Lines Matching refs:vhd
112 * the vhd is allocated for every vhost using the plugin.
622 lws_acme_finished(struct per_vhost_data__lws_acme_client *vhd)
626 if (vhd->ac) {
627 if (vhd->ac->vhost)
628 lws_vhost_destroy(vhd->ac->vhost);
629 if (vhd->ac->alloc_privkey_pem)
630 free(vhd->ac->alloc_privkey_pem);
631 free(vhd->ac);
634 lws_genrsa_destroy(&vhd->rsactx);
635 lws_jwk_destroy(&vhd->jwk);
637 vhd->ac = NULL;
658 lws_acme_load_create_auth_keys(struct per_vhost_data__lws_acme_client *vhd,
663 if (!lws_jwk_load(&vhd->jwk, vhd->pvop[LWS_TLS_SET_AUTH_PATH],
667 vhd->jwk.kty = LWS_GENCRYPTO_KTY_RSA;
671 n = lws_genrsa_new_keypair(vhd->context, &vhd->rsactx, LGRSAM_PKCS1_1_5,
672 vhd->jwk.e, bits);
674 lwsl_vhost_warn(vhd->vhost, "failed to create keypair");
680 if (lws_jwk_save(&vhd->jwk, vhd->pvop[LWS_TLS_SET_AUTH_PATH])) {
681 lwsl_vhost_warn(vhd->vhost, "unable to save %s",
682 vhd->pvop[LWS_TLS_SET_AUTH_PATH]);
690 lws_acme_start_acquisition(struct per_vhost_data__lws_acme_client *vhd,
697 if (!vhd->pvop[LWS_TLS_REQ_ELEMENT_COMMON_NAME])
703 lwsl_vhost_notice(vhd->vhost, "ACME cert needs creating / updating: "
704 "vhost %s", lws_get_vhost_name(vhd->vhost));
706 vhd->ac = malloc(sizeof(*vhd->ac));
707 memset(vhd->ac, 0, sizeof(*vhd->ac));
725 if (!vhd->ac->urls[0][0]) {
726 vhd->ac->state = ACME_STATE_DIRECTORY;
728 vhd->pvop_active[LWS_TLS_SET_DIR_URL]);
730 vhd->ac->state = ACME_STATE_NEW_ACCOUNT;
732 vhd->ac->urls[JAD_NEW_ACCOUNT_URL]);
735 vhd->ac->real_vh_port = lws_get_vhost_port(vhd->vhost);
736 vhd->ac->real_vh_name = lws_get_vhost_name(vhd->vhost);
737 vhd->ac->real_vh_iface = lws_get_vhost_iface(vhd->vhost);
739 lws_acme_report_status(vhd->vhost, LWS_CUS_STARTING, NULL);
742 lws_acme_report_status(vhd->vhost, LWS_CUS_CREATE_KEYS,
744 if (lws_acme_load_create_auth_keys(vhd, 2048))
746 lws_acme_report_status(vhd->vhost, LWS_CUS_CREATE_KEYS,
750 if (lws_acme_client_connect(vhd->context, vhd->vhost,
751 &vhd->ac->cwsi, &vhd->ac->i, buf, "GET"))
757 free(vhd->ac);
758 vhd->ac = NULL;
767 struct per_vhost_data__lws_acme_client *vhd =
782 if (vhd)
783 ac = vhd->ac;
789 if (vhd)
791 vhd = lws_protocol_vh_priv_zalloc(lws_get_vhost(wsi),
794 if (!vhd)
797 vhd->context = lws_get_context(wsi);
798 vhd->protocol = lws_get_protocol(wsi);
799 vhd->vhost = lws_get_vhost(wsi);
808 p = vhd->pvo_data = malloc((unsigned int)m);
821 vhd->pvop[m] = start;
828 if (!vhd->pvop[m] &&
835 if (vhd->pvop[m])
837 vhd->pvop[m]);
841 free(vhd->pvo_data);
842 vhd->pvo_data = NULL;
852 if (lws_acme_load_create_auth_keys(vhd, 4096))
860 vhd->pvop[LWS_TLS_SET_CERT_PATH]);
861 vhd->fd_updated_cert = lws_open(buf,
869 if (vhd->fd_updated_cert < 0) {
874 vhd->pvop[LWS_TLS_SET_KEY_PATH]);
875 vhd->fd_updated_key = lws_open(buf, LWS_O_WRONLY | LWS_O_CREAT |
881 if (vhd->fd_updated_key < 0) {
882 lwsl_vhost_err(vhd->vhost, "unable to create update key file %s", buf);
890 if (vhd && vhd->pvo_data) {
891 free(vhd->pvo_data);
892 vhd->pvo_data = NULL;
894 if (vhd)
895 lws_acme_finished(vhd);
899 if (!vhd)
915 if (vhd->vhost != caa->vh)
918 for (n = 0; n < (int)LWS_ARRAY_SIZE(vhd->pvop);n++)
920 vhd->pvop_active[n] = caa->element_overrides[n];
922 vhd->pvop_active[n] = vhd->pvop[n];
926 vhd->pvop_active[LWS_TLS_SET_DIR_URL]);
928 lws_acme_start_acquisition(vhd, caa->vh);
946 lwsl_vhost_warn(vhd->vhost, "nonce too large");
953 lejp_construct(&ac->jctx, cb_dir, vhd, jdir_tok,
965 lws_acme_report_status(vhd->vhost, LWS_CUS_REG, NULL);
968 cwsi = lws_acme_client_connect(vhd->context, vhd->vhost,
971 lwsl_vhost_warn(vhd->vhost, "failed to connect to acme");
980 lwsl_vhost_warn(vhd->vhost, "no Location");
