diff options
Diffstat (limited to 'main/tcptls.c')
-rw-r--r-- | main/tcptls.c | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/main/tcptls.c b/main/tcptls.c index edf2fe97e..5837668de 100644 --- a/main/tcptls.c +++ b/main/tcptls.c @@ -289,12 +289,20 @@ static int __ssl_setup(struct ast_tls_config *cfg, int client) return 0; } if (!ast_strlen_zero(cfg->certfile)) { - if (SSL_CTX_use_certificate_file(cfg->ssl_ctx, cfg->certfile, SSL_FILETYPE_PEM) == 0 || - SSL_CTX_use_PrivateKey_file(cfg->ssl_ctx, cfg->certfile, SSL_FILETYPE_PEM) == 0 || - SSL_CTX_check_private_key(cfg->ssl_ctx) == 0 ) { + char *tmpprivate = ast_strlen_zero(cfg->pvtfile) ? cfg->certfile : cfg->pvtfile; + if (SSL_CTX_use_certificate_file(cfg->ssl_ctx, cfg->certfile, SSL_FILETYPE_PEM) == 0) { if (!client) { /* Clients don't need a certificate, but if its setup we can use it */ - ast_verb(0, "SSL cert error <%s>", cfg->certfile); + ast_verb(0, "SSL error loading cert file. <%s>", cfg->certfile); + sleep(2); + cfg->enabled = 0; + return 0; + } + } + if ((SSL_CTX_use_PrivateKey_file(cfg->ssl_ctx, tmpprivate, SSL_FILETYPE_PEM) == 0) || (SSL_CTX_check_private_key(cfg->ssl_ctx) == 0 )) { + if (!client) { + /* Clients don't need a private key, but if its setup we can use it */ + ast_verb(0, "SSL error loading private key file. <%s>", tmpprivate); sleep(2); cfg->enabled = 0; return 0; |