From: Fabian Keil Date: Mon, 18 Jan 2021 02:49:39 +0000 (+0100) Subject: enforce_sane_certificate_state(): Also deal with certificates without key X-Git-Tag: v_3_0_30~95 X-Git-Url: http://www.privoxy.org/gitweb/trouble.html?a=commitdiff_plain;h=8758d26b120e91b2ab6598dc5dada5d6a8e9d394;p=privoxy.git enforce_sane_certificate_state(): Also deal with certificates without key ... by removing the certificate. --- diff --git a/ssl_common.c b/ssl_common.c index 6d2e11f6..486b9aa5 100644 --- a/ssl_common.c +++ b/ssl_common.c @@ -717,7 +717,10 @@ extern int host_is_ip_address(const char *host) *********************************************************************/ extern int enforce_sane_certificate_state(const char *certificate, const char *key) { - if (file_exists(certificate) == 0 && file_exists(key) == 1) + const int certificate_exists = file_exists(certificate); + const int key_exists = file_exists(key); + + if (!certificate_exists && key_exists) { log_error(LOG_LEVEL_ERROR, "A website key already exists but there's no matching certificate. " @@ -729,6 +732,18 @@ extern int enforce_sane_certificate_state(const char *certificate, const char *k return -1; } } + if (certificate_exists && !key_exists) + { + log_error(LOG_LEVEL_ERROR, + "A certificate exists but there's no matching key. " + "Removing %s before creating a new key and certificate.", certificate); + if (unlink(certificate)) + { + log_error(LOG_LEVEL_ERROR, "Failed to unlink %s: %E", certificate); + + return -1; + } + } return 0;