X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd-alex.git;a=blobdiff_plain;f=src%2Fngircd%2Fconn-ssl.c;h=45e6458a19d5805d48b13a11f27c639cd3ee3963;hp=8f7b70afccb0e310793013e0f53ee5f38522a614;hb=a14eb495b75c8c2a2a32ddb6eecf50dc174f811c;hpb=a072180c9262f8a1c6bba6b8f0613bccc2863f48

diff --git a/src/ngircd/conn-ssl.c b/src/ngircd/conn-ssl.c
index 8f7b70af..45e6458a 100644
--- a/src/ngircd/conn-ssl.c
+++ b/src/ngircd/conn-ssl.c
@@ -156,7 +156,7 @@ Load_DH_params(void)
 	bool ret = true;
 
 	if (!Conf_SSLOptions.DHFile) {
-		Log(LOG_NOTICE, "Configuration option \"SSLDHFile\" not set!");
+		Log(LOG_NOTICE, "Configuration option \"DHFile\" not set!");
 		return false;
 	}
 	fp = fopen(Conf_SSLOptions.DHFile, "r");
@@ -201,7 +201,7 @@ Load_DH_params(void)
 	}
 	if (need_dhgenerate) {
 		Log(LOG_WARNING,
-		    "SSLDHFile not set, generating %u bit DH parameters. This may take a while ...",
+		    "DHFile not set, generating %u bit DH parameters. This may take a while ...",
 		    DH_BITS);
 		err = gnutls_dh_params_generate2(tmp_dh_params, DH_BITS);
 		if (err < 0) {
@@ -241,6 +241,11 @@ void ConnSSL_Free(CONNECTION *c)
 bool
 ConnSSL_InitLibrary( void )
 {
+	if (!Conf_SSLInUse()) {
+		LogDebug("SSL not in use, skipping initialization.");
+		return true;
+	}
+
 #ifdef HAVE_LIBSSL
 	SSL_CTX *newctx;
 
@@ -256,12 +261,14 @@ ConnSSL_InitLibrary( void )
 		 * According to OpenSSL RAND_egd(3): "The automatic query of /var/run/egd-pool et al was added in OpenSSL 0.9.7";
 		 * so it makes little sense to deal with PRNGD seeding ourselves.
 		 */
+		array_free(&Conf_SSLOptions.ListenPorts);
 		return false;
 	}
 
 	newctx = SSL_CTX_new(SSLv23_method());
 	if (!newctx) {
 		LogOpenSSLError("SSL_CTX_new()", NULL);
+		array_free(&Conf_SSLOptions.ListenPorts);
 		return false;
 	}
 
@@ -276,6 +283,7 @@ ConnSSL_InitLibrary( void )
 	return true;
 out:
 	SSL_CTX_free(newctx);
+	array_free(&Conf_SSLOptions.ListenPorts);
 	return false;
 #endif
 #ifdef HAVE_LIBGNUTLS
@@ -287,10 +295,13 @@ out:
 	err = gnutls_global_init();
 	if (err) {
 		Log(LOG_ERR, "gnutls_global_init(): %s", gnutls_strerror(err));
+		array_free(&Conf_SSLOptions.ListenPorts);
 		return false;
 	}
-	if (!ConnSSL_LoadServerKey_gnutls())
+	if (!ConnSSL_LoadServerKey_gnutls()) {
+		array_free(&Conf_SSLOptions.ListenPorts);
 		return false;
+	}
 	Log(LOG_INFO, "gnutls %s initialized.", gnutls_check_version(NULL));
 	initialized = true;
 	return true;
@@ -313,7 +324,7 @@ ConnSSL_LoadServerKey_gnutls(void)
 
 	cert_file = Conf_SSLOptions.CertFile ? Conf_SSLOptions.CertFile:Conf_SSLOptions.KeyFile;
 	if (!cert_file) {
-		Log(LOG_NOTICE, "No SSL server key configured, SSL disabled.");
+		Log(LOG_ERR, "No SSL server key configured!");
 		return false;
 	}
 
@@ -344,7 +355,7 @@ ConnSSL_LoadServerKey_openssl(SSL_CTX *ctx)
 
 	assert(ctx);
 	if (!Conf_SSLOptions.KeyFile) {
-		Log(LOG_NOTICE, "No SSL server key configured, SSL disabled.");
+		Log(LOG_ERR, "No SSL server key configured!");
 		return false;
 	}
 
@@ -714,6 +725,13 @@ ConnSSL_GetCipherInfo(CONNECTION *c, char *buf, size_t len)
 #endif
 }
 
+#else
+
+bool
+ConnSSL_InitLibrary(void)
+{
+	return true;
+}
 
 #endif /* SSL_SUPPORT */
 /* -eof- */