From f7b0c4b3d80d07cbb2234683525afe895f1cc05a Mon Sep 17 00:00:00 2001 From: Simon Arlott Date: Mon, 25 Apr 2016 19:20:45 +0100 Subject: [PATCH] sslproc: use global ServerInfo configuration There's no need to pass information around that sslproc already has access to, so use ServerInfo directly. Remove the extra NULL checks as these are already performed before setting ircd_ssl_ok = true. --- include/sslproc.h | 4 ++-- ircd/s_conf.c | 4 ++-- ircd/sslproc.c | 46 ++++++++++++++++++++-------------------------- 3 files changed, 24 insertions(+), 30 deletions(-) diff --git a/include/sslproc.h b/include/sslproc.h index d3832f2b..61c6695a 100644 --- a/include/sslproc.h +++ b/include/sslproc.h @@ -33,11 +33,11 @@ enum ssld_status { void init_ssld(void); void restart_ssld(void); -int start_ssldaemon(int count, const char *ssl_cert, const char *ssl_private_key, const char *ssl_dh_params, const char *ssl_cipher_list); +int start_ssldaemon(int count); ssl_ctl_t *start_ssld_accept(rb_fde_t *sslF, rb_fde_t *plainF, uint32_t id); ssl_ctl_t *start_ssld_connect(rb_fde_t *sslF, rb_fde_t *plainF, uint32_t id); void start_zlib_session(void *data); -void send_new_ssl_certs(const char *ssl_cert, const char *ssl_private_key, const char *ssl_dh_params, const char *ssl_cipher_list); +void ssld_update_config(void); void ssld_decrement_clicount(ssl_ctl_t *ctl); int get_ssld_count(void); void ssld_foreach_info(void (*func)(void *data, pid_t pid, int cli_count, enum ssld_status status, const char *version), void *data); diff --git a/ircd/s_conf.c b/ircd/s_conf.c index 976c0ce7..94bb8a4f 100644 --- a/ircd/s_conf.c +++ b/ircd/s_conf.c @@ -869,14 +869,14 @@ validate_conf(void) ircd_ssl_ok = false; } else { ircd_ssl_ok = true; - send_new_ssl_certs(ServerInfo.ssl_cert, ServerInfo.ssl_private_key, ServerInfo.ssl_dh_params, ServerInfo.ssl_cipher_list); + ssld_update_config(); } if(ServerInfo.ssld_count > get_ssld_count()) { int start = ServerInfo.ssld_count - get_ssld_count(); /* start up additional ssld if needed */ - start_ssldaemon(start, ServerInfo.ssl_cert, ServerInfo.ssl_private_key, ServerInfo.ssl_dh_params, ServerInfo.ssl_cipher_list); + start_ssldaemon(start); } if(ServerInfo.wsockd_count > get_wsockd_count()) diff --git a/ircd/sslproc.c b/ircd/sslproc.c index fe46cf8f..2f92c2b1 100644 --- a/ircd/sslproc.c +++ b/ircd/sslproc.c @@ -69,9 +69,7 @@ struct _ssl_ctl char version[256]; }; -static void send_new_ssl_certs_one(ssl_ctl_t * ctl, const char *ssl_cert, - const char *ssl_private_key, const char *ssl_dh_params, - const char *ssl_cipher_list); +static void send_new_ssl_certs_one(ssl_ctl_t * ctl); static void send_certfp_method(ssl_ctl_t *ctl, int method); @@ -171,7 +169,7 @@ restart_ssld(void) } } - start_ssldaemon(ServerInfo.ssld_count, ServerInfo.ssl_cert, ServerInfo.ssl_private_key, ServerInfo.ssl_dh_params, ServerInfo.ssl_cipher_list); + start_ssldaemon(ServerInfo.ssld_count); } static void @@ -207,7 +205,7 @@ ssl_dead(ssl_ctl_t * ctl) ssld_count--; ilog(L_MAIN, "ssld helper died - attempting to restart"); sendto_realops_snomask(SNO_GENERAL, L_ALL, "ssld helper died - attempting to