From 0143db71a1379b3f77c8b8cb133dfa64ae837775 Mon Sep 17 00:00:00 2001
From: "Roger A. Light" <roger@atchoo.org>
Date: Thu, 19 Aug 2021 16:13:25 +0100
Subject: [PATCH] Fix TLS certs and PSK not being able to be config'd at the
 same time.

---
 ChangeLog.txt | 2 ++
 src/net.c     | 9 ++++++---
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/ChangeLog.txt b/ChangeLog.txt
index e296aa15..c0a646d2 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -6,6 +6,8 @@ Broker:
   configuration file. Unless your configuration file is writable by untrusted
   users this is not a risk. Closes #567213.
 - Fix `max_connections` option not being correctly counted.
+- Fix TLS certificates and TLS-PSK not being able to be configured at the same
+  time.
 
 Client library:
 - If a client uses TLS-PSK then force the default cipher list to use "PSK"
diff --git a/src/net.c b/src/net.c
index 74fdebae..e4708fe0 100644
--- a/src/net.c
+++ b/src/net.c
@@ -879,8 +879,9 @@ int net__socket_listen(struct mosquitto__listener *listener)
 			if(net__tls_load_verify(listener)){
 				return 1;
 			}
+		}
 #  ifdef FINAL_WITH_TLS_PSK
-		}else if(listener->psk_hint){
+		if(listener->psk_hint){
 			if(tls_ex_index_context == -1){
 				tls_ex_index_context = SSL_get_ex_new_index(0, "client context", NULL, NULL, NULL);
 			}
@@ -888,8 +889,10 @@ int net__socket_listen(struct mosquitto__listener *listener)
 				tls_ex_index_listener = SSL_get_ex_new_index(0, "listener", NULL, NULL, NULL);
 			}
 
-			if(net__tls_server_ctx(listener)){
-				return 1;
+			if(listener->certfile == NULL || listener->keyfile == NULL){
+				if(net__tls_server_ctx(listener)){
+					return 1;
+				}
 			}
 			SSL_CTX_set_psk_server_callback(listener->ssl_ctx, psk_server_callback);
 			if(listener->psk_hint){