diff options
Diffstat (limited to 'usr.sbin/httpd')
-rw-r--r-- | usr.sbin/httpd/parse.y | 26 | ||||
-rw-r--r-- | usr.sbin/httpd/server.c | 13 |
2 files changed, 22 insertions, 17 deletions
diff --git a/usr.sbin/httpd/parse.y b/usr.sbin/httpd/parse.y index 9f3b70526d9..a68bddc2486 100644 --- a/usr.sbin/httpd/parse.y +++ b/usr.sbin/httpd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.107 2018/11/01 00:18:44 sashan Exp $ */ +/* $OpenBSD: parse.y,v 1.108 2019/01/08 18:35:27 florian Exp $ */ /* * Copyright (c) 2007 - 2015 Reyk Floeter <reyk@openbsd.org> @@ -344,13 +344,10 @@ server : SERVER optmatch STRING { YYERROR; } - if (server_tls_load_keypair(srv) == -1) { - yyerror("server \"%s\": failed to load " - "public/private keys", srv->srv_conf.name); - serverconfig_free(srv_conf); - free(srv); - YYERROR; - } + if (server_tls_load_keypair(srv) == -1) + log_warnx("%s:%d: server \"%s\": failed to " + "load public/private keys", file->name, + yylval.lineno, srv->srv_conf.name); if (server_tls_load_ca(srv) == -1) { yyerror("server \"%s\": failed to load " @@ -2133,16 +2130,13 @@ server_inherit(struct server *src, struct server_config *alias, dst->srv_conf.flags &= ~SRVFLAG_SERVER_MATCH; dst->srv_conf.flags |= (alias->flags & SRVFLAG_SERVER_MATCH); - if (server_tls_load_keypair(dst) == -1) { - yyerror("failed to load public/private keys " - "for server %s", dst->srv_conf.name); - serverconfig_free(&dst->srv_conf); - free(dst); - return (NULL); - } + if (server_tls_load_keypair(dst) == -1) + log_warnx("%s:%d: server \"%s\": failed to " + "load public/private keys", file->name, + yylval.lineno, dst->srv_conf.name); if (server_tls_load_ca(dst) == -1) { - yyerror("falied to load ca cert(s) for server %s", + yyerror("failed to load ca cert(s) for server %s", dst->srv_conf.name); serverconfig_free(&dst->srv_conf); return NULL; diff --git a/usr.sbin/httpd/server.c b/usr.sbin/httpd/server.c index 63536a060e2..82d2c44c8f0 100644 --- a/usr.sbin/httpd/server.c +++ b/usr.sbin/httpd/server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: server.c,v 1.116 2018/10/11 09:52:22 benno Exp $ */ +/* $OpenBSD: server.c,v 1.117 2019/01/08 18:35:27 florian Exp $ */ /* * Copyright (c) 2006 - 2015 Reyk Floeter <reyk@openbsd.org> @@ -119,6 +119,13 @@ server_privinit(struct server *srv) } /* Open listening socket in the privileged process */ + if ((srv->srv_conf.flags & SRVFLAG_TLS) && srv->srv_conf.tls_cert == + NULL) { + /* soft fail if cert is not there yet */ + srv->srv_s = -1; + return (0); + } + if ((srv->srv_s = server_socket_listen(&srv->srv_conf.ss, srv->srv_conf.port, &srv->srv_conf)) == -1) return (-1); @@ -250,6 +257,10 @@ server_tls_init(struct server *srv) if ((srv->srv_conf.flags & SRVFLAG_TLS) == 0) return (0); + if (srv->srv_conf.tls_cert == NULL) + /* soft fail if cert is not there yet */ + return (0); + log_debug("%s: setting up tls for %s", __func__, srv->srv_conf.name); if (tls_init() != 0) { |