diff options
| author | Carl Hetherington <cth@carlh.net> | 2019-05-04 01:03:43 +0100 |
|---|---|---|
| committer | Carl Hetherington <cth@carlh.net> | 2019-05-10 23:43:42 +0100 |
| commit | 248fe9bd28d93a9e269093b4dfbec5d0ceb49ce1 (patch) | |
| tree | 0928f8db4fca7c72144d402c92986cad626bec38 /src/lib | |
| parent | be3402b1fa27c9c35b043fd88cef93a88b17c6de (diff) | |
Validation of certificate chains will fail before dcpomatic_setup()
is called, as OpenSSL has not yet been set up.
Make sure that these failures only raise a Bad() (which nobody is yet
listening to) rather than throwing an exception which gets caught
and reported as a failed-to-load config.
If none of the OpenSSL stuff is working chain_valid() will return false
but private_key_valid() will throw an exception (as it tries to get the
leaf certificate, causing a validity check).
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/config.cc | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/config.cc b/src/lib/config.cc index ea2a57939..74f916b21 100644 --- a/src/lib/config.cc +++ b/src/lib/config.cc @@ -487,11 +487,11 @@ try } } - if (!_signer_chain->private_key_valid() || !_signer_chain->chain_valid()) { + if (!_signer_chain->chain_valid() || !_signer_chain->private_key_valid()) { bad = BAD_SIGNER_INCONSISTENT; } - if (!_decryption_chain->private_key_valid() || !_decryption_chain->chain_valid()) { + if (!_decryption_chain->chain_valid() || !_decryption_chain->private_key_valid()) { bad = BAD_DECRYPTION_INCONSISTENT; } |