Only generate CSR if it is determined that we will

need it in the next step to generate a self-signed
certificate.

diff --git a/citadel/modules/crypto/serv_crypto.c b/citadel/modules/crypto/serv_crypto.c
index a9dd5934bc58e357ad62878c3edc20b263462d53..820153126fceef45b3d7170b58e28f6631ff95f6 100644 (file)
--- a/citadel/modules/crypto/serv_crypto.c
+++ b/citadel/modules/crypto/serv_crypto.c
@@ -198,9 +198,11 @@ void init_ssl(void)
        }
 
        /*
-        * Generate a CSR if we don't have one.
+        * If there is no certificate file on disk, we will be generating a self-signed certificate
+        * in the next step.  Therefore, if we have neither a CSR nor a certificate, generate
+        * the CSR in this step so that the next step may commence.
         */
-       if (access(file_crpt_file_csr, R_OK) != 0) {
+       if ( (access(file_crpt_file_cer, R_OK) != 0) && (access(file_crpt_file_csr, R_OK) != 0) ) {
                lprintf(CTDL_INFO, "Generating a certificate signing request.\n");
 
                /*

diff --git a/webcit/crypto.c b/webcit/crypto.c
index 1515ff39762e4a195f00d1435947dd4151d00acf..76c80d4de8df5aad59ab963bc62c7e4208655a6c 100644 (file)
--- a/webcit/crypto.c
+++ b/webcit/crypto.c
@@ -152,10 +152,12 @@ void init_ssl(void)
                }
        }
 
-       /**
-        * Generate a CSR if we don't have one.
+       /*
+        * If there is no certificate file on disk, we will be generating a self-signed certificate
+        * in the next step.  Therefore, if we have neither a CSR nor a certificate, generate
+        * the CSR in this step so that the next step may commence.
         */
-       if (access(CTDL_CSR_PATH, R_OK) != 0) {
+       if ( (access(CTDL_CER_PATH, R_OK) != 0) && (access(CTDL_CSR_PATH, R_OK) != 0) ) {
                lprintf(5, "Generating a certificate signing request.\n");
 
                /**