repo: ngircd
action: commit
revision: 
path_from: 
revision_from: affa03b277bb479c050f2d6967ae410e49e0d2ac:
path_to: 
revision_to: 

commit affa03b277bb479c050f2d6967ae410e49e0d2ac
Author: Florian Westphal 
Date:   Sun Sep 20 20:43:12 2009 +0200

    configtest: complain when ssl keys are not readable

diff --git a/src/ngircd/conf.c b/src/ngircd/conf.c

--- a/src/ngircd/conf.c
+++ b/src/ngircd/conf.c
@@ -95,19 +95,42 @@ ConfSSL_Init(void)
 	array_free_wipe(&Conf_SSLOptions.KeyFilePassword);
 }

+static bool
+can_open(const char *name, const char *file)
+{
+	FILE *fp = fopen(file, "r");
+	if (fp)
+		fclose(fp);
+	else
+		fprintf(stderr, "ERROR: %s \"%s\": %s\n",
+			name, file, strerror(errno));
+	return fp != NULL;
+}

-static void
+static bool
 ConfSSL_Puts(void)
 {
-	if (Conf_SSLOptions.KeyFile)
+	bool ret = true;
+
+	if (Conf_SSLOptions.KeyFile) {
 		printf( "  SSLKeyFile = %s\n", Conf_SSLOptions.KeyFile);
-	if (Conf_SSLOptions.CertFile)
+		ret = can_open("SSLKeyFile", Conf_SSLOptions.KeyFile);
+	}
+	if (Conf_SSLOptions.CertFile) {
 		printf( "  SSLCertFile = %s\n", Conf_SSLOptions.CertFile);
-	if (Conf_SSLOptions.DHFile)
+		if (!can_open("SSLCertFile", Conf_SSLOptions.CertFile))
+			ret = false;
+	}
+	if (Conf_SSLOptions.DHFile) {
 		printf( "  SSLDHFile = %s\n", Conf_SSLOptions.DHFile);
+		if (!can_open("SSLDHFile", Conf_SSLOptions.DHFile))
+			ret = false;
+	}
 	if (array_bytes(&Conf_SSLOptions.KeyFilePassword))
 		puts("  SSLKeyFilePassword = "  );
 	array_free_wipe(&Conf_SSLOptions.KeyFilePassword);
+
+	return ret;
 }
 #endif

@@ -245,7 +268,8 @@ Conf_Test( void )
 #ifdef SSL_SUPPORT
 	fputs("  SSLPorts = ", stdout);
 	ports_puts(&Conf_SSLOptions.ListenPorts);
-	ConfSSL_Puts();
+	if (!ConfSSL_Puts())
+		config_valid = false;
 #endif

 	pwd = getpwuid( Conf_UID );

-----END OF PAGE-----