core: Require TLS cert to be loaded if --require-ssl is used

[quassel.git] / src / core / sslserver.cpp

diff --git a/src/core/sslserver.cpp b/src/core/sslserver.cpp
index 9c3c7ed..c93f486 100644 (file)
--- a/src/core/sslserver.cpp
+++ b/src/core/sslserver.cpp
@@ -49,6 +49,12 @@ SslServer::SslServer(QObject* parent)
 
     // Initialize the certificates for first-time usage
     if (!loadCerts()) {
 
     // Initialize the certificates for first-time usage
     if (!loadCerts()) {

+        // If the core is unable to load a certificate, and "--require-ssl" is specified,
+        // do not proceed, throw an exception and quit. This prevents the core from falling
+        // back to a plaintext-only core when they should be expecting SSL/TLS only.
+        if (Quassel::isOptionSet("require-ssl")) {
+            throw ExitException{EXIT_FAILURE, tr("--require-ssl is set, but no SSL certificate is available. Exiting.")};
+        }

         if (!sslWarningShown) {
             qWarning() << "SslServer: Unable to set certificate file\n"
                        << "          Quassel Core will still work, but cannot provide SSL for client connections.\n"
         if (!sslWarningShown) {
             qWarning() << "SslServer: Unable to set certificate file\n"
                        << "          Quassel Core will still work, but cannot provide SSL for client connections.\n"