Changeset af5764e


Ignore:
Timestamp:
2011-12-19T17:23:28Z (8 years ago)
Author:
Wilmer van der Gaast <wilmer@…>
Branches:
master
Children:
25b05b7
Parents:
78b8401
Message:

Refuse to start if cafile points at an unreadable file, to avoid silent
cert verification failures.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • conf.c

    r78b8401 raf5764e  
    178178                fprintf( stderr, "Warning: Unable to read configuration file `%s'.\n", global.conf_file );
    179179       
     180        if( conf->cafile && access( conf->cafile, R_OK ) != 0 )
     181        {
     182                /* Let's treat this as a serious problem so people won't think
     183                   they're secure when in fact they're not. */
     184                fprintf( stderr, "Error: Could not read CA file %s: %s\n", conf->cafile, strerror( errno ) );
     185                return NULL;
     186        }
     187       
    180188        return conf;
    181189}
Note: See TracChangeset for help on using the changeset viewer.