0

I'm using lighty on an embedded device where power-users are allowed to manipulate the system configuration using an web interface. The users can upload an PEM file containing valid private key and certificate information.

Now I wonder how to avoid that lighty will not start if the file is corrupt? One idea is to check the file before installing it, but it seems that there is no easy solution.

My other idea is to configure lighty in a way that it will recognize the file is invalid (it does in fact) but it should not terminate. Instead it should run without SSL features, so HTTP only.

Is there a way to configure lighty for that? or is there a better solution?

Andi
  • 888
  • 2
  • 10
  • 24

1 Answers1

1

This should provide just enough check options for your need

openssl verify --help

You could use a perlscript to comment out any ssl related config block if the cert check fails, but that is beyond this question.

Of course you need to edit the init/service script which starts lighttpd/lighttpd.service

drahnr
  • 6,782
  • 5
  • 48
  • 75