nts: warn if server started without ntsdumpdir

If an NTS server is configured without ntsdumpdir, keys will not be
saved and reloaded after restart, which will cause existing cookies
to be invalidated and can cause a short-term denial of service if
the server has so many clients that it cannot handle them all
making an NTS-KE session within one polling interval.

Log a warning message if a server key+certificate is specified without
ntsdumpdir.

diff --git a/nts_ke_server.c b/nts_ke_server.c
index 37310797278f7dc4da258fc406b75e3b304c82dc..95c6a3d602446d3d93d375a4f5ab0bb56739107a 100644 (file)
--- a/nts_ke_server.c
+++ b/nts_ke_server.c
@@ -821,6 +821,11 @@ NKS_Initialise(void)
       key_delay = key_rotation_interval - (SCH_GetLastEventMonoTime() - last_server_key_ts);
       SCH_AddTimeoutByDelay(MAX(key_delay, 0.0), key_timeout, NULL);
     }
+
+    /* Warn if keys are not saved, which can cause a flood of requests
+       after server restart */
+    if (!CNF_GetNtsDumpDir())
+      LOG(LOGS_WARN, "No ntsdumpdir to save server keys");
   }
 
   initialised = 1;