diff options
author | Glenn Strauss <gstrauss@gluelogic.com> | 2017-11-02 23:11:39 -0400 |
---|---|---|
committer | Glenn Strauss <gstrauss@gluelogic.com> | 2017-11-03 23:02:08 -0400 |
commit | bfef0907bd11f6d516b72bf510ddd3ecdeceb11a (patch) | |
tree | ff575cd4ecc393ec4f74fd88fcf22a255a8ffe0e | |
parent | 8f3bbd7f13348997ca6fb9949c13e545f3301696 (diff) | |
download | lighttpd-git-bfef0907bd11f6d516b72bf510ddd3ecdeceb11a.tar.gz |
[mod_openssl] error if ssl.engine in wrong section (fixes #2837)
error if ssl.engine in wrong section of config.
ssl.engine is valid only in global scope or $SERVER["socket"] condition
x-ref:
"HTTPS requests timeout when cert not set for socket"
https://redmine.lighttpd.net/issues/2837
-rw-r--r-- | src/mod_openssl.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/src/mod_openssl.c b/src/mod_openssl.c index adc9ad94..ded68fa2 100644 --- a/src/mod_openssl.c +++ b/src/mod_openssl.c @@ -566,7 +566,8 @@ network_init_ssl (server *srv, void *p_d) } /* PEM file is require */ log_error_write(srv, __FILE__, __LINE__, "s", - "ssl.pemfile has to be set"); + "ssl.pemfile has to be set " + "when ssl.engine = \"enable\""); return -1; } } @@ -989,6 +990,12 @@ SETDEFAULTS_FUNC(mod_openssl_set_defaults) } } } + + if (0 != i && s->ssl_enabled && config->comp != COMP_SERVER_SOCKET) { + log_error_write(srv, __FILE__, __LINE__, "s", + "ssl.engine is valid only in global scope " + "or $SERVER[\"socket\"] condition"); + } } if (0 != network_init_ssl(srv, p)) return HANDLER_ERROR; |