Sun, 27 Nov 2022 10:07:37 +0100
fix listener ssl initialization
src/server/daemon/httplistener.c | file | annotate | diff | comparison | revisions |
--- a/src/server/daemon/httplistener.c Sat Nov 26 19:15:33 2022 +0100 +++ b/src/server/daemon/httplistener.c Sun Nov 27 10:07:37 2022 +0100 @@ -181,8 +181,16 @@ int ret; char errbuf[512]; + // get TLS cert error = 0; - if(!conf->chainfile.ptr) { + if(conf->chainfile.ptr) { + ret = SSL_CTX_use_certificate_chain_file(ctx, conf->chainfile.ptr); + if(!ret) { + ERR_error_string(ERR_get_error(), errbuf); + log_ereport(LOG_MISCONFIG, "Cannot load ssl cert file: %s", errbuf); + error = 1; + } + } else if(conf->certfile.ptr) { ret = SSL_CTX_use_certificate_file(ctx, conf->certfile.ptr, SSL_FILETYPE_PEM); if(!ret) { ERR_error_string(ERR_get_error(), errbuf); @@ -190,14 +198,11 @@ error = 1; } } else { - ret = SSL_CTX_use_certificate_chain_file(ctx, conf->chainfile.ptr); - if(!ret) { - ERR_error_string(ERR_get_error(), errbuf); - log_ereport(LOG_MISCONFIG, "Cannot load ssl cert file: %s", errbuf); - error = 1; - } + log_ereport(LOG_MISCONFIG, "Listener %s: no CertChain/Cert specified", conf->name.ptr); + error = 1; } + // get private key ret = SSL_CTX_use_PrivateKey_file(ctx, conf->privkeyfile.ptr, SSL_FILETYPE_PEM); if(!ret) { ERR_error_string(ERR_get_error(), errbuf); @@ -211,10 +216,14 @@ } HttpSSL *ssl = pool_malloc(conf->cfg->pool, sizeof(HttpSSL)); + if(!ssl) { + SSL_CTX_free(ctx); + return NULL; + } ZERO(ssl, sizeof(HttpSSL)); ssl->sslctx = ctx; - return NULL; + return ssl; } static WSSocket* create_socket(ListenerConfig *conf, const char *protocol) {