Merge pull request #1871 from PascalWithopf/relp_certificate

omrelp/imrelp: fix certificate check
2025-12-20 00:20:42 +01:00 · 2017-10-25 17:13:48 +02:00 · 2017-10-25 17:13:48 +02:00 · 09cff653f7
commit 09cff653f7
parent f02271360f d67f72979e
5 changed files with 49 additions and 9 deletions
--- a/plugins/imrelp/imrelp.c
+++ b/plugins/imrelp/imrelp.c
@ -514,8 +514,9 @@ CODESTARTnewInpInst
 				errmsg.LogError(0, RS_RET_NO_FILE_ACCESS,
 				"error: certificate file %s couldn't be accessed: %s\n",
 				inst->caCertFile, errStr);
+			} else {
+				fclose(fp);
 			}
-			fclose(fp);
 		} else if(!strcmp(inppblk.descr[i].name, "tls.mycert")) {
 			inst->myCertFile = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
 			fp = fopen((const char*)inst->myCertFile, "r");
@ -525,8 +526,9 @@ CODESTARTnewInpInst
 				errmsg.LogError(0, RS_RET_NO_FILE_ACCESS,
 				"error: certificate file %s couldn't be accessed: %s\n",
 				inst->myCertFile, errStr);
+			} else {
+				fclose(fp);
 			}
-			fclose(fp);
 		} else if(!strcmp(inppblk.descr[i].name, "tls.myprivkey")) {
 			inst->myPrivKeyFile = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
 			fp = fopen((const char*)inst->myPrivKeyFile, "r");
@ -536,8 +538,9 @@ CODESTARTnewInpInst
 				errmsg.LogError(0, RS_RET_NO_FILE_ACCESS,
 				"error: certificate file %s couldn't be accessed: %s\n",
 				inst->myPrivKeyFile, errStr);
+			} else {
+				fclose(fp);
 			}
-			fclose(fp);
 		} else if(!strcmp(inppblk.descr[i].name, "tls.permittedpeer")) {
 			inst->permittedPeers.nmemb = pvals[i].val.d.ar->nmemb;
 			CHKmalloc(inst->permittedPeers.name =
--- a/plugins/omrelp/omrelp.c
+++ b/plugins/omrelp/omrelp.c
@ -378,8 +378,9 @@ CODESTARTnewActInst
 				errmsg.LogError(0, RS_RET_NO_FILE_ACCESS,
 				"error: certificate file %s couldn't be accessed: %s\n",
 				pData->caCertFile, errStr);
+			} else {
+				fclose(fp);
 			}
-			fclose(fp);
 		} else if(!strcmp(actpblk.descr[i].name, "tls.mycert")) {
 			pData->myCertFile = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
 			fp = fopen((const char*)pData->myCertFile, "r");
@ -389,8 +390,9 @@ CODESTARTnewActInst
 				errmsg.LogError(0, RS_RET_NO_FILE_ACCESS,
 				"error: certificate file %s couldn't be accessed: %s\n",
 				pData->myCertFile, errStr);
+			} else {
+				fclose(fp);
 			}
-			fclose(fp);
 		} else if(!strcmp(actpblk.descr[i].name, "tls.myprivkey")) {
 			pData->myPrivKeyFile = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
 			fp = fopen((const char*)pData->myPrivKeyFile, "r");
@ -400,8 +402,9 @@ CODESTARTnewActInst
 				errmsg.LogError(0, RS_RET_NO_FILE_ACCESS,
 				"error: certificate file %s couldn't be accessed: %s\n",
 				pData->myPrivKeyFile, errStr);
+			} else {
+				fclose(fp);
 			}
-			fclose(fp);
 		} else if(!strcmp(actpblk.descr[i].name, "tls.authmode")) {
 			pData->authmode = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
 		} else if(!strcmp(actpblk.descr[i].name, "tls.permittedpeer")) {
--- a/runtime/tcpsrv.c
+++ b/runtime/tcpsrv.c
@ -408,7 +408,8 @@ create_tcp_socket(tcpsrv_t *pThis)
 		localRet = initTCPListener(pThis, pEntry);
 		if(localRet != RS_RET_OK) {
 			errmsg.LogError(0, localRet, "Could not create tcp listener, ignoring port "
-			"%s bind-address %s.", pEntry->pszPort, pEntry->pszAddr);
+			"%s bind-address %s.", pEntry->pszPort,
+			(pEntry->pszAddr == NULL) ? "(null)" : (const char*)pEntry->pszAddr);
 		}
 		pEntry = pEntry->pNext;
 	}
@ -1180,7 +1181,8 @@ static rsRetVal
 SetGnutlsPriorityString(tcpsrv_t *pThis, uchar *iVal)
 {
 	DEFiRet;
-	DBGPRINTF("tcpsrv: gnutlsPriorityString set to %s\n", iVal);
+	DBGPRINTF("tcpsrv: gnutlsPriorityString set to %s\n",
+		(iVal == NULL) ? "(null)" : (const char*) iVal);
 	pThis->gnutlsPriorityString = iVal;
 	RETiRet;
 }
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@ -591,7 +591,8 @@ TESTS += sndrcv_relp.sh \
 	 imrelp-manyconn.sh
 if ENABLE_GNUTLS
 TESTS += \
-         sndrcv_relp_tls.sh
+         sndrcv_relp_tls.sh \
+         relp_tls_certificate_not_found.sh
 endif
 endif

@ -1176,6 +1177,7 @@ EXTRA_DIST= \
 	sndrcv_relp_tls.sh \
 	testsuites/sndrcv_relp_tls_sender.conf \
 	testsuites/sndrcv_relp_tls_rcvr.conf \
+	relp_tls_certificate_not_found.sh \
 	sndrcv_relp_dflt_pt.sh \
 	testsuites/sndrcv_relp_dflt_pt_rcvr.conf \
 	testsuites/sndrcv_relp_dflt_pt_sender.conf \
--- a/tests/relp_tls_certificate_not_found.sh
+++ b/tests/relp_tls_certificate_not_found.sh
@ -0,0 +1,30 @@
+#!/bin/bash
+# add 2017-09-21 by Pascal Withopf, released under ASL 2.0
+. $srcdir/diag.sh init
+. $srcdir/diag.sh generate-conf
+. $srcdir/diag.sh add-conf '
+
+module(load="../plugins/omrelp/.libs/omrelp")
+module(load="../plugins/imtcp/.libs/imtcp")
+input(type="imtcp" port="13514" ruleset="ruleset")
+input(type="imtcp" port="13514")
+
+ruleset(name="ruleset") {
+	action(type="omrelp" target="127.0.0.1" port="10514" tls="on" tls.authMode="name" tls.caCert="tls-certs/ca.pem" tls.myCert="tls-certs/fake-cert.pem" tls.myPrivKey="tls-certs/fake-key.pem" tls.permittedPeer=["rsyslog-test-root-ca"])
+}
+
+action(type="omfile" file="rsyslog.out.log")
+'
+. $srcdir/diag.sh startup
+. $srcdir/diag.sh shutdown-when-empty
+. $srcdir/diag.sh wait-shutdown
+
+grep "certificate file tls-certs/fake-cert.pem.*No such file" rsyslog.out.log > /dev/null
+if [ $? -ne 0 ]; then
+        echo
+        echo "FAIL: expected error message from missing input file not found. rsyslog.out.log is:"
+        cat rsyslog.out.log
+        . $srcdir/diag.sh error-exit 1
+fi
+
+. $srcdir/diag.sh exit