kore

Kore is a web application platform for writing scalable, concurrent web based processes in C or Python.
Commits | Files | Refs | README | LICENSE | git clone https://git.kore.io/kore.git
commit c4a60c54bb7a67680138419b72548a565c40984f
parent c77ec598e7eb75bef4cb972b4d053f30bea9f6be
Author: Joris Vink <joris@coders.se>
Date:   Wed, 21 Apr 2021 22:39:35 +0200

resolve tls_dhparam after configure.

Diffstat:

src/config.c | 21+++++++++++++++------


src/domain.c | 13++-----------


2 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/src/config.c b/src/config.c
@@ -304,6 +304,7 @@ void
 kore_parse_config(void)
 {
 	FILE		*fp;
+	BIO		*bio;
 	char		path[PATH_MAX];
 
 	if (finalized)
@@ -327,6 +328,17 @@ kore_parse_config(void)
 		(void)fclose(fp);
 	}
 
+	if (tls_dhparam == NULL) {
+		if ((bio = BIO_new_file(KORE_DHPARAM_PATH, "r")) == NULL)
+			fatal("failed to open %s", KORE_DHPARAM_PATH);
+
+		tls_dhparam = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
+		BIO_free(bio);
+
+		if (tls_dhparam == NULL)
+			fatal("PEM_read_bio_DHparams(): %s", ssl_errno_s);
+	}
+
 	if (!kore_module_loaded())
 		fatal("no application module was loaded");
 
@@ -341,17 +353,14 @@ kore_parse_config(void)
 		}
 	}
 
-	if (getuid() != 0 && skip_chroot == 0) {
+	if (getuid() != 0 && skip_chroot == 0)
 		fatal("cannot chroot, use -n to skip it");
-	}
 
-	if (skip_runas != 1 && kore_runas_user == NULL) {
+	if (skip_runas != 1 && kore_runas_user == NULL)
 		fatal("missing runas user, use -r to skip it");
-	}
 
-	if (getuid() != 0 && skip_runas == 0) {
+	if (getuid() != 0 && skip_runas == 0)
 		fatal("cannot drop privileges, use -r to skip it");
-	}
 
 	if (skip_runas) {
 		if (!kore_quiet)
diff --git a/src/domain.c b/src/domain.c
@@ -222,7 +222,6 @@ kore_domain_tlsinit(struct kore_domain *dom, int type,
 {
 	const u_int8_t		*ptr;
 	RSA			*rsa;
-	BIO			*bio;
 	X509			*x509;
 	EVP_PKEY		*pkey;
 	STACK_OF(X509_NAME)	*certs;
@@ -327,16 +326,8 @@ kore_domain_tlsinit(struct kore_domain *dom, int type,
 		    dom->domain, ssl_errno_s);
 	}
 
-	if (tls_dhparam == NULL) {
-		if ((bio = BIO_new_file(KORE_DHPARAM_PATH, "r")) == NULL)
-			fatal("failed to open %s", KORE_DHPARAM_PATH);
-
-		tls_dhparam = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
-		BIO_free(bio);
-
-		if (tls_dhparam == NULL)
-			fatal("PEM_read_bio_DHparams(): %s", ssl_errno_s);
-	}
+	if (tls_dhparam == NULL)
+		fatal("no DH parameters specified");
 
 	SSL_CTX_set_tmp_dh(dom->ssl_ctx, tls_dhparam);
 	SSL_CTX_set_options(dom->ssl_ctx, SSL_OP_SINGLE_DH_USE);