bip/bip
bip
/
bip
3
0
Fork 1
Code Issues Pull Requests 2 Releases Activity

SSL: 

- fix checking of PEM file
This commit is contained in:
Loc Gomez 2008-01-08 00:09:16 +01:00
parent c10061172c
commit 517cda4946
1 changed files with 13 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
src/bip.c
View File

@ -850,22 +850,24 @@ static int validate_config(bip_t *bip)
int e, fd;
struct stat fs;
e = stat(conf_ssl_certfile, &fs);
if (e)
mylog(LOG_WARN, "Unable to check PEM file is ok "
"stat(): %s", strerror(errno));
else if (!fs.st_ino)
conf_die(bip, "Inexistent PEM file %s", conf_ssl_certfile);
else if ( (fs.st_mode & S_IROTH) | (fs.st_mode & S_IWOTH) )
conf_die(bip, "PEM file %s should not be world readable / "
"writable. Please fix the modes.",
conf_ssl_certfile);
if ( (fd = open(conf_ssl_certfile, O_RDONLY)) == -1) {
conf_die(bip, "Unable to open PEM file %s for reading",
conf_ssl_certfile);
return 0;
}
close(fd);
e = stat(conf_ssl_certfile, &fs);
if (e) {
mylog(LOG_WARN, "Unable to check PEM file, stat(%s): "
"%s", conf_ssl_certfile, strerror(errno));
} else if ( (fs.st_mode & S_IROTH) | (fs.st_mode & S_IWOTH) ) {
conf_die(bip, "PEM file %s should not be world readable / "
"writable. Please fix the modes.",
conf_ssl_certfile);
return 0;
}
}
if (strstr(conf_log_format, "%u") == NULL)