From: Emeric Brun <ebrun@exceliance.fr>
Date: Thu, 15 Nov 2012 17:28:02 +0000 (+0100)
Subject: MINOR: conf: add warning if ssl is not enabled and a certificate is present on bind.
X-Git-Tag: v1.5-dev13~28
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c52962f292614c12e8489a4252193c586f9bb784;p=thirdparty%2Fhaproxy.git

MINOR: conf: add warning if ssl is not enabled and a certificate is present on bind.
---

diff --git a/src/cfgparse.c b/src/cfgparse.c
index 9ce0f2b0aa..13363dbccc 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -6671,14 +6671,19 @@ out_uri_auth_compat:
 				curproxy->be_req_ana |= AN_REQ_PRST_RDP_COOKIE;
 		}
 
+#ifdef USE_OPENSSL
 		/* Configure SSL for each bind line.
 		 * Note: if configuration fails at some point, the ->ctx member
 		 * remains NULL so that listeners can later detach.
 		 */
 		list_for_each_entry(bind_conf, &curproxy->conf.bind, by_fe) {
-			if (!bind_conf->is_ssl)
+			if (!bind_conf->is_ssl) {
+				if (bind_conf->default_ctx) {
+					Warning("Proxy '%s': A certificate was specified but SSL was not enabled on bind '%s' at [%s:%d] (use 'ssl').\n",
+					        curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
+				}
 				continue;
-#ifdef USE_OPENSSL
+			}
 			if (!bind_conf->default_ctx) {
 				Alert("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d] (use 'crt').\n",
 				      curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
@@ -6694,8 +6699,8 @@ out_uri_auth_compat:
 
 			/* initialize all certificate contexts */
 			cfgerr += ssl_sock_prepare_all_ctx(bind_conf, curproxy);
-#endif /* USE_OPENSSL */
 		}
+#endif /* USE_OPENSSL */
 
 		/* adjust this proxy's listeners */
 		next_id = 1;