[sslproc] Various fixes

* Properly allow no DH parameters (some backends come with defaults)
* If no private key is given, assume it's in the certificate file
* Use correct length calculation in buffer for TLS options
* Fix compiler warnings regarding uint64_t stats counters
This commit is contained in:
Aaron Jones 2016-05-03 23:19:06 +00:00
parent 1ea72c8f86
commit b8cf4b3bf2
No known key found for this signature in database
GPG key ID: 6E854C0FAAD4CEA4
2 changed files with 23 additions and 22 deletions

View file

@ -24,7 +24,6 @@
#include <ratbox_lib.h> #include <ratbox_lib.h>
#include "stdinc.h" #include "stdinc.h"
#include "s_conf.h" #include "s_conf.h"
#include "logger.h" #include "logger.h"
#include "listener.h" #include "listener.h"
@ -37,6 +36,8 @@
#include "packet.h" #include "packet.h"
#define ZIPSTATS_TIME 60 #define ZIPSTATS_TIME 60
#define MAXPASSFD 4
#define READSIZE 1024
static void collect_zipstats(void *unused); static void collect_zipstats(void *unused);
static void ssl_read_ctl(rb_fde_t * F, void *data); static void ssl_read_ctl(rb_fde_t * F, void *data);
@ -45,8 +46,6 @@ static int ssld_count;
static char tmpbuf[READBUF_SIZE]; static char tmpbuf[READBUF_SIZE];
static char nul = '\0'; static char nul = '\0';
#define MAXPASSFD 4
#define READSIZE 1024
typedef struct _ssl_ctl_buf typedef struct _ssl_ctl_buf
{ {
rb_dlink_node node; rb_dlink_node node;
@ -56,7 +55,6 @@ typedef struct _ssl_ctl_buf
int nfds; int nfds;
} ssl_ctl_buf_t; } ssl_ctl_buf_t;
struct _ssl_ctl struct _ssl_ctl
{ {
rb_dlink_node node; rb_dlink_node node;
@ -75,7 +73,6 @@ static void send_new_ssl_certs_one(ssl_ctl_t * ctl, const char *ssl_cert,
static void send_init_prng(ssl_ctl_t * ctl, prng_seed_t seedtype, const char *path); static void send_init_prng(ssl_ctl_t * ctl, prng_seed_t seedtype, const char *path);
static void send_certfp_method(ssl_ctl_t *ctl, int method); static void send_certfp_method(ssl_ctl_t *ctl, int method);
static rb_dlink_list ssl_daemons; static rb_dlink_list ssl_daemons;
static inline uint32_t static inline uint32_t
@ -149,7 +146,6 @@ static int ssld_spin_count = 0;
static time_t last_spin; static time_t last_spin;
static int ssld_wait = 0; static int ssld_wait = 0;
static void static void
ssl_killall(void) ssl_killall(void)
{ {
@ -312,10 +308,8 @@ start_ssldaemon(int count, const char *ssl_cert, const char *ssl_private_key, co
send_init_prng(ctl, RB_PRNG_DEFAULT, NULL); send_init_prng(ctl, RB_PRNG_DEFAULT, NULL);
send_certfp_method(ctl, ConfigFileEntry.certfp_method); send_certfp_method(ctl, ConfigFileEntry.certfp_method);
if(ssl_cert != NULL && ssl_private_key != NULL) if(ssl_cert != NULL)
send_new_ssl_certs_one(ctl, ssl_cert, ssl_private_key, send_new_ssl_certs_one(ctl, ssl_cert, ssl_private_key, ssl_dh_params, ssl_cipher_list);
ssl_dh_params != NULL ? ssl_dh_params : "",
ssl_cipher_list != NULL ? ssl_cipher_list : "");
} }
ssl_read_ctl(ctl->F, ctl); ssl_read_ctl(ctl->F, ctl);
ssl_do_pipe(P2, ctl); ssl_do_pipe(P2, ctl);
@ -386,7 +380,6 @@ ssl_process_dead_fd(ssl_ctl_t * ctl, ssl_ctl_buf_t * ctl_buf)
exit_client(client_p, client_p, &me, reason); exit_client(client_p, client_p, &me, reason);
} }
static void static void
ssl_process_cipher_string(ssl_ctl_t *ctl, ssl_ctl_buf_t *ctl_buf) ssl_process_cipher_string(ssl_ctl_t *ctl, ssl_ctl_buf_t *ctl_buf)
{ {
@ -411,7 +404,6 @@ ssl_process_cipher_string(ssl_ctl_t *ctl, ssl_ctl_buf_t *ctl_buf)
} }
} }
static void static void
