"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/configuration.c" between
hitch-1.6.1.tar.gz and hitch-1.7.0.tar.gz

About: Hitch is a libev-based high performance SSL/TLS proxy that terminates TLS/SSL connections and forwards the unencrypted traffic to some backend.

configuration.c  (hitch-1.6.1):configuration.c  (hitch-1.7.0)
skipping to change at line 80 skipping to change at line 80
#define CFG_RECV_BUFSIZE "recv-bufsize" #define CFG_RECV_BUFSIZE "recv-bufsize"
#define CFG_SEND_BUFSIZE "send-bufsize" #define CFG_SEND_BUFSIZE "send-bufsize"
#define CFG_LOG_FILENAME "log-filename" #define CFG_LOG_FILENAME "log-filename"
#define CFG_LOG_LEVEL "log-level" #define CFG_LOG_LEVEL "log-level"
#define CFG_RING_SLOTS "ring-slots" #define CFG_RING_SLOTS "ring-slots"
#define CFG_RING_DATA_LEN "ring-data-len" #define CFG_RING_DATA_LEN "ring-data-len"
#define CFG_PIDFILE "pidfile" #define CFG_PIDFILE "pidfile"
#define CFG_SNI_NOMATCH_ABORT "sni-nomatch-abort" #define CFG_SNI_NOMATCH_ABORT "sni-nomatch-abort"
#define CFG_OCSP_DIR "ocsp-dir" #define CFG_OCSP_DIR "ocsp-dir"
#define CFG_TLS_PROTOS "tls-protos" #define CFG_TLS_PROTOS "tls-protos"
#define CFG_PARAM_TLS_PROTOS 11018
#define CFG_DBG_LISTEN "dbg-listen"
#define CFG_PARAM_DBG_LISTEN 11019
#ifdef TCP_FASTOPEN_WORKS #ifdef TCP_FASTOPEN_WORKS
#define CFG_TFO "enable-tcp-fastopen" #define CFG_TFO "enable-tcp-fastopen"
#endif #endif
#ifdef USE_SHARED_CACHE #ifdef USE_SHARED_CACHE
#define CFG_SHARED_CACHE "shared-cache" #define CFG_SHARED_CACHE "shared-cache"
#define CFG_SHARED_CACHE_LISTEN "shared-cache-listen" #define CFG_SHARED_CACHE_LISTEN "shared-cache-listen"
#define CFG_SHARED_CACHE_PEER "shared-cache-peer" #define CFG_SHARED_CACHE_PEER "shared-cache-peer"
#define CFG_SHARED_CACHE_MCASTIF "shared-cache-if" #define CFG_SHARED_CACHE_MCASTIF "shared-cache-if"
#endif #endif
skipping to change at line 195 skipping to change at line 198
(void) i; (void) i;
// set default values // set default values
r->PMODE = SSL_SERVER; r->PMODE = SSL_SERVER;
r->SELECTED_TLS_PROTOS = 0; r->SELECTED_TLS_PROTOS = 0;
r->WRITE_IP_OCTET = 0; r->WRITE_IP_OCTET = 0;
r->WRITE_PROXY_LINE_V1 = 0; r->WRITE_PROXY_LINE_V1 = 0;
r->WRITE_PROXY_LINE_V2 = 0; r->WRITE_PROXY_LINE_V2 = 0;
r->PROXY_TLV = 1; r->PROXY_TLV = 1;
r->PROXY_AUTHORITY = 1; r->PROXY_AUTHORITY = 1;
r->PROXY_CLIENT_CERT = 0;
r->PROXY_PROXY_LINE = 0; r->PROXY_PROXY_LINE = 0;
r->ALPN_PROTOS = NULL; r->ALPN_PROTOS = NULL;
r->ALPN_PROTOS_LV = NULL; r->ALPN_PROTOS_LV = NULL;
r->ALPN_PROTOS_LV_LEN = 0; r->ALPN_PROTOS_LV_LEN = 0;
r->CHROOT = NULL; r->CHROOT = NULL;
r->UID = -1; r->UID = -1;
r->GID = -1; r->GID = -1;
r->BACK_IP = strdup("127.0.0.1"); r->BACK_IP = strdup("127.0.0.1");
r->BACK_PORT = strdup("8000"); r->BACK_PORT = strdup("8000");
r->NCORES = 1; r->NCORES = 1;
skipping to change at line 343 skipping to change at line 347
return (*dst); return (*dst);
} }
