#ifndef DISABLE_TLS
/* Create or rotate any required keys; handle (delayed) filewatch event */
- tls_daemon_tick();
+ for (int old_tfd = tls_daemon_tick(); old_tfd >= 0; )
+ {
+ FD_CLR(old_tfd, &select_listen);
+ if (old_tfd == listen_fd_max - 1) listen_fd_max = old_tfd;
+ if (tls_watch_fd >= 0)
+ add_listener_socket(tls_watch_fd, &select_listen, &listen_fd_max);
+ break;
+ }
#endif
errno = select_errno;
}
extern void tls_close(void *, int);
extern BOOL tls_could_read(void);
extern void tls_daemon_init(void);
-extern void tls_daemon_tick(void);
+extern int tls_daemon_tick(void);
extern BOOL tls_dropprivs_validate_require_cipher(BOOL);
extern BOOL tls_export_cert(uschar *, size_t, void *);
extern int tls_feof(void);
-/* Called every time round the daemon loop */
+/* Called every time round the daemon loop.
-void
+If we reloaded fd-watcher, return the old watch fd
+having modified the global for the new one. Otherwise
+return -1.
+*/
+
+int
tls_daemon_tick(void)
{
+int old_watch_fd = tls_watch_fd;
+
tls_per_lib_daemon_tick();
#if defined(EXIM_HAVE_INOTIFY) || defined(EXIM_HAVE_KEVENT)
if (tls_creds_expire && time(NULL) >= tls_creds_expire)
DEBUG(D_tls) debug_printf("selfsign cert rotate\n");
tls_creds_expire = 0;
tls_daemon_creds_reload();
+ return old_watch_fd;
}
else if (tls_watch_trigger_time && time(NULL) >= tls_watch_trigger_time + 5)
{
DEBUG(D_tls) debug_printf("watch triggered\n");
tls_watch_trigger_time = tls_creds_expire = 0;
tls_daemon_creds_reload();
+ return old_watch_fd;
}
#endif
+return -1;
}
/* Called once at daemon startup */