webserver: comparison src/server/daemon/httplistener.c

-:288fd9b9a739
+:fd324464f56f
 listener->ssl = malloc(sizeof(HttpSSL));
 SSL_CTX *ctx = SSL_CTX_new( SSLv23_server_method());
 SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE);
-sstr_t file = sstrdup(conf->certfile);
+// TODO: cleanup on error
-int ret = SSL_CTX_use_certificate_file(ctx, file.ptr, SSL_FILETYPE_PEM);
-free(file.ptr);
+sstr_t file;
-if(!ret) {
+int ret;
-// TODO: cleanup
+char errbuf[512];
-return NULL;
+if(!conf->chainfile.ptr) {
+file = sstrdup(conf->certfile);
+ret = SSL_CTX_use_certificate_file(ctx, file.ptr, SSL_FILETYPE_PEM);
+free(file.ptr);
+if(!ret) {
+ERR_error_string(ERR_get_error(), errbuf);
+log_ereport(LOG_MISCONFIG, "Cannot load ssl chain file: %s", errbuf);
+return NULL;
+}
+} else {
+file = sstrdup(conf->chainfile);
+int ret = SSL_CTX_use_certificate_chain_file(ctx, file.ptr);
+free(file.ptr);
+if(!ret) {
+ERR_error_string(ERR_get_error(), errbuf);
+log_ereport(LOG_MISCONFIG, "Cannot load ssl cert file: %s", errbuf);
+return NULL;
+}
 }
 file = sstrdup(conf->privkeyfile);
 ret = SSL_CTX_use_PrivateKey_file(ctx, file.ptr, SSL_FILETYPE_PEM);
 free(file.ptr);
 if(!ret) {
-// TODO: cleanup
+ERR_error_string(ERR_get_error(), errbuf);
+log_ereport(LOG_MISCONFIG, "Cannot load ssl key file: %s", errbuf);
 return NULL;
 }
 // TODO: chain
 listener->ssl->sslctx = ctx;

Mercurial > hg > webserver / file comparison