164 listener->ssl = malloc(sizeof(HttpSSL)); |
164 listener->ssl = malloc(sizeof(HttpSSL)); |
165 |
165 |
166 SSL_CTX *ctx = SSL_CTX_new( SSLv23_server_method()); |
166 SSL_CTX *ctx = SSL_CTX_new( SSLv23_server_method()); |
167 SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE); |
167 SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE); |
168 |
168 |
169 sstr_t file = sstrdup(conf->certfile); |
169 // TODO: cleanup on error |
170 int ret = SSL_CTX_use_certificate_file(ctx, file.ptr, SSL_FILETYPE_PEM); |
170 |
171 free(file.ptr); |
171 sstr_t file; |
172 if(!ret) { |
172 int ret; |
173 // TODO: cleanup |
173 char errbuf[512]; |
174 return NULL; |
174 |
|
175 if(!conf->chainfile.ptr) { |
|
176 file = sstrdup(conf->certfile); |
|
177 ret = SSL_CTX_use_certificate_file(ctx, file.ptr, SSL_FILETYPE_PEM); |
|
178 free(file.ptr); |
|
179 if(!ret) { |
|
180 ERR_error_string(ERR_get_error(), errbuf); |
|
181 log_ereport(LOG_MISCONFIG, "Cannot load ssl chain file: %s", errbuf); |
|
182 return NULL; |
|
183 } |
|
184 } else { |
|
185 file = sstrdup(conf->chainfile); |
|
186 int ret = SSL_CTX_use_certificate_chain_file(ctx, file.ptr); |
|
187 free(file.ptr); |
|
188 if(!ret) { |
|
189 ERR_error_string(ERR_get_error(), errbuf); |
|
190 log_ereport(LOG_MISCONFIG, "Cannot load ssl cert file: %s", errbuf); |
|
191 return NULL; |
|
192 } |
175 } |
193 } |
176 |
194 |
177 file = sstrdup(conf->privkeyfile); |
195 file = sstrdup(conf->privkeyfile); |
178 ret = SSL_CTX_use_PrivateKey_file(ctx, file.ptr, SSL_FILETYPE_PEM); |
196 ret = SSL_CTX_use_PrivateKey_file(ctx, file.ptr, SSL_FILETYPE_PEM); |
179 free(file.ptr); |
197 free(file.ptr); |
180 if(!ret) { |
198 if(!ret) { |
181 // TODO: cleanup |
199 ERR_error_string(ERR_get_error(), errbuf); |
|
200 log_ereport(LOG_MISCONFIG, "Cannot load ssl key file: %s", errbuf); |
182 return NULL; |
201 return NULL; |
183 } |
202 } |
184 |
203 |
185 // TODO: chain |
204 // TODO: chain |
186 listener->ssl->sslctx = ctx; |
205 listener->ssl->sslctx = ctx; |