GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 08:46:58 +08:00
Code Issues Packages Projects Releases Wiki Activity

Added sanity check on certificate and key reading.

Browse Source
This commit is contained in:
Nikos Mavrogiannopoulos
2013-03-06 23:46:41 +01:00
parent f828de76b4
commit 67c6f0f4d5
1 changed files with 8 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/tlslib.c
View File

@@ -374,11 +374,15 @@ const char* perr;
gnutls_certificate_set_pin_function (s->creds.xcred, pin_callback, &s->creds);
if (s->config->key != NULL && strncmp(s->config->key, "pkcs11:", 7) != 0) {
if (s->config->key == NULL || s->config->cert == NULL) {
mslog(s, NULL, LOG_ERR, "no certificate or key files were specified.\n");
exit(1);
}
if (strncmp(s->config->key, "pkcs11:", 7) != 0) {
ret =
gnutls_certificate_set_x509_key_file(s->creds.xcred, s->config->cert,
s->config->key,
GNUTLS_X509_FMT_PEM);
s->config->key, GNUTLS_X509_FMT_PEM);
if (ret < 0) {
mslog(s, NULL, LOG_ERR, "error setting the certificate (%s) or key (%s) files: %s\n",
s->config->cert, s->config->key, gnutls_strerror(ret));
@@ -443,7 +447,7 @@ int ret;
/* when we have PKCS #11 keys we cannot open them and then fork(), we need
* to open them at the process they are going to be used. */
if (ws->config->key != NULL && strncmp(ws->config->key, "pkcs11:", 7) == 0) {
if (strncmp(ws->config->key, "pkcs11:", 7) == 0) {
ret = gnutls_pkcs11_reinit();
if (ret < 0) {
oclog(ws, LOG_ERR, "could not reinitialize PKCS #11 subsystem: %s\n",