SSL options:
- fixes - PEM file world readable is a non fatal error
This commit is contained in:
parent
8c0ce5efd3
commit
eb32b16872
14
src/bip.c
14
src/bip.c
@ -1258,23 +1258,19 @@ int main(int argc, char **argv)
|
|||||||
"%s", conf_ssl_certfile);
|
"%s", conf_ssl_certfile);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( (fd = open(conf_ssl_certfile, O_RDONLY)) == -1) {
|
if ( (fd = open(conf_ssl_certfile, O_RDONLY)) == -1)
|
||||||
fatal("Unable to open PEM file %s for reading",
|
fatal("Unable to open PEM file %s for reading",
|
||||||
conf_ssl_certfile);
|
conf_ssl_certfile);
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
close(fd);
|
close(fd);
|
||||||
|
|
||||||
e = stat(conf_ssl_certfile, &fs);
|
e = stat(conf_ssl_certfile, &fs);
|
||||||
if (e) {
|
if (e)
|
||||||
mylog(LOG_WARN, "Unable to check PEM file, stat(%s): "
|
mylog(LOG_WARN, "Unable to check PEM file, stat(%s): "
|
||||||
"%s", conf_ssl_certfile, strerror(errno));
|
"%s", conf_ssl_certfile, strerror(errno));
|
||||||
} else if ( (fs.st_mode & S_IROTH) | (fs.st_mode & S_IWOTH) ) {
|
else if ( (fs.st_mode & S_IROTH) | (fs.st_mode & S_IWOTH) )
|
||||||
fatal("PEM file %s should not be world readable / "
|
mylog(LOG_ERROR, "PEM file %s should not be world "
|
||||||
"writable. Please fix the modes.",
|
"readable / writable. Please fix the modes.",
|
||||||
conf_ssl_certfile);
|
conf_ssl_certfile);
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user