commit 3b431c09d97f86f40f0f57a5d6d2e08681b1c65d
from: Omar Polo <op@omarpolo.com>
date: Mon Aug 07 12:40:44 2023 UTC

try hard at loading the configuration during conftest (-n)

Attempt to do also a few more steps that were previously done only
at runtime.  This can help verifying that the keypairs are matching
for example, but also that there are no typos in the path to the
root directories.

Was requested some time ago by Marian Mizik, thanks for the feature
request!

commit - 9abba172b6f9ff373dd1e45d7b9587d3bdd0afcf
commit + 3b431c09d97f86f40f0f57a5d6d2e08681b1c65d
blob - e27d0796da5bdea0b04c358c7ce510a80fc41302
blob + 0f5fa96dcf0df504738f5889f53e0a8c28e65c8b
--- config.c
+++ config.c
@@ -742,7 +742,53 @@ config_recv(struct conf *conf, struct imsg *imsg)
 
 	default:
 		return -1;
+	}
+
+	return 0;
+}
+
+int
+config_test(struct conf *conf)
+{
+	struct vhost	*h;
+	struct address	*addr;
+	struct imsg	 imsg;
+	int		 fd;
+
+	TAILQ_FOREACH(h, &conf->hosts, vhosts) {
+		/* faking the imsgs for config_crypto_recv_kp */
+
+		if ((fd = open(h->cert_path, O_RDONLY)) == -1) {
+			log_warn("can't open %s", h->cert_path);
+			return -1;
+		}
+
+		memset(&imsg, 0, sizeof(imsg));
+		imsg.fd = fd;
+		imsg.hdr.type = IMSG_RECONF_CERT;
+		if (config_crypto_recv_kp(conf, &imsg) == -1)
+			return -1;
+
+		if ((fd = open(h->key_path, O_RDONLY)) == -1) {
+			log_warn("can't open %s", h->key_path);
+			return -1;
+		}
+
+		memset(&imsg, 0, sizeof(imsg));
+		imsg.fd = fd;
+		imsg.hdr.type = IMSG_RECONF_KEY;
+		if (config_crypto_recv_kp(conf, &imsg) == -1)
+			return -1;
 	}
 
+	TAILQ_FOREACH(addr, &conf->addrs, addrs) {
+		if ((addr->ctx = tls_server()) == NULL)
+			fatal("tls_server failed");
+		addr->sock = -1;
+	}
+
+	if (server_configure_done(conf))
+		return -1;
+
 	return 0;
 }
blob - 360feba7e9a21eb868b0f782f84d8bf62b90120c
blob + 5711f950a3fee9c6f355d2ea3464ce5997fd2426
--- gmid.c
+++ gmid.c
@@ -314,6 +314,8 @@ main(int argc, char **argv)
 	}
 
 	if (conftest) {
+		if (config_test(conf) == -1)
+			fatalx("failed to load the configuration");
 		fprintf(stderr, "config OK\n");
 		if (conftest > 1)
 			main_print_conf(conf);
blob - a29cfe44ea2f325c167cc7f725a3194c35688746
blob + 2006513c58a833e6e08a5e597e0b432216de8d8a
--- gmid.h
+++ gmid.h
@@ -374,6 +374,7 @@ struct conf	*config_new(void);
 void		 config_purge(struct conf *);
 int		 config_send(struct conf *);
 int		 config_recv(struct conf *, struct imsg *);
+int		 config_test(struct conf *);
 
 /* crypto.c */
 void		 crypto(struct privsep *, struct privsep_proc *);