diff options
| -rw-r--r-- | ChangeLog | 1 | ||||
| -rw-r--r-- | runtime/nsd_gtls.c | 7 | ||||
| -rw-r--r-- | runtime/rsyslog.h | 3 | ||||
| -rw-r--r-- | tcpsrv.c | 2 |
4 files changed, 11 insertions, 2 deletions
@@ -1,5 +1,6 @@ --------------------------------------------------------------------------- Version 7.4.5 [v7.4-stable] 2013-09-?? +- bugfix: segfault on startup if TLS was used but no CA cert set - bugfix: some more build problems with newer json-c versions Thanks to Michael Biebl for mentioning the problem. - bugfix: build system: libgcrypt.h needed even if libgrcypt was disabled diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c index 6ef4feba..c5a81664 100644 --- a/runtime/nsd_gtls.c +++ b/runtime/nsd_gtls.c @@ -2,7 +2,7 @@ * * An implementation of the nsd interface for GnuTLS. * - * Copyright (C) 2007, 2008 Rainer Gerhards and Adiscon GmbH. + * Copyright (C) 2007-2013 Rainer Gerhards and Adiscon GmbH. * * This file is part of the rsyslog runtime library. * @@ -580,6 +580,11 @@ gtlsGlblInit(void) /* sets the trusted cas file */ cafile = glbl.GetDfltNetstrmDrvrCAF(); + if(cafile == NULL) { + errmsg.LogError(0, RS_RET_CA_CERT_MISSING, "error: ca certificate is not set, cannot " + "continue"); + ABORT_FINALIZE(RS_RET_CA_CERT_MISSING); + } dbgprintf("GTLS CA file: '%s'\n", cafile); gnuRet = gnutls_certificate_set_x509_trust_file(xcred, (char*)cafile, GNUTLS_X509_FMT_PEM); if(gnuRet < 0) { diff --git a/runtime/rsyslog.h b/runtime/rsyslog.h index 47b34783..28b75ee4 100644 --- a/runtime/rsyslog.h +++ b/runtime/rsyslog.h @@ -3,7 +3,7 @@ * * Begun 2005-09-15 RGerhards * - * Copyright (C) 2005-2008 by Rainer Gerhards and Adiscon GmbH + * Copyright (C) 2005-2013 by Rainer Gerhards and Adiscon GmbH * * This file is part of the rsyslog runtime library. * @@ -413,6 +413,7 @@ enum rsRetVal_ /** return value. All methods return this if not specified oth RS_RET_CRY_INVLD_ALGO = -2326,/**< user specified invalid (unkonwn) crypto algorithm */ RS_RET_CRY_INVLD_MODE = -2327,/**< user specified invalid (unkonwn) crypto mode */ RS_RET_QUEUE_DISK_NO_FN = -2328,/**< disk queue configured, but filename not set */ + RS_RET_CA_CERT_MISSING = -2329,/**< a CA cert is missing where one is required (e.g. TLS) */ /* RainerScript error messages (range 1000.. 1999) */ RS_RET_SYSVAR_NOT_FOUND = 1001, /**< system variable could not be found (maybe misspelled) */ @@ -948,6 +948,8 @@ finalize_it: if(iRet != RS_RET_OK) { if(pThis->pNS != NULL) netstrms.Destruct(&pThis->pNS); + errmsg.LogError(0, iRet, "tcpsrv could not create listener (inputname: '%s')", + (pThis->pszInputName == NULL) ? (uchar*)"*UNSET*" : pThis->pszInputName); } RETiRet; } |