From: Alexander Barton Date: Mon, 7 Jan 2013 17:42:57 +0000 (+0100) Subject: Correctly detect when SSL subsystem must be initialized X-Git-Tag: rel-21-rc1~159 X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd-alex.git;a=commitdiff_plain;h=ab009976984ede815c31c9a6b318c80006823b81 Correctly detect when SSL subsystem must be initialized This patch introduces the new function Conf_SSLInUse() to check when the current server configuration requires the SSL subsystem to be initialized and accounts incoming as well as outgoing connections -- so this fixes commit bb20aeb9 ("Initialize SSL when needed only, and disable SSL on errors") which only handled the inbound case ... Tested-by: Brett Smith --- diff --git a/src/ngircd/conf.c b/src/ngircd/conf.c index d5a28bd7..929ab054 100644 --- a/src/ngircd/conf.c +++ b/src/ngircd/conf.c @@ -109,6 +109,28 @@ ConfSSL_Init(void) array_free(&Conf_SSLOptions.ListenPorts); } +/** + * Check if the current configuration uses/requires SSL. + * + * @returns true if SSL is used and should be initialized. + */ +GLOBAL bool +Conf_SSLInUse(void) +{ + int i; + + /* SSL listen ports configured? */ + if (array_bytes(&Conf_SSLOptions.ListenPorts)) + return true; + + for (i = 0; i < MAX_SERVERS; i++) { + if (Conf_Server[i].port > 0 + && Conf_Server[i].SSLConnect) + return true; + } + return false; +} + /** * Make sure that a configured file is readable. * diff --git a/src/ngircd/conf.h b/src/ngircd/conf.h index ac42746c..c203b570 100644 --- a/src/ngircd/conf.h +++ b/src/ngircd/conf.h @@ -256,6 +256,10 @@ GLOBAL bool Conf_AddServer PARAMS(( const char *Name, UINT16 Port, const char *H GLOBAL bool Conf_NickIsService PARAMS((int ConfServer, const char *Nick)); GLOBAL bool Conf_NickIsBlocked PARAMS((const char *Nick)); +#ifdef SSL_SUPPORT +GLOBAL bool Conf_SSLInUse PARAMS((void)); +#endif + /* Password required by WEBIRC command */ GLOBAL char Conf_WebircPwd[CLIENT_PASS_LEN]; diff --git a/src/ngircd/conn-ssl.c b/src/ngircd/conn-ssl.c index 59729e04..45e6458a 100644 --- a/src/ngircd/conn-ssl.c +++ b/src/ngircd/conn-ssl.c @@ -241,8 +241,10 @@ void ConnSSL_Free(CONNECTION *c) bool ConnSSL_InitLibrary( void ) { - if (!array_bytes(&Conf_SSLOptions.ListenPorts)) + if (!Conf_SSLInUse()) { + LogDebug("SSL not in use, skipping initialization."); return true; + } #ifdef HAVE_LIBSSL SSL_CTX *newctx;