Don't call get_ssl_cert() until the services thread is up.

Should fix possible issue with certificate being owned by root when _THREAD_SUID_BROKEN is true (ie: Linux).

Don't call get_ssl_cert() until the services thread is up.
b2538306 · deuce · 4486c080 · b2538306
Commit b2538306 authored 7 years ago by deuce
--- a/src/sbbs3/services.c
+++ b/src/sbbs3/services.c
@@ -1707,6 +1707,7 @@ void DLLCALL services_thread(void* arg)
 	struct timeval	tv;
 	service_client_t* client;
 	char			ssl_estr[SSL_ESTR_LEN];
+	BOOL			need_cert = FALSE;

 	services_ver();

@@ -1841,11 +1842,7 @@ void DLLCALL services_thread(void* arg)
 					continue;
 				}
 				if(scfg.tls_certificate == -1) {
-					get_ssl_cert(&scfg, ssl_estr);
-					if (scfg.tls_certificate == -1) {
-						lprintf(LOG_ERR, "Error creating TLS certificate: %s", ssl_estr);
-						continue;
-					}
+					need_cert = TRUE;
 				}
 			}
 			service[i].set=xpms_create(startup->bind_retry_count, startup->bind_retry_delay, lprintf);
@@ -1911,6 +1908,12 @@ void DLLCALL services_thread(void* arg)
 		if(startup->started!=NULL)
    		startup->started(startup->cbdata);

+		if (need_cert) {
+			get_ssl_cert(&scfg, ssl_estr);
+			if (scfg.tls_certificate == -1)
+				lprintf(LOG_ERR, "Error creating TLS certificate: %s", ssl_estr);
+		}
+
 		lprintf(LOG_INFO,"0000 Services thread started (%u service sockets bound)", total_sockets);

 		/* Main Server Loop */