[sslproc] Various fixes
* Properly allow no DH parameters (some backends come with defaults) * If no private key is given, assume it's in the certificate file * Use correct length calculation in buffer for TLS options * Fix compiler warnings regarding uint64_t stats counters
This commit is contained in:
parent
1ea72c8f86
commit
b8cf4b3bf2
2 changed files with 23 additions and 22 deletions
|
@ -24,7 +24,6 @@
|
|||
#include <ratbox_lib.h>
|
||||
#include "stdinc.h"
|
||||
|
||||
|
||||
#include "s_conf.h"
|
||||
#include "logger.h"
|
||||
#include "listener.h"
|
||||
|
@ -37,6 +36,8 @@
|
|||
#include "packet.h"
|
||||
|
||||
#define ZIPSTATS_TIME 60
|
||||
#define MAXPASSFD 4
|
||||
#define READSIZE 1024
|
||||
|
||||
static void collect_zipstats(void *unused);
|
||||
static void ssl_read_ctl(rb_fde_t * F, void *data);
|
||||
|
@ -45,8 +46,6 @@ static int ssld_count;
|
|||
static char tmpbuf[READBUF_SIZE];
|
||||
static char nul = '\0';
|
||||
|
||||
#define MAXPASSFD 4
|
||||
#define READSIZE 1024
|
||||
typedef struct _ssl_ctl_buf
|
||||
{
|
||||
rb_dlink_node node;
|
||||
|
@ -56,7 +55,6 @@ typedef struct _ssl_ctl_buf
|
|||
int nfds;
|
||||
} ssl_ctl_buf_t;
|
||||
|
||||
|
||||
struct _ssl_ctl
|
||||
{
|
||||
rb_dlink_node node;
|
||||
|
@ -75,7 +73,6 @@ static void send_new_ssl_certs_one(ssl_ctl_t * ctl, const char *ssl_cert,
|
|||
static void send_init_prng(ssl_ctl_t * ctl, prng_seed_t seedtype, const char *path);
|
||||
static void send_certfp_method(ssl_ctl_t *ctl, int method);
|
||||
|
||||
|
||||
static rb_dlink_list ssl_daemons;
|
||||
|
||||
static inline uint32_t
|
||||
|
@ -149,7 +146,6 @@ static int ssld_spin_count = 0;
|
|||
static time_t last_spin;
|
||||
static int ssld_wait = 0;
|
||||
|
||||
|
||||
static void
|
||||
ssl_killall(void)
|
||||
{
|
||||
|
@ -312,10 +308,8 @@ start_ssldaemon(int count, const char *ssl_cert, const char *ssl_private_key, co
|
|||
send_init_prng(ctl, RB_PRNG_DEFAULT, NULL);
|
||||
send_certfp_method(ctl, ConfigFileEntry.certfp_method);
|
||||
|
||||
if(ssl_cert != NULL && ssl_private_key != NULL)
|
||||
send_new_ssl_certs_one(ctl, ssl_cert, ssl_private_key,
|
||||
ssl_dh_params != NULL ? ssl_dh_params : "",
|
||||
ssl_cipher_list != NULL ? ssl_cipher_list : "");
|
||||
if(ssl_cert != NULL)
|
||||
send_new_ssl_certs_one(ctl, ssl_cert, ssl_private_key, ssl_dh_params, ssl_cipher_list);
|
||||
}
|
||||
ssl_read_ctl(ctl->F, ctl);
|
||||
ssl_do_pipe(P2, ctl);
|
||||
|
@ -386,7 +380,6 @@ ssl_process_dead_fd(ssl_ctl_t * ctl, ssl_ctl_buf_t * ctl_buf)
|
|||
exit_client(client_p, client_p, &me, reason);
|
||||
}
|
||||
|
||||
|
||||
static void
|
||||
ssl_process_cipher_string(ssl_ctl_t *ctl, ssl_ctl_buf_t *ctl_buf)
|
||||
{
|
||||
|
@ -411,7 +404,6 @@ ssl_process_cipher_string(ssl_ctl_t *ctl, ssl_ctl_buf_t *ctl_buf)
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
static void
|
||||
ssl_process_certfp(ssl_ctl_t * ctl, ssl_ctl_buf_t * ctl_buf)
|
||||
{
|
||||
|
@ -495,7 +487,6 @@ ssl_process_cmd_recv(ssl_ctl_t * ctl)
|
|||
|
||||
}
|
||||
|
||||
|
||||
static void
|
||||
ssl_read_ctl(rb_fde_t * F, void *data)
|
||||
