commit ab009976984ede815c31c9a6b318c80006823b81
from: Alexander Barton <alex@barton.de>
date: Mon Jan 07 19:34:55 2013 UTC

Correctly detect when SSL subsystem must be initialized

This patch introduces the new function Conf_SSLInUse() to check when the
current server configuration requires the SSL subsystem to be initialized
and accounts incoming as well as outgoing connections -- so this fixes
commit bb20aeb9 ("Initialize SSL when needed only, and disable SSL on
errors") which only handled the inbound case  ...

Tested-by: Brett Smith <brett@w3.org>

commit - b4966aa1bd8d11ed2bc97cc5fea418fab3485b08
commit + ab009976984ede815c31c9a6b318c80006823b81
blob - d5a28bd7bfbe25ab3b8268781236edfe663954f2
blob + 929ab05403734b8cd43e851955828072c38a0e33
--- src/ngircd/conf.c
+++ src/ngircd/conf.c
@@ -107,6 +107,28 @@ ConfSSL_Init(void)
 	array_free_wipe(&Conf_SSLOptions.KeyFilePassword);
 
 	array_free(&Conf_SSLOptions.ListenPorts);
+}
+
+/**
+ * Check if the current configuration uses/requires SSL.
+ *
+ * @returns true if SSL is used and should be initialized.
+ */
+GLOBAL bool
+Conf_SSLInUse(void)
+{
+	int i;
+
+	/* SSL listen ports configured? */
+	if (array_bytes(&Conf_SSLOptions.ListenPorts))
+		return true;
+
+	for (i = 0; i < MAX_SERVERS; i++) {
+		if (Conf_Server[i].port > 0
+		    && Conf_Server[i].SSLConnect)
+			return true;
+	}
+	return false;
 }
 
 /**
blob - ac42746c3a6872202435084bb55eaae544b7709f
blob + c203b57032a9558a3d3e6efcf44dad9019e5a355
--- src/ngircd/conf.h
+++ src/ngircd/conf.h
@@ -255,6 +255,10 @@ GLOBAL bool Conf_AddServer PARAMS(( const char *Name, 
 
 GLOBAL bool Conf_NickIsService PARAMS((int ConfServer, const char *Nick));
 GLOBAL bool Conf_NickIsBlocked PARAMS((const char *Nick));
+
+#ifdef SSL_SUPPORT
+GLOBAL bool Conf_SSLInUse PARAMS((void));
+#endif
 
 /* Password required by WEBIRC command */
 GLOBAL char Conf_WebircPwd[CLIENT_PASS_LEN];
blob - 59729e046628213937d932021591fd987c7b265b
blob + 45e6458a19d5805d48b13a11f27c639cd3ee3963
--- src/ngircd/conn-ssl.c
+++ src/ngircd/conn-ssl.c
@@ -241,8 +241,10 @@ void ConnSSL_Free(CONNECTION *c)
 bool
 ConnSSL_InitLibrary( void )
 {
-	if (!array_bytes(&Conf_SSLOptions.ListenPorts))
+	if (!Conf_SSLInUse()) {
+		LogDebug("SSL not in use, skipping initialization.");
 		return true;
+	}
 
 #ifdef HAVE_LIBSSL
 	SSL_CTX *newctx;