summaryrefslogtreecommitdiffstats
path: root/usr.sbin/httpd
diff options
context:
space:
mode:
Diffstat (limited to 'usr.sbin/httpd')
-rw-r--r--usr.sbin/httpd/parse.y26
-rw-r--r--usr.sbin/httpd/server.c13
2 files changed, 22 insertions, 17 deletions
diff --git a/usr.sbin/httpd/parse.y b/usr.sbin/httpd/parse.y
index 9f3b70526d9..a68bddc2486 100644
--- a/usr.sbin/httpd/parse.y
+++ b/usr.sbin/httpd/parse.y
@@ -1,4 +1,4 @@
-/* $OpenBSD: parse.y,v 1.107 2018/11/01 00:18:44 sashan Exp $ */
+/* $OpenBSD: parse.y,v 1.108 2019/01/08 18:35:27 florian Exp $ */
/*
* Copyright (c) 2007 - 2015 Reyk Floeter <reyk@openbsd.org>
@@ -344,13 +344,10 @@ server : SERVER optmatch STRING {
YYERROR;
}
- if (server_tls_load_keypair(srv) == -1) {
- yyerror("server \"%s\": failed to load "
- "public/private keys", srv->srv_conf.name);
- serverconfig_free(srv_conf);
- free(srv);
- YYERROR;
- }
+ if (server_tls_load_keypair(srv) == -1)
+ log_warnx("%s:%d: server \"%s\": failed to "
+ "load public/private keys", file->name,
+ yylval.lineno, srv->srv_conf.name);
if (server_tls_load_ca(srv) == -1) {
yyerror("server \"%s\": failed to load "
@@ -2133,16 +2130,13 @@ server_inherit(struct server *src, struct server_config *alias,
dst->srv_conf.flags &= ~SRVFLAG_SERVER_MATCH;
dst->srv_conf.flags |= (alias->flags & SRVFLAG_SERVER_MATCH);
- if (server_tls_load_keypair(dst) == -1) {
- yyerror("failed to load public/private keys "
- "for server %s", dst->srv_conf.name);
- serverconfig_free(&dst->srv_conf);
- free(dst);
- return (NULL);
- }
+ if (server_tls_load_keypair(dst) == -1)
+ log_warnx("%s:%d: server \"%s\": failed to "
+ "load public/private keys", file->name,
+ yylval.lineno, dst->srv_conf.name);
if (server_tls_load_ca(dst) == -1) {
- yyerror("falied to load ca cert(s) for server %s",
+ yyerror("failed to load ca cert(s) for server %s",
dst->srv_conf.name);
serverconfig_free(&dst->srv_conf);
return NULL;
diff --git a/usr.sbin/httpd/server.c b/usr.sbin/httpd/server.c
index 63536a060e2..82d2c44c8f0 100644
--- a/usr.sbin/httpd/server.c
+++ b/usr.sbin/httpd/server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: server.c,v 1.116 2018/10/11 09:52:22 benno Exp $ */
+/* $OpenBSD: server.c,v 1.117 2019/01/08 18:35:27 florian Exp $ */
/*
* Copyright (c) 2006 - 2015 Reyk Floeter <reyk@openbsd.org>
@@ -119,6 +119,13 @@ server_privinit(struct server *srv)
}
/* Open listening socket in the privileged process */
+ if ((srv->srv_conf.flags & SRVFLAG_TLS) && srv->srv_conf.tls_cert ==
+ NULL) {
+ /* soft fail if cert is not there yet */
+ srv->srv_s = -1;
+ return (0);
+ }
+
if ((srv->srv_s = server_socket_listen(&srv->srv_conf.ss,
srv->srv_conf.port, &srv->srv_conf)) == -1)
return (-1);
@@ -250,6 +257,10 @@ server_tls_init(struct server *srv)
if ((srv->srv_conf.flags & SRVFLAG_TLS) == 0)
return (0);
+ if (srv->srv_conf.tls_cert == NULL)
+ /* soft fail if cert is not there yet */
+ return (0);
+
log_debug("%s: setting up tls for %s", __func__, srv->srv_conf.name);
if (tls_init() != 0) {
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.