SSL implementation for Netdata (#5956)

* SSL implementation for Netdata

* Upload of fixes asked by @paulkatsoulakis and @cakrit

* Fix local computer

* Adding openssl to webserver

* fixing..

* HTTPS almost there

* Codacity

* HTTPS day 3

* HTTPS without Bio step 1

* HTTPS without Bio step 2

* HTTPS without Bio step 3

* HTTPS without Bio step 4

* HTTPS without Bio step 5

* HTTPS without Bio step 6

* HTTPS without Bio step 7

* HTTPS without Bio step 8

* HTTPS without Bio step 9

* HTTPS without Bio step 10

* SSL on streaming 1

* Daily pull

* HTTPS without Bio step 11

* HTTPS without Bio step 12

* HTTPS without Bio step 13

* HTTPS without Bio step 14

* SSL_Interception change documentation

* HTTPS without Bio step 15

* HTTPS without Bio step 16

* SSL_Interception fix codacity

* SSL_Interception fix doc

* SSL_Interception comments

* SSL_Interception fixing problems!

* SSL_Interception killing bugs

* SSL_Interception changing parameter

* SSL_Implementation documentation and script

* SSL_Implementation multiple fixes

* SSL_Implementation installer and cipher

* SSL_Implementation Redirect 301

* SSL_Implementation webserver doc and install-or-update.sh

* SSL_Implementation error 00000001:lib(0):func(0):reason(1)

* SSL_Implementation web server doc

* SSL_Implementation SEGFAULT on Fedora

* SSL_Implementation fix ^SSL=force|optional

* SSL_Implementation Redirect and Ciphers

* SSL_Implementation race condition 1

* SSL_Implementation Fix Location

* SSL_Implementation Fix Location 2

* SSL_Implementation Fix stream

* SSL_Implementation Fix stream 2

* SSL_Implementation Fix stream 3

* SSL_Implementation last problems!

* SSL_Implementation adjusts to commit!

* SSL_Implementation documentation permission!

* SSL_Implementation documentation permission 2!

* SSL_Implementation documentation permission 3!

1 files changed, 26 insertions, 2 deletions

diff --git a/daemon/main.c b/daemon/main.c
index 83e264735b..0478e37a6d 100644
--- a/daemon/main.c
+++ b/daemon/main.c
@@ -49,6 +49,10 @@ void netdata_cleanup_and_exit(int ret) {
             error("EXIT: cannot unlink pidfile '%s'.", pidfile);
     }
 
+#ifdef ENABLE_HTTPS
+	security_clean_openssl();
+#endif
+
     info("EXIT: all done - netdata is now exiting - bye bye...");
     exit(ret);
 }
@@ -345,7 +349,20 @@ static const char *verify_required_directory(const char *dir) {
     return dir;
 }
 
-void log_init(void) {
+#ifdef ENABLE_HTTPS
+static void security_init(){
+    char filename[FILENAME_MAX + 1];
+    snprintfz(filename, FILENAME_MAX, "%s/ssl/key.pem",netdata_configured_user_config_dir);
+    security_key    = config_get(CONFIG_SECTION_WEB, "ssl key",  filename);
+
+    snprintfz(filename, FILENAME_MAX, "%s/ssl/cert.pem",netdata_configured_user_config_dir);
+    security_cert    = config_get(CONFIG_SECTION_WEB, "ssl certificate",  filename);
+
+    security_openssl_library();
+}
+#endif
+
+static void log_init(void) {
     char filename[FILENAME_MAX + 1];
     snprintfz(filename, FILENAME_MAX, "%s/debug.log", netdata_configured_log_dir);
     stdout_filename    = config_get(CONFIG_SECTION_GLOBAL, "debug log",  filename);
@@ -420,8 +437,9 @@ static void get_netdata_configured_variables() {
     // get the hostname
 
     char buf[HOSTNAME_MAX + 1];
-    if(gethostname(buf, HOSTNAME_MAX) == -1)
+    if(gethostname(buf, HOSTNAME_MAX) == -1){
         error("Cannot get machine hostname.");
+    }
 
     netdata_configured_hostname = config_get(CONFIG_SECTION_GLOBAL, "hostname", buf);
     debug(D_OPTIONS, "hostname set to '%s'", netdata_configured_hostname);
@@ -1081,6 +1099,12 @@ int main(int argc, char **argv) {
         error_log_limit_unlimited();
 
         // --------------------------------------------------------------------
+        // get the certificate and start security
+#ifdef ENABLE_HTTPS
+        security_init();
+#endif
+
+        // --------------------------------------------------------------------
         // setup process signals
 
         // block signals while initializing threads.