--- a/src/server/daemon/httplistener.c Mon Dec 26 15:34:44 2016 +0100
+++ b/src/server/daemon/httplistener.c Mon Dec 26 16:46:55 2016 +0100
@@ -166,19 +166,38 @@
SSL_CTX *ctx = SSL_CTX_new( SSLv23_server_method());
SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE);
- sstr_t file = sstrdup(conf->certfile);
- int ret = SSL_CTX_use_certificate_file(ctx, file.ptr, SSL_FILETYPE_PEM);
- free(file.ptr);
- if(!ret) {
- // TODO: cleanup
- return NULL;
+ // TODO: cleanup on error
+
+ sstr_t file;
+ int ret;
+ char errbuf[512];
+
+ if(!conf->chainfile.ptr) {
+ file = sstrdup(conf->certfile);
+ ret = SSL_CTX_use_certificate_file(ctx, file.ptr, SSL_FILETYPE_PEM);
+ free(file.ptr);
+ if(!ret) {
+ ERR_error_string(ERR_get_error(), errbuf);
+ log_ereport(LOG_MISCONFIG, "Cannot load ssl chain file: %s", errbuf);
+ return NULL;
+ }
+ } else {
+ file = sstrdup(conf->chainfile);
+ int ret = SSL_CTX_use_certificate_chain_file(ctx, file.ptr);
+ free(file.ptr);
+ if(!ret) {
+ ERR_error_string(ERR_get_error(), errbuf);
+ log_ereport(LOG_MISCONFIG, "Cannot load ssl cert file: %s", errbuf);
+ return NULL;
+ }
}
file = sstrdup(conf->privkeyfile);
ret = SSL_CTX_use_PrivateKey_file(ctx, file.ptr, SSL_FILETYPE_PEM);
free(file.ptr);
- if(!ret) {
- // TODO: cleanup
+ if(!ret) {
+ ERR_error_string(ERR_get_error(), errbuf);
+ log_ereport(LOG_MISCONFIG, "Cannot load ssl key file: %s", errbuf);
return NULL;
}
