resolve tls_dhparam after configure.

src/config.c

@@ -304,6 +304,7 @@ void
 kore_parse_config(void)
 {
 	FILE		*fp;
+	BIO		*bio;
 	char		path[PATH_MAX];
 
 	if (finalized)
@@ -327,6 +328,17 @@ kore_parse_config(void)
 		(void)fclose(fp);
 	}
 
+	if (tls_dhparam == NULL) {
+		if ((bio = BIO_new_file(KORE_DHPARAM_PATH, "r")) == NULL)
+			fatal("failed to open %s", KORE_DHPARAM_PATH);
+
+		tls_dhparam = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
+		BIO_free(bio);
+
+		if (tls_dhparam == NULL)
+			fatal("PEM_read_bio_DHparams(): %s", ssl_errno_s);
+	}
+
 	if (!kore_module_loaded())
 		fatal("no application module was loaded");
 
@@ -341,17 +353,14 @@ kore_parse_config(void)
 		}
 	}
 
-	if (getuid() != 0 && skip_chroot == 0) {
+	if (getuid() != 0 && skip_chroot == 0)
 		fatal("cannot chroot, use -n to skip it");
-	}
 
-	if (skip_runas != 1 && kore_runas_user == NULL) {
+	if (skip_runas != 1 && kore_runas_user == NULL)
 		fatal("missing runas user, use -r to skip it");
-	}
 
-	if (getuid() != 0 && skip_runas == 0) {
+	if (getuid() != 0 && skip_runas == 0)
 		fatal("cannot drop privileges, use -r to skip it");
-	}
 
 	if (skip_runas) {
 		if (!kore_quiet)

src/domain.c

@@ -222,7 +222,6 @@ kore_domain_tlsinit(struct kore_domain *dom, int type,
 {
 	const u_int8_t		*ptr;
 	RSA			*rsa;
-	BIO			*bio;
 	X509			*x509;
 	EVP_PKEY		*pkey;
 	STACK_OF(X509_NAME)	*certs;
@@ -327,16 +326,8 @@ kore_domain_tlsinit(struct kore_domain *dom, int type,
 		    dom->domain, ssl_errno_s);
 	}
 
-	if (tls_dhparam == NULL) {
-		if ((bio = BIO_new_file(KORE_DHPARAM_PATH, "r")) == NULL)
-			fatal("failed to open %s", KORE_DHPARAM_PATH);
-
-		tls_dhparam = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
-		BIO_free(bio);
-
-		if (tls_dhparam == NULL)
-			fatal("PEM_read_bio_DHparams(): %s", ssl_errno_s);
-	}
+	if (tls_dhparam == NULL)
+		fatal("no DH parameters specified");
 
 	SSL_CTX_set_tmp_dh(dom->ssl_ctx, tls_dhparam);
 	SSL_CTX_set_options(dom->ssl_ctx, SSL_OP_SINGLE_DH_USE);