X-Git-Url: https://code.citadel.org/?a=blobdiff_plain;f=citadel%2Fmodules%2Fcrypto%2Fserv_crypto.c;h=f78c0cd856de5bbb1a15904151182be50abaa5b0;hb=30f9f1332e7dcf9d30a40768dd9c2070bc674957;hp=b0242796a87dc885984b54dd8f600359504cbbe6;hpb=3e5deac478162f48344183c3541b1dae75ffa2aa;p=citadel.git

diff --git a/citadel/modules/crypto/serv_crypto.c b/citadel/modules/crypto/serv_crypto.c
index b0242796a..f78c0cd85 100644
--- a/citadel/modules/crypto/serv_crypto.c
+++ b/citadel/modules/crypto/serv_crypto.c
@@ -54,6 +54,7 @@ void generate_key(char *keyfilename) {
 	FILE *fp;
 
 	if (access(keyfilename, R_OK) == 0) {	// Already have one.
+		syslog(LOG_INFO, "crypto: %s exists and is readable", keyfilename);
 		return;
 	}
 
@@ -107,6 +108,7 @@ void generate_certificate(char *keyfilename, char *certfilename) {
 	FILE *fp;
 
 	if (access(certfilename, R_OK) == 0) {			// already have one.
+		syslog(LOG_INFO, "crypto: %s exists and is readable", certfilename);
 		return;
 	}
 
@@ -205,7 +207,7 @@ void generate_certificate(char *keyfilename, char *certfilename) {
 
 	X509_free(certificate);
 	EVP_PKEY_free(public_key);
-	// RSA_free(private_key);				// private_key is freed by EVP_PKEY_free() above
+	// do not RSA_free(private_key); because it was freed by EVP_PKEY_free() above
 }
 
 
@@ -218,7 +220,7 @@ void bind_to_key_and_certificate(void) {
 
 	const SSL_METHOD *method = SSLv23_server_method();
 	if (!method) {
-		syslog(LOG_ERR, "crypto: TLS_server_method() failed: %s", ERR_reason_error_string(ERR_get_error()));
+		syslog(LOG_ERR, "crypto: SSLv23_server_method() failed: %s", ERR_reason_error_string(ERR_get_error()));
 		return;
 	}
 
@@ -234,10 +236,16 @@ void bind_to_key_and_certificate(void) {
 	}
 
 	syslog(LOG_DEBUG, "crypto: using certificate chain %s", file_crpt_file_cer);
-        SSL_CTX_use_certificate_chain_file(new_ctx, file_crpt_file_cer);
+        if (!SSL_CTX_use_certificate_chain_file(new_ctx, file_crpt_file_cer)) {
+		syslog(LOG_ERR, "crypto: SSL_CTX_use_certificate_chain_file failed: %s", ERR_reason_error_string(ERR_get_error()));
+		return;
+	}
 
 	syslog(LOG_DEBUG, "crypto: using private key %s", file_crpt_file_key);
-        SSL_CTX_use_PrivateKey_file(new_ctx, file_crpt_file_key, SSL_FILETYPE_PEM);
+        if (!SSL_CTX_use_PrivateKey_file(new_ctx, file_crpt_file_key, SSL_FILETYPE_PEM)) {
+		syslog(LOG_ERR, "crypto: SSL_CTX_use_PrivateKey_file failed: %s", ERR_reason_error_string(ERR_get_error()));
+		return;
+	}
 
 	old_ctx = ssl_ctx;
 	ssl_ctx = new_ctx;		// All future binds will use the new certificate
@@ -277,11 +285,8 @@ void update_key_and_cert_if_needed(void) {
 void init_ssl(void) {
 
 	// Initialize the OpenSSL library
-	SSL_load_error_strings();
-	ERR_load_crypto_strings();
-	OpenSSL_add_all_algorithms();
-	OpenSSL_add_all_ciphers();
 	SSL_library_init();
+	SSL_load_error_strings();
 
 	// Load (or generate) a key and certificate
 	mkdir(ctdl_key_dir, 0700);					// If the keys directory does not exist, create it