From c19b356e549762bcc289df8c71ee69c02bba2571 Mon Sep 17 00:00:00 2001
From: Juliusz Chroboczek <jch@irif.fr>
Date: Wed, 24 Feb 2021 22:23:38 +0100
Subject: [PATCH] Fail the connection if only one of cert.pem and key.pem
 exists.

---
 webserver/certificate.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/webserver/certificate.go b/webserver/certificate.go
index 9fc9da8..a35c28e 100644
--- a/webserver/certificate.go
+++ b/webserver/certificate.go
@@ -5,6 +5,7 @@ import (
 	"crypto/rsa"
 	"crypto/tls"
 	"crypto/x509"
+	"errors"
 	"log"
 	"math/big"
 	"os"
@@ -73,7 +74,11 @@ func getCertificate(dataDir string) (*tls.Certificate, error) {
 
 	if !ok || !info.certTime.Equal(certTime) || !info.keyTime.Equal(keyTime) {
 		var cert tls.Certificate
-		if certTime.Equal(time.Time{}) || keyTime.Equal(time.Time{}) {
+		nocert := certTime.Equal(time.Time{})
+		nokey := keyTime.Equal(time.Time{})
+		if nocert != nokey {
+			return nil, errors.New("only one of cert.pem and key.pem exists")
+		} else if nokey {
 			log.Printf("Generating self-signed certificate")
 			var err error
 			cert, err = generateCertificate(dataDir)