SSL:
- check PEM, last version...
This commit is contained in:
Loc Gomez
parent
517cda4946
commit
8c0ce5efd3
61
src/bip.c
61
src/bip.c
@ -846,30 +846,6 @@ static int validate_config(bip_t *bip)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (conf_css && conf_ssl_certfile) {
|
|
||||||
int e, fd;
|
|
||||||
struct stat fs;
|
|
||||||
|
|
||||||
if ( (fd = open(conf_ssl_certfile, O_RDONLY)) == -1) {
|
|
||||||
conf_die(bip, "Unable to open PEM file %s for reading",
|
|
||||||
conf_ssl_certfile);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
close(fd);
|
|
||||||
|
|
||||||
e = stat(conf_ssl_certfile, &fs);
|
|
||||||
if (e) {
|
|
||||||
mylog(LOG_WARN, "Unable to check PEM file, stat(%s): "
|
|
||||||
"%s", conf_ssl_certfile, strerror(errno));
|
|
||||||
} else if ( (fs.st_mode & S_IROTH) | (fs.st_mode & S_IWOTH) ) {
|
|
||||||
conf_die(bip, "PEM file %s should not be world readable / "
|
|
||||||
"writable. Please fix the modes.",
|
|
||||||
conf_ssl_certfile);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
if (strstr(conf_log_format, "%u") == NULL)
|
if (strstr(conf_log_format, "%u") == NULL)
|
||||||
mylog(LOG_WARN, "log_format does not contain %%u, all users'"
|
mylog(LOG_WARN, "log_format does not contain %%u, all users'"
|
||||||
" logs will be mixed !");
|
" logs will be mixed !");
|
||||||
@ -1268,14 +1244,37 @@ int main(int argc, char **argv)
|
|||||||
}
|
}
|
||||||
|
|
||||||
#ifdef HAVE_LIBSSL
|
#ifdef HAVE_LIBSSL
|
||||||
if (!conf_ssl_certfile) {
|
if (conf_css) {
|
||||||
char *ap = "/bip.pem";
|
int e, fd;
|
||||||
conf_ssl_certfile = malloc(strlen(conf_biphome) +
|
struct stat fs;
|
||||||
strlen(ap) + 1);
|
|
||||||
strcpy(conf_ssl_certfile, conf_biphome);
|
if (!conf_ssl_certfile) {
|
||||||
strcat(conf_ssl_certfile, ap);
|
char *ap = "/bip.pem";
|
||||||
mylog(LOG_INFO, "Using default SSL certificate file: %s",
|
conf_ssl_certfile = malloc(strlen(conf_biphome) +
|
||||||
|
strlen(ap) + 1);
|
||||||
|
strcpy(conf_ssl_certfile, conf_biphome);
|
||||||
|
strcat(conf_ssl_certfile, ap);
|
||||||
|
mylog(LOG_INFO, "Using default SSL certificate file: "
|
||||||
|
"%s", conf_ssl_certfile);
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( (fd = open(conf_ssl_certfile, O_RDONLY)) == -1) {
|
||||||
|
fatal("Unable to open PEM file %s for reading",
|
||||||
conf_ssl_certfile);
|
conf_ssl_certfile);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
close(fd);
|
||||||
|
|
||||||
|
e = stat(conf_ssl_certfile, &fs);
|
||||||
|
if (e) {
|
||||||
|
mylog(LOG_WARN, "Unable to check PEM file, stat(%s): "
|
||||||
|
"%s", conf_ssl_certfile, strerror(errno));
|
||||||
|
} else if ( (fs.st_mode & S_IROTH) | (fs.st_mode & S_IWOTH) ) {
|
||||||
|
fatal("PEM file %s should not be world readable / "
|
||||||
|
"writable. Please fix the modes.",
|
||||||
|
conf_ssl_certfile);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user