From d26d68489308e93de2829a2f750e90b3889ae445 Mon Sep 17 00:00:00 2001 From: Pieter Lexis Date: Thu, 11 Apr 2019 17:30:20 +0200 Subject: [PATCH] dnsdist: exit when setting ciphers fails (GNUTLS) Before, we would log the fact that we could not set the ciphers for gnutls but still start. When a connection came in, dnsdist would crash. --- pdns/dnsdistdist/tcpiohandler.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pdns/dnsdistdist/tcpiohandler.cc b/pdns/dnsdistdist/tcpiohandler.cc index 3ee1f46c3..32731c85b 100644 --- a/pdns/dnsdistdist/tcpiohandler.cc +++ b/pdns/dnsdistdist/tcpiohandler.cc @@ -958,7 +958,7 @@ public: rc = gnutls_priority_init(&d_priorityCache, fe.d_ciphers.empty() ? "NORMAL" : fe.d_ciphers.c_str(), nullptr); if (rc != GNUTLS_E_SUCCESS) { - warnlog("Error setting up TLS cipher preferences to %s (%s), skipping.", fe.d_ciphers.c_str(), gnutls_strerror(rc)); + throw std::runtime_error("Error setting up TLS cipher preferences to '" + fe.d_ciphers + "' (" + gnutls_strerror(rc) + ") on " + fe.d_addr.toStringWithPort()); } pthread_rwlock_init(&d_lock, nullptr); -- 2.40.0