From 07796fd8d372aded52f47d93e57154dccb640fce Mon Sep 17 00:00:00 2001 From: deuce <> Date: Thu, 1 Mar 2018 19:09:47 +0000 Subject: [PATCH] Open the certificate keyset in readonly mode when we're not going to write. --- src/sbbs3/ssl.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/src/sbbs3/ssl.c b/src/sbbs3/ssl.c index fc7553e78e..d17b14d591 100644 --- a/src/sbbs3/ssl.c +++ b/src/sbbs3/ssl.c @@ -100,10 +100,9 @@ CRYPT_CONTEXT DLLCALL get_ssl_cert(scfg_t *cfg, char estr[SSL_ESTR_LEN]) if(!do_cryptInit()) return -1; pthread_mutex_lock(&ssl_cert_mutex); - memset(&ssl_context, 0, sizeof(ssl_context)); /* Get the certificate... first try loading it from a file... */ SAFEPRINTF2(str,"%s%s",cfg->ctrl_dir,"ssl.cert"); - if(cryptStatusOK(cryptKeysetOpen(&ssl_keyset, CRYPT_UNUSED, CRYPT_KEYSET_FILE, str, CRYPT_KEYOPT_NONE))) { + if(cryptStatusOK(cryptKeysetOpen(&ssl_keyset, CRYPT_UNUSED, CRYPT_KEYSET_FILE, str, CRYPT_KEYOPT_READONLY))) { if(!DO(cryptGetPrivateKey(ssl_keyset, &ssl_context, CRYPT_KEYID_NAME, "ssl_cert", cfg->sys_pass))) { pthread_mutex_unlock(&ssl_cert_mutex); return -1; @@ -151,10 +150,9 @@ CRYPT_CONTEXT DLLCALL get_ssl_cert(scfg_t *cfg, char estr[SSL_ESTR_LEN]) cryptKeysetClose(ssl_keyset); cryptDestroyContext(ssl_context); // Finally, load it from the file. - if(cryptStatusOK(cryptKeysetOpen(&ssl_keyset, CRYPT_UNUSED, CRYPT_KEYSET_FILE, str, CRYPT_KEYOPT_NONE))) { + if(cryptStatusOK(cryptKeysetOpen(&ssl_keyset, CRYPT_UNUSED, CRYPT_KEYSET_FILE, str, CRYPT_KEYOPT_READONLY))) { if(!DO(cryptGetPrivateKey(ssl_keyset, &ssl_context, CRYPT_KEYID_NAME, "ssl_cert", cfg->sys_pass))) { - pthread_mutex_unlock(&ssl_cert_mutex); - return -1; + ssl_context = -1; } } } -- GitLab