logsrvd_relay_tls_ctx: Do not fall back on server TLS context

millert · millert · commit ddb9cfef517e · 2025-11-11T17:04:21.000-07:00
If a TLS-capable relay is enabled, logsrvd_config->relay.ssl_ctx will be set. Unlike the relay TLS settings, there is no reason to fall back on the main server TLS context if there is no relay TLS context. Found by the ZeroPath AI Security Engineer <https://zeropath.com>
diff --git a/logsrvd/logsrvd_conf.c b/logsrvd/logsrvd_conf.c
@@ -334,9 +334,7 @@ logsrvd_conf_relay_retry_interval(void)
 SSL_CTX *
 logsrvd_relay_tls_ctx(void)
 {
-    if (logsrvd_config->relay.ssl_ctx != NULL)
-	return logsrvd_config->relay.ssl_ctx;
-    return logsrvd_config->server.ssl_ctx;
+    return logsrvd_config->relay.ssl_ctx;
 }
 
 bool

Original file line number	Diff line number	Diff line change
`@@ -334,9 +334,7 @@ logsrvd_conf_relay_retry_interval(void)`
`334`	`334`	`SSL_CTX *`
`335`	`335`	`logsrvd_relay_tls_ctx(void)`
`336`	`336`	`{`
`337`		`- if (logsrvd_config->relay.ssl_ctx != NULL)`
`338`		`- return logsrvd_config->relay.ssl_ctx;`
`339`		`- return logsrvd_config->server.ssl_ctx;`
	`337`	`+ return logsrvd_config->relay.ssl_ctx;`
`340`	`338`	`}`
`341`	`339`
`342`	`340`	`bool`