From: Pieter Lexis <pieter.lexis@powerdns.com>
Date: Thu, 11 Apr 2019 15:30:20 +0000 (+0200)
Subject: dnsdist: exit when setting ciphers fails (GNUTLS)
X-Git-Tag: dnsdist-1.4.0-alpha2~27^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F7718%2Fhead;p=thirdparty%2Fpdns.git

dnsdist: exit when setting ciphers fails (GNUTLS)

Before, we would log the fact that we could not set the ciphers for
gnutls but still start. When a connection came in, dnsdist would crash.
---

diff --git a/pdns/dnsdistdist/tcpiohandler.cc b/pdns/dnsdistdist/tcpiohandler.cc
index 3ee1f46c35..32731c85b5 100644
--- a/pdns/dnsdistdist/tcpiohandler.cc
+++ b/pdns/dnsdistdist/tcpiohandler.cc
@@ -958,7 +958,7 @@ public:
 
     rc = gnutls_priority_init(&d_priorityCache, fe.d_ciphers.empty() ? "NORMAL" : fe.d_ciphers.c_str(), nullptr);
     if (rc != GNUTLS_E_SUCCESS) {
-      warnlog("Error setting up TLS cipher preferences to %s (%s), skipping.", fe.d_ciphers.c_str(), gnutls_strerror(rc));
+      throw std::runtime_error("Error setting up TLS cipher preferences to '" + fe.d_ciphers + "' (" + gnutls_strerror(rc) + ") on " + fe.d_addr.toStringWithPort());
     }
 
     pthread_rwlock_init(&d_lock, nullptr);