commit 4105635566b3b2d8bd56f0ce1e556d5c3642f319
from: Alexander Barton <alex@barton.de>
date: Wed Feb 13 21:11:05 2013 UTC

Correctly detect when SSL subsystem must be initialized

This patch introduces the new function Conf_SSLInUse() to check when the
current server configuration requires the SSL subsystem to be initialized
and accounts incoming as well as outgoing connections -- so this fixes
commit bb20aeb9 ("Initialize SSL when needed only, and disable SSL on
errors") which only handled the inbound case  ...

Tested-by: Brett Smith <brett@w3.org>
(cherry picked from commit ab009976984ede815c31c9a6b318c80006823b81)

commit - 90fce2ed16fbfd5e6e37acfae997d756b426a347
commit + 4105635566b3b2d8bd56f0ce1e556d5c3642f319
blob - bea4d619a8c967f8a0e6ae18de8a767000da7af8
blob + 758ee743e98b9e8c45e7f7db71784f396abbc91e
--- src/ngircd/conf.c
+++ src/ngircd/conf.c
@@ -106,6 +106,28 @@ ConfSSL_Init(void)
 	array_free_wipe(&Conf_SSLOptions.KeyFilePassword);
 
 	array_free(&Conf_SSLOptions.ListenPorts);
+}
+
+/**
+ * Check if the current configuration uses/requires SSL.
+ *
+ * @returns true if SSL is used and should be initialized.
+ */
+GLOBAL bool
+Conf_SSLInUse(void)
+{
+	int i;
+
+	/* SSL listen ports configured? */
+	if (array_bytes(&Conf_SSLOptions.ListenPorts))
+		return true;
+
+	for (i = 0; i < MAX_SERVERS; i++) {
+		if (Conf_Server[i].port > 0
+		    && Conf_Server[i].SSLConnect)
+			return true;
+	}
+	return false;
 }
 
 /**
blob - f85a25fa08920a2945c02603d2c8d05cc0dde086
blob + 0c80c243c8f8ed295656804b69a7e289cd829cbc
--- src/ngircd/conf.h
+++ src/ngircd/conf.h
@@ -252,6 +252,10 @@ GLOBAL bool Conf_AddServer PARAMS(( const char *Name, 
 
 GLOBAL bool Conf_NickIsService PARAMS((int ConfServer, const char *Nick));
 GLOBAL bool Conf_NickIsBlocked PARAMS((const char *Nick));
+
+#ifdef SSL_SUPPORT
+GLOBAL bool Conf_SSLInUse PARAMS((void));
+#endif
 
 /* Password required by WEBIRC command */
 GLOBAL char Conf_WebircPwd[CLIENT_PASS_LEN];
blob - 59729e046628213937d932021591fd987c7b265b
blob + 45e6458a19d5805d48b13a11f27c639cd3ee3963
--- src/ngircd/conn-ssl.c
+++ src/ngircd/conn-ssl.c
@@ -241,8 +241,10 @@ void ConnSSL_Free(CONNECTION *c)
 bool
 ConnSSL_InitLibrary( void )
 {
-	if (!array_bytes(&Conf_SSLOptions.ListenPorts))
+	if (!Conf_SSLInUse()) {
+		LogDebug("SSL not in use, skipping initialization.");
 		return true;
+	}
 
 #ifdef HAVE_LIBSSL
 	SSL_CTX *newctx;