1 files changed, 12 insertions, 4 deletions

diff --git a/main/tcptls.c b/main/tcptls.c
index edf2fe97e..5837668de 100644
--- a/main/tcptls.c
+++ b/main/tcptls.c
@@ -289,12 +289,20 @@ static int __ssl_setup(struct ast_tls_config *cfg, int client)
 		return 0;
 	}
 	if (!ast_strlen_zero(cfg->certfile)) {
-		if (SSL_CTX_use_certificate_file(cfg->ssl_ctx, cfg->certfile, SSL_FILETYPE_PEM) == 0 ||
-		    SSL_CTX_use_PrivateKey_file(cfg->ssl_ctx, cfg->certfile, SSL_FILETYPE_PEM) == 0 ||
-		    SSL_CTX_check_private_key(cfg->ssl_ctx) == 0 ) {
+		char *tmpprivate = ast_strlen_zero(cfg->pvtfile) ? cfg->certfile : cfg->pvtfile;
+		if (SSL_CTX_use_certificate_file(cfg->ssl_ctx, cfg->certfile, SSL_FILETYPE_PEM) == 0) {
 			if (!client) {
 				/* Clients don't need a certificate, but if its setup we can use it */
-				ast_verb(0, "SSL cert error <%s>", cfg->certfile);
+				ast_verb(0, "SSL error loading cert file. <%s>", cfg->certfile);
+				sleep(2);
+				cfg->enabled = 0;
+				return 0;
+			}
+		}
+		if ((SSL_CTX_use_PrivateKey_file(cfg->ssl_ctx, tmpprivate, SSL_FILETYPE_PEM) == 0) || (SSL_CTX_check_private_key(cfg->ssl_ctx) == 0 )) {
+			if (!client) {
+				/* Clients don't need a private key, but if its setup we can use it */
+				ast_verb(0, "SSL error loading private key file. <%s>", tmpprivate);
 				sleep(2);
 				cfg->enabled = 0;
 				return 0;