X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=openssl.c;h=e1655d88884daad716b3b10a9b2bb69a0736dee8;hp=2c065cc50aa3f2476fdd1ac63962caa0fb40c282;hb=ab927db026ae874ba2f58fd8250167369b310024;hpb=0fc07e07a74872fb3347dc762372ba7c843d5a52

diff --git a/openssl.c b/openssl.c
index 2c065cc5..e1655d88 100644
--- a/openssl.c
+++ b/openssl.c
@@ -735,7 +735,6 @@ extern int create_client_ssl_connection(struct client_state *csp)
    struct ssl_attr *ssl_attr = &csp->ssl_client_attr;
    /* Paths to certificates file and key file */
    char *key_file  = NULL;
-   char *ca_file   = NULL;
    char *cert_file = NULL;
    int ret = 0;
    SSL *ssl;
@@ -759,7 +758,6 @@ extern int create_client_ssl_connection(struct client_state *csp)
    /*
     * Preparing paths to certificates files and key file
     */
-   ca_file   = csp->config->ca_cert_file;
    cert_file = make_certs_path(csp->config->certificate_directory,
       (const char *)csp->http->hash_of_host_hex, CERT_FILE_TYPE);
    key_file  = make_certs_path(csp->config->certificate_directory,
@@ -1795,6 +1793,25 @@ static int generate_webpage_certificate(struct client_state *csp)
       }
    }
 
+   if (file_exists(cert_opt.output_file) == 0 &&
+       file_exists(cert_opt.subject_key) == 1)
+   {
+      log_error(LOG_LEVEL_ERROR,
+         "A website key already exists but there's no matching certificate. "
+         "Removing %s before creating a new key and certificate.",
+         cert_opt.subject_key);
+      if (unlink(cert_opt.subject_key))
+      {
+         log_error(LOG_LEVEL_ERROR, "Failed to unlink %s: %E",
+            cert_opt.subject_key);
+
+         freez(cert_opt.output_file);
+         freez(cert_opt.subject_key);
+
+         return -1;
+      }
+   }
+
    /*
     * Create key for requested host
     */