From 8c0ce5efd3a32200f54696ce84f461a6cd4192ef Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lo=EFc=20Gomez?= <opensource@kyoshiro.org>
Date: Tue, 8 Jan 2008 00:24:53 +0100
Subject: [PATCH] SSL: - check PEM, last version...

---
 src/bip.c | 61 +++++++++++++++++++++++++++----------------------------
 1 file changed, 30 insertions(+), 31 deletions(-)

diff --git a/src/bip.c b/src/bip.c
index a3d753a..1f5bee4 100644
--- a/src/bip.c
+++ b/src/bip.c
@@ -846,30 +846,6 @@ static int validate_config(bip_t *bip)
 		}
 	}
 
-	if (conf_css && conf_ssl_certfile) {
-		int e, fd;
-		struct stat fs;
-
-		if ( (fd = open(conf_ssl_certfile, O_RDONLY)) == -1) {
-			conf_die(bip, "Unable to open PEM file %s for reading",
-				conf_ssl_certfile);
-			return 0;
-		}
-		close(fd);
-
-		e = stat(conf_ssl_certfile, &fs);
-		if (e) {
-			mylog(LOG_WARN, "Unable to check PEM file, stat(%s): "
-				"%s", conf_ssl_certfile, strerror(errno));
-		} else if ( (fs.st_mode & S_IROTH) | (fs.st_mode & S_IWOTH) ) {
-			conf_die(bip, "PEM file %s should not be world readable / "
-				"writable. Please fix the modes.",
-				conf_ssl_certfile);
-			return 0;
-		}
-		
-	}
-
 	if (strstr(conf_log_format, "%u") == NULL)
 		mylog(LOG_WARN, "log_format does not contain %%u, all users'"
 			" logs will be mixed !");
@@ -1268,14 +1244,37 @@ int main(int argc, char **argv)
 	}
 
 #ifdef HAVE_LIBSSL
-	if (!conf_ssl_certfile) {
-		char *ap = "/bip.pem";
-		conf_ssl_certfile = malloc(strlen(conf_biphome) +
-				strlen(ap) + 1);
-		strcpy(conf_ssl_certfile, conf_biphome);
-		strcat(conf_ssl_certfile, ap);
-		mylog(LOG_INFO, "Using default SSL certificate file: %s",
+	if (conf_css) {
+		int e, fd;
+		struct stat fs;
+
+		if (!conf_ssl_certfile) {
+			char *ap = "/bip.pem";
+			conf_ssl_certfile = malloc(strlen(conf_biphome) +
+					strlen(ap) + 1);
+			strcpy(conf_ssl_certfile, conf_biphome);
+			strcat(conf_ssl_certfile, ap);
+			mylog(LOG_INFO, "Using default SSL certificate file: "
+					"%s", conf_ssl_certfile);
+		}
+
+		if ( (fd = open(conf_ssl_certfile, O_RDONLY)) == -1) {
+			fatal("Unable to open PEM file %s for reading",
 				conf_ssl_certfile);
+			return 0;
+		}
+		close(fd);
+
+		e = stat(conf_ssl_certfile, &fs);
+		if (e) {
+			mylog(LOG_WARN, "Unable to check PEM file, stat(%s): "
+				"%s", conf_ssl_certfile, strerror(errno));
+		} else if ( (fs.st_mode & S_IROTH) | (fs.st_mode & S_IWOTH) ) {
+			fatal("PEM file %s should not be world readable / "
+				"writable. Please fix the modes.",
+				conf_ssl_certfile);
+			return 0;
+		}
 	}
 #endif