Browse Source

[TLS] error if inherit empty TLS cfg from globals

error if $SERVER["socket"] inherits empty TLS config from global scope
and ssl.engine = "enable" in the $SERVER["socket"]
master
Glenn Strauss 1 year ago
parent
commit
a330746f06
  1. 4
      src/mod_gnutls.c
  2. 3
      src/mod_mbedtls.c
  3. 3
      src/mod_nss.c
  4. 3
      src/mod_openssl.c
  5. 3
      src/mod_wolfssl.c

4
src/mod_gnutls.c

@ -1990,7 +1990,9 @@ mod_gnutls_set_defaults_sockets(server *srv, plugin_data *p)
* (This is for convenience when defining both IPv4 and IPv6
* and desiring to inherit the ssl config from global context
* without having to duplicate the directives)*/
if (count_not_engine) {
if (count_not_engine
|| (conf.ssl_enabled
&& NULL == p->ssl_ctxs[0].priority_cache)) {
log_error(srv->errh, __FILE__, __LINE__,
"GnuTLS: ssl.pemfile has to be set in same "
"$SERVER[\"socket\"] scope as other ssl.* directives, "

3
src/mod_mbedtls.c

@ -1470,7 +1470,8 @@ mod_mbedtls_set_defaults_sockets(server *srv, plugin_data *p)
* (This is for convenience when defining both IPv4 and IPv6
* and desiring to inherit the ssl config from global context
* without having to duplicate the directives)*/
if (count_not_engine) {
if (count_not_engine
|| (conf.ssl_enabled && NULL == p->ssl_ctxs[0].ssl_ctx)) {
log_error(srv->errh, __FILE__, __LINE__,
"MTLS: ssl.pemfile has to be set in same "
"$SERVER[\"socket\"] scope as other ssl.* directives, "

3
src/mod_nss.c

@ -1816,7 +1816,8 @@ mod_nss_set_defaults_sockets(server *srv, plugin_data *p)
* (This is for convenience when defining both IPv4 and IPv6
* and desiring to inherit the ssl config from global context
* without having to duplicate the directives)*/
if (count_not_engine) {
if (count_not_engine
|| (conf.ssl_enabled && NULL == p->ssl_ctxs[0].model)) {
log_error(srv->errh, __FILE__, __LINE__,
"NSS: ssl.pemfile has to be set in same "
"$SERVER[\"socket\"] scope as other ssl.* directives, "

3
src/mod_openssl.c

@ -2510,7 +2510,8 @@ mod_openssl_set_defaults_sockets(server *srv, plugin_data *p)
* (This is for convenience when defining both IPv4 and IPv6
* and desiring to inherit the ssl config from global context
* without having to duplicate the directives)*/
if (count_not_engine) {
if (count_not_engine
|| (conf.ssl_enabled && NULL == p->ssl_ctxs[0].ssl_ctx)) {
log_error(srv->errh, __FILE__, __LINE__,
"ssl.pemfile has to be set in same $SERVER[\"socket\"] scope "
"as other ssl.* directives, unless only ssl.engine is set, "

3
src/mod_wolfssl.c

@ -2258,7 +2258,8 @@ mod_openssl_set_defaults_sockets(server *srv, plugin_data *p)
* (This is for convenience when defining both IPv4 and IPv6
* and desiring to inherit the ssl config from global context
* without having to duplicate the directives)*/
if (count_not_engine) {
if (count_not_engine
|| (conf.ssl_enabled && NULL == p->ssl_ctxs[0].ssl_ctx)) {
log_error(srv->errh, __FILE__, __LINE__,
"ssl.pemfile has to be set in same $SERVER[\"socket\"] scope "
"as other ssl.* directives, unless only ssl.engine is set, "

Loading…
Cancel
Save