From 7925c375c209f928116003ee59f8e45c61707046 Mon Sep 17 00:00:00 2001
From: Mikkel Krautz <mikkel@krautz.dk>
Date: Sat, 4 Mar 2017 19:07:24 +0100
Subject: Cert: reset Server's SSL state in initializeCert().

This changes Server::initializeCert() to always reset the
Server's SSL state before reloading it.

Previously, we didn't reset the state.

Not doing so *does* actually works for the case where we
load the certificate and key from the per-vserver configuration
in ServerDB.

However, it doesn't work when reading from Meta, because
the old Server::initializeCert() would only use the settings
from Meta if qscCert/qskKey were null.
---
 src/murmur/Cert.cpp | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'src/murmur/Cert.cpp')

diff --git a/src/murmur/Cert.cpp b/src/murmur/Cert.cpp
index aaf02fec4..43981ea42 100644
--- a/src/murmur/Cert.cpp
+++ b/src/murmur/Cert.cpp
@@ -85,6 +85,15 @@ QSslKey Server::privateKeyFromPEM(const QByteArray &buf, const QByteArray &pass)
 void Server::initializeCert() {
 	QByteArray crt, key, pass, dhparams;
 
+	// Clear all exising SSL settings
+	// for this server.
+	qscCert.clear();
+	qlIntermediates.clear();
+	qskKey.clear();
+#if defined(USE_QSSLDIFFIEHELLMANPARAMETERS)
+	qsdhpDHParams = QSslDiffieHellmanParameters();
+#endif
+
 	crt = getConf("certificate", QString()).toByteArray();
 	key = getConf("key", QString()).toByteArray();
 	pass = getConf("passphrase", QByteArray()).toByteArray();
-- 
cgit v1.2.3