From: Doug MacEachern <dougm@apache.org>
Date: Wed, 18 Jul 2001 20:29:29 +0000 (+0000)
Subject: give some more diagnostics if server cert or key file cannot be read
X-Git-Tag: 2.0.21~30
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=f962339ad58f505a6a5c44518c7a4b8ad79883c0;p=apache

give some more diagnostics if server cert or key file cannot be read


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@89605 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/tls/mod_tls.c b/modules/tls/mod_tls.c
index df9fd59515..5aee9a08e9 100644
--- a/modules/tls/mod_tls.c
+++ b/modules/tls/mod_tls.c
@@ -137,6 +137,10 @@ static int tls_filter_inserter(conn_rec *c)
     pCtx->pStateMachine=SSLStateMachine_new(pConfig->szCertificateFile,
 					    pConfig->szKeyFile);
 
+    if (!pCtx->pStateMachine) {
+        return HTTP_INTERNAL_SERVER_ERROR;
+    }
+
     pCtx->pInputFilter=ap_add_input_filter(s_szTLSFilterName,pCtx,NULL,c);
     pCtx->pOutputFilter=ap_add_output_filter(s_szTLSFilterName,pCtx,NULL,c);
     pCtx->pbbInput=apr_brigade_create(c->pool);
diff --git a/modules/tls/openssl_state_machine.c b/modules/tls/openssl_state_machine.c
index 4f626e9efb..207b06c0fb 100644
--- a/modules/tls/openssl_state_machine.c
+++ b/modules/tls/openssl_state_machine.c
@@ -143,10 +143,21 @@ SSLStateMachine *SSLStateMachine_new(const char *szCertificateFile,
 
     n=SSL_CTX_use_certificate_file(pMachine->pCtx,szCertificateFile,
 				   SSL_FILETYPE_PEM);
-    die_unless(n > 0);
+    if (n <= 0) {
+        SSLStateMachine_print_error(pMachine,
+                                    "Error opening certificate file:");
+        SSLStateMachine_destroy(pMachine);
+        return NULL;
+    }
 
     n=SSL_CTX_use_PrivateKey_file(pMachine->pCtx,szKeyFile,SSL_FILETYPE_PEM);
-    die_unless(n > 0);
+
+    if (n <= 0) {
+        SSLStateMachine_print_error(pMachine,
+                                    "Error opening private key file:");
+        SSLStateMachine_destroy(pMachine);
+        return NULL;
+    }
 
     pMachine->pSSL=SSL_new(pMachine->pCtx);
     die_unless(pMachine->pSSL);
@@ -164,7 +175,12 @@ SSLStateMachine *SSLStateMachine_new(const char *szCertificateFile,
 
 void SSLStateMachine_destroy(SSLStateMachine *pMachine)
 {
-    SSL_free(pMachine->pSSL);
+    if (pMachine->pCtx) {
+        SSL_CTX_free(pMachine->pCtx);
+    }
+    if (pMachine->pSSL) {
+        SSL_free(pMachine->pSSL);
+    }
     free(pMachine);
 }