ssl_ctx = SSL_CTX_new(SSLv23_server_method()) instead of using a temporary variable...

[citadel.git] / webcit / crypto.c

diff --git a/webcit/crypto.c b/webcit/crypto.c
index d0804beaf1ec9a661d658bc203f70289fb568671..971d1e06bf0a2c0d3080ef0430b10aace51c9360 100644 (file)
--- a/webcit/crypto.c
+++ b/webcit/crypto.c
@@ -50,7 +50,6 @@ void bind_to_key_and_certificate(void) {
 
 // initialize ssl engine, load certs and initialize openssl internals
 void init_ssl(void) {
-       const SSL_METHOD *ssl_method;
 
 #ifndef OPENSSL_NO_EGD
        if (!access("/var/run/egd-pool", F_OK)) {
@@ -66,8 +65,7 @@ void init_ssl(void) {
        // Initialize SSL transport layer
        SSL_library_init();
        SSL_load_error_strings();
-       ssl_method = SSLv23_server_method();
-       if (!(ssl_ctx = SSL_CTX_new(ssl_method))) {
+       if (!(ssl_ctx = SSL_CTX_new(SSLv23_server_method()))) {
                syslog(LOG_WARNING, "SSL_CTX_new failed: %s", ERR_reason_error_string(ERR_get_error()));
                return;
        }
@@ -84,9 +82,9 @@ void init_ssl(void) {
 }
 
 
-// Check the modification time of the key and certificate -- reload if they changed
+// Check the modification time of the key and certificate -- reload if either one changed
 void update_key_and_cert_if_needed(void) {
-       static time_t cert_mtime = 0;
+       static time_t previous_mtime = 0;
        struct stat keystat;
        struct stat certstat;
 
@@ -99,9 +97,9 @@ void update_key_and_cert_if_needed(void) {
                return;
        }
 
-       if ((keystat.st_mtime > cert_mtime) || (certstat.st_mtime > cert_mtime)) {
+       if ((keystat.st_mtime + certstat.st_mtime) != previous_mtime) {
                bind_to_key_and_certificate();
-               cert_mtime = certstat.st_mtime;
+               previous_mtime = keystat.st_mtime + certstat.st_mtime;
        }
 }