static int static int
config_param_val_bool(char *val, int *res) config_param_val_bool(char *val, int *res)
{ {
assert(val != NULL); assert(val != NULL);
if (strcasecmp(val, CFG_BOOL_ON) == 0 || strcasecmp(val, "yes") == 0 || if (strcasecmp(val, CFG_BOOL_ON) == 0 || strcasecmp(val, "yes") == 0 ||
strcasecmp(val, "y") == 0 || strcasecmp(val, "true") == 0 || strcasecmp(val, "y") == 0 || strcasecmp(val, "true") == 0 ||
strcasecmp(val, "t") == 0 || strcasecmp(val, "1") == 0) { strcasecmp(val, "t") == 0 || strcasecmp(val, "1") == 0)
*res = 1; *res = 1;
} else if (strcasecmp(val, "off") == 0 || strcasecmp(val, "no") == 0
|| strcasecmp(val, "n") == 0 || strcasecmp(val, "false") == 0
|| strcasecmp(val, "f") == 0 || strcasecmp(val, "0") == 0)
*res = 0;
return (1); return (1);
} }
static int static int
config_param_uds(const char *str, char **path) config_param_uds(const char *str, char **path)
{ {
struct stat st; struct stat st;
AN(path); AN(path);
skipping to change at line 832 skipping to change at line 839
config_error_set("No certificate configured " config_error_set("No certificate configured "
"for frontend '%s'", fa->pspec); "for frontend '%s'", fa->pspec);
return (0); return (0);
} }
} }
return (1); return (1);
} }
int int
config_param_validate(char *k, char *v, hitch_config *cfg, config_param_validate(const char *k, char *v, hitch_config *cfg,
char *file, int line) char *file, int line)
{ {
int r = 1; int r = 1;
struct stat st; struct stat st;
assert(k != NULL); assert(k != NULL);
assert(v != NULL); assert(v != NULL);
assert(strlen(k) >= 2); assert(strlen(k) >= 2);
if (strcmp(k, "tls") == 0) { if (strcmp(k, "tls") == 0) {
skipping to change at line 1031 skipping to change at line 1038
} else if (strcmp(k, CFG_RING_DATA_LEN) == 0) { } else if (strcmp(k, CFG_RING_DATA_LEN) == 0) {
r = config_param_val_int(v, &cfg->RING_DATA_LEN, 1); r = config_param_val_int(v, &cfg->RING_DATA_LEN, 1);
} else if (strcmp(k, CFG_SNI_NOMATCH_ABORT) == 0) { } else if (strcmp(k, CFG_SNI_NOMATCH_ABORT) == 0) {
r = config_param_val_bool(v, &cfg->SNI_NOMATCH_ABORT); r = config_param_val_bool(v, &cfg->SNI_NOMATCH_ABORT);
} else if (strcmp(k, CFG_OCSP_DIR) == 0) { } else if (strcmp(k, CFG_OCSP_DIR) == 0) {
config_assign_str(&cfg->OCSP_DIR, v); config_assign_str(&cfg->OCSP_DIR, v);
#ifdef TCP_FASTOPEN_WORKS #ifdef TCP_FASTOPEN_WORKS
} else if (strcmp(k, CFG_TFO) == 0) { } else if (strcmp(k, CFG_TFO) == 0) {
config_param_val_bool(v, &cfg->TFO); config_param_val_bool(v, &cfg->TFO);
#endif #endif
} else if (strcmp(k, CFG_TLS_PROTOS) == 0) {
cfg->SELECTED_TLS_PROTOS = 0;
#define TLS_PROTO(u, i, s) \
if (strcasestr(v, s)) \
cfg->SELECTED_TLS_PROTOS |= i;
#include "tls_proto_tbl.h"
if (cfg->SELECTED_TLS_PROTOS == 0) {
config_error_set("Invalid 'tls-protos' option '%s'", v);
return (1);
}
} else if (strcmp(k, CFG_DBG_LISTEN) == 0) {
config_assign_str(&cfg->DEBUG_LISTEN_ADDR, v);
