Die if trust file load fails

3 files changed, 29 insertions, 8 deletions

diff --git a/src/libwaitress/waitress.c b/src/libwaitress/waitress.c
index f6d4d03..ebf254b 100644
--- a/src/libwaitress/waitress.c
+++ b/src/libwaitress/waitress.c
@@ -53,17 +53,21 @@ typedef struct {
 	size_t pos;
 } WaitressFetchBufCbBuffer_t;
 
-void WaitressInit (WaitressHandle_t *waith, const char *caPath) {
+WaitressReturn_t WaitressInit (WaitressHandle_t *waith, const char *caPath) {
 	assert (waith != NULL);
 
 	memset (waith, 0, sizeof (*waith));
 	waith->timeout = 30000;
 	if (caPath != NULL) {
 		gnutls_certificate_allocate_credentials (&waith->tlsCred);
-		gnutls_certificate_set_x509_trust_file (waith->tlsCred, caPath,
-				GNUTLS_X509_FMT_PEM);
+		if (gnutls_certificate_set_x509_trust_file (waith->tlsCred, caPath,
+				GNUTLS_X509_FMT_PEM) <= 0) {
+			return WAITRESS_RET_TLS_TRUSTFILE_ERR;
+		}
 		waith->tlsInitialized = true;
 	}
+
+	return WAITRESS_RET_OK;
 }
 
 void WaitressFree (WaitressHandle_t *waith) {
@@ -1162,6 +1166,10 @@ const char *WaitressErrorToStr (WaitressReturn_t wRet) {
 			return "TLS handshake failed.";
 			break;
 
+		case WAITRESS_RET_TLS_TRUSTFILE_ERR:
+			return "Loading root certificates failed.";
+			break;
+
 		default:
 			return "No error message available.";
 			break;
diff --git a/src/libwaitress/waitress.h b/src/libwaitress/waitress.h
index 8d4e5a4..e1cf303 100644
--- a/src/libwaitress/waitress.h
+++ b/src/libwaitress/waitress.h
@@ -77,6 +77,7 @@ typedef enum {
 	WAITRESS_RET_TLS_WRITE_ERR,
 	WAITRESS_RET_TLS_READ_ERR,
 	WAITRESS_RET_TLS_HANDSHAKE_ERR,
+	WAITRESS_RET_TLS_TRUSTFILE_ERR,
 } WaitressReturn_t;
 
 /*	reusable handle
@@ -109,7 +110,7 @@ typedef struct {
 	} request;
 } WaitressHandle_t;
 
-void WaitressInit (WaitressHandle_t *, const char *);
+WaitressReturn_t WaitressInit (WaitressHandle_t *, const char *);
 void WaitressFree (WaitressHandle_t *);
 bool WaitressSetProxy (WaitressHandle_t *, const char *);
 char *WaitressUrlEncode (const char *);
diff --git a/src/main.c b/src/main.c
index d4bf6fb..e14a88a 100644
--- a/src/main.c
+++ b/src/main.c
@@ -328,6 +328,7 @@ int main (int argc, char **argv) {
 	static BarApp_t app;
 	/* terminal attributes _before_ we started messing around with ~ECHO */
 	struct termios termOrig;
+	WaitressReturn_t wRet;
 
 	memset (&app, 0, sizeof (app));
 
@@ -344,10 +345,6 @@ int main (int argc, char **argv) {
 	BarSettingsInit (&app.settings);
 	BarSettingsRead (&app.settings);
 
-	WaitressInit (&app.waith, app.settings.tlsCaPath);
-	app.waith.url.host = strdup (PIANO_RPC_HOST);
-	app.waith.url.tls = true;
-
 	BarUiMsg (&app.settings, MSG_NONE,
 			"Welcome to " PACKAGE " (" VERSION ")! ");
 	if (app.settings.keys[BAR_KS_HELP] == BAR_KS_DISABLED) {
@@ -358,6 +355,20 @@ int main (int argc, char **argv) {
 				app.settings.keys[BAR_KS_HELP]);
 	}
 
+	if ((wRet = WaitressInit (&app.waith, app.settings.tlsCaPath)) != WAITRESS_RET_OK) {
+		if (wRet == WAITRESS_RET_TLS_TRUSTFILE_ERR) {
+			BarUiMsg (&app.settings, MSG_ERR, "Can't load root certificates. "
+					"Please check the tls_ca_path setting in your config file.\n");
+		} else {
+			BarUiMsg (&app.settings, MSG_ERR, "Can't initialize HTTP library: "
+					"%s\n", WaitressErrorToStr (wRet));
+		}
+		goto die;
+	}
+
+	app.waith.url.host = strdup (PIANO_RPC_HOST);
+	app.waith.url.tls = true;
+
 	/* init fds */
 	FD_ZERO(&app.input.set);
 	app.input.fds[0] = STDIN_FILENO;
@@ -377,6 +388,7 @@ int main (int argc, char **argv) {
 
 	BarMainLoop (&app);
 
+die:
 	if (app.input.fds[1] != -1) {
 		close (app.input.fds[1]);
 	}