diff options
Diffstat (limited to 'src/bin/agent/ca_cfg_mgr.cc')
| -rw-r--r-- | src/bin/agent/ca_cfg_mgr.cc | 28 |
1 files changed, 25 insertions, 3 deletions
diff --git a/src/bin/agent/ca_cfg_mgr.cc b/src/bin/agent/ca_cfg_mgr.cc index 0a9a7bfcb9..2a715c7a9f 100644 --- a/src/bin/agent/ca_cfg_mgr.cc +++ b/src/bin/agent/ca_cfg_mgr.cc @@ -1,4 +1,4 @@ -// Copyright (C) 2016-2020 Internet Systems Consortium, Inc. ("ISC") +// Copyright (C) 2016-2021 Internet Systems Consortium, Inc. ("ISC") // // This Source Code Form is subject to the terms of the Mozilla Public // License, v. 2.0. If a copy of the MPL was not distributed with this @@ -22,7 +22,8 @@ namespace isc { namespace agent { CtrlAgentCfgContext::CtrlAgentCfgContext() - : http_host_(""), http_port_(0) { + : http_host_(""), http_port_(0), + trust_anchor_(""), cert_file_(""), key_file_(""), cert_required_(true) { } CtrlAgentCfgContext::CtrlAgentCfgContext(const CtrlAgentCfgContext& orig) @@ -46,7 +47,20 @@ CtrlAgentCfgMgr::getConfigSummary(const uint32_t /*selection*/) { // First print the http stuff. std::ostringstream s; s << "listening on " << ctx->getHttpHost() << ", port " - << ctx->getHttpPort() << ", control sockets: "; + << ctx->getHttpPort(); + + // When TLS is setup print its config. + if (!ctx->getTrustAnchor().empty()) { + s << ", trust anchor " << ctx->getTrustAnchor() + << ", cert file " << ctx->getCertFile() + << ", key file " << ctx->getKeyFile(); + if (ctx->getCertRequired()) { + s << ", client certs are required"; + } else { + s << ", client certs are optional"; + } + } + s << ", control sockets: "; // Then print the control-sockets s << ctx->getControlSocketInfoSummary(); @@ -91,6 +105,7 @@ CtrlAgentCfgMgr::parse(ConstElementPtr config_set, bool check_only) { try { // Do the actual parsing AgentSimpleParser parser; + parser.checkTlsSetup(cfg); parser.parse(ctx, cfg, check_only); } catch (const isc::Exception& ex) { excuse = ex.what(); @@ -218,6 +233,13 @@ CtrlAgentCfgContext::toElement() const { ca->set("http-host", Element::create(http_host_)); // Set http-port ca->set("http-port", Element::create(static_cast<int64_t>(http_port_))); + // Set TLS setup when enabled + if (!trust_anchor_.empty()) { + ca->set("trust-anchor", Element::create(trust_anchor_)); + ca->set("cert-file", Element::create(cert_file_)); + ca->set("key-file", Element::create(key_file_)); + ca->set("cert-required", Element::create(cert_required_)); + } // Set authentication if (auth_config_) { ca->set("authentication", auth_config_->toElement()); |