} else { } else {
fprintf( fprintf(
stderr, stderr,
"Ignoring unknown configuration key '%s' in configuration file '%s', line %d\n", "Ignoring unknown configuration key '%s' in configuration file '%s', line %d\n",
k, file, line k, file, line
); );
} }
if (!r) { if (!r) {
if (file != NULL) if (file != NULL)
skipping to change at line 1231 skipping to change at line 1250
cfg = config_new(); cfg = config_new();
AN(cfg); AN(cfg);
if (out == NULL) if (out == NULL)
out = stderr; out = stderr;
fprintf(out, "Usage: %s [OPTIONS] PEM\n\n", basename(prog)); fprintf(out, "Usage: %s [OPTIONS] PEM\n\n", basename(prog));
fprintf(out, "This is hitch, The Scalable TLS Unwrapping Daemon.\n\n"); fprintf(out, "This is hitch, The Scalable TLS Unwrapping Daemon.\n\n");
fprintf(out, "CONFIGURATION:\n"); fprintf(out, "CONFIGURATION:\n");
fprintf(out, "\n"); fprintf(out, "\n");
fprintf(out, " --config=FILE Load configuration from specifie fprintf(out, "\t--config=FILE\n");
d file.\n"); fprintf(out, "\t\tLoad configuration from specified file.\n");
fprintf(out, "\n"); fprintf(out, "\n");
fprintf(out, "ENCRYPTION METHODS:\n"); fprintf(out, "ENCRYPTION METHODS:\n");
fprintf(out, "\n"); fprintf(out, "\n");
fprintf(out, " --tls TLSv1 (default. No SSLv3)\n") fprintf(out, "\t--tls-protos=LIST\n");
; fprintf(out, "\t\tSpecifies which SSL/TLS protocols to use.\n");
fprintf(out, " --ssl SSLv3 (enables SSLv3)\n"); fprintf(out, "\t\tAvailable tokens are SSLv3, TLSv1.0, TLSv1.1\n");
fprintf(out, " -c --ciphers=SUITE Sets allowed ciphers (Default fprintf(out, "\t\tTLSv1.2 and TLSv1.3. (Default: \"TLSv1.2 TLSv1.3\"\n)")
: \"%s\")\n", config_disp_str(cfg->CIPHERS_TLSv12)); ;
fprintf(out, " -e --ssl-engine=NAME Sets OpenSSL engine (Default: fprintf(out, "\t-c --ciphers=SUITE\n");
\"%s\")\n", config_disp_str(cfg->ENGINE)); fprintf(out, "\t\tSets allowed ciphers (Default: \"%s\")\n",
fprintf(out, " -O --prefer-server-ciphers Prefer server list order\n"); config_disp_str(cfg->CIPHERS_TLSv12));
fprintf(out, "\t-e --ssl-engine=NAME\n");
fprintf(out, "\t\tSets OpenSSL engine (Default: \"%s\")\n",
config_disp_str(cfg->ENGINE));
fprintf(out, "\t-O --prefer-server-ciphers[=on|off]\n");
fprintf(out, "\t\tPrefer server list order (Default: \"%s\")\n",
config_disp_bool(cfg->PREFER_SERVER_CIPHERS));
fprintf(out, "\n"); fprintf(out, "\n");
fprintf(out, "SOCKET:\n"); fprintf(out, "SOCKET:\n");
fprintf(out, "\n"); fprintf(out, "\n");
fprintf(out, " --client Enable client proxy mode\n"); fprintf(out, "\t--client\n");
fprintf(out, " -b --backend=[HOST]:PORT Backend [connect] (default is fprintf(out, "\t\tEnable client proxy mode\n");
\"%s\")\n", config_disp_hostport(cfg->BACK_IP, cfg->BACK_PORT)); fprintf(out, "\t-b --backend=[HOST]:PORT\n");
fprintf(out, " The -b argument can also take fprintf(out, "\t\tBackend endpoint (default is \"%s\")\n",
a UNIX domain socket path\n"); config_disp_hostport(cfg->BACK_IP, cfg->BACK_PORT));
fprintf(out, " E.g. --backend=\"/path/to/soc fprintf(out,
k\"\n"); "\t\tThe -b argument can also take a UNIX domain socket path\n");
fprintf(out, " -f --frontend=[HOST]:PORT[+CERT] Frontend [bind] (def fprintf(out, "\t\tE.g. --backend=\"/path/to/sock\"\n");
ault is \"%s\")\n", config_disp_hostport(cfg->LISTEN_DEFAULT->ip, cfg->LISTEN_DE fprintf(out, "\t-f --frontend=[HOST]:PORT[+CERT]\n");
FAULT->port)); fprintf(out, "\t\tFrontend listen endpoint (default is \"%s\")\n",
fprintf(out, " (Note: brackets are mandato config_disp_hostport(cfg->LISTEN_DEFAULT->ip,
ry in endpoint specifiers.)\n"); cfg->LISTEN_DEFAULT->port));
fprintf(out, " --recv-bufsize=SIZE Receive buffer size on client fprintf(out,
socket (Default: %d)\n", cfg->RECV_BUFSIZE); "\t\t(Note: brackets are mandatory in endpoint specifiers.)\n");
fprintf(out, " --send-bufsize=SIZE Send buffer size on client soc fprintf(out, "\t--recv-bufsize=SIZE\n");
ket (Default: %d)\n", cfg->SEND_BUFSIZE); fprintf(out, "\t\tReceive buffer size on client socket (Default: %d)\n",
cfg->RECV_BUFSIZE);
fprintf(out, "\t--send-bufsize=SIZE\n");
fprintf(out, "\t\tSend buffer size on client socket (Default: %d)\n",
cfg->SEND_BUFSIZE);
#ifdef USE_SHARED_CACHE #ifdef USE_SHARED_CACHE
fprintf(out, "\n"); fprintf(out, "\n");
fprintf(out, " -U --shared-cache-listen=[HOST]:PORT\n"); fprintf(out, "\t-U --shared-cache-listen=[HOST]:PORT\n");
fprintf(out, " Accept cache updates on UDP ( fprintf(out, "\t\tAccept cache updates on UDP (Default: \"%s\")\n",
Default: \"%s\")\n", config_disp_hostport(cfg->SHCUPD_IP, cfg->SHCUPD_PORT)); config_disp_hostport(cfg->SHCUPD_IP, cfg->SHCUPD_PORT));
fprintf(out, " NOTE: This option requires en fprintf(out,
abled SSL session cache.\n"); "\t\tNOTE: This option requires enabled SSL session cache.\n");
fprintf(out, " -P --shared-cache-peer=[HOST]:PORT\n"); fprintf(out, "\t-P --shared-cache-peer=[HOST]:PORT\n");
fprintf(out, " Send cache updates to specifi fprintf(out, "\t\tSend cache updates to specified peer\n");
ed peer\n"); fprintf(out,
fprintf(out, " NOTE: This option can be spec "\t\tNOTE: This option can be specified multiple times.\n");
ified multiple times.\n"); fprintf(out, "\t-M --shared-cache-if=IFACE[,TTL]\n");
fprintf(out, " -M --shared-cache-if=IFACE[,TTL]\n"); fprintf(out,
fprintf(out, " Force iface and ttl to receiv "\t\tForce iface and ttl to receive and send multicast updates\n");
e and send multicast updates\n");
#endif #endif
fprintf(out, "\n"); fprintf(out, "\n");
fprintf(out, "PERFORMANCE:\n"); fprintf(out, "PERFORMANCE:\n");
fprintf(out, "\n"); fprintf(out, "\n");
fprintf(out, " -n --workers=NUM Number of worker processes (De fprintf(out, "\t-n --workers=NUM\n");
fault: %ld)\n", cfg->NCORES); fprintf(out, "\t\tNumber of worker processes (Default: %ld)\n",
fprintf(out, " -B --backlog=NUM Set listen backlog size (Defau cfg->NCORES);
lt: %d)\n", cfg->BACKLOG); fprintf(out, "\t-B --backlog=NUM\n");
fprintf(out, " -k --keepalive=SECS TCP keepalive on client socket fprintf(out, "\t\tSet listen backlog size (Default: %d)\n", cfg->BACKLOG)
(Default: %d)\n", cfg->TCP_KEEPALIVE_TIME); ;
fprintf(out, " -R --backend-refresh=SECS Periodic backend IP lookup, 0 fprintf(out, "\t-k --keepalive=SECS\n");
to disable (Default: %d)\n", cfg->BACKEND_REFRESH_TIME); fprintf(out, "\t\tTCP keepalive on client socket (Default: %d)\n",
cfg->TCP_KEEPALIVE_TIME);
fprintf(out, "\t-R --backend-refresh=SECS\n");
fprintf(out, "\t\tPeriodic backend IP lookup, 0 to disable (Default: %d)\
n",
cfg->BACKEND_REFRESH_TIME);
#ifdef USE_SHARED_CACHE #ifdef USE_SHARED_CACHE
fprintf(out, " -C --session-cache=NUM Enable and set SSL session cac fprintf(out, "\t-C --session-cache=NUM\n");
he to specified number\n"); fprintf(out,
fprintf(out, " of sessions (Default: %d)\n", "\t\tEnable and set SSL session cache to specified number\n");
cfg->SHARED_CACHE); fprintf(out, "\t\tof sessions (Default: %d)\n", cfg->SHARED_CACHE);
#endif #endif
#ifdef TCP_FASTOPEN_WORKS #ifdef TCP_FASTOPEN_WORKS
fprintf(out, " --enable-tcp-fastopen Enable client-side TCP Fast Op fprintf(out, "\t--enable-tcp-fastopen[=on|off]\n");
en. (Default: %s)\n", config_disp_bool(cfg->TFO)); fprintf(out, "\t\tEnable client-side TCP Fast Open. (Default: %s)\n",
config_disp_bool(cfg->TFO));
#endif #endif
fprintf(out, "\n"); fprintf(out, "\n");
fprintf(out, "SECURITY:\n"); fprintf(out, "SECURITY:\n");
fprintf(out, "\n"); fprintf(out, "\n");
fprintf(out, " -r --chroot=DIR Sets chroot directory (Default fprintf(out, "\t-r --chroot=DIR\n");
: \"%s\")\n", config_disp_str(cfg->CHROOT)); fprintf(out, "\t\tSets chroot directory (Default: \"%s\")\n",
fprintf(out, " -u --user=USER Set uid/gid after binding the config_disp_str(cfg->CHROOT));
socket (Default: \"%s\")\n", config_disp_uid(cfg->UID)); fprintf(out, "\t-u --user=USER\n ");
fprintf(out, " -g --group=GROUP Set gid after binding the sock fprintf(out,
et (Default: \"%s\")\n", config_disp_gid(cfg->GID)); "\t\tSet uid/gid after binding the socket (Default: \"%s\")\n",
config_disp_uid(cfg->UID));
fprintf(out, "\t-g --group=GROUP\n");
fprintf(out, "\t\tSet gid after binding the socket (Default: \"%s\")\n",
config_disp_gid(cfg->GID));
fprintf(out, "\n"); fprintf(out, "\n");
fprintf(out, "LOGGING:\n"); fprintf(out, "LOGGING:\n");
fprintf(out, " -q --quiet Be quiet; emit only error mess fprintf(out, "\t-q --quiet[=on|off]\n");
ages (deprecated, use 'log-level')\n"); fprintf(out, "\t\tBe quiet; emit only error messages "
fprintf(out, " -L --log-level=NUM Log level. 0=silence, 1=err, 2 "(deprecated, use 'log-level')\n");
=info/debug (Default: %d)\n", fprintf(out, "\t-L --log-level=NUM\n");
fprintf(out, "\t\tLog level. 0=silence, 1=err, 2=info/debug (Default: %d)
\n",
cfg->LOG_LEVEL); cfg->LOG_LEVEL);
fprintf(out, " -l --log-filename=FILE Send log message to a logfile fprintf(out, "\t-l --log-filename=FILE \n");
instead of stderr/stdout\n"); fprintf(out,
fprintf(out, " -s --syslog Send log message to syslog in "\t\tSend log message to a logfile instead of stderr/stdout\n");
addition to stderr/stdout\n"); fprintf(out, "\t-s --syslog[=on|off] \n");
fprintf(out, " --syslog-facility=FACILITY Syslog facility to use fprintf(out,
(Default: \"%s\")\n", config_disp_log_facility(cfg->SYSLOG_FACILITY)); "\t\tSend log message to syslog in addition to stderr/stdout\n");
fprintf(out, "\t--syslog-facility=FACILITY\n");
fprintf(out, "\t\tSyslog facility to use (Default: \"%s\")\n",
config_disp_log_facility(cfg->SYSLOG_FACILITY));
fprintf(out, "\n"); fprintf(out, "\n");
fprintf(out, "OTHER OPTIONS:\n"); fprintf(out, "OTHER OPTIONS:\n");
fprintf(out, " --daemon Fork into background and becom fprintf(out, "\t--daemon[=on|off]\n");
e a daemon (Default: %s)\n", config_disp_bool(cfg->DAEMONIZE)); fprintf(out, "\t\tFork into background and become a daemon (Default: %s)\
fprintf(out, " --write-ip Write 1 octet with the IP fami n",
ly followed by the IP\n"); config_disp_bool(cfg->DAEMONIZE));
fprintf(out, " address in 4 (IPv4) or 16 (IPv fprintf(out, "\t--write-ip[=on|off]\n");
6) octets little-endian\n"); fprintf(out,
fprintf(out, " to backend before the actual d "\t\tWrite 1 octet with the IP family followed by the IP\n");
ata\n"); fprintf(out,
fprintf(out, " (Default: %s)\n", config_disp_ "\t\taddress in 4 (IPv4) or 16 (IPv6) octets little-endian\n");
bool(cfg->WRITE_IP_OCTET)); fprintf(out,
fprintf(out, " --write-proxy-v1 Write HaProxy's PROXY v1 (IPv4 "\t\tto backend before the actual data\n");
or IPv6) protocol line\n" ); fprintf(out,
fprintf(out, " before actual data\n"); "\t\t(Default: %s)\n", config_disp_bool(cfg->WRITE_IP_OCTET));
fprintf(out, " (Default: %s)\n", config_disp_ fprintf(out, "\t--write-proxy-v1[=on|off]\n");
bool(cfg->WRITE_PROXY_LINE_V1)); fprintf(out,
fprintf(out, " --write-proxy-v2 Write HaProxy's PROXY v2 binar "\t\tWrite HAProxy's PROXY v1 (IPv4 or IPv6) protocol line\n");
y (IPv4 or IPv6) protocol line\n" ); fprintf(out, "\t\tbefore actual data\n");
fprintf(out, " before actual data\n"); fprintf(out, "\t\t(Default: %s)\n",
fprintf(out, " (Default: %s)\n", config_disp_ config_disp_bool(cfg->WRITE_PROXY_LINE_V1));
bool(cfg->WRITE_PROXY_LINE_V2)); fprintf(out, "\t--write-proxy-v2[=on|off]\n");
fprintf(out, " --write-proxy Equivalent to --write-proxy-v2 fprintf(out, "\t\tWrite HAProxy's PROXY v2 binary (IPv4 or IPv6)\n");
. For PROXY version 1 use\n"); fprintf(out, "\t\t protocol line before actual data\n");
fprintf(out, " --write-proxy-v1 explicitly\n fprintf(out, "\t\t(Default: %s)\n",
"); config_disp_bool(cfg->WRITE_PROXY_LINE_V2));
fprintf(out, " --proxy-proxy Proxy HaProxy's PROXY (IPv4 or fprintf(out, "\t--write-proxy[=on|off]\n");
