commit e7cb9b1a001a97b1edf0e862808cbd0be5264a7a
from: michi <michi+ngircd@dataswamp.org>
via: Alexander Barton <alex@barton.de>
date: Sat Feb 15 13:47:20 2020 UTC

Reuse old SSL key if loading a new one failed

commit - c411643d451ea9ca196c931bcdffced04ea42ad1
commit + e7cb9b1a001a97b1edf0e862808cbd0be5264a7a
blob - ba47e513603b69aba08f2b7cf25f6c20a1ad4555
blob + 3f482dc7ff60263ce40822d41d20c4a7b345e409
--- src/ngircd/conn-ssl.c
+++ src/ngircd/conn-ssl.c
@@ -311,8 +311,18 @@ ConnSSL_InitLibrary( void )
 		return false;
 	}
 
-	if (!ConnSSL_LoadServerKey_openssl(newctx))
+	if (!ConnSSL_LoadServerKey_openssl(newctx)) {
+		/* Failed to read new key but an old ssl context
+		 * already exists -> reuse old context */
+		if (ssl_ctx) {
+		        SSL_CTX_free(newctx);
+	                Log(LOG_WARNING,
+			"Re-Initializing of SSL failed, using old keys!");
+			return true;
+		}
+		/* No preexisting old context -> error. */
 		goto out;
+	}
 
 	if (SSL_CTX_set_cipher_list(newctx, Conf_SSLOptions.CipherList) == 0) {
 		Log(LOG_ERR, "Failed to apply OpenSSL cipher list \"%s\"!",
blob - f7ae4f45708084f04a375f9482a2ad3913f36d97
blob + 8275123e6acd433a555f4e130a11faa10205ab47
--- src/ngircd/sighandlers.c
+++ src/ngircd/sighandlers.c
@@ -132,7 +132,7 @@ Rehash(void)
 
 	if (!ConnSSL_InitLibrary())
 		Log(LOG_WARNING,
-		    "Re-Initializing of SSL failed, using old keys!");
+		    "Re-Initializing of SSL failed!");
 
 	/* Start listening on sockets */
 	Conn_InitListeners( );