Correctly detect when SSL subsystem must be initialized

This patch introduces the new function Conf_SSLInUse() to check when the
current server configuration requires the SSL subsystem to be initialized
and accounts incoming as well as outgoing connections -- so this fixes
commit bb20aeb9 ("Initialize SSL when needed only, and disable SSL on
errors") which only handled the inbound case  ...

Tested-by: Brett Smith <brett@w3.org>

src/ngircd/conf.c

@@ -109,6 +109,28 @@ ConfSSL_Init(void)
 	array_free(&Conf_SSLOptions.ListenPorts);
 }
 
+/**
+ * Check if the current configuration uses/requires SSL.
+ *
+ * @returns true if SSL is used and should be initialized.
+ */
+GLOBAL bool
+Conf_SSLInUse(void)
+{
+	int i;
+
+	/* SSL listen ports configured? */
+	if (array_bytes(&Conf_SSLOptions.ListenPorts))
+		return true;
+
+	for (i = 0; i < MAX_SERVERS; i++) {
+		if (Conf_Server[i].port > 0
+		    && Conf_Server[i].SSLConnect)
+			return true;
+	}
+	return false;
+}
+
 /**
  * Make sure that a configured file is readable.
  *

src/ngircd/conf.h

@@ -256,6 +256,10 @@ GLOBAL bool Conf_AddServer PARAMS(( const char *Name, UINT16 Port, const char *H
 GLOBAL bool Conf_NickIsService PARAMS((int ConfServer, const char *Nick));
 GLOBAL bool Conf_NickIsBlocked PARAMS((const char *Nick));
 
+#ifdef SSL_SUPPORT
+GLOBAL bool Conf_SSLInUse PARAMS((void));
+#endif
+
 /* Password required by WEBIRC command */
 GLOBAL char Conf_WebircPwd[CLIENT_PASS_LEN];
 

src/ngircd/conn-ssl.c

@@ -241,8 +241,10 @@ void ConnSSL_Free(CONNECTION *c)
 bool
 ConnSSL_InitLibrary( void )
 {
-	if (!array_bytes(&Conf_SSLOptions.ListenPorts))
+	if (!Conf_SSLInUse()) {
+		LogDebug("SSL not in use, skipping initialization.");
 		return true;
+	}
 
 #ifdef HAVE_LIBSSL
 	SSL_CTX *newctx;