openssl: change how we load DH parameters

The code already assumes the presence of fopen(3) and errno, and, by
extension, fclose(3) and strerror(3), so just use those instead of the
BIO wrappers.

Additionally, don't fail to initialise if the DH file does exist but
parsing it fails, as per the pre-existing comment about them being
optional.

diff --git a/librb/src/openssl.c b/librb/src/openssl.c
index aef767472da9420c1b7b03ce702780a1db690963..890adc7f94b65fc965cd2460ea92dbbb37fffc21 100644 (file)
--- a/librb/src/openssl.c
+++ b/librb/src/openssl.c
@@ -452,26 +452,25 @@ rb_setup_ssl_server(const char *certfile, const char *keyfile, const char *dhfil
        if(dhfile != NULL)
        {
                /* DH parameters aren't necessary, but they are nice..if they didn't pass one..that is their problem */
-               BIO *bio = BIO_new_file(dhfile, "r");
-               if(bio != NULL)
+               FILE *fp = fopen(dhfile, "r");
+               DH *dh = NULL;
+
+               if(fp == NULL)
                {
-                       DH *dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
-                       if(dh == NULL)
-                       {
-                               rb_lib_log
-                                       ("rb_setup_ssl_server: Error loading DH params file [%s]: %s",
-                                        dhfile, get_ssl_error(ERR_get_error()));
-                               BIO_free(bio);
-                               return 0;
-                       }
-                       BIO_free(bio);
-                       SSL_CTX_set_tmp_dh(ssl_server_ctx, dh);
-                       DH_free(dh);
+                       rb_lib_log("rb_setup_ssl_server: Error loading DH params file [%s]: %s",
+                                  dhfile, strerror(errno));
                }
-               else
+               else if(PEM_read_DHparams(fp, &dh, NULL, NULL) == NULL)
                {
                        rb_lib_log("rb_setup_ssl_server: Error loading DH params file [%s]: %s",
-                                  dhfile, get_ssl_error(ERR_get_error()));
+                                  dhfile, get_ssl_error(ERR_get_error()));
+                       fclose(fp);
+               }
+               else
+               {
+                       SSL_CTX_set_tmp_dh(ssl_server_ctx, dh);
+                       DH_free(dh);
+                       fclose(fp);
                }
        }