restart"); - start_ssldaemon(1, ServerInfo.ssl_cert, ServerInfo.ssl_private_key, ServerInfo.ssl_dh_params, ServerInfo.ssl_cipher_list); + start_ssldaemon(1); } } @@ -236,12 +234,12 @@ restart_ssld_event(void *unused) int start = ServerInfo.ssld_count - get_ssld_count(); ilog(L_MAIN, "Attempting to restart ssld processes"); sendto_realops_snomask(SNO_GENERAL, L_ALL, "Attempt to restart ssld processes"); - start_ssldaemon(start, ServerInfo.ssl_cert, ServerInfo.ssl_private_key, ServerInfo.ssl_dh_params, ServerInfo.ssl_cipher_list); + start_ssldaemon(start); } } int -start_ssldaemon(int count, const char *ssl_cert, const char *ssl_private_key, const char *ssl_dh_params, const char *ssl_cipher_list) +start_ssldaemon(int count) { rb_fde_t *F1, *F2; rb_fde_t *P1, *P2; @@ -341,10 +339,8 @@ start_ssldaemon(int count, const char *ssl_cert, const char *ssl_private_key, co if(ircd_ssl_ok) { send_certfp_method(ctl, ConfigFileEntry.certfp_method); + send_new_ssl_certs_one(ctl); - if(ssl_cert != NULL && ssl_private_key != NULL) - send_new_ssl_certs_one(ctl, ssl_cert, ssl_private_key, - ssl_dh_params, ssl_cipher_list); } ssl_read_ctl(ctl->F, ctl); ssl_do_pipe(P2, ctl); @@ -699,15 +695,15 @@ ssl_cmd_write_queue(ssl_ctl_t * ctl, rb_fde_t ** F, int count, const void *buf, static void -send_new_ssl_certs_one(ssl_ctl_t * ctl, const char *ssl_cert, const char *ssl_private_key, const char *ssl_dh_params, const char *ssl_cipher_list) +send_new_ssl_certs_one(ssl_ctl_t * ctl) { size_t len; - len = strlen(ssl_cert) + strlen(ssl_private_key) + 5; - if(ssl_dh_params) - len += strlen(ssl_dh_params); - if(ssl_cipher_list) - len += strlen(ssl_cipher_list); + len = strlen(ServerInfo.ssl_cert) + strlen(ServerInfo.ssl_private_key) + 5; + if(ServerInfo.ssl_dh_params) + len += strlen(ServerInfo.ssl_dh_params); + if(ServerInfo.ssl_cipher_list) + len += strlen(ServerInfo.ssl_cipher_list); if(len > sizeof(tmpbuf)) { sendto_realops_snomask(SNO_GENERAL, L_ALL, @@ -718,9 +714,11 @@ send_new_ssl_certs_one(ssl_ctl_t * ctl, const char *ssl_cert, const char *ssl_pr len, sizeof(tmpbuf)); return; } - len = snprintf(tmpbuf, sizeof(tmpbuf), "K%c%s%c%s%c%s%c%s%c", nul, ssl_cert, nul, - ssl_private_key, nul, ssl_dh_params != NULL ? ssl_dh_params : "", nul, - ssl_cipher_list != NULL ? ssl_cipher_list : "", nul); + len = snprintf(tmpbuf, sizeof(tmpbuf), "K%c%s%c%s%c%s%c%s%c", nul, + ServerInfo.ssl_cert, nul, + ServerInfo.ssl_private_key, nul, + ServerInfo.ssl_dh_params != NULL ? ServerInfo.ssl_dh_params : "", nul, + ServerInfo.ssl_cipher_list != NULL ? ServerInfo.ssl_cipher_list : "", nul); ssl_cmd_write_queue(ctl, NULL, 0, tmpbuf, len); } @@ -735,18 +733,14 @@ send_certfp_method(ssl_ctl_t *ctl, int method) } void -send_new_ssl_certs(const char *ssl_cert, const char *ssl_private_key, const char *ssl_dh_params, const char *ssl_cipher_list) +ssld_update_config(void) { rb_dlink_node *ptr; - if(ssl_cert == NULL || ssl_private_key == NULL || ssl_dh_params == NULL) - { - ircd_ssl_ok = false; - return; - } + RB_DLINK_FOREACH(ptr, ssl_daemons.head) { ssl_ctl_t *ctl = ptr->data; - send_new_ssl_certs_one(ctl, ssl_cert, ssl_private_key, ssl_dh_params, ssl_cipher_list); + send_new_ssl_certs_one(ctl); } }