Before, we would log the fact that we could not set the ciphers for
gnutls but still start. When a connection came in, dnsdist would crash.
rc = gnutls_priority_init(&d_priorityCache, fe.d_ciphers.empty() ? "NORMAL" : fe.d_ciphers.c_str(), nullptr);
if (rc != GNUTLS_E_SUCCESS) {
- warnlog("Error setting up TLS cipher preferences to %s (%s), skipping.", fe.d_ciphers.c_str(), gnutls_strerror(rc));
+ throw std::runtime_error("Error setting up TLS cipher preferences to '" + fe.d_ciphers + "' (" + gnutls_strerror(rc) + ") on " + fe.d_addr.toStringWithPort());
}
pthread_rwlock_init(&d_lock, nullptr);