fix listener ssl initialization

Sun, 27 Nov 2022 10:07:37 +0100

author
Olaf Wintermann <olaf.wintermann@gmail.com>
date
Sun, 27 Nov 2022 10:07:37 +0100
changeset 441
797aeb31a2c6
parent 440
d77b8f3e14e2
child 442
05c2b62448b1

fix listener ssl initialization

src/server/daemon/httplistener.c file | annotate | diff | comparison | revisions
--- a/src/server/daemon/httplistener.c	Sat Nov 26 19:15:33 2022 +0100
+++ b/src/server/daemon/httplistener.c	Sun Nov 27 10:07:37 2022 +0100
@@ -181,8 +181,16 @@
     int ret;
     char errbuf[512];
     
+    // get TLS cert
     error = 0;
-    if(!conf->chainfile.ptr) {
+    if(conf->chainfile.ptr) {
+        ret = SSL_CTX_use_certificate_chain_file(ctx, conf->chainfile.ptr);
+        if(!ret) { 
+            ERR_error_string(ERR_get_error(), errbuf);
+            log_ereport(LOG_MISCONFIG, "Cannot load ssl cert file: %s", errbuf);
+            error = 1;
+        }
+    } else if(conf->certfile.ptr) {
         ret = SSL_CTX_use_certificate_file(ctx, conf->certfile.ptr, SSL_FILETYPE_PEM);
         if(!ret) {
             ERR_error_string(ERR_get_error(), errbuf);
@@ -190,14 +198,11 @@
             error = 1;
         }
     } else {
-        ret = SSL_CTX_use_certificate_chain_file(ctx, conf->chainfile.ptr);
-        if(!ret) { 
-            ERR_error_string(ERR_get_error(), errbuf);
-            log_ereport(LOG_MISCONFIG, "Cannot load ssl cert file: %s", errbuf);
-            error = 1;
-        }
+        log_ereport(LOG_MISCONFIG, "Listener %s: no CertChain/Cert specified", conf->name.ptr);
+        error = 1;
     }
 
+    // get private key
     ret = SSL_CTX_use_PrivateKey_file(ctx, conf->privkeyfile.ptr, SSL_FILETYPE_PEM);
     if(!ret) { 
         ERR_error_string(ERR_get_error(), errbuf);
@@ -211,10 +216,14 @@
     }
     
     HttpSSL *ssl = pool_malloc(conf->cfg->pool, sizeof(HttpSSL));
+    if(!ssl) {
+        SSL_CTX_free(ctx);
+        return NULL;
+    }
     ZERO(ssl, sizeof(HttpSSL));
     ssl->sslctx = ctx;
     
-    return NULL;
+    return ssl;
 }
 
 static WSSocket* create_socket(ListenerConfig *conf, const char *protocol) {

mercurial