/acmed.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Allow tacd to listen on a unix socket

pull/5/head
Rodolphe Breard 6 years ago
parent
b7c3e4d381
commit
73df1bb951
4 changed files with 39 additions and 22 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 1
      CHANGELOG.md
  2. 24
      man/en/tacd.8
  3. 2
      tacd/src/main.rs
  4. 34
      tacd/src/server.rs

1
CHANGELOG.md
View File

@ -18,6 +18,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
### Added ### Added
- ACMEd now displays a warning when the server indicates an error in an order or an authorization. - ACMEd now displays a warning when the server indicates an error in an order or an authorization.
- A configuration file can now include several other files. - A configuration file can now include several other files.
- tacd is now able to listen on a unix socket.
## [0.4.0] - 2019-05-08 ## [0.4.0] - 2019-05-08

24
man/en/tacd.8
View File

@ -46,29 +46,29 @@ is read first, then the
The options are as follows: The options are as follows:
.Bl -tag .Bl -tag
.It Fl e, -acme-ext Ar STRING .It Fl e, -acme-ext Ar STRING
The acmeIdentifier extension to set in the self-signed certificate
The acmeIdentifier extension to set in the self-signed certificate.
.It Fl -acme-ext-file Ar FILE .It Fl -acme-ext-file Ar FILE
File from which is read the acmeIdentifier extension to set in the self-signed certificate
File from which is read the acmeIdentifier extension to set in the self-signed certificate.
.It Fl d, -domain Ar STRING .It Fl d, -domain Ar STRING
The domain that is being validated
The domain that is being validated.
.It Fl -domain-file Ar STRING .It Fl -domain-file Ar STRING
File from which is read the domain that is being validated
File from which is read the domain that is being validated.
.It Fl f, -foregroung .It Fl f, -foregroung
Runs in the foregroung
Runs in the foregroung.
.It Fl h, -help .It Fl h, -help
Prints help information
.It Fl i, -listen Ar host:port
Specifies the host and port to listen on
Prints help information.
.It Fl i, -listen Ar host:port | unix:path
Specifies the host and port combination or the unix socket to listen on.
.It Fl -log-stderr .It Fl -log-stderr
Prints log messages to the standard error output
Prints log messages to the standard error output.
.It Fl -log-syslog .It Fl -log-syslog
Sends log messages via syslog
Sends log messages via syslog.
.It Fl -log-level Ar LEVEL .It Fl -log-level Ar LEVEL
Specify the log level. Possible values: error, warn, info, debug and trace. Specify the log level. Possible values: error, warn, info, debug and trace.
.It Fl -pid-file Ar FILE .It Fl -pid-file Ar FILE
Specifies the location of the PID file
Specifies the location of the PID file.
.It Fl V, -version .It Fl V, -version
Prints version information
Prints version information.
.Sh SEE ALSO .Sh SEE ALSO
.Xr acmed.toml 5 .Xr acmed.toml 5
.Sh STANDARDS .Sh STANDARDS

2
tacd/src/main.rs
View File

@ -61,7 +61,7 @@ fn main() {
.short("l") .short("l")
.help("Specifies the host and port to listen on") .help("Specifies the host and port to listen on")
.takes_value(true) .takes_value(true)
.value_name("host:port"),
.value_name("host:port|unix:path"),
) )
.arg( .arg(
Arg::with_name("domain") Arg::with_name("domain")

34
tacd/src/server.rs
View File

@ -7,11 +7,29 @@ use std::net::TcpListener;
use std::sync::Arc; use std::sync::Arc;
use std::thread; use std::thread;
#[cfg(target_family = "unix")]
use std::os::unix::net::UnixListener;
#[cfg(ossl110)] #[cfg(ossl110)]
const ALPN_ERROR: AlpnError = AlpnError::ALERT_FATAL; const ALPN_ERROR: AlpnError = AlpnError::ALERT_FATAL;
#[cfg(not(ossl110))] #[cfg(not(ossl110))]
const ALPN_ERROR: AlpnError = AlpnError::NOACK; const ALPN_ERROR: AlpnError = AlpnError::NOACK;
macro_rules! listen_and_accept {
($lt: ident, $addr: ident, $acceptor: ident) => {
let listener = $lt::bind($addr)?;
for stream in listener.incoming() {
if let Ok(stream) = stream {
let acceptor = $acceptor.clone();
thread::spawn(move || {
debug!("New client");
let _ = acceptor.accept(stream).unwrap();
});
};
}
};
}
pub fn start( pub fn start(
listen_addr: &str, listen_addr: &str,
certificate: &X509, certificate: &X509,
@ -26,15 +44,13 @@ pub fn start(
acceptor.set_certificate(certificate)?; acceptor.set_certificate(certificate)?;
acceptor.check_private_key()?; acceptor.check_private_key()?;
let acceptor = Arc::new(acceptor.build()); let acceptor = Arc::new(acceptor.build());
let listener = TcpListener::bind(listen_addr)?;
for stream in listener.incoming() {
if let Ok(stream) = stream {
let acceptor = acceptor.clone();
thread::spawn(move || {
debug!("New client");
let _ = acceptor.accept(stream).unwrap();
});
};
if cfg!(unix) && listen_addr.starts_with("unix:") {
let listen_addr = &listen_addr[5..];
debug!("Listening on unix socket {}", listen_addr);
listen_and_accept!(UnixListener, listen_addr, acceptor);
} else {
debug!("Listening on {}", listen_addr);
listen_and_accept!(TcpListener, listen_addr, acceptor);
} }
Err("Main thread loop unexpectedly exited".into()) Err("Main thread loop unexpectedly exited".into())
} }
Write Preview
Loading…
Cancel
Save