FILE *fp;
if (access(keyfilename, R_OK) == 0) { // Already have one.
+ syslog(LOG_INFO, "crypto: %s exists and is readable", keyfilename);
return;
}
FILE *fp;
if (access(certfilename, R_OK) == 0) { // already have one.
+ syslog(LOG_INFO, "crypto: %s exists and is readable", certfilename);
return;
}
X509_free(certificate);
EVP_PKEY_free(public_key);
- // RSA_free(private_key); // private_key is freed by EVP_PKEY_free() above
+ // do not RSA_free(private_key); because it was freed by EVP_PKEY_free() above
}
const SSL_METHOD *method = SSLv23_server_method();
if (!method) {
- syslog(LOG_ERR, "crypto: TLS_server_method() failed: %s", ERR_reason_error_string(ERR_get_error()));
+ syslog(LOG_ERR, "crypto: SSLv23_server_method() failed: %s", ERR_reason_error_string(ERR_get_error()));
return;
}
}
syslog(LOG_DEBUG, "crypto: using certificate chain %s", file_crpt_file_cer);
- SSL_CTX_use_certificate_chain_file(new_ctx, file_crpt_file_cer);
+ if (!SSL_CTX_use_certificate_chain_file(new_ctx, file_crpt_file_cer)) {
+ syslog(LOG_ERR, "crypto: SSL_CTX_use_certificate_chain_file failed: %s", ERR_reason_error_string(ERR_get_error()));
+ return;
+ }
syslog(LOG_DEBUG, "crypto: using private key %s", file_crpt_file_key);
- SSL_CTX_use_PrivateKey_file(new_ctx, file_crpt_file_key, SSL_FILETYPE_PEM);
+ if (!SSL_CTX_use_PrivateKey_file(new_ctx, file_crpt_file_key, SSL_FILETYPE_PEM)) {
+ syslog(LOG_ERR, "crypto: SSL_CTX_use_PrivateKey_file failed: %s", ERR_reason_error_string(ERR_get_error()));
+ return;
+ }
old_ctx = ssl_ctx;
ssl_ctx = new_ctx; // All future binds will use the new certificate
void init_ssl(void) {
// Initialize the OpenSSL library
- SSL_load_error_strings();
- ERR_load_crypto_strings();
- OpenSSL_add_all_algorithms();
- OpenSSL_add_all_ciphers();
SSL_library_init();
+ SSL_load_error_strings();
// Load (or generate) a key and certificate
mkdir(ctdl_key_dir, 0700); // If the keys directory does not exist, create it