"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/cfg_parser.y" between
hitch-1.5.2.tar.gz and hitch-1.6.0.tar.gz

About: Hitch is a libev-based high performance SSL/TLS proxy that terminates TLS/SSL connections and forwards the unencrypted traffic to some backend.

cfg_parser.y  (hitch-1.5.2):cfg_parser.y  (hitch-1.6.0)
skipping to change at line 57 skipping to change at line 57
%token TOK_FRONTEND TOK_WORKERS TOK_BACKLOG TOK_KEEPALIVE TOK_CHROOT %token TOK_FRONTEND TOK_WORKERS TOK_BACKLOG TOK_KEEPALIVE TOK_CHROOT
%token TOK_USER TOK_GROUP TOK_QUIET TOK_SYSLOG TOK_SYSLOG_FACILITY %token TOK_USER TOK_GROUP TOK_QUIET TOK_SYSLOG TOK_SYSLOG_FACILITY
%token TOK_PARAM_SYSLOG_FACILITY TOK_DAEMON TOK_WRITE_IP TOK_WRITE_PROXY %token TOK_PARAM_SYSLOG_FACILITY TOK_DAEMON TOK_WRITE_IP TOK_WRITE_PROXY
%token TOK_WRITE_PROXY_V1 TOK_WRITE_PROXY_V2 TOK_PEM_FILE TOK_PROXY_PROXY %token TOK_WRITE_PROXY_V1 TOK_WRITE_PROXY_V2 TOK_PEM_FILE TOK_PROXY_PROXY
%token TOK_BACKEND_CONNECT_TIMEOUT TOK_SSL_HANDSHAKE_TIMEOUT TOK_RECV_BUFSIZE %token TOK_BACKEND_CONNECT_TIMEOUT TOK_SSL_HANDSHAKE_TIMEOUT TOK_RECV_BUFSIZE
%token TOK_SEND_BUFSIZE TOK_LOG_FILENAME TOK_RING_SLOTS TOK_RING_DATA_LEN %token TOK_SEND_BUFSIZE TOK_LOG_FILENAME TOK_RING_SLOTS TOK_RING_DATA_LEN
%token TOK_PIDFILE TOK_SNI_NOMATCH_ABORT TOK_SSL TOK_TLS TOK_HOST TOK_PORT %token TOK_PIDFILE TOK_SNI_NOMATCH_ABORT TOK_SSL TOK_TLS TOK_HOST TOK_PORT
%token TOK_MATCH_GLOBAL TOK_PB_CERT TOK_PB_OCSP_FILE TOK_OCSP_VERIFY %token TOK_MATCH_GLOBAL TOK_PB_CERT TOK_PB_OCSP_FILE TOK_OCSP_VERIFY
%token TOK_OCSP_DIR TOK_OCSP_RESP_TMO TOK_OCSP_CONN_TMO TOK_ALPN_PROTOS %token TOK_OCSP_DIR TOK_OCSP_RESP_TMO TOK_OCSP_CONN_TMO TOK_ALPN_PROTOS
%token TOK_TLS_PROTOS TOK_SSLv3 TOK_TLSv1_0 TOK_TLSv1_1 TOK_TLSv1_2 %token TOK_TLS_PROTOS TOK_SSLv3 TOK_TLSv1_0 TOK_TLSv1_1 TOK_TLSv1_2
%token TOK_TLSv1_3 %token TOK_TLSv1_3 TOK_CIPHERSUITES TOK_ECDH_CURVE
%token TOK_SESSION_CACHE TOK_SHARED_CACHE_LISTEN TOK_SHARED_CACHE_PEER %token TOK_SESSION_CACHE TOK_SHARED_CACHE_LISTEN TOK_SHARED_CACHE_PEER
%token TOK_SHARED_CACHE_IF TOK_PRIVATE_KEY TOK_BACKEND_REFRESH %token TOK_SHARED_CACHE_IF TOK_PRIVATE_KEY TOK_BACKEND_REFRESH
%token TOK_OCSP_REFRESH_INTERVAL TOK_PEM_DIR TOK_PEM_DIR_GLOB %token TOK_OCSP_REFRESH_INTERVAL TOK_PEM_DIR TOK_PEM_DIR_GLOB
%token TOK_LOG_LEVEL TOK_PROXY_TLV TOK_PROXY_AUTHORITY TOK_TFO %token TOK_LOG_LEVEL TOK_PROXY_TLV TOK_PROXY_AUTHORITY TOK_TFO
%token TOK_CLIENT_VERIFY TOK_VERIFY_NONE TOK_VERIFY_OPT TOK_VERIFY_REQ
%token TOK_CLIENT_VERIFY_CA
%parse-param { hitch_config *cfg } %parse-param { hitch_config *cfg }
