Handle absence of TLS certs while parsing the config - wireguard-openbsd - WireGuard implementation for the OpenBSD kernel

diff options

author	tb <tb@openbsd.org>	2020-10-11 03:21:44 +0000
committer	tb <tb@openbsd.org>	2020-10-11 03:21:44 +0000
commit	60348d937ac99edb86e9c0966763dcb7f0ee0f48 (patch)
tree	39d8f10f8e29c7a55db8df468b7cfef67b2c9c62 /lib/libssl/ssl_methods.c
parent	Grow init_buf before stashing a handshake message for the legacy stack. (diff)
download	wireguard-openbsd-60348d937ac99edb86e9c0966763dcb7f0ee0f48.tar.xz wireguard-openbsd-60348d937ac99edb86e9c0966763dcb7f0ee0f48.zip

Handle absence of TLS certs while parsing the config

There is a soft fail mechanism to handle missing certs for seamless interaction with acme-client. Move this to the config parser. This is simpler than server.c r1.117 and avoids a crash due to listening on port 443 without having set up the TLS context first. More precisely, the crash happens if a server with missing certificate is visited via https in a configuration where there is a second server with valid certificate and key. From Joshua Sing (joshua at hypera dot dev) ok benno

Diffstat (limited to 'lib/libssl/ssl_methods.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: