--- a/src/server/daemon/httplistener.c Mon Dec 26 15:34:44 2016 +0100 +++ b/src/server/daemon/httplistener.c Mon Dec 26 16:46:55 2016 +0100 @@ -166,19 +166,38 @@ SSL_CTX *ctx = SSL_CTX_new( SSLv23_server_method()); SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE); - sstr_t file = sstrdup(conf->certfile); - int ret = SSL_CTX_use_certificate_file(ctx, file.ptr, SSL_FILETYPE_PEM); - free(file.ptr); - if(!ret) { - // TODO: cleanup - return NULL; + // TODO: cleanup on error + + sstr_t file; + int ret; + char errbuf[512]; + + if(!conf->chainfile.ptr) { + file = sstrdup(conf->certfile); + ret = SSL_CTX_use_certificate_file(ctx, file.ptr, SSL_FILETYPE_PEM); + free(file.ptr); + if(!ret) { + ERR_error_string(ERR_get_error(), errbuf); + log_ereport(LOG_MISCONFIG, "Cannot load ssl chain file: %s", errbuf); + return NULL; + } + } else { + file = sstrdup(conf->chainfile); + int ret = SSL_CTX_use_certificate_chain_file(ctx, file.ptr); + free(file.ptr); + if(!ret) { + ERR_error_string(ERR_get_error(), errbuf); + log_ereport(LOG_MISCONFIG, "Cannot load ssl cert file: %s", errbuf); + return NULL; + } } file = sstrdup(conf->privkeyfile); ret = SSL_CTX_use_PrivateKey_file(ctx, file.ptr, SSL_FILETYPE_PEM); free(file.ptr); - if(!ret) { - // TODO: cleanup + if(!ret) { + ERR_error_string(ERR_get_error(), errbuf); + log_ereport(LOG_MISCONFIG, "Cannot load ssl key file: %s", errbuf); return NULL; }