%% %%
CFG CFG
: CFG_RECORDS : CFG_RECORDS
; ;
CFG_RECORDS CFG_RECORDS
: CFG_RECORD : CFG_RECORD
| CFG_RECORDS CFG_RECORD | CFG_RECORDS CFG_RECORD
; ;
CFG_RECORD CFG_RECORD
: FRONTEND_REC : FRONTEND_REC
| BACKEND_REC | BACKEND_REC
| PEM_FILE_REC | PEM_FILE_REC
| CIPHERS_REC | CIPHERS_REC
| CIPHERSUITES_REC
| TLS_REC | TLS_REC
| SSL_REC | SSL_REC
| TLS_PROTOS_REC | TLS_PROTOS_REC
| PREFER_SERVER_CIPHERS_REC | PREFER_SERVER_CIPHERS_REC
| SSL_ENGINE_REC | SSL_ENGINE_REC
| WORKERS_REC | WORKERS_REC
| BACKLOG_REC | BACKLOG_REC
| KEEPALIVE_REC | KEEPALIVE_REC
| CHROOT_REC | CHROOT_REC
| USER_REC | USER_REC
skipping to change at line 120 skipping to change at line 123
| SESSION_CACHE_REC | SESSION_CACHE_REC
| SHARED_CACHE_LISTEN_REC | SHARED_CACHE_LISTEN_REC
| SHARED_CACHE_PEER_REC | SHARED_CACHE_PEER_REC
| SHARED_CACHE_IF_REC | SHARED_CACHE_IF_REC
| LOG_FILENAME_REC | LOG_FILENAME_REC
| LOG_LEVEL_REC | LOG_LEVEL_REC
| SEND_BUFSIZE_REC | SEND_BUFSIZE_REC
| RECV_BUFSIZE_REC | RECV_BUFSIZE_REC
| BACKEND_REFRESH_REC | BACKEND_REFRESH_REC
| TFO | TFO
| ECDH_CURVE_REC
| CLIENT_VERIFY_REC
| CLIENT_VERIFY_CA_REC
; ;
FRONTEND_REC FRONTEND_REC
: TOK_FRONTEND '=' STRING { : TOK_FRONTEND '=' STRING {
/* XXX: passing an empty string for file */ /* XXX: passing an empty string for file */
if ($3 && config_param_validate("frontend", $3, cfg, "", if ($3 && config_param_validate("frontend", $3, cfg, "",
yyget_lineno()) != 0) yyget_lineno()) != 0)
YYABORT; YYABORT;
} }
| TOK_FRONTEND '=' '{' { | TOK_FRONTEND '=' '{' {
skipping to change at line 150 skipping to change at line 156
FRONTEND_BLK: FB_RECS; FRONTEND_BLK: FB_RECS;
FB_RECS FB_RECS
: FB_REC : FB_REC
| FB_RECS FB_REC | FB_RECS FB_REC
; ;
FB_REC FB_REC
: FB_HOST : FB_HOST
| FB_PORT | FB_PORT
| FB_CERT | FB_CERT
| FB_CLIENT_VERIFY
| FB_CLIENT_VERIFY_CA
| FB_MATCH_GLOBAL | FB_MATCH_GLOBAL
| FB_SNI_NOMATCH_ABORT | FB_SNI_NOMATCH_ABORT
| FB_TLS | FB_TLS
| FB_SSL | FB_SSL
| FB_TLS_PROTOS | FB_TLS_PROTOS
| FB_CIPHERS | FB_CIPHERS
| FB_CIPHERSUITES
| FB_PREF_SRV_CIPH | FB_PREF_SRV_CIPH
; ;
FB_HOST: TOK_HOST '=' STRING { FB_HOST: TOK_HOST '=' STRING {
if ($3) { if ($3) {
if (strcmp($3, "*") == 0) if (strcmp($3, "*") == 0)
cur_fa->ip = NULL; cur_fa->ip = NULL;
else else
cur_fa->ip = strdup($3); cur_fa->ip = strdup($3);
} }
skipping to change at line 272 skipping to change at line 281
PEM_BLK '}' { PEM_BLK '}' {
if (cfg_cert_vfy(cur_pem) != 0) if (cfg_cert_vfy(cur_pem) != 0)
cfg_cert_add(cur_pem, &cur_fa->certs); cfg_cert_add(cur_pem, &cur_fa->certs);
else { else {
cfg_cert_file_free(&cur_pem); cfg_cert_file_free(&cur_pem);
YYABORT; YYABORT;
} }
cur_pem = NULL; cur_pem = NULL;
}; };
FB_CLIENT_VERIFY: TOK_CLIENT_VERIFY '=' CLIENT_VERIFY_OPT;
FB_CLIENT_VERIFY_CA: TOK_CLIENT_VERIFY_CA '=' STRING {
cur_fa->client_verify_ca = strdup($3);
};
FB_MATCH_GLOBAL: TOK_MATCH_GLOBAL '=' BOOL { cur_fa->match_global_certs = $3; }; FB_MATCH_GLOBAL: TOK_MATCH_GLOBAL '=' BOOL { cur_fa->match_global_certs = $3; };
FB_SNI_NOMATCH_ABORT:TOK_SNI_NOMATCH_ABORT '=' BOOL { FB_SNI_NOMATCH_ABORT:TOK_SNI_NOMATCH_ABORT '=' BOOL {
cur_fa->sni_nomatch_abort = $3; cur_fa->sni_nomatch_abort = $3;
}; };
// this is not optimal, but it was not before, either. // this is not optimal, but it was not before, either.
FB_TLS: TOK_TLS '=' BOOL { FB_TLS: TOK_TLS '=' BOOL {
if (cur_fa->selected_protos != 0) { if (cur_fa->selected_protos != 0) {
fprintf(stderr, "%s (%s, line %d):" fprintf(stderr, "%s (%s, line %d):"
skipping to change at line 334 skipping to change at line 349
FB_TLS_PROTOS_LIST: FB_TLS_PROTO | FB_TLS_PROTOS_LIST FB_TLS_PROTO; FB_TLS_PROTOS_LIST: FB_TLS_PROTO | FB_TLS_PROTOS_LIST FB_TLS_PROTO;
FB_TLS_PROTO FB_TLS_PROTO
: TOK_SSLv3 { cur_fa->selected_protos |= SSLv3_PROTO; } : TOK_SSLv3 { cur_fa->selected_protos |= SSLv3_PROTO; }
| TOK_TLSv1_0 { cur_fa->selected_protos |= TLSv1_0_PROTO; } | TOK_TLSv1_0 { cur_fa->selected_protos |= TLSv1_0_PROTO; }
| TOK_TLSv1_1 { cur_fa->selected_protos |= TLSv1_1_PROTO; } | TOK_TLSv1_1 { cur_fa->selected_protos |= TLSv1_1_PROTO; }
| TOK_TLSv1_2 { cur_fa->selected_protos |= TLSv1_2_PROTO; } | TOK_TLSv1_2 { cur_fa->selected_protos |= TLSv1_2_PROTO; }
| TOK_TLSv1_3 { cur_fa->selected_protos |= TLSv1_3_PROTO; }; | TOK_TLSv1_3 { cur_fa->selected_protos |= TLSv1_3_PROTO; };
FB_CIPHERS: TOK_CIPHERS '=' STRING { FB_CIPHERS: TOK_CIPHERS '=' STRING {
if ($3) cur_fa->ciphers = strdup($3); if ($3) cur_fa->ciphers_tlsv12 = strdup($3);
};
FB_CIPHERSUITES: TOK_CIPHERSUITES '=' STRING {
if ($3) {
CHECK_OBJ_NOTNULL(cur_fa, FRONT_ARG_MAGIC);
cur_fa->ciphersuites_tlsv13 = strdup($3);
}
}; };
FB_PREF_SRV_CIPH: TOK_PREFER_SERVER_CIPHERS '=' BOOL { FB_PREF_SRV_CIPH: TOK_PREFER_SERVER_CIPHERS '=' BOOL {
cur_fa->prefer_server_ciphers = $3; cur_fa->prefer_server_ciphers = $3;
}; };
QUIET_REC: TOK_QUIET '=' BOOL { QUIET_REC: TOK_QUIET '=' BOOL {
if ($3) if ($3)
cfg->LOG_LEVEL = 0; cfg->LOG_LEVEL = 0;
else else
skipping to change at line 454 skipping to change at line 476
} }
cur_pem = NULL; cur_pem = NULL;
}; };
SYSLOG_REC: TOK_SYSLOG '=' BOOL { cfg->SYSLOG = $3; }; SYSLOG_REC: TOK_SYSLOG '=' BOOL { cfg->SYSLOG = $3; };
