swanctl: Fail loading a connection if loading a cacert constraint fails

diff --git a/src/swanctl/commands/load_conns.c b/src/swanctl/commands/load_conns.c
index de30d8eb402081c04508e779102c6dcdea1c0d00..6ee8b8785bda3a728be37619ffcdbe92fcb4386e 100644 (file)
--- a/src/swanctl/commands/load_conns.c
+++ b/src/swanctl/commands/load_conns.c
@@ -93,11 +93,12 @@ static void add_list_key(vici_req_t *req, char *key, char *value)
 /**
  * Add a vici list of blobs from a comma separated file list
  */
-static void add_file_list_key(vici_req_t *req, char *key, char *value)
+static bool add_file_list_key(vici_req_t *req, char *key, char *value)
 {
        enumerator_t *enumerator;
        chunk_t *map;
        char *token, buf[PATH_MAX];
+       bool ret = TRUE;
 
        vici_begin_list(req, key);
        enumerator = enumerator_create_token(value, ",", " ");
@@ -127,21 +128,26 @@ static void add_file_list_key(vici_req_t *req, char *key, char *value)
                }
                else
                {
-                       fprintf(stderr, "loading certificate '%s' failed: %s\n",
-                                       token, strerror(errno));
+                       fprintf(stderr, "loading %s certificate '%s' failed: %s\n",
+                                       key, token, strerror(errno));
+                       ret = FALSE;
+                       break;
                }
        }
        enumerator->destroy(enumerator);
        vici_end_list(req);
+
+       return ret;
 }
 
 /**
  * Translate setting key/values from a section into vici key-values/lists
  */
-static void add_key_values(vici_req_t *req, settings_t *cfg, char *section)
+static bool add_key_values(vici_req_t *req, settings_t *cfg, char *section)
 {
        enumerator_t *enumerator;
        char *key, *value;
+       bool ret = TRUE;
 
        enumerator = cfg->create_key_value_enumerator(cfg, section);
        while (enumerator->enumerate(enumerator, &key, &value))
@@ -152,34 +158,51 @@ static void add_key_values(vici_req_t *req, settings_t *cfg, char *section)
                }
                else if (is_file_list_key(key))
                {
-                       add_file_list_key(req, key, value);
+                       ret = add_file_list_key(req, key, value);
                }
                else
                {
                        vici_add_key_valuef(req, key, "%s", value);
                }
+               if (!ret)
+               {
+                       break;
+               }
        }
        enumerator->destroy(enumerator);
+
+       return ret;
 }
 
 /**
  * Translate a settings section to a vici section
  */
-static void add_sections(vici_req_t *req, settings_t *cfg, char *section)
+static bool add_sections(vici_req_t *req, settings_t *cfg, char *section)
 {
        enumerator_t *enumerator;
        char *name, buf[256];
+       bool ret = TRUE;
 
        enumerator = cfg->create_section_enumerator(cfg, section);
        while (enumerator->enumerate(enumerator, &name))
        {
                vici_begin_section(req, name);
                snprintf(buf, sizeof(buf), "%s.%s", section, name);
-               add_key_values(req, cfg, buf);
-               add_sections(req, cfg, buf);
+               ret = add_key_values(req, cfg, buf);
+               if (!ret)
+               {
+                       break;
+               }
+               ret = add_sections(req, cfg, buf);
+               if (!ret)
+               {
+                       break;
+               }
                vici_end_section(req);
        }
        enumerator->destroy(enumerator);
+
+       return ret;
 }
 
 /**
@@ -198,8 +221,12 @@ static bool load_conn(vici_conn_t *conn, settings_t *cfg,
        req = vici_begin("load-conn");
 
        vici_begin_section(req, section);
-       add_key_values(req, cfg, buf);
-       add_sections(req, cfg, buf);
+       if (!add_key_values(req, cfg, buf) ||
+               !add_sections(req, cfg, buf))
+       {
+               vici_free_req(req);
+               return FALSE;
+       }
        vici_end_section(req);
 
        res = vici_submit(req, conn);