{Add|Del}_Ban_Invite > {Add_To|Del_From}_List(): more generic

[ngircd-alex.git] / src / ngircd / conn-ssl.c

diff --git a/src/ngircd/conn-ssl.c b/src/ngircd/conn-ssl.c
index fbf796c79ab3f41da09269abb1d615f06810eb64..ffb1b104e5f57e961565fe1c941edf8cae9b0d68 100644 (file)
--- a/src/ngircd/conn-ssl.c
+++ b/src/ngircd/conn-ssl.c
@@ -1,11 +1,15 @@
 /*
  * ngIRCd -- The Next Generation IRC Daemon
- *
- * SSL wrapper functions.
  * Copyright (c) 2005-2008 Florian Westphal <fw@strlen.de>
  */
 
 #include "portab.h"
+
+/**
+ * @file
+ * SSL wrapper functions
+ */
+
 #include "imp.h"
 #include "conf-ssl.h"
 
@@ -47,10 +51,11 @@ static bool ConnSSL_LoadServerKey_openssl PARAMS(( SSL_CTX *c ));
 #include <unistd.h>
 #include <gnutls/x509.h>
 
-#define DH_BITS 1024
+#define DH_BITS 2048
+#define DH_BITS_MIN 1024
+
 static gnutls_certificate_credentials_t x509_cred;
 static gnutls_dh_params_t dh_params;
-
 static bool ConnSSL_LoadServerKey_gnutls PARAMS(( void ));
 #endif
 
@@ -383,9 +388,10 @@ ConnSSL_Init_SSL(CONNECTION *c)
        int ret;
        assert(c != NULL);
 #ifdef HAVE_LIBSSL
-       if (!ssl_ctx)   /* NULL when library initialization failed */
+       if (!ssl_ctx) {
+               Log(LOG_ERR, "Cannot init ssl_ctx: OpenSSL initialization failed at startup");
                return false;
-
+       }
        assert(c->ssl_state.ssl == NULL);
 
        c->ssl_state.ssl = SSL_new(ssl_ctx);
@@ -406,6 +412,7 @@ ConnSSL_Init_SSL(CONNECTION *c)
        if (ret < 0) {
                Log(LOG_ERR, "gnutls_set_default_priority: %s", gnutls_strerror(ret));
                ConnSSL_Free(c);
+               return false;
        }
        /*
         * The intermediate (long) cast is here to avoid a warning like:
@@ -418,8 +425,9 @@ ConnSSL_Init_SSL(CONNECTION *c)
        if (ret < 0) {
                Log(LOG_ERR, "gnutls_credentials_set: %s", gnutls_strerror(ret));
                ConnSSL_Free(c);
+               return false;
        }
-       gnutls_dh_set_prime_bits(c->ssl_state.gnutls_session, DH_BITS);
+       gnutls_dh_set_prime_bits(c->ssl_state.gnutls_session, DH_BITS_MIN);
 #endif
        Conn_OPTION_ADD(c, CONN_SSL);
        return true;