DAEMON_REC: TOK_DAEMON '=' BOOL { cfg->DAEMONIZE = $3; }; DAEMON_REC: TOK_DAEMON '=' BOOL { cfg->DAEMONIZE = $3; };
SNI_NOMATCH_ABORT_REC : TOK_SNI_NOMATCH_ABORT '=' BOOL { SNI_NOMATCH_ABORT_REC : TOK_SNI_NOMATCH_ABORT '=' BOOL {
cfg->SNI_NOMATCH_ABORT = $3; cfg->SNI_NOMATCH_ABORT = $3;
}; };
CIPHERS_REC: TOK_CIPHERS '=' STRING { if ($3) cfg->CIPHER_SUITE = strdup($3); }; CIPHERS_REC: TOK_CIPHERS '=' STRING {
if ($3) {
cfg->CIPHERS_TLSv12 = strdup($3);
}
};
CIPHERSUITES_REC: TOK_CIPHERSUITES '=' STRING {
if ($3) {
cfg->CIPHERSUITES_TLSv13 = strdup($3);
}
};
USER_REC: TOK_USER '=' STRING { USER_REC: TOK_USER '=' STRING {
/* XXX: passing an empty string for file */ /* XXX: passing an empty string for file */
if ($3 && config_param_validate("user", $3, cfg, "", if ($3 && config_param_validate("user", $3, cfg, "",
yyget_lineno()) != 0) yyget_lineno()) != 0)
YYABORT; YYABORT;
}; };
GROUP_REC: TOK_GROUP '=' STRING { GROUP_REC: TOK_GROUP '=' STRING {
/* XXX: passing an empty string for file */ /* XXX: passing an empty string for file */
skipping to change at line 580 skipping to change at line 612
fprintf(stderr, "Hitch needs to be compiled with --enable-tfo" fprintf(stderr, "Hitch needs to be compiled with --enable-tfo"
"for '%s'", input_line); "for '%s'", input_line);
YYABORT; YYABORT;
#endif #endif
}; };
BACKEND_REFRESH_REC: TOK_BACKEND_REFRESH '=' UINT { BACKEND_REFRESH_REC: TOK_BACKEND_REFRESH '=' UINT {
cfg->BACKEND_REFRESH_TIME = $3; cfg->BACKEND_REFRESH_TIME = $3;
}; };
ECDH_CURVE_REC: TOK_ECDH_CURVE '=' STRING {
if ($3) {
cfg->ECDH_CURVE = strdup($3);
}
};
CLIENT_VERIFY_REC: TOK_CLIENT_VERIFY '=' CLIENT_VERIFY_OPT;
CLIENT_VERIFY_OPT
: TOK_VERIFY_NONE {
if (cur_fa)
cur_fa->client_verify = SSL_VERIFY_NONE;
else
cfg->CLIENT_VERIFY = SSL_VERIFY_NONE;
}
| TOK_VERIFY_OPT {
if (cur_fa)
cur_fa->client_verify = SSL_VERIFY_PEER;
else
cfg->CLIENT_VERIFY = SSL_VERIFY_PEER;
}
| TOK_VERIFY_REQ {
if (cur_fa)
cur_fa->client_verify =
SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
else
cfg->CLIENT_VERIFY =
SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
};
CLIENT_VERIFY_CA_REC: TOK_CLIENT_VERIFY_CA '=' STRING {
cfg->CLIENT_VERIFY_CA = strdup($3);
};
%% %%
void void
yyerror(hitch_config *cfg, const char *s) yyerror(hitch_config *cfg, const char *s)
{ {
(void) cfg; (void) cfg;
/* Clean up if FRONTEND_BLK parsing failed */ /* Clean up if FRONTEND_BLK parsing failed */
if (cur_fa != NULL) if (cur_fa != NULL)
FREE_OBJ(cur_fa); FREE_OBJ(cur_fa);
 End of changes. 10 change blocks. 
3 lines changed or deleted 69 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)