From 4d97f4ebcdc80718a54adbb5aecc4d9fa21b8aac Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lo=EFc=20Gomez?= <opensource@kyoshiro.org>
Date: Mon, 7 Jan 2008 23:46:29 +0100
Subject: [PATCH] SSL: check for client_side_ssl_pem file to be present

---
 src/bip.c | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/src/bip.c b/src/bip.c
index 5769b18..60a21a5 100644
--- a/src/bip.c
+++ b/src/bip.c
@@ -20,6 +20,9 @@
 #include <string.h>
 #include <sys/time.h>
 #include <sys/resource.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
 #include "irc.h"
 #include "conf.h"
 #include "tuple.h"
@@ -843,6 +846,28 @@ static int validate_config(bip_t *bip)
 		}
 	}
 
+	if (conf_css && conf_ssl_certfile) {
+		int e, fd;
+		struct stat fs;
+
+		e = stat(conf_ssl_certfile, &fs);
+		if (e)
+			mylog(LOG_WARN, "Unable to check PEM file is ok "
+				"stat(): %s", strerror(errno));
+		else if (!fs.st_ino)
+			conf_die(bip, "Inexistent PEM file %s", conf_ssl_certfile);
+		else if ( (fs.st_mode & S_IROTH) | (fs.st_mode & S_IWOTH) )
+			conf_die(bip, "PEM file %s should not be world readable / "
+				"writable. Please fix the modes.",
+				conf_ssl_certfile);
+		
+		if ( (fd = open(conf_ssl_certfile, O_RDONLY)) == -1) {
+			conf_die(bip, "Unable to open PEM file %s for reading",
+				conf_ssl_certfile);
+		}
+		close(fd);
+	}
+
 	if (strstr(conf_log_format, "%u") == NULL)
 		mylog(LOG_WARN, "log_format does not contain %%u, all users'"
 			" logs will be mixed !");