is called, as OpenSSL has not yet been set up.
Make sure that these failures only raise a Bad() (which nobody is yet
listening to) rather than throwing an exception which gets caught
and reported as a failed-to-load config.
If none of the OpenSSL stuff is working chain_valid() will return false
but private_key_valid() will throw an exception (as it tries to get the
leaf certificate, causing a validity check).
}
}
- if (!_signer_chain->private_key_valid() || !_signer_chain->chain_valid()) {
+ if (!_signer_chain->chain_valid() || !_signer_chain->private_key_valid()) {
bad = BAD_SIGNER_INCONSISTENT;
}
- if (!_decryption_chain->private_key_valid() || !_decryption_chain->chain_valid()) {
+ if (!_decryption_chain->chain_valid() || !_decryption_chain->private_key_valid()) {
bad = BAD_DECRYPTION_INCONSISTENT;
}
*/
Config::drop ();
+ /* We only look out for bad configuration from here on, as before
+ dcpomatic_setup() we haven't got OpenSSL ready so there will be
+ incorrect certificate chain validity errors.
+ */
Config::Bad.connect (boost::bind(&App::config_bad, this, _1));
_frame = new DOMFrame (_("DCP-o-matic"));