From 455a3523d385cf1fdf90fbc36ebc9a2edd17d1a1 Mon Sep 17 00:00:00 2001
From: Art Cancro <ajc@citadel.org>
Date: Mon, 10 Jan 2022 17:37:52 -0500
Subject: [PATCH] ANGRY SCREED WITH CAPS LOCK ON

---
 citadel/modules/crypto/serv_crypto.c | 12 ++++++++++--
 citadel/modules/crypto/serv_crypto.h |  3 +--
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/citadel/modules/crypto/serv_crypto.c b/citadel/modules/crypto/serv_crypto.c
index 16fb4f57e..56bd7cc48 100644
--- a/citadel/modules/crypto/serv_crypto.c
+++ b/citadel/modules/crypto/serv_crypto.c
@@ -54,6 +54,7 @@ void generate_key(char *keyfilename) {
 	FILE *fp;
 
 	if (access(keyfilename, R_OK) == 0) {	// Already have one.
+		syslog(LOG_INFO, "crypto: %s exists and is readable", keyfilename);
 		return;
 	}
 
@@ -107,6 +108,7 @@ void generate_certificate(char *keyfilename, char *certfilename) {
 	FILE *fp;
 
 	if (access(certfilename, R_OK) == 0) {			// already have one.
+		syslog(LOG_INFO, "crypto: %s exists and is readable", certfilename);
 		return;
 	}
 
@@ -234,10 +236,16 @@ void bind_to_key_and_certificate(void) {
 	}
 
 	syslog(LOG_DEBUG, "crypto: using certificate chain %s", file_crpt_file_cer);
-        SSL_CTX_use_certificate_chain_file(new_ctx, file_crpt_file_cer);
+        if (!SSL_CTX_use_certificate_chain_file(new_ctx, file_crpt_file_cer)) {
+		syslog(LOG_ERR, "crypto: SSL_CTX_use_certificate_chain_file failed: %s", ERR_reason_error_string(ERR_get_error()));
+		return;
+	}
 
 	syslog(LOG_DEBUG, "crypto: using private key %s", file_crpt_file_key);
-        SSL_CTX_use_PrivateKey_file(new_ctx, file_crpt_file_key, SSL_FILETYPE_PEM);
+        if (!SSL_CTX_use_PrivateKey_file(new_ctx, file_crpt_file_key, SSL_FILETYPE_PEM)) {
+		syslog(LOG_ERR, "crypto: SSL_CTX_use_PrivateKey_file failed: %s", ERR_reason_error_string(ERR_get_error()));
+		return;
+	}
 
 	old_ctx = ssl_ctx;
 	ssl_ctx = new_ctx;		// All future binds will use the new certificate
diff --git a/citadel/modules/crypto/serv_crypto.h b/citadel/modules/crypto/serv_crypto.h
index 4cef7e43b..b5ee85d53 100644
--- a/citadel/modules/crypto/serv_crypto.h
+++ b/citadel/modules/crypto/serv_crypto.h
@@ -5,8 +5,7 @@
 #define SIGN_DAYS	1100	// Just over three years
 
 // Which ciphers will be offered; see https://www.openssl.org/docs/manmaster/man1/ciphers.html
-//#define CIT_CIPHERS	"ALL:RC4+RSA:+SSLv2:+TLSv1:!MD5:@STRENGTH"
-#define CIT_CIPHERS	"DEFAULT"
+#define CIT_CIPHERS	"ALL:RC4+RSA:+SSLv2:+TLSv1:!MD5:@STRENGTH"
 
 #ifdef HAVE_OPENSSL
 #define OPENSSL_NO_KRB5		/* work around redhat b0rken ssl headers */
-- 
2.30.2