1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-02 23:03:14 +02:00

Make error shorter if TLS cert or key are missing (1 line instead of 4)

and also give some guidance if the default cert/key is missing (make pem).

(A word on Let's Encrypt will be handled later / differently)
This commit is contained in:
Bram Matthys
2025-07-04 09:03:32 +02:00
parent d81817622a
commit fc835a26f0
+33
View File
@@ -313,6 +313,28 @@ SSL_CTX *init_ctx(TLSOptions *tlsoptions, int server)
#endif
SSL_CTX_set_options(ctx, SSL_OP_NO_TICKET);
/* Let's first check the simple case of file exist. That's because the
* SSL_CTX_use_certificate_chain_file() later on works but produces like
* four lines of output, which is a bit verbose for such a simple case.
*/
if (!file_exists(tlsoptions->certificate_file))
{
int saved_errno = errno;
unreal_log(ULOG_ERROR, "config", "TLS_LOAD_FAILED", NULL,
"Could not open TLS certificate $filename: $system_error",
log_data_string("filename", tlsoptions->certificate_file),
log_data_string("system_error", strerror(saved_errno)));
if (str_ends_with_case_sensitive(tlsoptions->certificate_file, "tls/server.cert.pem"))
{
unreal_log(ULOG_ERROR, "config", "TLS_LOAD_FAILED_DEFAULT_CERT", NULL,
"It seems the default certificate is missing. "
"Run 'make pem && make install' in the UnrealIRCd source directory "
"to generate a self-signed cert.");
}
goto fail;
}
if (SSL_CTX_use_certificate_chain_file(ctx, tlsoptions->certificate_file) <= 0)
{
unreal_log(ULOG_ERROR, "config", "TLS_LOAD_FAILED", NULL,
@@ -322,6 +344,17 @@ SSL_CTX *init_ctx(TLSOptions *tlsoptions, int server)
goto fail;
}
/* Let's first check the simple case of file exist - this time for key file. */
if (!file_exists(tlsoptions->key_file))
{
int saved_errno = errno;
unreal_log(ULOG_ERROR, "config", "TLS_LOAD_FAILED", NULL,
"Could not open TLS key $filename: $system_error",
log_data_string("filename", tlsoptions->key_file),
log_data_string("system_error", strerror(saved_errno)));
goto fail;
}
if (SSL_CTX_use_PrivateKey_file(ctx, tlsoptions->key_file, SSL_FILETYPE_PEM) <= 0)
{
unreal_log(ULOG_ERROR, "config", "TLS_LOAD_FAILED", NULL,