986 lwsl_vhost_warn(vhd->vhost, "Location too large");
992 lwsl_vhost_notice(vhd->vhost, "Location: %s", ac->acct_id);
999 lwsl_vhost_warn(vhd->vhost, "missing cert location");
1046 vhd->pvop_active[LWS_TLS_REQ_ELEMENT_EMAIL]);
1056 jwe.jwk = vhd->jwk;
1082 lwsl_vhost_warn(vhd->vhost, "could not add content type");
1090 lwsl_vhost_warn(vhd->vhost, "could not add content length");
1106 vhd->pvop_active[LWS_TLS_REQ_ELEMENT_COMMON_NAME]);
1130 lwsl_vhost_notice(vhd->vhost, "Generating ACME CSR... may take a little while");
1132 n = lws_tls_acme_sni_csr_create(vhd->context,
1133 &vhd->pvop_active[0],
1138 lwsl_vhost_warn(vhd->vhost, "CSR generation failed");
1250 cwsi = lws_acme_client_connect(vhd->context, vhd->vhost,
1270 cwsi = lws_acme_client_connect(vhd->context,
1271 vhd->vhost, &ac->cwsi,
1297 lws_acme_report_status(vhd->vhost, LWS_CUS_AUTH,
1301 cwsi = lws_acme_client_connect(vhd->context,
1302 vhd->vhost, &ac->cwsi,
1315 lwsl_vhost_warn(vhd->vhost, "auth failed");
1318 lwsl_vhost_info(vhd->vhost, "chall: %s (%d)\n", ac->chall_token, ac->resp);
1320 lwsl_vhost_warn(vhd->vhost, "no challenge");
1325 lws_acme_report_status(vhd->vhost, LWS_CUS_CHALLENGE,
1336 lws_jwk_rfc7638_fingerprint(&vhd->jwk, digest);
1341 lwsl_vhost_notice(vhd->vhost, "key_auth: '%s'", ac->key_auth);
1374 lwsl_vhost_notice(vhd->vhost, "challenge_uri %s", ac->challenge_uri);
1381 cwsi = lws_acme_client_connect(vhd->context, vhd->vhost,
1386 lwsl_vhost_warn(vhd->vhost, "Connect failed");
1392 lwsl_vhost_notice(vhd->vhost, "COMPLETED start chall: %s",
1396 lws_acme_report_status(vhd->vhost, LWS_CUS_CHALLENGE,
1407 cwsi = lws_acme_client_connect(vhd->context, vhd->vhost,
1411 lwsl_vhost_warn(vhd->vhost, "failed to connect to acme");
1427 lwsl_vhost_warn(vhd->vhost, "Challenge failed");
1435 lwsl_vhost_notice(vhd->vhost, "ACME challenge passed");
1452 lws_acme_report_status(vhd->vhost, LWS_CUS_REQ, NULL);
1456 cwsi = lws_acme_client_connect(vhd->context, vhd->vhost,
1460 lwsl_vhost_warn(vhd->vhost, "Failed to connect to acme");
1475 lwsl_vhost_warn(vhd->vhost, "Too many retries");
1480 cwsi = lws_acme_client_connect(vhd->context,
1481 vhd->vhost,
1485 lwsl_vhost_warn(vhd->vhost,
1497 cwsi = lws_acme_client_connect(vhd->context, vhd->vhost,
1501 lwsl_vhost_warn(vhd->vhost, "Failed to connect to acme");
1510 lwsl_vhost_warn(vhd->vhost, "Download cert failed on resp %d",
1514 lwsl_vhost_notice(vhd->vhost, "The cert was sent..");
1516 lws_acme_report_status(vhd->vhost, LWS_CUS_ISSUE, NULL);
1532 lwsl_vhost_err(vhd->vhost, "Unable to find ACME cert!");
1536 n = lws_plat_write_cert(vhd->vhost, 0,
1537 vhd->fd_updated_cert,
1541 lwsl_vhost_err(vhd->vhost, "unable to write ACME cert! %d", n);
1549 if (lws_plat_write_cert(vhd->vhost, 1,
1550 vhd->fd_updated_key,
1553 lwsl_vhost_err(vhd->vhost, "unable to write ACME key!");
1560 lwsl_vhost_notice(vhd->vhost, "Updated certs written for %s "
1562 vhd->pvop_active[LWS_TLS_REQ_ELEMENT_COMMON_NAME],
1563 vhd->pvop_active[LWS_TLS_SET_CERT_PATH],
1564 vhd->pvop_active[LWS_TLS_SET_KEY_PATH]);
1568 if (lws_tls_cert_updated(vhd->context,
1569 vhd->pvop_active[LWS_TLS_SET_CERT_PATH],
1570 vhd->pvop_active[LWS_TLS_SET_KEY_PATH],
1574 lwsl_vhost_warn(vhd->vhost, "problem setting certs");
1577 lws_acme_finished(vhd);
1578 lws_acme_report_status(vhd->vhost,
1589 if (!vhd)
1591 cwsi = lws_acme_client_connect(vhd->context, vhd->vhost,
1596 lwsl_vhost_warn(vhd->vhost, "Failed to connect");
1608 lwsl_vhost_warn(vhd->vhost, "Failed out");
1609 lws_acme_report_status(vhd->vhost, LWS_CUS_FAILED, failreason);
1610 lws_acme_finished(vhd);