From 059d44027018f1eaa69d3a0f9779da78eb651ced Mon Sep 17 00:00:00 2001
From: tjpcc <tjp@ctrl-c.club>
Date: Tue, 10 Oct 2023 18:30:22 -0600
Subject: identify and error on conflicting servertls directives on merged
 gemini servers

fixes #7
---
 gemini.go |  7 +++++++
 parse.go  | 14 +++++++++-----
 types.go  |  3 +++
 3 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/gemini.go b/gemini.go
index 975b62b..f48f3ac 100644
--- a/gemini.go
+++ b/gemini.go
@@ -59,9 +59,16 @@ func buildGeminiServers(servers []Server, config *Configuration) ([]sr.Server, e
 		}
 
 		var tlsConfig *tls.Config
+		var keyfile, certfile string
 		for _, config := range configs {
+			if (keyfile != "" && config.tlsKeyFile == keyfile) || (certfile != "" && config.tlsCertFile == certfile) {
+				return nil, errors.New("conflicting 'servertls' directives for gemini server")
+			}
+
 			if config.TLS != nil {
 				tlsConfig = config.TLS
+				keyfile = config.tlsKeyFile
+				certfile = config.tlsCertFile
 				break
 			}
 		}
diff --git a/parse.go b/parse.go
index 15c5877..886aa2d 100644
--- a/parse.go
+++ b/parse.go
@@ -241,7 +241,10 @@ func parseServerDirectives(server *Server, buf *bufio.Reader) error {
 		case "host":
 			server.Hostnames = append(server.Hostnames, parseHost(rest)...)
 		case "servertls":
-			server.TLS, err = parseServerTLS(rest)
+			if server.TLS != nil {
+				return fmt.Errorf("duplicate servertls directives in %s server", server.Type)
+			}
+			server.tlsCertFile, server.tlsKeyFile, server.TLS, err = parseServerTLS(rest)
 			if err != nil {
 				return err
 			}
@@ -302,20 +305,21 @@ func validateRoute(serverType string, dir *RouteDirective) error {
 	return nil
 }
 
-func parseServerTLS(text string) (*tls.Config, error) {
+func parseServerTLS(text string) (string, string, *tls.Config, error) {
 	spl := strings.Split(text, " ")
 	if len(spl) != 4 {
-		return nil, errors.New("invalid 'servertls' directive")
+		return "", "", nil, errors.New("invalid 'servertls' directive")
 	}
 
 	if spl[0] == "cert" {
 		spl[0], spl[1], spl[2], spl[3] = spl[2], spl[3], spl[0], spl[1]
 	}
 	if spl[0] != "key" || spl[2] != "cert" {
-		return nil, errors.New("invalid 'servertls' directive")
+		return "", "", nil, errors.New("invalid 'servertls' directive")
 	}
 
-	return gemini.FileTLS(spl[3], spl[1])
+	conf, err := gemini.FileTLS(spl[3], spl[1])
+	return spl[3], spl[1], conf, err
 }
 
 func parseHost(text string) []string {
diff --git a/types.go b/types.go
index 9523d9c..392b955 100644
--- a/types.go
+++ b/types.go
@@ -50,6 +50,9 @@ type Server struct {
 	TLS       *tls.Config
 	Hostnames []string
 	Routes    []RouteDirective
+
+	tlsKeyFile  string
+	tlsCertFile string
 }
 
 type Auth struct {
-- 
cgit v1.2.3