IPv6) protocol line\n" ); fprintf(out, "\t\tEquivalent to --write-proxy-v2. For PROXY \n");
fprintf(out, " before actual data (PROXY v1 o fprintf(out, "\t\tversion 1 use --write-proxy-v1 explicitly\n");
nly)\n"); fprintf(out, "\t--proxy-proxy[=on|off]\n");
fprintf(out, " (Default: %s)\n", config_disp_ fprintf(out, "\t\tProxy HAProxy's PROXY (IPv4 or IPv6) protocol\n");
bool(cfg->PROXY_PROXY_LINE)); fprintf(out, "\t\tbefore actual data (PROXYv1 and PROXYv2)\n");
fprintf(out, " --sni-nomatch-abort Abort handshake when client " fprintf(out, "\t\t(Default: %s)\n",
"submits an unrecognized SNI server name\n" ); config_disp_bool(cfg->PROXY_PROXY_LINE));
fprintf(out, " (Default: %s)\n", fprintf(out, "\t--sni-nomatch-abort[=on|off]\n");
fprintf(out, "\t\tAbort handshake when client submits an\n");
fprintf(out, "\t\tunrecognized SNI server name\n" );
fprintf(out, "\t\t(Default: %s)\n",
config_disp_bool(cfg->SNI_NOMATCH_ABORT)); config_disp_bool(cfg->SNI_NOMATCH_ABORT));
fprintf(out, " --ocsp-dir=DIR Set OCSP staple cache director fprintf(out, "\t--alpn-protos=LIST\n");
y\n"); fprintf(out, "\t\tSets the protocols for ALPN/NPN negotiation,\n");
fprintf(out, " This enables automated retriev fprintf(out, "\t\tprovided as a list of comma-separated tokens\n");
al and stapling of OCSP responses\n"); fprintf(out, "\t--ocsp-dir=DIR\n");
fprintf(out, " (Default: \"%s\")\n", config_d fprintf(out, "\t\tSet OCSP staple cache directory\n");
isp_str(cfg->OCSP_DIR)); fprintf(out, "\t\tThis enables automated retrieval and stapling\n"
"\t\tof OCSP responses\n");
fprintf(out, "\t\t(Default: \"%s\")\n", config_disp_str(cfg->OCSP_DIR));
fprintf(out, "\n"); fprintf(out, "\n");
fprintf(out, " -t --test Test configuration and exit\n" fprintf(out, "\t-t --test\n");
); fprintf(out, "\t\tTest configuration and exit\n");
fprintf(out, " -p --pidfile=FILE PID file\n"); fprintf(out, "\t-p --pidfile=FILE\n");
fprintf(out, " -V --version Print program version and exit fprintf(out, "\t\tPID file\n");
\n"); fprintf(out, "\t-V --version\n");
fprintf(out, " -h --help This help message\n"); fprintf(out, "\t\tPrint program version and exit\n");
fprintf(out, "\t-h --help\n");
fprintf(out, "\t\tThis help message\n");
config_destroy(cfg); config_destroy(cfg);
} }
static void static void
config_print_usage(char *prog) config_print_usage(char *prog)
{ {
config_print_usage_fd(prog, stdout); config_print_usage_fd(prog, stdout);
} }
skipping to change at line 1401 skipping to change at line 1496
int c, i; int c, i;
optind = 1; optind = 1;
struct option long_options[] = { struct option long_options[] = {
{ CFG_CONFIG, 1, NULL, CFG_PARAM_CFGFILE }, { CFG_CONFIG, 1, NULL, CFG_PARAM_CFGFILE },
{ "tls", 0, &tls, 1}, { "tls", 0, &tls, 1},
{ "ssl", 0, &ssl, 1}, { "ssl", 0, &ssl, 1},
{ "client", 0, &client, 1}, { "client", 0, &client, 1},
{ CFG_CIPHERS, 1, NULL, 'c' }, { CFG_CIPHERS, 1, NULL, 'c' },
{ CFG_PREFER_SERVER_CIPHERS, 0, NULL, 'O' }, { CFG_PREFER_SERVER_CIPHERS, 2, NULL, 'O' },
