Reuse old SSL key if loading a new one failed

ngircd · Feb 15, 2020 · e7cb9b1 · e7cb9b1
1 parent c411643
commit e7cb9b1
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 2 deletions.
diff --git a/src/ngircd/conn-ssl.c b/src/ngircd/conn-ssl.c
@@ -311,8 +311,18 @@ ConnSSL_InitLibrary( void )
 		return false;
 	}
 
-	if (!ConnSSL_LoadServerKey_openssl(newctx))
+	if (!ConnSSL_LoadServerKey_openssl(newctx)) {
+		/* Failed to read new key but an old ssl context
+		 * already exists -> reuse old context */
+		if (ssl_ctx) {
+		        SSL_CTX_free(newctx);
+	                Log(LOG_WARNING,
+			"Re-Initializing of SSL failed, using old keys!");
+			return true;
+		}
+		/* No preexisting old context -> error. */
 		goto out;
+	}
 
 	if (SSL_CTX_set_cipher_list(newctx, Conf_SSLOptions.CipherList) == 0) {
 		Log(LOG_ERR, "Failed to apply OpenSSL cipher list \"%s\"!",

diff --git a/src/ngircd/sighandlers.c b/src/ngircd/sighandlers.c
@@ -132,7 +132,7 @@ Rehash(void)
 
 	if (!ConnSSL_InitLibrary())
 		Log(LOG_WARNING,
-		    "Re-Initializing of SSL failed, using old keys!");
+		    "Re-Initializing of SSL failed!");
 
 	/* Start listening on sockets */
 	Conn_InitListeners( );