Changeset: da183548dbff for MonetDB URL: https://dev.monetdb.org/hg/MonetDB/rev/da183548dbff Modified Files: tools/merovingian/daemon/client.c Branch: smapi Log Message:
Actually use the use_tls property If it is set to true, but the certificate and the key have not been configured it is an error and the daemon should refuse to start (currently it aborts). diffs (47 lines): diff --git a/tools/merovingian/daemon/client.c b/tools/merovingian/daemon/client.c --- a/tools/merovingian/daemon/client.c +++ b/tools/merovingian/daemon/client.c @@ -86,7 +86,9 @@ handleClient(void *data) free(data); #ifdef HAVE_OPENSSL char *ct_fname, *kp_fname; - bool use_tls = false; + kv = findConfKey(_mero_props, "use_tls"); + bool use_tls_prop = (bool)kv->ival; + bool tls_configured = false; kv = findConfKey(_mero_props, "tls_cert"); if (kv != NULL) { @@ -95,13 +97,18 @@ handleClient(void *data) kv = findConfKey(_mero_props, "tls_key"); if (kv != NULL) { kp_fname = strdup(kv->val); - use_tls = true; + tls_configured = true; } } - if (use_tls) { - fdin = open_tls_server_stream(sock, "merovingian<-client (tls read)", NULL, kp_fname, ct_fname); - free(kp_fname); - free(ct_fname); + if (use_tls_prop) { + if (tls_configured) { + fdin = open_tls_server_stream(sock, "merovingian<-client (tls read)", NULL, kp_fname, ct_fname); + free(kp_fname); + free(ct_fname); + } else { + // Error, refuse to start? Should have been handled earlier? + abort(); + } } else { fdin = socket_rstream(sock, "merovingian<-client (read)"); @@ -120,7 +127,7 @@ handleClient(void *data) * read write. On the other hand openssl has * one object (BIO) that handles both directions. */ - if (use_tls) { + if (use_tls_prop) { fout = open_tls_server_stream(sock, "merovingian->client (tls write)", fdin, NULL, NULL); } else { _______________________________________________ checkin-list mailing list -- checkin-list@monetdb.org To unsubscribe send an email to checkin-list-le...@monetdb.org