This patch introduces the new function Conf_SSLInUse() to check when the current server configuration requires the SSL subsystem to be initialized and accounts incoming as well as outgoing connections -- so this fixes commit bb20aeb9 ("Initialize SSL when needed only, and disable SSL on errors") which only handled the inbound case ... --- src/ngircd/conf.c | 22 ++++++++++++++++++++++ src/ngircd/conf.h | 4 ++++ src/ngircd/conn-ssl.c | 4 +++- 3 files changed, 29 insertions(+), 1 deletion(-)
Hi Brett!
Could you test this patch? It should fix your first problem.
Thanks! Alex
diff --git a/src/ngircd/conf.c b/src/ngircd/conf.c index d5a28bd..929ab05 100644 --- a/src/ngircd/conf.c +++ b/src/ngircd/conf.c @@ -110,6 +110,28 @@ ConfSSL_Init(void) }
/** + * Check if the current configuration uses/requires SSL. + * + * @returns true if SSL is used and should be initialized. + */ +GLOBAL bool +Conf_SSLInUse(void) +{ + int i; + + /* SSL listen ports configured? */ + if (array_bytes(&Conf_SSLOptions.ListenPorts)) + return true; + + for (i = 0; i < MAX_SERVERS; i++) { + if (Conf_Server[i].port > 0 + && Conf_Server[i].SSLConnect) + return true; + } + return false; +} + +/** * Make sure that a configured file is readable. * * Currently, this function is only used for SSL-related options ... diff --git a/src/ngircd/conf.h b/src/ngircd/conf.h index ac42746..c203b57 100644 --- a/src/ngircd/conf.h +++ b/src/ngircd/conf.h @@ -256,6 +256,10 @@ GLOBAL bool Conf_AddServer PARAMS(( const char *Name, UINT16 Port, const char *H GLOBAL bool Conf_NickIsService PARAMS((int ConfServer, const char *Nick)); GLOBAL bool Conf_NickIsBlocked PARAMS((const char *Nick));
+#ifdef SSL_SUPPORT +GLOBAL bool Conf_SSLInUse PARAMS((void)); +#endif + /* Password required by WEBIRC command */ GLOBAL char Conf_WebircPwd[CLIENT_PASS_LEN];
diff --git a/src/ngircd/conn-ssl.c b/src/ngircd/conn-ssl.c index 59729e0..45e6458 100644 --- a/src/ngircd/conn-ssl.c +++ b/src/ngircd/conn-ssl.c @@ -241,8 +241,10 @@ void ConnSSL_Free(CONNECTION *c) bool ConnSSL_InitLibrary( void ) { - if (!array_bytes(&Conf_SSLOptions.ListenPorts)) + if (!Conf_SSLInUse()) { + LogDebug("SSL not in use, skipping initialization."); return true; + }
#ifdef HAVE_LIBSSL SSL_CTX *newctx;