X-Git-Url: https://git.quassel-irc.org/?a=blobdiff_plain;f=src%2Fcore%2Fsslserver.cpp;h=cf98bc2f6c790b6d9dfa3be0ab215c02e741cf04;hb=24c7de34254b5de4cf28045a6923a527e06f7290;hp=9c3c7edc15fde749230164c77249990a1dc87e6b;hpb=99055e8e4a83c234ae424cc225d3a7aa17c1544b;p=quassel.git

diff --git a/src/core/sslserver.cpp b/src/core/sslserver.cpp
index 9c3c7edc..cf98bc2f 100644
--- a/src/core/sslserver.cpp
+++ b/src/core/sslserver.cpp
@@ -1,5 +1,5 @@
 /***************************************************************************
- *   Copyright (C) 2005-2020 by the Quassel Project                        *
+ *   Copyright (C) 2005-2022 by the Quassel Project                        *
  *   devel@quassel-irc.org                                                 *
  *                                                                         *
  *   This program is free software; you can redistribute it and/or modify  *
@@ -49,6 +49,13 @@ SslServer::SslServer(QObject* parent)
 
     // Initialize the certificates for first-time usage
     if (!loadCerts()) {
+        // If the core is unable to load a certificate, and "--require-ssl" is specified,
+        // do not proceed, throw an exception and quit. This prevents the core from falling
+        // back to a plaintext-only core when they should be expecting SSL/TLS only.
+        if (Quassel::isOptionSet("require-ssl")) {
+            throw ExitException{EXIT_FAILURE, tr("--require-ssl is set, but no SSL certificate is available. Exiting.\n"
+                                                 "Please see https://quassel-irc.org/faq/cert to learn how to enable SSL support.")};
+        }
         if (!sslWarningShown) {
             qWarning() << "SslServer: Unable to set certificate file\n"
                        << "          Quassel Core will still work, but cannot provide SSL for client connections.\n"