Extra consistency check to make sure that when TLS is requested, either we

set up a TLS connection or we return an error.

diff --git a/services/outside_network.c b/services/outside_network.c
index a4529ade52e0a79b462ae9e7104c0f846c48bae2..2504406670554442a38bc00b94a44ce017451b73 100644 (file)
--- a/services/outside_network.c
+++ b/services/outside_network.c
@@ -620,6 +620,15 @@ outnet_tcp_take_into_use(struct waiting_tcp* w)
        log_assert(w->addrlen > 0);
        pend->c->tcp_do_toggle_rw = 0;
        pend->c->tcp_do_close = 0;
+
+       /* Consistency check, if we have ssl_upstream but no sslctx, then
+        * log an error and return failure.
+        */
+       if (w->ssl_upstream && !w->outnet->sslctx) {
+               log_err("SSL upstream requested but no SSL context");
+               return 0;
+       }
+
        /* open socket */
        s = outnet_get_tcp_fd(&w->addr, w->addrlen, w->outnet->tcp_mss, w->outnet->ip_dscp);