Alexander Barton : Correctly detect when SSL subsystem must be initialized - ngIRCd GIT Updates

7 Jan 2013

Module: ngircd.git
Branch: master
Commit: ab009976984ede815c31c9a6b318c80006823b81
URL:    http://ngircd.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git&a=commit;h=ab009...
Author: Alexander Barton alex@barton.de
Date:   Mon Jan  7 18:42:57 2013 +0100
Correctly detect when SSL subsystem must be initialized
This patch introduces the new function Conf_SSLInUse() to check when the
current server configuration requires the SSL subsystem to be initialized
and accounts incoming as well as outgoing connections -- so this fixes
commit bb20aeb9 ("Initialize SSL when needed only, and disable SSL on
errors") which only handled the inbound case  ...
Tested-by: Brett Smith brett@w3.org
---
src/ngircd/conf.c     |   22 ++++++++++++++++++++++
 src/ngircd/conf.h     |    4 ++++
 src/ngircd/conn-ssl.c |    4 +++-
 3 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/src/ngircd/conf.c b/src/ngircd/conf.c
index d5a28bd..929ab05 100644
--- a/src/ngircd/conf.c
+++ b/src/ngircd/conf.c
@@ -110,6 +110,28 @@ ConfSSL_Init(void)
 }
/**
+ * Check if the current configuration uses/requires SSL.
+ *
+ * @returns true if SSL is used and should be initialized.
+ */
+GLOBAL bool
+Conf_SSLInUse(void)
+{
+	int i;
+
+	/* SSL listen ports configured? */
+	if (array_bytes(&Conf_SSLOptions.ListenPorts))
+		return true;
+
+	for (i = 0; i < MAX_SERVERS; i++) {
+		if (Conf_Server[i].port > 0
+		    && Conf_Server[i].SSLConnect)
+			return true;
+	}
+	return false;
+}
+
+/**
  * Make sure that a configured file is readable.
  *
  * Currently, this function is only used for SSL-related options ...
diff --git a/src/ngircd/conf.h b/src/ngircd/conf.h
index ac42746..c203b57 100644
--- a/src/ngircd/conf.h
+++ b/src/ngircd/conf.h
@@ -256,6 +256,10 @@ GLOBAL bool Conf_AddServer PARAMS(( const char *Name, UINT16 Port, const char *H
 GLOBAL bool Conf_NickIsService PARAMS((int ConfServer, const char *Nick));
 GLOBAL bool Conf_NickIsBlocked PARAMS((const char *Nick));
+#ifdef SSL_SUPPORT
+GLOBAL bool Conf_SSLInUse PARAMS((void));
+#endif
+
 /* Password required by WEBIRC command */
 GLOBAL char Conf_WebircPwd[CLIENT_PASS_LEN];
diff --git a/src/ngircd/conn-ssl.c b/src/ngircd/conn-ssl.c
index 59729e0..45e6458 100644
--- a/src/ngircd/conn-ssl.c
+++ b/src/ngircd/conn-ssl.c
@@ -241,8 +241,10 @@ void ConnSSL_Free(CONNECTION *c)
 bool
 ConnSSL_InitLibrary( void )
 {
-	if (!array_bytes(&Conf_SSLOptions.ListenPorts))
+	if (!Conf_SSLInUse()) {
+		LogDebug("SSL not in use, skipping initialization.");
    	return true;
+	}
#ifdef HAVE_LIBSSL
    SSL_CTX *newctx;

    