From 53a366ed463cf8cea1dec0e9619376cdb778ac52 Mon Sep 17 00:00:00 2001
From: Eugene Burkov <e.burkov@adguard.com>
Date: Fri, 25 Nov 2022 15:41:54 +0300
Subject: [PATCH] Pull request: 5189-run-bad-cert

Merge in DNS/adguard-home from 5189-run-bad-cert to master

Closes #5189.

Squashed commit of the following:

commit 9e6ac6218163c7408200ce5fd591e8e6f5181f00
Author: Eugene Burkov <E.Burkov@AdGuard.COM>
Date:   Thu Nov 24 19:17:43 2022 +0300

    all: imp chlog again

commit 5870aee8efc3213feffbe1e61b2f5b411a69ece7
Author: Eugene Burkov <E.Burkov@AdGuard.COM>
Date:   Thu Nov 24 18:57:54 2022 +0300

    all: imp chlog

commit ec0d4b6ead14a6a6698d4a27819e679b2d4c7a0b
Author: Eugene Burkov <E.Burkov@AdGuard.COM>
Date:   Thu Nov 24 18:43:04 2022 +0300

    home: rm fatal on tls init errors
---
 CHANGELOG.md          | 3 +++
 internal/home/home.go | 3 ++-
 internal/home/tls.go  | 8 ++++++--
 3 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 78683cf8..3ba8ec28 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -27,6 +27,9 @@ See also the [v0.107.20 GitHub milestone][ms-v0.107.20].
 
 ### Fixed
 
+- The TLS initialization errors preventing AdGuard Home from starting ([#5189]).
+  Instead, AdGuard Home disables encryption and shows an error message on the
+  encryption settings page in the UI, which was the intended previous behavior.
 - URLs of some vetter blocklists.
 
 
diff --git a/internal/home/home.go b/internal/home/home.go
index 6ff698d3..3085d66c 100644
--- a/internal/home/home.go
+++ b/internal/home/home.go
@@ -514,7 +514,8 @@ func run(opts options, clientBuildFS fs.FS) {
 
 	Context.tls, err = newTLSManager(config.TLS)
 	if err != nil {
-		log.Fatalf("initializing tls: %s", err)
+		log.Error("initializing tls: %s", err)
+		onConfigModified()
 	}
 
 	Context.web, err = initWeb(opts, clientBuildFS)
diff --git a/internal/home/tls.go b/internal/home/tls.go
index c9086629..4be63d9d 100644
--- a/internal/home/tls.go
+++ b/internal/home/tls.go
@@ -40,7 +40,9 @@ type tlsManager struct {
 	conf     tlsConfigSettings
 }
 
-// newTLSManager initializes the TLS configuration.
+// newTLSManager initializes the manager of TLS configuration.  m is always
+// non-nil while any returned error indicates that the TLS configuration isn't
+// valid.  Thus TLS may be initialized later, e.g. via the web UI.
 func newTLSManager(conf tlsConfigSettings) (m *tlsManager, err error) {
 	m = &tlsManager{
 		status: &tlsConfigStatus{},
@@ -50,7 +52,9 @@ func newTLSManager(conf tlsConfigSettings) (m *tlsManager, err error) {
 	if m.conf.Enabled {
 		err = m.load()
 		if err != nil {
-			return nil, err
+			m.conf.Enabled = false
+
+			return m, err
 		}
 
 		m.setCertFileTime()