Changeset: da183548dbff for MonetDB
URL: https://dev.monetdb.org/hg/MonetDB/rev/da183548dbff
Modified Files:
tools/merovingian/daemon/client.c
Branch: smapi
Log Message:
Actually use the use_tls property
If it is set to true, but the certificate and the key have not been configured
it is an error and the daemon should refuse to start (currently it aborts).
diffs (47 lines):
diff --git a/tools/merovingian/daemon/client.c
b/tools/merovingian/daemon/client.c
--- a/tools/merovingian/daemon/client.c
+++ b/tools/merovingian/daemon/client.c
@@ -86,7 +86,9 @@ handleClient(void *data)
free(data);
#ifdef HAVE_OPENSSL
char *ct_fname, *kp_fname;
- bool use_tls = false;
+ kv = findConfKey(_mero_props, "use_tls");
+ bool use_tls_prop = (bool)kv->ival;
+ bool tls_configured = false;
kv = findConfKey(_mero_props, "tls_cert");
if (kv != NULL) {
@@ -95,13 +97,18 @@ handleClient(void *data)
kv = findConfKey(_mero_props, "tls_key");
if (kv != NULL) {
kp_fname = strdup(kv->val);
- use_tls = true;
+ tls_configured = true;
}
}
- if (use_tls) {
- fdin = open_tls_server_stream(sock, "merovingian<-client (tls
read)", NULL, kp_fname, ct_fname);
- free(kp_fname);
- free(ct_fname);
+ if (use_tls_prop) {
+ if (tls_configured) {
+ fdin = open_tls_server_stream(sock,
"merovingian<-client (tls read)", NULL, kp_fname, ct_fname);
+ free(kp_fname);
+ free(ct_fname);
+ } else {
+ // Error, refuse to start? Should have been handled
earlier?
+ abort();
+ }
}
else {
fdin = socket_rstream(sock, "merovingian<-client (read)");
@@ -120,7 +127,7 @@ handleClient(void *data)
* read write. On the other hand openssl has
* one object (BIO) that handles both directions.
*/
- if (use_tls) {
+ if (use_tls_prop) {
fout = open_tls_server_stream(sock, "merovingian->client (tls
write)", fdin, NULL, NULL);
}
else {
_______________________________________________
checkin-list mailing list -- checkin-list@monetdb.org
To unsubscribe send an email to checkin-list-le...@monetdb.org
