smtpsrv: Fail to listen if there are no certificates configured

The server is written assuming there's at least one valid SSL/TLS
certificate. For example, it unconditionally advertises STARTTLS, and
only supports AUTH over TLS.

This patch makes the server fail to listen if there are no certificates
configured, so the users don't accidentally run an unsupported
configuration.

internal/smtpsrv/server.go

@@ -155,6 +155,15 @@ func (s *Server) periodicallyReload() {
 }
 
 func (s *Server) ListenAndServe() {
+	if len(s.tlsConfig.Certificates) == 0 {
+		// chasquid assumes there's at least one valid certificate (for things
+		// like STARTTLS, user authentication, etc.), so we fail if none was
+		// found.
+		log.Errorf("No SSL/TLS certificates found")
+		log.Errorf("Ideally there should be a certificate for each MX you act as")
+		log.Fatalf("At least one valid certificate is needed")
+	}
+
 	// At this point the TLS config should be done, build the
 	// name->certificate map (used by the TLS library for SNI).
 	s.tlsConfig.BuildNameToCertificate()

test/t-01-simple_local/run.sh

@@ -5,6 +5,12 @@ set -e
 
 init
 
+# This should fail, as it has no certificates.
+rm config/certs/testserver/*.pem
+if chasquid -v=2 --logfile=.logs/chasquid.log --config_dir=config; then
+	fail "chasquid should not start without certificates"
+fi
+
 generate_certs_for testserver
 add_user user@testserver secretpassword
 add_user someone@testserver secretpassword