Merge pull request #8515 from Icinga/feature/update-ssl-context-after-accepting-new-connection-8501

API: Update the ssl context after each accepting incoming connection

lib/base/utility.cpp

@@ -1367,6 +1367,13 @@ bool Utility::PathExists(const String& path)
 	return fs::exists(fs::path(path.Begin(), path.End()), ec) && !ec;
 }
 
+time_t Utility::GetFileCreationTime(const String& path)
+{
+	namespace fs = boost::filesystem;
+
+	return fs::last_write_time(boost::lexical_cast<fs::path>(path));
+}
+
 Value Utility::LoadJsonFile(const String& path)
 {
 	std::ifstream fp;

lib/base/utility.hpp

@@ -112,6 +112,7 @@ public:
 	static tm LocalTime(time_t ts);
 
 	static bool PathExists(const String& path);
+	static time_t GetFileCreationTime(const String& path);
 
 	static void Remove(const String& path);
 	static void RemoveDirRecursive(const String& path);

lib/remote/apilistener.cpp

@@ -432,11 +432,31 @@ void ApiListener::ListenerCoroutineProc(boost::asio::yield_context yc, const Sha
 
 	auto& io (IoEngine::Get().GetIoContext());
 
+	time_t lastModified = -1;
+	const String crlPath = GetCrlPath();
+
+	if (!crlPath.IsEmpty()) {
+		lastModified = Utility::GetFileCreationTime(crlPath);
+	}
+
 	for (;;) {
 		try {
-			auto sslConn (Shared<AsioTlsStream>::Make(io, *sslContext));
+			asio::ip::tcp::socket socket (io);
 
-			server->async_accept(sslConn->lowest_layer(), yc);
+			server->async_accept(socket.lowest_layer(), yc);
+
+			if (!crlPath.IsEmpty()) {
+				time_t currentCreationTime = Utility::GetFileCreationTime(crlPath);
+
+				if (lastModified != currentCreationTime) {
+					UpdateSSLContext();
+
+					lastModified = currentCreationTime;
+				}
+			}
+
+			auto sslConn (Shared<AsioTlsStream>::Make(io, *sslContext));
+			sslConn->lowest_layer() = std::move(socket);
 
 			auto strand (Shared<asio::io_context::strand>::Make(io));