diff options
| author | Carl Hetherington <cth@carlh.net> | 2019-05-04 01:03:43 +0100 |
|---|---|---|
| committer | Carl Hetherington <cth@carlh.net> | 2019-05-08 23:25:22 +0100 |
| commit | 2a3016abff8efb4c5ea3e24aa2907e461ffd5a92 (patch) | |
| tree | 4319aa23dd061b4ab97943347ed1ed0258fb65a6 /src/lib | |
| parent | d985f168752bcd9649fa89fd887f08f15e65bb08 (diff) | |
Validation of certificate chains will fail before dcpomatic_setup()
is called, as OpenSSL has not yet been set up.
Make sure that these failures only raise a Bad() (which nobody is yet
listening to) rather than throwing an exception which gets caught
and reported as a failed-to-load config.
If none of the OpenSSL stuff is working chain_valid() will return false
but private_key_valid() will throw an exception (as it tries to get the
leaf certificate, causing a validity check).
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/config.cc | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/config.cc b/src/lib/config.cc index ea2a57939..74f916b21 100644 --- a/src/lib/config.cc +++ b/src/lib/config.cc @@ -487,11 +487,11 @@ try } } - if (!_signer_chain->private_key_valid() || !_signer_chain->chain_valid()) { + if (!_signer_chain->chain_valid() || !_signer_chain->private_key_valid()) { bad = BAD_SIGNER_INCONSISTENT; } - if (!_decryption_chain->private_key_valid() || !_decryption_chain->chain_valid()) { + if (!_decryption_chain->chain_valid() || !_decryption_chain->private_key_valid()) { bad = BAD_DECRYPTION_INCONSISTENT; } |