On Fri, Oct 02, 2020 at 02:04:15AM +1000, Joshua Sing wrote: > Hello there, I was adding a site to httpd when I experienced a bug that > would cause httpd to crash whenever someone accessed the site while the TLS > cert of the first server entry was missing. > > Steps to reproduce: (httpd.conf provided at bottom of email) > - Have a server entry at the top of the httpd.conf file with the TLS > certificate missing. > - Second server entry below the first one with a valid TLS certificate and > key. > - Visit the server on HTTPS. > > The crash occurs because the server is listening on port 443 without setting > up the TLS context first. > > The cleanest fix is to move the handling of missing certificates to the > configuration parser. > > See attachment for the diff to fix this bug (this also reverts r1.117 of > server.c which is no longer neccessary).
Nice. This makes sense and looks like a superior approach for solving the acme issue from r1.117. The diff is against 6.7-stable, so the parse.y part has some offset, but it applies and works as intended. Please make sure that you send diffs against -current. ok tb (the s/setup/accept tweak is unrelated and should probably be committed separately).
