--- a/runtime/Stunnel.py	Tue Oct 23 16:19:20 2018 +0200
+++ b/runtime/Stunnel.py	Mon Oct 29 11:33:36 2018 +0100
@@ -4,11 +4,13 @@
 
 restart_stunnel_cmdline = ["/etc/init.d/S50stunnel","restart"]
 
-# stunnel takes no encoding for psk, so we try to lose minimum entropy 
+# stunnel takes no encoding for PSK, so we try to lose minimum entropy 
 # by using all possible chars except '\0\n\r' (checked stunnel parser to be sure)
 translator = ''.join([(lambda c: '#' if c in '\0\n\r' else c)(chr(i)) for i in xrange(256)])
 
-def pskgen(ID, pskpath):
+_PSKpath = None
+
+def PSKgen(ID, PSKpath):
     secret = os.urandom(256) # 2048 bits is still safe nowadays
 
     # following makes 512 length string, rejected by stunnel
@@ -16,14 +18,27 @@
     # secretstring = hexlify(secret)
 
     secretstring = secret.translate(translator)
-    pskstring = ID+":"+secretstring
-    with open(pskpath, 'w') as f:
-        f.write(pskstring)
+    PSKstring = ID+":"+secretstring
+    with open(PSKpath, 'w') as f:
+        f.write(PSKstring)
     call(restart_stunnel_cmdline)
 
-def ensurepsk(ID, pskpath):
+def ensurePSK(ID, PSKpath):
+    global _PSKpath
+    _PSKpath = PSKpath
     # check if already there
-    if not os.path.exists(pskpath):
+    if not os.path.exists(PSKpath):
         # create if needed
-        pskgen(ID, pskpath)
+        PSKgen(ID, PSKpath)
 
+def getPSKID():
+    if _PSKpath is not None :
+        if not os.path.exists(_PSKpath):
+            confnodesroot.logger.write_error(
+                'Error: Pre-Shared-Key Secret in %s is missing!\n' % _PSKpath)
+            return None
+        ID,_sep,PSK = open(_PSKpath).read().partition(':')
+        PSK = PSK.rstrip('\n\r')
+        return (ID,PSK)
+    return None
+