| author | Alberto Bertogli
<albertito@blitiri.com.ar> 2016-11-24 10:09:11 UTC |
| committer | Alberto Bertogli
<albertito@blitiri.com.ar> 2016-11-24 10:09:11 UTC |
| parent | de099239339d4a7af5eb1d44692b95ce01ce8552 |
| internal/smtpsrv/server.go | +9 | -0 |
| test/t-01-simple_local/run.sh | +6 | -0 |
diff --git a/internal/smtpsrv/server.go b/internal/smtpsrv/server.go index 2e46c94..3e9cb92 100644 --- a/internal/smtpsrv/server.go +++ b/internal/smtpsrv/server.go @@ -155,6 +155,15 @@ func (s *Server) periodicallyReload() { } func (s *Server) ListenAndServe() { + if len(s.tlsConfig.Certificates) == 0 { + // chasquid assumes there's at least one valid certificate (for things + // like STARTTLS, user authentication, etc.), so we fail if none was + // found. + log.Errorf("No SSL/TLS certificates found") + log.Errorf("Ideally there should be a certificate for each MX you act as") + log.Fatalf("At least one valid certificate is needed") + } + // At this point the TLS config should be done, build the // name->certificate map (used by the TLS library for SNI). s.tlsConfig.BuildNameToCertificate() diff --git a/test/t-01-simple_local/run.sh b/test/t-01-simple_local/run.sh index 3691c3e..678349a 100755 --- a/test/t-01-simple_local/run.sh +++ b/test/t-01-simple_local/run.sh @@ -5,6 +5,12 @@ set -e init +# This should fail, as it has no certificates. +rm config/certs/testserver/*.pem +if chasquid -v=2 --logfile=.logs/chasquid.log --config_dir=config; then + fail "chasquid should not start without certificates" +fi + generate_certs_for testserver add_user user@testserver secretpassword add_user someone@testserver secretpassword