diff options
| -rw-r--r-- | ChangeLog | 1 | ||||
| -rw-r--r-- | runtime/nsd_gtls.c | 12 | ||||
| -rw-r--r-- | runtime/rsyslog.h | 2 |
3 files changed, 14 insertions, 1 deletions
@@ -1,6 +1,7 @@ --------------------------------------------------------------------------- Version 7.4.5 [v7.4-stable] 2013-09-?? - bugfix: segfault on startup if TLS was used but no CA cert set +- bugfix: segfault on startup if TCP TLS was used but no cert or key set - bugfix: some more build problems with newer json-c versions Thanks to Michael Biebl for mentioning the problem. - bugfix: build system: libgcrypt.h needed even if libgrcypt was disabled diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c index c5a81664..1110c7a4 100644 --- a/runtime/nsd_gtls.c +++ b/runtime/nsd_gtls.c @@ -547,10 +547,20 @@ gtlsAddOurCert(void) keyFile = glbl.GetDfltNetstrmDrvrKeyFile(); dbgprintf("GTLS certificate file: '%s'\n", certFile); dbgprintf("GTLS key file: '%s'\n", keyFile); + if(certFile == NULL) { + errmsg.LogError(0, RS_RET_CERT_MISSING, "error: certificate file is not set, cannot " + "continue"); + ABORT_FINALIZE(RS_RET_CERT_MISSING); + } + if(keyFile == NULL) { + errmsg.LogError(0, RS_RET_CERTKEY_MISSING, "error: key file is not set, cannot " + "continue"); + ABORT_FINALIZE(RS_RET_CERTKEY_MISSING); + } CHKgnutls(gnutls_certificate_set_x509_key_file(xcred, (char*)certFile, (char*)keyFile, GNUTLS_X509_FMT_PEM)); finalize_it: - if(iRet != RS_RET_OK) { + if(iRet != RS_RET_OK && iRet != RS_RET_CERT_MISSING && iRet != RS_RET_CERTKEY_MISSING) { pGnuErr = gtlsStrerror(gnuRet); errno = 0; errmsg.LogError(0, iRet, "error adding our certificate. GnuTLS error %d, message: '%s', " diff --git a/runtime/rsyslog.h b/runtime/rsyslog.h index 28b75ee4..e62ba867 100644 --- a/runtime/rsyslog.h +++ b/runtime/rsyslog.h @@ -414,6 +414,8 @@ enum rsRetVal_ /** return value. All methods return this if not specified oth RS_RET_CRY_INVLD_MODE = -2327,/**< user specified invalid (unkonwn) crypto mode */ RS_RET_QUEUE_DISK_NO_FN = -2328,/**< disk queue configured, but filename not set */ RS_RET_CA_CERT_MISSING = -2329,/**< a CA cert is missing where one is required (e.g. TLS) */ + RS_RET_CERT_MISSING = -2330,/**< a cert is missing where one is required (e.g. TLS) */ + RS_RET_CERTKEY_MISSING = -2331,/**< a cert (private) key is missing where one is required (e.g. TLS) */ /* RainerScript error messages (range 1000.. 1999) */ RS_RET_SYSVAR_NOT_FOUND = 1001, /**< system variable could not be found (maybe misspelled) */ |