gnutls_free(server->dnstls_data.session_data.data);
}
-void dnstls_manager_init(Manager *manager) {
+int dnstls_manager_init(Manager *manager) {
int r;
assert(manager);
- gnutls_certificate_allocate_credentials(&manager->dnstls_data.cert_cred);
- r = gnutls_certificate_set_x509_trust_file(manager->dnstls_data.cert_cred, manager->trusted_certificate_file, GNUTLS_X509_FMT_PEM);
+ r = gnutls_certificate_allocate_credentials(&manager->dnstls_data.cert_cred);
if (r < 0)
- log_error("Failed to load trusted certificate file %s: %s", manager->trusted_certificate_file, gnutls_strerror(r));
+ return -ENOMEM;
+
+ return 0;
}
void dnstls_manager_free(Manager *manager) {
SSL_SESSION_free(server->dnstls_data.session);
}
-void dnstls_manager_init(Manager *manager) {
+int dnstls_manager_init(Manager *manager) {
int r;
assert(manager);
ERR_load_crypto_strings();
SSL_load_error_strings();
manager->dnstls_data.ctx = SSL_CTX_new(TLS_client_method());
- if (manager->dnstls_data.ctx) {
- SSL_CTX_set_min_proto_version(manager->dnstls_data.ctx, TLS1_2_VERSION);
- SSL_CTX_set_options(manager->dnstls_data.ctx, SSL_OP_NO_COMPRESSION);
- }
+
+ if (!manager->dnstls_data.ctx)
+ return -ENOMEM;
+
+ SSL_CTX_set_min_proto_version(manager->dnstls_data.ctx, TLS1_2_VERSION);
+ SSL_CTX_set_options(manager->dnstls_data.ctx, SSL_OP_NO_COMPRESSION);
+
+ return 0;
}
void dnstls_manager_free(Manager *manager) {
void dnstls_server_free(DnsServer *server);
-void dnstls_manager_init(Manager *manager);
+int dnstls_manager_init(Manager *manager);
void dnstls_manager_free(Manager *manager);
log_warning_errno(r, "Failed to parse configuration file: %m");
#if ENABLE_DNS_OVER_TLS
- dnstls_manager_init(m);
+ r = dnstls_manager_init(m);
+ if (r < 0)
+ return r;
#endif
r = sd_event_default(&m->event);