summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGlenn Strauss <gstrauss@gluelogic.com>2017-11-02 23:11:39 -0400
committerGlenn Strauss <gstrauss@gluelogic.com>2017-11-03 23:02:08 -0400
commitbfef0907bd11f6d516b72bf510ddd3ecdeceb11a (patch)
treeff575cd4ecc393ec4f74fd88fcf22a255a8ffe0e
parent8f3bbd7f13348997ca6fb9949c13e545f3301696 (diff)
downloadlighttpd-git-bfef0907bd11f6d516b72bf510ddd3ecdeceb11a.tar.gz
[mod_openssl] error if ssl.engine in wrong section (fixes #2837)
error if ssl.engine in wrong section of config. ssl.engine is valid only in global scope or $SERVER["socket"] condition x-ref: "HTTPS requests timeout when cert not set for socket" https://redmine.lighttpd.net/issues/2837
Diffstat
-rw-r--r--src/mod_openssl.c9
1 files changed, 8 insertions, 1 deletions
diff --git a/src/mod_openssl.c b/src/mod_openssl.c
index adc9ad94..ded68fa2 100644
--- a/src/mod_openssl.c
+++ b/src/mod_openssl.c
@@ -566,7 +566,8 @@ network_init_ssl (server *srv, void *p_d)
}
/* PEM file is require */
log_error_write(srv, __FILE__, __LINE__, "s",
- "ssl.pemfile has to be set");
+ "ssl.pemfile has to be set "
+ "when ssl.engine = \"enable\"");
return -1;
}
}
@@ -989,6 +990,12 @@ SETDEFAULTS_FUNC(mod_openssl_set_defaults)
}
}
}
+
+ if (0 != i && s->ssl_enabled && config->comp != COMP_SERVER_SOCKET) {
+ log_error_write(srv, __FILE__, __LINE__, "s",
+ "ssl.engine is valid only in global scope "
+ "or $SERVER[\"socket\"] condition");
+ }
}
if (0 != network_init_ssl(srv, p)) return HANDLER_ERROR;
View Lorry Controller Status