Reuse old SSL key if loading a new one failed

2025-04-05 23:36:57 +00:00 · 2020-02-14 12:44:10 +00:00 · 2020-02-14 12:44:10 +00:00 · e7cb9b1a00
commit e7cb9b1a00
parent c411643d45
2 changed files with 12 additions and 2 deletions
--- a/src/ngircd/conn-ssl.c
+++ b/src/ngircd/conn-ssl.c
@ -311,8 +311,18 @@ ConnSSL_InitLibrary( void )
 		return false;
 	}

-	if (!ConnSSL_LoadServerKey_openssl(newctx))
+	if (!ConnSSL_LoadServerKey_openssl(newctx)) {
+		/* Failed to read new key but an old ssl context
+		 * already exists -> reuse old context */
+		if (ssl_ctx) {
+		        SSL_CTX_free(newctx);
+	                Log(LOG_WARNING,
+			"Re-Initializing of SSL failed, using old keys!");
+			return true;
+		}
+		/* No preexisting old context -> error. */
 		goto out;
+	}

 	if (SSL_CTX_set_cipher_list(newctx, Conf_SSLOptions.CipherList) == 0) {
 		Log(LOG_ERR, "Failed to apply OpenSSL cipher list \"%s\"!",
--- a/src/ngircd/sighandlers.c
+++ b/src/ngircd/sighandlers.c
@ -132,7 +132,7 @@ Rehash(void)

 	if (!ConnSSL_InitLibrary())
 		Log(LOG_WARNING,
-		    "Re-Initializing of SSL failed, using old keys!");
+		    "Re-Initializing of SSL failed!");

 	/* Start listening on sockets */
 	Conn_InitListeners( );