return -1;
}
+ if (enforce_sane_certificate_state(cert_opt.output_file,
+ cert_opt.subject_key))
+ {
+ freez(cert_opt.output_file);
+ freez(cert_opt.subject_key);
+
+ return -1;
+ }
+
if (file_exists(cert_opt.output_file) == 1)
{
/* The file exists, but is it valid? */
}
}
- if (file_exists(cert_opt.output_file) == 0 &&
- file_exists(cert_opt.subject_key) == 1)
- {
- log_error(LOG_LEVEL_ERROR,
- "A website key already exists but there's no matching certificate. "
- "Removing %s before creating a new key and certificate.",
- cert_opt.subject_key);
- if (unlink(cert_opt.subject_key))
- {
- log_error(LOG_LEVEL_ERROR, "Failed to unlink %s: %E",
- cert_opt.subject_key);
-
- freez(cert_opt.output_file);
- freez(cert_opt.subject_key);
-
- return -1;
- }
- }
-
/*
* Create key for requested host
*/
return -1;
}
+ if (enforce_sane_certificate_state(cert_opt.output_file,
+ cert_opt.subject_key))
+ {
+ freez(cert_opt.output_file);
+ freez(cert_opt.subject_key);
+
+ return -1;
+ }
+
if (file_exists(cert_opt.output_file) == 1)
{
/* The file exists, but is it valid? */
}
}
- if (file_exists(cert_opt.output_file) == 0 &&
- file_exists(cert_opt.subject_key) == 1)
- {
- log_error(LOG_LEVEL_ERROR,
- "A website key already exists but there's no matching certificate. "
- "Removing %s before creating a new key and certificate.",
- cert_opt.subject_key);
- if (unlink(cert_opt.subject_key))
- {
- log_error(LOG_LEVEL_ERROR, "Failed to unlink %s: %E",
- cert_opt.subject_key);
-
- freez(cert_opt.output_file);
- freez(cert_opt.subject_key);
-
- return -1;
- }
- }
-
/*
* Create key for requested host
*/
#include <string.h>
#include <ctype.h>
+#include <unistd.h>
#include "config.h"
#include "project.h"
#include "miscutil.h"
return 1;
}
+
+
+/*********************************************************************
+ *
+ * Function : enforce_sane_certificate_state
+ *
+ * Description : Makes sure the certificate state is sane.
+ *
+ * Parameters :
+ * 1 : certificate = Path to the potentionally existing certifcate.
+ * 2 : key = Path to the potentionally existing key.
+ *
+ * Returns : -1 => Error
+ * 0 => Certificate state is sane
+ *
+ *********************************************************************/
+extern int enforce_sane_certificate_state(const char *certificate, const char *key)
+{
+ if (file_exists(certificate) == 0 && file_exists(key) == 1)
+ {
+ log_error(LOG_LEVEL_ERROR,
+ "A website key already exists but there's no matching certificate. "
+ "Removing %s before creating a new key and certificate.", key);
+ if (unlink(key))
+ {
+ log_error(LOG_LEVEL_ERROR, "Failed to unlink %s: %E", key);
+
+ return -1;
+ }
+ }
+
+ return 0;
+
+}
extern int get_certificate_valid_from_date(char *buffer, size_t buffer_size, const char *fmt);
extern int get_certificate_valid_to_date(char *buffer, size_t buffer_size, const char *fmt);
extern int host_is_ip_address(const char *host);
+extern int enforce_sane_certificate_state(const char *certificate, const char *key);
#endif /* ndef SSL_COMMON_H_INCLUDED */