From 5839a2aec4ed0ce62231e491d08c52ae35064fcb Mon Sep 17 00:00:00 2001 From: eugene Date: Wed, 12 Feb 2025 11:25:36 -0500 Subject: [PATCH 1/2] update ziti-sdk@1.5.0 --- CMakeLists.txt | 2 +- lib/ziti-tunnel-cbs/ziti_hosting.c | 19 +++++++++---------- 2 files changed, 10 insertions(+), 11 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 93443ec3..f4d1f6aa 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -2,7 +2,7 @@ cmake_minimum_required(VERSION 3.21) set(ZITI_SDK_DIR "" CACHE FILEPATH "developer option: use local ziti-sdk-c checkout") -set(ZITI_SDK_VERSION "1.4.4" CACHE STRING "ziti-sdk-c version or branch to use") +set(ZITI_SDK_VERSION "1.5.0" CACHE STRING "ziti-sdk-c version or branch to use") # if TUNNEL_SDK_ONLY then don't descend into programs/ziti-edge-tunnel option(TUNNEL_SDK_ONLY "build only ziti-tunnel-sdk (without ziti)" OFF) diff --git a/lib/ziti-tunnel-cbs/ziti_hosting.c b/lib/ziti-tunnel-cbs/ziti_hosting.c index 763cb6a0..1860d67f 100644 --- a/lib/ziti-tunnel-cbs/ziti_hosting.c +++ b/lib/ziti-tunnel-cbs/ziti_hosting.c @@ -759,13 +759,12 @@ static void hosted_listen_cb(ziti_connection serv, int status) { } } -static ziti_listen_opts DEFAULT_LISTEN_OPTS = { - .bind_using_edge_identity = false, - .identity = NULL, - .connect_timeout_seconds = 5, - .terminator_precedence = PRECEDENCE_DEFAULT, - .terminator_cost = 0, -}; +#define DEFAULT_LISTEN_OPTS (ziti_listen_opts){ \ +.bind_using_edge_identity = false, \ +.identity = NULL, \ +.connect_timeout_seconds = 5, \ +.terminator_precedence = PRECEDENCE.DEFAULT, \ +.terminator_cost = 0, } static void listen_opts_from_host_cfg_v1(ziti_listen_opts *opts, const ziti_host_cfg_v1 *config) { *opts = DEFAULT_LISTEN_OPTS; @@ -779,11 +778,11 @@ static void listen_opts_from_host_cfg_v1(ziti_listen_opts *opts, const ziti_host const char *prec = config->listen_options->precendence; if (prec) { if (strcmp(prec, "default") == 0) { - opts->terminator_precedence = PRECEDENCE_DEFAULT; + opts->terminator_precedence = PRECEDENCE.DEFAULT; } else if (strcmp(prec, "required") == 0) { - opts->terminator_precedence = PRECEDENCE_REQUIRED; + opts->terminator_precedence = PRECEDENCE.REQUIRED; } else if (strcmp(prec, "failed") == 0) { - opts->terminator_precedence = PRECEDENCE_FAILED; + opts->terminator_precedence = PRECEDENCE.FAILED; } else { ZITI_LOG(WARN, "unsupported terminator precedence '%s'", prec); } From fc569569b81169a696cbdb8a3d30d6cb0d10d660 Mon Sep 17 00:00:00 2001 From: eugene Date: Wed, 12 Feb 2025 11:29:30 -0500 Subject: [PATCH 2/2] enable certificate auto-extension --- lib/ziti-tunnel-cbs/ziti_tunnel_ctrl.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/ziti-tunnel-cbs/ziti_tunnel_ctrl.c b/lib/ziti-tunnel-cbs/ziti_tunnel_ctrl.c index 9421d209..bde78325 100644 --- a/lib/ziti-tunnel-cbs/ziti_tunnel_ctrl.c +++ b/lib/ziti-tunnel-cbs/ziti_tunnel_ctrl.c @@ -37,6 +37,9 @@ #define HOST_NAME_MAX 254 #endif +// renew identity certificate if expired/expiring in the next 30 days +#define CERT_EXT_WINDOW 30 + #define FREE(x) do { if(x) free((void*)(x)); (x) = NULL; } while(0) // temporary list to pass info between parse and run @@ -835,7 +838,8 @@ static int load_identity_cfg(const char *identifier, const ziti_config *cfg, boo ziti_options opts = { .api_page_size = api_page_size > 0 ? api_page_size : 0, .disabled = disabled, - .refresh_interval = (long)refresh_interval + .refresh_interval = (long)refresh_interval, + .cert_extension_window = CERT_EXT_WINDOW, }; int rc = init_ziti_instance(inst, cfg, &opts); if (rc != ZITI_OK) {