Reuse old SSL key if loading a new one failed
authormichi <michi+ngircd@dataswamp.org>
Fri, 14 Feb 2020 12:44:10 +0000 (12:44 +0000)
committerAlexander Barton <alex@barton.de>
Sat, 15 Feb 2020 13:47:20 +0000 (14:47 +0100)
src/ngircd/conn-ssl.c
src/ngircd/sighandlers.c

index ba47e513603b69aba08f2b7cf25f6c20a1ad4555..3f482dc7ff60263ce40822d41d20c4a7b345e409 100644 (file)
@@ -311,8 +311,18 @@ ConnSSL_InitLibrary( void )
                return false;
        }
 
-       if (!ConnSSL_LoadServerKey_openssl(newctx))
+       if (!ConnSSL_LoadServerKey_openssl(newctx)) {
+               /* Failed to read new key but an old ssl context
+                * already exists -> reuse old context */
+               if (ssl_ctx) {
+                       SSL_CTX_free(newctx);
+                       Log(LOG_WARNING,
+                       "Re-Initializing of SSL failed, using old keys!");
+                       return true;
+               }
+               /* No preexisting old context -> error. */
                goto out;
+       }
 
        if (SSL_CTX_set_cipher_list(newctx, Conf_SSLOptions.CipherList) == 0) {
                Log(LOG_ERR, "Failed to apply OpenSSL cipher list \"%s\"!",
index f7ae4f45708084f04a375f9482a2ad3913f36d97..8275123e6acd433a555f4e130a11faa10205ab47 100644 (file)
@@ -132,7 +132,7 @@ Rehash(void)
 
        if (!ConnSSL_InitLibrary())
                Log(LOG_WARNING,
-                   "Re-Initializing of SSL failed, using old keys!");
+                   "Re-Initializing of SSL failed!");
 
        /* Start listening on sockets */
        Conn_InitListeners( );