{
|
||||
|
@ -613,13 +604,22 @@ ssl_cmd_write_queue(ssl_ctl_t * ctl, rb_fde_t ** F, int count, const void *buf,
|
|||
ssl_write_ctl(ctl->F, ctl);
|
||||
}
|
||||
|
||||
|
||||
static void
|
||||
send_new_ssl_certs_one(ssl_ctl_t * ctl, const char *ssl_cert, const char *ssl_private_key, const char *ssl_dh_params, const char *ssl_cipher_list)
|
||||
send_new_ssl_certs_one(ssl_ctl_t * ctl, const char *ssl_cert, const char *ssl_private_key,
|
||||
const char *ssl_dh_params, const char *ssl_cipher_list)
|
||||
{
|
||||
size_t len;
|
||||
|
||||
len = strlen(ssl_cert) + strlen(ssl_private_key) + strlen(ssl_dh_params) + 5;
|
||||
if (ssl_private_key == NULL)
|
||||
ssl_private_key = ssl_cert;
|
||||
|
||||
if (ssl_dh_params == NULL)
|
||||
ssl_dh_params = "";
|
||||
|
||||
if (ssl_cipher_list == NULL)
|
||||
ssl_cipher_list = "";
|
||||
|
||||
len = strlen(ssl_cert) + strlen(ssl_private_key) + strlen(ssl_dh_params) + strlen(ssl_cipher_list) + 6;
|
||||
if(len > sizeof(tmpbuf))
|
||||
{
|
||||
sendto_realops_snomask(SNO_GENERAL, L_ALL,
|
||||
|
@ -630,9 +630,8 @@ send_new_ssl_certs_one(ssl_ctl_t * ctl, const char *ssl_cert, const char *ssl_pr
|
|||
len, sizeof(tmpbuf));
|
||||
return;
|
||||
}
|
||||
len = rb_snprintf(tmpbuf, sizeof(tmpbuf), "K%c%s%c%s%c%s%c%s%c", nul, ssl_cert, nul,
|
||||
ssl_private_key, nul, ssl_dh_params, nul,
|
||||
ssl_cipher_list != NULL ? ssl_cipher_list : "", nul);
|
||||
len = rb_snprintf(tmpbuf, sizeof(tmpbuf), "K%c%s%c%s%c%s%c%s%c", nul, ssl_cert,
|
||||
nul, ssl_private_key, nul, ssl_dh_params, nul, ssl_cipher_list, nul);
|
||||
ssl_cmd_write_queue(ctl, NULL, 0, tmpbuf, len);
|
||||
}
|
||||
|
||||
|
@ -678,7 +677,7 @@ void
|
|||
send_new_ssl_certs(const char *ssl_cert, const char *ssl_private_key, const char *ssl_dh_params, const char *ssl_cipher_list)
|
||||
{
|
||||
rb_dlink_node *ptr;
|
||||
if(ssl_cert == NULL || ssl_private_key == NULL || ssl_dh_params == NULL)
|
||||
if(ssl_cert == NULL)
|
||||
{
|
||||
ssl_ok = 0;
|
||||
return;
|
||||
|
@ -690,7 +689,6 @@ send_new_ssl_certs(const char *ssl_cert, const char *ssl_private_key, const char
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
ssl_ctl_t *
|
||||
start_ssld_accept(rb_fde_t * sslF, rb_fde_t * plainF, uint32_t id)
|
||||
{
|
||||
|
|
|
@ -815,7 +815,8 @@ process_stats(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
|
|||
return;
|
||||
|
||||
rb_snprintf(outstat, sizeof(outstat), "S %s %llu %llu %llu %llu", odata,
|
||||
conn->plain_out, conn->mod_in, conn->plain_in, conn->mod_out);
|
||||
(unsigned long long) conn->plain_out, (unsigned long long) conn->mod_in,
|
||||
(unsigned long long) conn->plain_in, (unsigned long long) conn->mod_out);
|
||||
conn->plain_out = 0;
|
||||
conn->plain_in = 0;
|
||||
conn->mod_in = 0;
|
||||
|
@ -933,6 +934,8 @@ ssl_new_keys(mod_ctl_t * ctl, mod_ctl_buf_t * ctl_buf)
|
|||
dhparam = buf;
|
||||
buf += strlen(dhparam) + 1;
|
||||
cipher_list = buf;
|
||||
if(strlen(key) == 0)
|
||||
key = cert;
|
||||
if(strlen(dhparam) == 0)
|
||||
dhparam = NULL;
|
||||
if(strlen(cipher_list) == 0)
|
||||
|
|
Loading…
Reference in a new issue