rpms/syslog-ng
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
7caa4e7901
syslog-ng/syslog-ng-3.14.1-fix-tls-based-destinations.patch

95 lines
3.4 KiB
Diff
Raw Blame History

diff -ur syslog-ng-3.14.1.orig/lib/tlscontext.c syslog-ng-3.14.1/lib/tlscontext.c
--- syslog-ng-3.14.1.orig/lib/tlscontext.c 2018-02-27 12:45:36.000000000 +0100
+++ syslog-ng-3.14.1/lib/tlscontext.c 2018-05-12 14:48:48.362107251 +0200
@@ -322,7 +322,7 @@
}
static gboolean
-file_exists(const gchar *fname)
+_is_file_accessible(const gchar *fname)
{
if (!fname)
return FALSE;
@@ -444,7 +444,7 @@
static DH *
_load_dh_from_file(const gchar *dhparam_file)
{
- if (!file_exists(dhparam_file))
+ if (!_is_file_accessible(dhparam_file))
return NULL;
BIO *bio = BIO_new_file(dhparam_file, "r");
@@ -528,7 +528,7 @@
static PKCS12 *
_load_pkcs12_file(const gchar *pkcs12_file)
{
- if (!file_exists(pkcs12_file))
+ if (!_is_file_accessible(pkcs12_file))
return NULL;
FILE *p12_file = fopen(pkcs12_file, "rb");
@@ -595,13 +595,24 @@
static gboolean
_are_key_and_cert_files_accessible(TLSContext *self)
{
- return file_exists(self->key_file) &&
- file_exists(self->cert_file);
+ gboolean key_file_accessible = _is_file_accessible(self->key_file);
+ gboolean cert_file_accessible = _is_file_accessible(self->cert_file);
+
+ return key_file_accessible && cert_file_accessible;
+}
+
+static gboolean
+_client_key_and_cert_files_are_not_specified(TLSContext *self)
+{
+ return self->mode == TM_CLIENT && (!self->key_file && !self->cert_file);
}
static TLSContextLoadResult
tls_context_load_key_and_cert(TLSContext *self)
{
+ if (_client_key_and_cert_files_are_not_specified(self))
+ return TLS_CONTEXT_OK;
+
if (!_are_key_and_cert_files_accessible(self))
return TLS_CONTEXT_FILE_ACCES_ERROR;
if (!SSL_CTX_use_PrivateKey_file(self->ssl_ctx, self->key_file, SSL_FILETYPE_PEM))
@@ -639,10 +650,10 @@
goto error;
}
- if (file_exists(self->ca_dir) && !SSL_CTX_load_verify_locations(self->ssl_ctx, NULL, self->ca_dir))
+ if (_is_file_accessible(self->ca_dir) && !SSL_CTX_load_verify_locations(self->ssl_ctx, NULL, self->ca_dir))
goto error;
- if (file_exists(self->crl_dir) && !SSL_CTX_load_verify_locations(self->ssl_ctx, NULL, self->crl_dir))
+ if (_is_file_accessible(self->crl_dir) && !SSL_CTX_load_verify_locations(self->ssl_ctx, NULL, self->crl_dir))
goto error;
if (self->crl_dir)
diff -ur syslog-ng-3.14.1.orig/modules/afsocket/transport-mapper-inet.c syslog-ng-3.14.1/modules/afsocket/transport-mapper-inet.c
--- syslog-ng-3.14.1.orig/modules/afsocket/transport-mapper-inet.c 2018-02-27 12:45:36.000000000 +0100
+++ syslog-ng-3.14.1/modules/afsocket/transport-mapper-inet.c 2018-05-12 14:48:48.361107251 +0200
@@ -176,17 +176,17 @@
TLSContextSetupResult tls_ctx_setup_res = tls_context_setup_context(self->tls_context);
+ const gchar *key = tls_context_get_key_file(self->tls_context);
+
if (tls_ctx_setup_res == TLS_CONTEXT_SETUP_OK)
{
- const gchar *key = tls_context_get_key_file(self->tls_context);
- if (secret_storage_contains_key(key))
+ if (key && secret_storage_contains_key(key))
secret_storage_update_status(key, SECRET_STORAGE_SUCCESS);
return func(func_args);
}
if (tls_ctx_setup_res == TLS_CONTEXT_SETUP_BAD_PASSWORD)
{
- const gchar *key = tls_context_get_key_file(self->tls_context);
msg_error("Error setting up TLS context",
evt_tag_str("keyfile", key));
call_finalize_init_args *args = g_new0(call_finalize_init_args, 1);
Reference in New Issue View Git Blame Copy Permalink