From 22b9f5441f0bb294e16aa27169d02eb69e32d556 Mon Sep 17 00:00:00 2001
From: Florian Forster <octo@collectd.org>
Date: Fri, 2 Sep 2016 09:00:58 +0200
Subject: [PATCH] network plugin: Initialize libgcrypt only when needed.

Previously, libgcrypt was initialized unconditionally in network_init(),
which may cause trouble on some systems. With this patch, gcrypt is
initialized if:

* A client socket as signing or encryption enabled, or
* a server socket has an auth_file configured.

Fixes: #1902
---
 src/network.c | 37 ++++++++++++-------------------------
 1 file changed, 12 insertions(+), 25 deletions(-)

diff --git a/src/network.c b/src/network.c
index c6845eb9..f1140608 100644
--- a/src/network.c
+++ b/src/network.c
@@ -2101,33 +2101,28 @@ static int sockent_init_crypto (sockent_t *se) /* {{{ */
 	}
 	else /* (se->type == SOCKENT_TYPE_SERVER) */
 	{
-		if (se->data.server.security_level > SECURITY_LEVEL_NONE)
+		if ((se->data.server.security_level > SECURITY_LEVEL_NONE)
+				&& (se->data.server.auth_file == NULL))
+		{
+			ERROR ("network plugin: Server socket with security requested, "
+					"but no \"AuthFile\" is configured.");
+			return (-1);
+		}
+		if (se->data.server.auth_file != NULL)
 		{
 			if (network_init_gcrypt () < 0)
 			{
-				ERROR ("network plugin: Cannot configure server socket with "
-						"security: Failed to initialize crypto library.");
+				ERROR ("network plugin: Cannot configure server socket with security: "
+						"Failed to initialize crypto library.");
 				return (-1);
 			}
 
-			if (se->data.server.auth_file == NULL)
-			{
-				ERROR ("network plugin: Server socket with "
-						"security requested, but no "
-						"password file is configured.");
-				return (-1);
-			}
-		}
-		if (se->data.server.auth_file != NULL)
-		{
 			se->data.server.userdb = fbh_create (se->data.server.auth_file);
 			if (se->data.server.userdb == NULL)
 			{
-				ERROR ("network plugin: Reading password file "
-						"`%s' failed.",
+				ERROR ("network plugin: Reading password file \"%s\" failed.",
 						se->data.server.auth_file);
-				if (se->data.server.security_level > SECURITY_LEVEL_NONE)
-					return (-1);
+				return (-1);
 			}
 		}
 	}
@@ -3563,14 +3558,6 @@ static int network_init (void)
 		return (0);
 	have_init = 1;
 
-#if HAVE_LIBGCRYPT
-	if (network_init_gcrypt () < 0)
-	{
-		ERROR ("network plugin: Failed to initialize crypto library.");
-		return (-1);
-	}
-#endif
-
 	if (network_config_stats != 0)
 		plugin_register_read ("network", network_stats_read);
 
-- 
2.11.0