summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAmir Taaki <genjix@riseup.net>2014-03-12 17:02:26 (GMT)
committer Amir Taaki <genjix@riseup.net>2014-03-12 17:02:26 (GMT)
commit51167de2230658181ac66d56993116cf3fb97b7b (patch)
treeed3a04f9d714bf5ad10becfc622d0a7ca207847e
parent0bcab9c85d4740aa42f9a2534ea745ccaa77ecee (diff)
ability to enable/disable crypto (disabled by default).nobalancer
-rw-r--r--src/worker/config.hpp2
-rw-r--r--src/worker/worker.cfg14
-rw-r--r--src/worker/worker.cpp27
-rw-r--r--src/worker/worker.hpp1
4 files changed, 27 insertions, 17 deletions
diff --git a/src/worker/config.hpp b/src/worker/config.hpp
index ce60991..2cc61a3 100644
--- a/src/worker/config.hpp
+++ b/src/worker/config.hpp
@@ -27,7 +27,7 @@ struct config_type
bool publisher_enabled = false;
std::string block_publish;
std::string tx_publish;
- std::string certificate = "server.cert";
+ std::string certificate = "";
ipaddress_list whitelist;
std::string client_allowed_certs = "ALLOW_ALL_CERTS";
std::string name;
diff --git a/src/worker/worker.cfg b/src/worker/worker.cfg
index bf111b0..478e62c 100644
--- a/src/worker/worker.cfg
+++ b/src/worker/worker.cfg
@@ -17,15 +17,19 @@ service = "tcp://*:9091"
# And the port where we send our heartbeats.
heartbeat = "tcp://*:9092"
+# ----------------------
# Advanced features:
-certificate = "server.cert"
-whitelist = (
- "127.0.0.1"
-)
+# ----------------------
+
+#certificate = "server.cert"
+#whitelist = (
+# "127.0.0.1"
+#)
# Directory containing allowed client public certificates.
# Comment out to allow all clients to connect.
# New certs can be added without needing to restart the server.
-client-allowed-certs = "client-certs/"
+#client-allowed-certs = "client-certs/"
+
# Uncomment to give this worker a named UUID. Must be unique.
#name = "ada"
# Number of outgoing network connections to p2p network.
diff --git a/src/worker/worker.cpp b/src/worker/worker.cpp
index dca4131..0f50ee9 100644
--- a/src/worker/worker.cpp
+++ b/src/worker/worker.cpp
@@ -43,15 +43,8 @@ bool request_worker::start(config_type& config)
{
// Load config values.
log_requests_ = config.log_requests;
- if (log_requests_)
- auth_.set_verbose(true);
- for (const std::string& ip_address: config.whitelist)
- auth_.allow(ip_address);
- if (config.client_allowed_certs == "ALLOW_ALL_CERTS")
- auth_.configure_curve("*", CURVE_ALLOW_ANY);
- else
- auth_.configure_curve("*", config.client_allowed_certs);
- cert_.reset(czmqpp::load_cert(config.certificate));
+ if (!config.certificate.empty())
+ enable_crypto(config);
// Start ZeroMQ sockets.
create_new_socket(config);
log_debug(LOG_WORKER) << "Heartbeat: " << config.heartbeat;
@@ -64,14 +57,26 @@ void request_worker::stop()
{
}
+void request_worker::enable_crypto(config_type& config)
+{
+ if (log_requests_)
+ auth_.set_verbose(true);
+ for (const std::string& ip_address: config.whitelist)
+ auth_.allow(ip_address);
+ if (config.client_allowed_certs == "ALLOW_ALL_CERTS")
+ auth_.configure_curve("*", CURVE_ALLOW_ANY);
+ else
+ auth_.configure_curve("*", config.client_allowed_certs);
+ cert_.reset(czmqpp::load_cert(config.certificate));
+ cert_.apply(socket_);
+ socket_.set_curve_server(1);
+}
void request_worker::create_new_socket(config_type& config)
{
log_debug(LOG_WORKER) << "Listening: " << config.service;
// Set the socket identity name.
if (!config.name.empty())
socket_.set_identity(config.name.c_str());
- cert_.apply(socket_);
- socket_.set_curve_server(1);
// Connect...
socket_.bind(config.service);
// Configure socket to not wait at close time
diff --git a/src/worker/worker.hpp b/src/worker/worker.hpp
index a14dcb5..bf4653f 100644
--- a/src/worker/worker.hpp
+++ b/src/worker/worker.hpp
@@ -57,6 +57,7 @@ public:
private:
typedef std::unordered_map<std::string, command_handler> command_map;
+ void enable_crypto(config_type& config);
void create_new_socket(config_type& config);
void poll();
void publish_heartbeat();