ssl_process_certfp(ssl_ctl_t * ctl, ssl_ctl_buf_t * ctl_buf) ssl_process_certfp(ssl_ctl_t * ctl, ssl_ctl_buf_t * ctl_buf)
{ {
@ -495,7 +487,6 @@ ssl_process_cmd_recv(ssl_ctl_t * ctl)
} }
static void static void
ssl_read_ctl(rb_fde_t * F, void *data) ssl_read_ctl(rb_fde_t * F, void *data)
{ {
@ -613,13 +604,22 @@ ssl_cmd_write_queue(ssl_ctl_t * ctl, rb_fde_t ** F, int count, const void *buf,
ssl_write_ctl(ctl->F, ctl); ssl_write_ctl(ctl->F, ctl);
} }
static void static void
send_new_ssl_certs_one(ssl_ctl_t * ctl, const char *ssl_cert, const char *ssl_private_key, const char *ssl_dh_params, const char *ssl_cipher_list) send_new_ssl_certs_one(ssl_ctl_t * ctl, const char *ssl_cert, const char *ssl_private_key,
const char *ssl_dh_params, const char *ssl_cipher_list)
{ {
size_t len; size_t len;
len = strlen(ssl_cert) + strlen(ssl_private_key) + strlen(ssl_dh_params) + 5; if (ssl_private_key == NULL)
ssl_private_key = ssl_cert;
if (ssl_dh_params == NULL)
ssl_dh_params = "";
if (ssl_cipher_list == NULL)
ssl_cipher_list = "";
len = strlen(ssl_cert) + strlen(ssl_private_key) + strlen(ssl_dh_params) + strlen(ssl_cipher_list) + 6;
if(len > sizeof(tmpbuf)) if(len > sizeof(tmpbuf))
{ {
sendto_realops_snomask(SNO_GENERAL, L_ALL, sendto_realops_snomask(SNO_GENERAL, L_ALL,
@ -630,9 +630,8 @@ send_new_ssl_certs_one(ssl_ctl_t * ctl, const char *ssl_cert, const char *ssl_pr
len, sizeof(tmpbuf)); len, sizeof(tmpbuf));
return; return;
} }
len = rb_snprintf(tmpbuf, sizeof(tmpbuf), "K%c%s%c%s%c%s%c%s%c", nul, ssl_cert, nul, len = rb_snprintf(tmpbuf, sizeof(tmpbuf), "K%c%s%c%s%c%s%c%s%c", nul, ssl_cert,
ssl_private_key, nul, ssl_dh_params, nul, nul, ssl_private_key, nul, ssl_dh_params, nul, ssl_cipher_list, nul);
ssl_cipher_list != NULL ? ssl_cipher_list : "", nul);
ssl_cmd_write_queue(ctl, NULL, 0, tmpbuf, len); ssl_cmd_write_queue(ctl, NULL, 0, tmpbuf, len);
} }
@ -678,7 +677,7 @@ void
send_new_ssl_certs(const char *ssl_cert, const char *ssl_private_key, const char *ssl_dh_params, const char *ssl_cipher_list) send_new_ssl_certs(const char *ssl_cert, const char *ssl_private_key, const char *ssl_dh_params, const char *ssl_cipher_list)
{ {
rb_dlink_node *ptr; rb_dlink_node *ptr;
if(ssl_cert == NULL || ssl_private_key == NULL || ssl_dh_params == NULL) if(ssl_cert == NULL)
{ {
ssl_ok = 0; ssl_ok = 0;
return; return;
@ -690,7 +689,6 @@ send_new_ssl_certs(const char *ssl_cert, const char *ssl_private_key, const char
} }
} }
ssl_ctl_t * ssl_ctl_t *
start_ssld_accept(rb_fde_t * sslF, rb_fde_t * plainF, uint32_t id) start_ssld_accept(rb_fde_t * sslF, rb_fde_t * plainF, uint32_t id)
{ {

View file

@ -815,7 +815,8 @@ process_stats(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
return; return;
rb_snprintf(outstat, sizeof(outstat), "S %s %llu %llu %llu %llu", odata, rb_snprintf(outstat, sizeof(outstat), "S %s %llu %llu %llu %llu", odata,
conn->plain_out, conn->mod_in, conn->plain_in, conn->mod_out); (unsigned long long) conn->plain_out, (unsigned long long) conn->mod_in,
(unsigned long long) conn->plain_in, (unsigned long long) conn->mod_out);
conn->plain_out = 0; conn->plain_out = 0;
conn->plain_in = 0; conn->plain_in = 0;
conn->mod_in = 0; conn->mod_in = 0;
@ -933,6 +934,8 @@ ssl_new_keys(mod_ctl_t * ctl, mod_ctl_buf_t * ctl_buf)
dhparam = buf; dhparam = buf;
buf += strlen(dhparam) + 1; buf += strlen(dhparam) + 1;
cipher_list = buf; cipher_list = buf;
if(strlen(key) == 0)
key = cert;
if(strlen(dhparam) == 0) if(strlen(dhparam) == 0)
dhparam = NULL; dhparam = NULL;
if(strlen(cipher_list) == 0) if(strlen(cipher_list) == 0)