add an extra check for existing "api ..." line in the config. move the check of existing "account ..." line from main.c to the parser.
The first one actually triggers a null deref later on if you have a broken config. ok? diff --git usr.sbin/acme-client/main.c usr.sbin/acme-client/main.c index d96bf40e036..fd0f7339891 100644 --- usr.sbin/acme-client/main.c +++ usr.sbin/acme-client/main.c @@ -156,11 +156,6 @@ main(int argc, char *argv[]) acctkey = authority->account; - if (acctkey == NULL) { - /* XXX replace with existance check in parse.y */ - err(EXIT_FAILURE, "no account key in config?"); - } - if ((chngdir = domain->challengedir) == NULL) if ((chngdir = strdup(WWW_DIR)) == NULL) err(EXIT_FAILURE, "strdup"); diff --git usr.sbin/acme-client/parse.y usr.sbin/acme-client/parse.y index dc38e120bb6..abc7da6f8fa 100644 --- usr.sbin/acme-client/parse.y +++ usr.sbin/acme-client/parse.y @@ -186,7 +186,16 @@ authority : AUTHORITY STRING { YYERROR; } } '{' optnl authorityopts_l '}' { - /* XXX enforce minimum config here */ + if (auth->api == NULL) { + yyerror("authority %s: no api URL specified", + auth->name); + YYERROR; + } + if (auth->account == NULL) { + yyerror("authority %s: no account key file " + "specified", auth->name); + YYERROR; + } auth = NULL; } ;