Attach to events and register services in init()

[user/henk/code/inspircd.git] / src / modules / extra / m_ssl_gnutls.cpp

diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp
index db69b655780fdb002a89dd2b3b6bba0733ba21d8..a8a35fa78ee45bdcd4fd0abd9b608fb630cb62c7 100644 (file)
--- a/src/modules/extra/m_ssl_gnutls.cpp
+++ b/src/modules/extra/m_ssl_gnutls.cpp
@@ -42,6 +42,7 @@
 /* $ModDesc: Provides SSL support for clients */
 /* $CompileFlags: pkgconfincludes("gnutls","/gnutls/gnutls.h","") exec("libgcrypt-config --cflags") */
 /* $LinkerFlags: rpath("pkg-config --libs gnutls") pkgconflibs("gnutls","/libgnutls.so","-lgnutls") exec("libgcrypt-config --libs") */
+/* $NoPedantic */
 
 // These don't exist in older GnuTLS versions
 #if(GNUTLS_VERSION_MAJOR < 2)
@@ -341,12 +342,23 @@ class ModuleSSLGnuTLS : public Module
                gnutls_datum_t key_datum = { (unsigned char*)key_string.data(), static_cast<unsigned int>(key_string.length()) };
 
                // If this fails, no SSL port will work. At all. So, do the smart thing - throw a ModuleException
-               unsigned int certcount = Conf->getInt("certcount", 3);
+               unsigned int certcount = 3;
                x509_certs.resize(certcount);
                ret = gnutls_x509_crt_list_import(&x509_certs[0], &certcount, &cert_datum, GNUTLS_X509_FMT_PEM, GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED);
-               if (ret < 0)
-                       throw ModuleException("Unable to load GnuTLS server certificate (" + certfile + "): " + std::string(gnutls_strerror(ret)));
-               x509_certs.resize(certcount);
+               if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
+               {
+                       // the buffer wasn't big enough to hold all certs but gnutls updated certcount to the number of available certs, try again with a bigger buffer
+                       x509_certs.resize(certcount);
+                       ret = gnutls_x509_crt_list_import(&x509_certs[0], &certcount, &cert_datum, GNUTLS_X509_FMT_PEM, GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED);
+               }
+
+               if (ret <= 0)
+               {
+                       // clear the vector so we won't call gnutls_x509_crt_deinit() on the (uninited) certs later
+                       x509_certs.clear();
+                       throw ModuleException("Unable to load GnuTLS server certificate (" + certfile + "): " + ((ret < 0) ? (std::string(gnutls_strerror(ret))) : "No certs could be read"));
+               }
+               x509_certs.resize(ret);
 
                if((ret = gnutls_x509_privkey_import(x509_key, &key_datum, GNUTLS_X509_FMT_PEM)) < 0)
                        throw ModuleException("Unable to load GnuTLS server private key (" + keyfile + "): " + std::string(gnutls_strerror(ret)));