From aca39bbfaa1027cccf7f827ed91a77cf47c83e8e Mon Sep 17 00:00:00 2001
From: xia-chu <771730766@qq.com>
Date: Sat, 21 Sep 2024 18:15:32 +0800
Subject: [PATCH] Support hot-reload of SSL certificates (#2835)

---
 3rdpart/ZLToolKit |  2 +-
 server/main.cpp   | 31 +++++++++++++++++++++----------
 2 files changed, 22 insertions(+), 11 deletions(-)

diff --git a/3rdpart/ZLToolKit b/3rdpart/ZLToolKit
index ac6ae2d7..f8add834 160000
--- a/3rdpart/ZLToolKit
+++ b/3rdpart/ZLToolKit
@@ -1 +1 @@
-Subproject commit ac6ae2d76cb7463243ade44e6aa75a552e82e5c9
+Subproject commit f8add834ea352bd8c9279486e48ae5070a84d4aa
diff --git a/server/main.cpp b/server/main.cpp
index adcf4303..051f2bfe 100644
--- a/server/main.cpp
+++ b/server/main.cpp
@@ -215,6 +215,9 @@ public:
 // Global variable, used in WebApi to save configuration files
 string g_ini_file;
 
+// 加载ssl证书函数对象
+std::function<void()> g_reload_certificates;
+
 int start_main(int argc,char *argv[]) {
     {
         CMD_main cmd_main;
@@ -284,19 +287,24 @@ int start_main(int argc,char *argv[]) {
         if (!File::is_dir(ssl_file)) {
             // 不是文件夹，加载证书，证书包含公钥和私钥  [AUTO-TRANSLATED:5d3a5e49]
             // Not a folder, load certificate, certificate contains public key and private key
-            SSL_Initor::Instance().loadCertificate(ssl_file.data());
+            g_reload_certificates = [ssl_file] () {
+                SSL_Initor::Instance().loadCertificate(ssl_file.data());
+            };
         } else {
             // 加载文件夹下的所有证书  [AUTO-TRANSLATED:0e1f9b20]
             // Load all certificates under the folder
-            File::scanDir(ssl_file,[](const string &path, bool isDir){
-                if (!isDir) {
-                    // 最后的一个证书会当做默认证书(客户端ssl握手时未指定主机)  [AUTO-TRANSLATED:b242685c]
-                    // The last certificate will be used as the default certificate (client ssl handshake does not specify the host)
-                    SSL_Initor::Instance().loadCertificate(path.data());
-                }
-                return true;
-            });
+            g_reload_certificates = [ssl_file]() {
+                File::scanDir(ssl_file, [](const string &path, bool isDir) {
+                    if (!isDir) {
+                        // 最后的一个证书会当做默认证书(客户端ssl握手时未指定主机)  [AUTO-TRANSLATED:b242685c]
+                        // The last certificate will be used as the default certificate (client ssl handshake does not specify the host)
+                        SSL_Initor::Instance().loadCertificate(path.data());
+                    }
+                    return true;
+                });
+            };
         }
+        g_reload_certificates();
 
         std::string listen_ip = mINI::Instance()[General::kListenIP];
         uint16_t shellPort = mINI::Instance()[Shell::kPort];
@@ -465,7 +473,10 @@ int start_main(int argc,char *argv[]) {
         });
 
 #if !defined(_WIN32)
-        signal(SIGHUP, [](int) { mediakit::loadIniConfig(g_ini_file.data()); });
+        signal(SIGHUP, [](int) {
+            mediakit::loadIniConfig(g_ini_file.data());
+            g_reload_certificates();
+        });
 #endif
         sem.wait();
     }