diff options
| author | Carl Hetherington <cth@carlh.net> | 2019-05-04 01:03:43 +0100 |
|---|---|---|
| committer | Carl Hetherington <cth@carlh.net> | 2019-05-06 21:30:22 +0100 |
| commit | 7a3cbe047229b375c24c8d91ac6430d53bda3015 (patch) | |
| tree | d5ae5dd5e61a902b28ca40590d3d252240a3187b /src/lib | |
| parent | 9b2545bf5fd8fafd4108478519d9ae1f2f5b945f (diff) | |
Validation of certificate chains will fail before dcpomatic_setup()
is called, as OpenSSL has not yet been set up.
Make sure that these failures only raise a Bad() (which nobody is yet
listening to) rather than throwing an exception which gets caught
and reported as a failed-to-load config.
If none of the OpenSSL stuff is working chain_valid() will return false
but private_key_valid() will throw an exception (as it tries to get the
leaf certificate, causing a validity check).
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/config.cc | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/config.cc b/src/lib/config.cc index ea2a57939..74f916b21 100644 --- a/src/lib/config.cc +++ b/src/lib/config.cc @@ -487,11 +487,11 @@ try } } - if (!_signer_chain->private_key_valid() || !_signer_chain->chain_valid()) { + if (!_signer_chain->chain_valid() || !_signer_chain->private_key_valid()) { bad = BAD_SIGNER_INCONSISTENT; } - if (!_decryption_chain->private_key_valid() || !_decryption_chain->chain_valid()) { + if (!_decryption_chain->chain_valid() || !_decryption_chain->private_key_valid()) { bad = BAD_DECRYPTION_INCONSISTENT; } |