From eb32b16872d84103bede36a450eba2e31a6e713d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lo=EFc=20Gomez?= <opensource@kyoshiro.org>
Date: Tue, 8 Jan 2008 10:31:22 +0100
Subject: [PATCH] SSL options: - fixes - PEM file world readable is a non fatal
 error

---
 src/bip.c | 14 +++++---------
 1 file changed, 5 insertions(+), 9 deletions(-)

diff --git a/src/bip.c b/src/bip.c
index 1f5bee4..2078025 100644
--- a/src/bip.c
+++ b/src/bip.c
@@ -1258,23 +1258,19 @@ int main(int argc, char **argv)
 					"%s", conf_ssl_certfile);
 		}
 
-		if ( (fd = open(conf_ssl_certfile, O_RDONLY)) == -1) {
+		if ( (fd = open(conf_ssl_certfile, O_RDONLY)) == -1)
 			fatal("Unable to open PEM file %s for reading",
 				conf_ssl_certfile);
-			return 0;
-		}
 		close(fd);
 
 		e = stat(conf_ssl_certfile, &fs);
-		if (e) {
+		if (e)
 			mylog(LOG_WARN, "Unable to check PEM file, stat(%s): "
 				"%s", conf_ssl_certfile, strerror(errno));
-		} else if ( (fs.st_mode & S_IROTH) | (fs.st_mode & S_IWOTH) ) {
-			fatal("PEM file %s should not be world readable / "
-				"writable. Please fix the modes.",
+		else if ( (fs.st_mode & S_IROTH) | (fs.st_mode & S_IWOTH) )
+			mylog(LOG_ERROR, "PEM file %s should not be world "
+				"readable / writable. Please fix the modes.",
 				conf_ssl_certfile);
-			return 0;
-		}
 	}
 #endif