diff options
| author | Alexander Barton <alex@barton.de> | 2012-09-21 10:36:09 +0200 |
|---|---|---|
| committer | Alexander Barton <alex@barton.de> | 2012-09-21 10:36:09 +0200 |
| commit | bb20aeb9bcbb27eda540a6df2faf2d07e71d23f3 (patch) | |
| tree | cbc940802a2e178f285f2131281a2d5caeda97dc | |
| parent | 1413a4886ffa120e82d4963368e82b4d5ec6eb2d (diff) | |
| download | ngircd-bb20aeb9bcbb27eda540a6df2faf2d07e71d23f3.tar.gz ngircd-bb20aeb9bcbb27eda540a6df2faf2d07e71d23f3.zip | |
Initialize SSL when needed only, and disable SSL on errors
With this patch, the SSL subsystem will only be initialized if at least one SSL ports is configured; so you won't get "SSL initialization failed" messages if you didn't configured it at all. And if SSL initialization fails, no SSL listen ports will be enabled later which never could establish a working SSL connection at all ...
| -rw-r--r-- | src/ngircd/conn-ssl.c | 15 | ||||
| -rw-r--r-- | src/ngircd/ngircd.c | 2 |
2 files changed, 13 insertions, 4 deletions
diff --git a/src/ngircd/conn-ssl.c b/src/ngircd/conn-ssl.c index 8f7b70af..914d0165 100644 --- a/src/ngircd/conn-ssl.c +++ b/src/ngircd/conn-ssl.c @@ -241,6 +241,9 @@ void ConnSSL_Free(CONNECTION *c) bool ConnSSL_InitLibrary( void ) { + if (!array_bytes(&Conf_SSLOptions.ListenPorts)) + return true; + #ifdef HAVE_LIBSSL SSL_CTX *newctx; @@ -256,12 +259,14 @@ ConnSSL_InitLibrary( void ) * According to OpenSSL RAND_egd(3): "The automatic query of /var/run/egd-pool et al was added in OpenSSL 0.9.7"; * so it makes little sense to deal with PRNGD seeding ourselves. */ + array_free(&Conf_SSLOptions.ListenPorts); return false; } newctx = SSL_CTX_new(SSLv23_method()); if (!newctx) { LogOpenSSLError("SSL_CTX_new()", NULL); + array_free(&Conf_SSLOptions.ListenPorts); return false; } @@ -276,6 +281,7 @@ ConnSSL_InitLibrary( void ) return true; out: SSL_CTX_free(newctx); + array_free(&Conf_SSLOptions.ListenPorts); return false; #endif #ifdef HAVE_LIBGNUTLS @@ -287,10 +293,13 @@ out: err = gnutls_global_init(); if (err) { Log(LOG_ERR, "gnutls_global_init(): %s", gnutls_strerror(err)); + array_free(&Conf_SSLOptions.ListenPorts); return false; } - if (!ConnSSL_LoadServerKey_gnutls()) + if (!ConnSSL_LoadServerKey_gnutls()) { + array_free(&Conf_SSLOptions.ListenPorts); return false; + } Log(LOG_INFO, "gnutls %s initialized.", gnutls_check_version(NULL)); initialized = true; return true; @@ -313,7 +322,7 @@ ConnSSL_LoadServerKey_gnutls(void) cert_file = Conf_SSLOptions.CertFile ? Conf_SSLOptions.CertFile:Conf_SSLOptions.KeyFile; if (!cert_file) { - Log(LOG_NOTICE, "No SSL server key configured, SSL disabled."); + Log(LOG_ERR, "No SSL server key configured!"); return false; } @@ -344,7 +353,7 @@ ConnSSL_LoadServerKey_openssl(SSL_CTX *ctx) assert(ctx); if (!Conf_SSLOptions.KeyFile) { - Log(LOG_NOTICE, "No SSL server key configured, SSL disabled."); + Log(LOG_ERR, "No SSL server key configured!"); return false; } diff --git a/src/ngircd/ngircd.c b/src/ngircd/ngircd.c index 585e2ac0..a4c2fe8a 100644 --- a/src/ngircd/ngircd.c +++ b/src/ngircd/ngircd.c @@ -662,7 +662,7 @@ NGIRCd_Init(bool NGIRCd_NoDaemon) /* SSL initialization */ if (!ConnSSL_InitLibrary()) Log(LOG_WARNING, - "Warning: Error during SSL initialization, continuing ..."); + "Error during SSL initialization, continuing without SSL ..."); /* Change root */ if (Conf_Chroot[0]) { |