1 files changed, 55 insertions, 31 deletions

diff --git a/zyklonb.c b/zyklonb.c
index 4a04757..cd40254 100644
--- a/zyklonb.c
+++ b/zyklonb.c
@@ -1,7 +1,7 @@
 /*
  * zyklonb.c: the experimental IRC bot
  *
- * Copyright (c) 2014 - 2015, Přemysl Janouch <p.janouch@gmail.com>
+ * Copyright (c) 2014 - 2016, Přemysl Janouch <p.janouch@gmail.com>
  *
  * Permission to use, copy, modify, and/or distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -315,6 +315,51 @@ irc_get_boolean_from_config
 }
 
 static bool
+irc_initialize_ca_set (SSL_CTX *ssl_ctx, const char *file, const char *path,
+	struct error **e)
+{
+	ERR_clear_error ();
+
+	if (file || path)
+	{
+		if (SSL_CTX_load_verify_locations (ssl_ctx, file, path))
+			return true;
+
+		FAIL ("%s: %s", "failed to set locations for the CA certificate bundle",
+			ERR_reason_error_string (ERR_get_error ()));
+	}
+
+	if (!SSL_CTX_set_default_verify_paths (ssl_ctx))
+		FAIL ("%s: %s", "couldn't load the default CA certificate bundle",
+			ERR_reason_error_string (ERR_get_error ()));
+	return true;
+}
+
+static bool
+irc_initialize_ca (struct bot_context *ctx, struct error **e)
+{
+	const char *ca_file = str_map_find (&ctx->config, "tls_ca_file");
+	const char *ca_path = str_map_find (&ctx->config, "tls_ca_path");
+
+	char *full_file = ca_file
+		? resolve_filename (ca_file, resolve_relative_config_filename) : NULL;
+	char *full_path = ca_path
+		? resolve_filename (ca_path, resolve_relative_config_filename) : NULL;
+
+	bool ok = false;
+	if      (ca_file && !full_file)
+		error_set (e, "couldn't find the CA bundle file");
+	else if (ca_path && !full_path)
+		error_set (e, "couldn't find the CA bundle path");
+	else
+		ok = irc_initialize_ca_set (ctx->ssl_ctx, full_file, full_path, e);
+
+	free (full_file);
+	free (full_path);
+	return ok;
+}
+
+static bool
 irc_initialize_ssl_ctx (struct bot_context *ctx, struct error **e)
 {
 	// Disable deprecated protocols (see RFC 7568)
@@ -326,40 +371,19 @@ irc_initialize_ssl_ctx (struct bot_context *ctx, struct error **e)
 	SSL_CTX_set_verify (ctx->ssl_ctx,
 		verify ? SSL_VERIFY_PEER : SSL_VERIFY_NONE, NULL);
 
-	const char *ca_file = str_map_find (&ctx->config, "tls_ca_file");
-	const char *ca_path = str_map_find (&ctx->config, "tls_ca_path");
-
 	struct error *error = NULL;
-	if (ca_file || ca_path)
-	{
-		if (SSL_CTX_load_verify_locations (ctx->ssl_ctx, ca_file, ca_path))
-			return true;
-
-		error_set (&error, "%s: %s",
-			"failed to set locations for the CA certificate bundle",
-			ERR_reason_error_string (ERR_get_error ()));
-		goto ca_error;
-	}
-
-	if (!SSL_CTX_set_default_verify_paths (ctx->ssl_ctx))
+	if (!irc_initialize_ca (ctx, &error))
 	{
-		error_set (&error, "%s: %s",
-			"couldn't load the default CA certificate bundle",
-			ERR_reason_error_string (ERR_get_error ()));
-		goto ca_error;
-	}
-	return true;
+		if (verify)
+		{
+			error_propagate (e, error);
+			return false;
+		}
 
-ca_error:
-	if (verify)
-	{
-		error_propagate (e, error);
-		return false;
+		// Only inform the user if we're not actually verifying
+		print_warning ("%s", error->message);
+		error_free (error);
 	}
-
-	// Only inform the user if we're not actually verifying
-	print_warning ("%s", error->message);
-	error_free (error);
 	return true;
 }