This fixes an issue where rustls failed to validate the X509v1 certificate.
Tested with Amfora, av-98, and titan (https://github.com/mkeeter/titan)
This requires fresh certificates, which could break clients with strict
trust-on-first-use policies; unfortunately, it doesn't appear to be possible
to migrate v1 certificates to v3.
The open syscall will return a negative value if the call fails. Switch
the check to look for this instead of 0.
before:
[gmnisrv] generating certificate for localhost
gmnisrv: src/tls.c:68: tls_host_gencert: Assertion `pf' failed.
abort (core dumped) ./gmnisrv -C config.ini
after:
[gmnisrv] generating certificate for localhost
[gmnisrv] opening private key for writing failed: No such file or directory
[gmnisrv] TLS initialization failed
Signed-off-by: William Casarin <jb55@jb55.com>
We'll later want to set these on the SSL object (rather than SSL_CTX),
so move these into the host struct for later access.
We'll prefer to set it on the SSL object so that we can automatically
use an up-to-date certificate, per ~sircmpwn/gmni#26.
