You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

48 lines
2.0 KiB

From 2504f02de752aceb5a3c1d4749032147efde8082 Mon Sep 17 00:00:00 2001
From: dwmw2 <dwmw2@infradead.org>
Date: Fri, 3 Feb 2017 07:40:35 +0000
Subject: [PATCH] Add -sslkey option to allow separate cert/key files (#1195)
---
main/domoticz.cpp | 11 +++++++++++
webserver/server_settings.hpp | 2 +-
2 files changed, 12 insertions(+), 1 deletion(-)
--- a/main/domoticz.cpp
+++ b/main/domoticz.cpp
@@ -76,6 +76,7 @@ const char *szHelp=
#ifdef WWW_ENABLE_SSL
"\t-sslwww port (for example -sslwww 443, or -sslwww 0 to disable https)\n"
"\t-sslcert file_path (for example /opt/domoticz/server_cert.pem)\n"
+ "\t-sslkey file_path (if different from certificate file)\n"
"\t-sslpass passphrase (to access to server private key in certificate)\n"
"\t-sslmethod method (for SSL method)\n"
"\t-ssloptions options (for SSL options, default is 'default_workarounds,no_sslv2,single_dh_use')\n"
@@ -682,6 +683,16 @@ int main(int argc, char**argv)
return 1;
}
secure_webserver_settings.cert_file_path = cmdLine.GetSafeArgument("-sslcert", 0, "");
+ secure_webserver_settings.private_key_file_path = secure_webserver_settings.cert_file_path;
+ }
+ if (cmdLine.HasSwitch("-sslkey"))
+ {
+ if (cmdLine.GetArgumentCount("-sslkey") != 1)
+ {
+ _log.Log(LOG_ERROR, "Please specify a file path for your server SSL key file");
+ return 1;
+ }
+ secure_webserver_settings.private_key_file_path = cmdLine.GetSafeArgument("-sslkey", 0, "");
}
if (cmdLine.HasSwitch("-sslpass"))
{
--- a/webserver/server_settings.hpp
+++ b/webserver/server_settings.hpp
@@ -227,7 +227,7 @@ public:
// use certificate file for all usage by default
certificate_chain_file_path = ssl_settings.cert_file_path;
ca_cert_file_path = ssl_settings.cert_file_path;
- private_key_file_path = ssl_settings.cert_file_path;
+ private_key_file_path = ssl_settings.private_key_file_path;
tmp_dh_file_path = ssl_settings.cert_file_path;
verify_file_path = ssl_settings.cert_file_path;
}