Module: ngircd.git Branch: master Commit: affa03b277bb479c050f2d6967ae410e49e0d2ac URL: http://ngircd.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git&a=commit;h=affa0...

Author: Florian Westphal fw@strlen.de Date: Sun Sep 20 20:43:12 2009 +0200

configtest: complain when ssl keys are not readable

---

src/ngircd/conf.c | 34 +++++++++++++++++++++++++++++----- 1 files changed, 29 insertions(+), 5 deletions(-)

diff --git a/src/ngircd/conf.c b/src/ngircd/conf.c index 71f0fe8..c50f8f9 100644 --- a/src/ngircd/conf.c +++ b/src/ngircd/conf.c @@ -95,19 +95,42 @@ ConfSSL_Init(void) array_free_wipe(&Conf_SSLOptions.KeyFilePassword); }

+static bool +can_open(const char *name, const char *file) +{ + FILE *fp = fopen(file, "r"); + if (fp) + fclose(fp); + else + fprintf(stderr, "ERROR: %s "%s": %s\n", + name, file, strerror(errno)); + return fp != NULL; +}

-static void +static bool ConfSSL_Puts(void) { - if (Conf_SSLOptions.KeyFile) + bool ret = true; + + if (Conf_SSLOptions.KeyFile) { printf( " SSLKeyFile = %s\n", Conf_SSLOptions.KeyFile); - if (Conf_SSLOptions.CertFile) + ret = can_open("SSLKeyFile", Conf_SSLOptions.KeyFile); + } + if (Conf_SSLOptions.CertFile) { printf( " SSLCertFile = %s\n", Conf_SSLOptions.CertFile); - if (Conf_SSLOptions.DHFile) + if (!can_open("SSLCertFile", Conf_SSLOptions.CertFile)) + ret = false; + } + if (Conf_SSLOptions.DHFile) { printf( " SSLDHFile = %s\n", Conf_SSLOptions.DHFile); + if (!can_open("SSLDHFile", Conf_SSLOptions.DHFile)) + ret = false; + } if (array_bytes(&Conf_SSLOptions.KeyFilePassword)) puts(" SSLKeyFilePassword = <secret>" ); array_free_wipe(&Conf_SSLOptions.KeyFilePassword); + + return ret; } #endif

@@ -245,7 +268,8 @@ Conf_Test( void ) #ifdef SSL_SUPPORT fputs(" SSLPorts = ", stdout); ports_puts(&Conf_SSLOptions.ListenPorts); - ConfSSL_Puts(); + if (!ConfSSL_Puts()) + config_valid = false; #endif

pwd = getpwuid( Conf_UID );