From 7449bc1f34c206e3ff8e274cd74e2db950d492a1 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 29 Mar 2014 00:44:48 -0400 Subject: [PATCH] journal-upload: HTTPS support --- src/journal-remote/journal-remote.c | 2 +- src/journal-remote/journal-upload.c | 62 +++++++++++++++++++++++++++++ 2 files changed, 63 insertions(+), 1 deletion(-) diff --git a/src/journal-remote/journal-remote.c b/src/journal-remote/journal-remote.c index 09144eaa9..437e0b05d 100644 --- a/src/journal-remote/journal-remote.c +++ b/src/journal-remote/journal-remote.c @@ -1201,7 +1201,7 @@ static int parse_argv(int argc, char *argv[]) { } if (arg_listen_https && !(key_pem && cert_pem)) { - log_error("Options --key and --cert must be used when https sources are specified"); + log_error("Options --key and --cert must be used when using HTTPS."); return -EINVAL; } diff --git a/src/journal-remote/journal-upload.c b/src/journal-remote/journal-upload.c index e82f440ec..538ba8b65 100644 --- a/src/journal-remote/journal-upload.c +++ b/src/journal-remote/journal-upload.c @@ -36,6 +36,10 @@ static const char* arg_url; static void close_fd_input(Uploader *u); +static const char *arg_key = NULL; +static const char *arg_cert = NULL; +static const char *arg_trust = NULL; + #define easy_setopt(curl, opt, value, level, cmd) \ { \ code = curl_easy_setopt(curl, opt, value); \ @@ -111,6 +115,23 @@ int start_upload(Uploader *u, "systemd-journal-upload " PACKAGE_STRING, LOG_WARNING, ); + if (arg_key) { + assert(arg_cert); + + easy_setopt(curl, CURLOPT_SSLKEY, arg_key, + LOG_ERR, return -EXFULL); + easy_setopt(curl, CURLOPT_SSLCERT, arg_cert, + LOG_ERR, return -EXFULL); + } + + if (arg_trust) + easy_setopt(curl, CURLOPT_CAINFO, arg_trust, + LOG_ERR, return -EXFULL); + + if (arg_key || arg_trust) + easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1, + LOG_WARNING, ); + u->easy = curl; } @@ -248,6 +269,9 @@ static void help(void) { "Upload journal events to a remote server.\n\n" "Options:\n" " --url=URL Upload to this address\n" + " --key=FILENAME Specify key in PEM format\n" + " --cert=FILENAME Specify certificate in PEM format\n" + " --trust=FILENAME Specify CA certificate in PEM format\n" " -h --help Show this help and exit\n" " --version Print version string and exit\n" , program_invocation_short_name); @@ -256,12 +280,18 @@ static void help(void) { static int parse_argv(int argc, char *argv[]) { enum { ARG_VERSION = 0x100, + ARG_KEY, + ARG_CERT, + ARG_TRUST, }; static const struct option options[] = { { "help", no_argument, NULL, 'h' }, { "version", no_argument, NULL, ARG_VERSION }, { "url", required_argument, NULL, 'u' }, + { "key", required_argument, NULL, ARG_KEY }, + { "cert", required_argument, NULL, ARG_CERT }, + { "trust", required_argument, NULL, ARG_TRUST }, {} }; @@ -292,6 +322,33 @@ static int parse_argv(int argc, char *argv[]) { arg_url = optarg; break; + case ARG_KEY: + if (arg_key) { + log_error("cannot use more than one --key"); + return -EINVAL; + } + + arg_key = optarg; + break; + + case ARG_CERT: + if (arg_cert) { + log_error("cannot use more than one --cert"); + return -EINVAL; + } + + arg_cert = optarg; + break; + + case ARG_TRUST: + if (arg_trust) { + log_error("cannot use more than one --trust"); + return -EINVAL; + } + + arg_trust = optarg; + break; + case '?': log_error("Unknown option %s.", argv[optind-1]); return -EINVAL; @@ -309,6 +366,11 @@ static int parse_argv(int argc, char *argv[]) { return -EINVAL; } + if (!!arg_key != !!arg_cert) { + log_error("Options --key and --cert must be used together."); + return -EINVAL; + } + if (optind >= argc) { log_error("Input argument missing."); return -EINVAL; -- 2.30.2