1
0
forked from bip/bip

SSL options:

- fixes
- PEM file world readable is a non fatal error
This commit is contained in:
Loc Gomez 2008-01-08 10:31:22 +01:00
parent 8c0ce5efd3
commit eb32b16872

View File

@ -1258,23 +1258,19 @@ int main(int argc, char **argv)
"%s", conf_ssl_certfile); "%s", conf_ssl_certfile);
} }
if ( (fd = open(conf_ssl_certfile, O_RDONLY)) == -1) { if ( (fd = open(conf_ssl_certfile, O_RDONLY)) == -1)
fatal("Unable to open PEM file %s for reading", fatal("Unable to open PEM file %s for reading",
conf_ssl_certfile); conf_ssl_certfile);
return 0;
}
close(fd); close(fd);
e = stat(conf_ssl_certfile, &fs); e = stat(conf_ssl_certfile, &fs);
if (e) { if (e)
mylog(LOG_WARN, "Unable to check PEM file, stat(%s): " mylog(LOG_WARN, "Unable to check PEM file, stat(%s): "
"%s", conf_ssl_certfile, strerror(errno)); "%s", conf_ssl_certfile, strerror(errno));
} else if ( (fs.st_mode & S_IROTH) | (fs.st_mode & S_IWOTH) ) { else if ( (fs.st_mode & S_IROTH) | (fs.st_mode & S_IWOTH) )
fatal("PEM file %s should not be world readable / " mylog(LOG_ERROR, "PEM file %s should not be world "
"writable. Please fix the modes.", "readable / writable. Please fix the modes.",
conf_ssl_certfile); conf_ssl_certfile);
return 0;
}
} }
#endif #endif