give some more diagnostics if server cert or key file cannot be read (8b8ed6ac) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP Apache Httpd

modules/tls/mod_tls.c

+4 −0

Original line number	Diff line number	Diff line
		@@ -137,6 +137,10 @@ static int tls_filter_inserter(conn_rec *c)
		pCtx->pStateMachine=SSLStateMachine_new(pConfig->szCertificateFile,
		pConfig->szKeyFile);

		if (!pCtx->pStateMachine) {
		return HTTP_INTERNAL_SERVER_ERROR;
		}

		pCtx->pInputFilter=ap_add_input_filter(s_szTLSFilterName,pCtx,NULL,c);
		pCtx->pOutputFilter=ap_add_output_filter(s_szTLSFilterName,pCtx,NULL,c);
		pCtx->pbbInput=apr_brigade_create(c->pool);

+19 −3

Original line number	Diff line number	Diff line
		@@ -143,10 +143,21 @@ SSLStateMachine SSLStateMachine_new(const char szCertificateFile,

		n=SSL_CTX_use_certificate_file(pMachine->pCtx,szCertificateFile,
		SSL_FILETYPE_PEM);
		die_unless(n > 0);
		if (n <= 0) {
		SSLStateMachine_print_error(pMachine,
		"Error opening certificate file:");
		SSLStateMachine_destroy(pMachine);
		return NULL;
		}

		n=SSL_CTX_use_PrivateKey_file(pMachine->pCtx,szKeyFile,SSL_FILETYPE_PEM);
		die_unless(n > 0);

		if (n <= 0) {
		SSLStateMachine_print_error(pMachine,
		"Error opening private key file:");
		SSLStateMachine_destroy(pMachine);
		return NULL;
		}

		pMachine->pSSL=SSL_new(pMachine->pCtx);
		die_unless(pMachine->pSSL);
		@@ -164,7 +175,12 @@ SSLStateMachine SSLStateMachine_new(const char szCertificateFile,

		void SSLStateMachine_destroy(SSLStateMachine *pMachine)
		{
		if (pMachine->pCtx) {
		SSL_CTX_free(pMachine->pCtx);
		}
		if (pMachine->pSSL) {
		SSL_free(pMachine->pSSL);
		}
		free(pMachine);
		}