From: W.C.A. Wijngaards Date: Fri, 17 Apr 2026 07:34:06 +0000 (+0200) Subject: - Fix setup of ssl context copy, to check for the tls service X-Git-Tag: release-1.25.0rc1~27 X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=8d434bf744efe8b820ee1c5782c9c35d4fa0e3e3;p=thirdparty%2Funbound.git - Fix setup of ssl context copy, to check for the tls service pem option for stat calls. --- diff --git a/daemon/daemon.c b/daemon/daemon.c index 286e6a9c2..8678aa124 100644 --- a/daemon/daemon.c +++ b/daemon/daemon.c @@ -336,11 +336,16 @@ daemon_setup_sslctxs(struct daemon* daemon, struct config_file* cfg) &daemon->mtime_ns_ssl_service_key, NULL)) log_err("Could not stat(%s): %s", key, strerror(errno)); - if(!file_get_mtime(pem, - &daemon->mtime_ssl_service_pem, - &daemon->mtime_ns_ssl_service_pem, NULL)) - log_err("Could not stat(%s): %s", - pem, strerror(errno)); + if(pem) { + if(!file_get_mtime(pem, + &daemon->mtime_ssl_service_pem, + &daemon->mtime_ns_ssl_service_pem, NULL)) + log_err("Could not stat(%s): %s", + pem, strerror(errno)); + } else { + daemon->mtime_ssl_service_pem = 0; + daemon->mtime_ns_ssl_service_pem = 0; + } } daemon->connect_dot_sslctx = daemon_setup_connect_dot_sslctx( daemon, cfg); @@ -403,16 +408,18 @@ ssl_cert_changed(struct daemon* daemon, struct config_file* cfg) if(mtime != daemon->mtime_ssl_service_key || ns != daemon->mtime_ns_ssl_service_key) return 1; - if(!file_get_mtime(pem, &mtime, &ns, NULL)) { - log_err("Could not stat(%s): %s", - pem, strerror(errno)); - /* It has probably changed, but file read is likely going to - * fail. */ - return 0; + if(pem) { + if(!file_get_mtime(pem, &mtime, &ns, NULL)) { + log_err("Could not stat(%s): %s", + pem, strerror(errno)); + /* It has probably changed, but file read is likely going to + * fail. */ + return 0; + } + if(mtime != daemon->mtime_ssl_service_pem || + ns != daemon->mtime_ns_ssl_service_pem) + return 1; } - if(mtime != daemon->mtime_ssl_service_pem || - ns != daemon->mtime_ns_ssl_service_pem) - return 1; return 0; } diff --git a/doc/Changelog b/doc/Changelog index 51cfab93a..478a549cd 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,6 +1,8 @@ 17 April 2026: Wouter - Fix setup of ssl context copy of the tls service pem option, from a clang analyzer warning. + - Fix setup of ssl context copy, to check for the tls service + pem option for stat calls. 16 April 2026: Yorgos - Merge #1406: Introduce new 'tls-protocols' configuration option.