{ CFG_BACKEND, 1, NULL, 'b' }, { CFG_BACKEND, 1, NULL, 'b' },
{ CFG_FRONTEND, 1, NULL, 'f' }, { CFG_FRONTEND, 1, NULL, 'f' },
{ CFG_WORKERS, 1, NULL, 'n' }, { CFG_WORKERS, 1, NULL, 'n' },
{ CFG_BACKLOG, 1, NULL, 'B' }, { CFG_BACKLOG, 1, NULL, 'B' },
#ifdef USE_SHARED_CACHE #ifdef USE_SHARED_CACHE
{ CFG_SHARED_CACHE, 1, NULL, 'C' }, { CFG_SHARED_CACHE, 1, NULL, 'C' },
{ CFG_SHARED_CACHE_LISTEN, 1, NULL, 'U' }, { CFG_SHARED_CACHE_LISTEN, 1, NULL, 'U' },
{ CFG_SHARED_CACHE_PEER, 1, NULL, 'P' }, { CFG_SHARED_CACHE_PEER, 1, NULL, 'P' },
{ CFG_SHARED_CACHE_MCASTIF, 1, NULL, 'M' }, { CFG_SHARED_CACHE_MCASTIF, 1, NULL, 'M' },
#endif #endif
{ CFG_PIDFILE, 1, NULL, 'p' }, { CFG_PIDFILE, 1, NULL, 'p' },
{ CFG_KEEPALIVE, 1, NULL, 'k' }, { CFG_KEEPALIVE, 1, NULL, 'k' },
{ CFG_BACKEND_REFRESH, 1, NULL, 'R' }, { CFG_BACKEND_REFRESH, 1, NULL, 'R' },
{ CFG_CHROOT, 1, NULL, 'r' }, { CFG_CHROOT, 1, NULL, 'r' },
{ CFG_USER, 1, NULL, 'u' }, { CFG_USER, 1, NULL, 'u' },
{ CFG_GROUP, 1, NULL, 'g' }, { CFG_GROUP, 1, NULL, 'g' },
{ CFG_QUIET, 0, NULL, 'q' }, { CFG_QUIET, 2, NULL, 'q' },
{ CFG_LOG_FILENAME, 1, NULL, 'l' }, { CFG_LOG_FILENAME, 1, NULL, 'l' },
{ CFG_LOG_LEVEL, 1, NULL, 'L' }, { CFG_LOG_LEVEL, 1, NULL, 'L' },
{ CFG_SYSLOG, 0, NULL, 's' }, { CFG_SYSLOG, 2, NULL, 's' },
{ CFG_SYSLOG_FACILITY, 1, NULL, CFG_PARAM_SYSLOG_FACILITY }, { CFG_SYSLOG_FACILITY, 1, NULL, CFG_PARAM_SYSLOG_FACILITY },
{ CFG_SEND_BUFSIZE, 1, NULL, CFG_PARAM_SEND_BUFSIZE }, { CFG_SEND_BUFSIZE, 1, NULL, CFG_PARAM_SEND_BUFSIZE },
{ CFG_RECV_BUFSIZE, 1, NULL, CFG_PARAM_RECV_BUFSIZE }, { CFG_RECV_BUFSIZE, 1, NULL, CFG_PARAM_RECV_BUFSIZE },
#ifdef TCP_FASTOPEN_WORKS #ifdef TCP_FASTOPEN_WORKS
{ CFG_TFO, 0, &cfg->TFO, 1 }, { CFG_TFO, 2, NULL, 1 },
#endif #endif
{ CFG_DAEMON, 0, &cfg->DAEMONIZE, 1 }, { CFG_DAEMON, 2, NULL, 1 },
{ CFG_WRITE_IP, 0, &cfg->WRITE_IP_OCTET, 1 }, { CFG_WRITE_IP, 2, NULL, 1 },
{ CFG_WRITE_PROXY_V1, 0, &cfg->WRITE_PROXY_LINE_V1, 1 }, { CFG_WRITE_PROXY_V1, 2, NULL, 1 },
{ CFG_WRITE_PROXY_V2, 0, &cfg->WRITE_PROXY_LINE_V2, 1 }, { CFG_WRITE_PROXY_V2, 2, NULL, 1 },
{ CFG_WRITE_PROXY, 0, &cfg->WRITE_PROXY_LINE_V2, 1 }, { CFG_WRITE_PROXY, 2, NULL, 1 },
{ CFG_PROXY_PROXY, 0, &cfg->PROXY_PROXY_LINE, 1 }, { CFG_PROXY_PROXY, 2, NULL, 1 },
{ CFG_ALPN_PROTOS, 1, NULL, CFG_PARAM_ALPN_PROTOS }, { CFG_ALPN_PROTOS, 1, NULL, CFG_PARAM_ALPN_PROTOS },
{ CFG_SNI_NOMATCH_ABORT, 0, &cfg->SNI_NOMATCH_ABORT, 1 }, { CFG_SNI_NOMATCH_ABORT, 2, NULL, 1 },
{ CFG_OCSP_DIR, 1, NULL, 'o' }, { CFG_OCSP_DIR, 1, NULL, 'o' },
{ CFG_TLS_PROTOS, 1, NULL, CFG_PARAM_TLS_PROTOS },
{ CFG_DBG_LISTEN, 1, NULL, CFG_PARAM_DBG_LISTEN },
{ "test", 0, NULL, 't' }, { "test", 0, NULL, 't' },
{ "version", 0, NULL, 'V' }, { "version", 0, NULL, 'V' },
{ "help", 0, NULL, 'h' }, { "help", 0, NULL, 'h' },
{ 0, 0, 0, 0 } { 0, 0, 0, 0 }
}; };
#define SHORT_OPTS "c:e:Ob:f:n:B:l:L:C:U:p:P:M:k:r:u:g:qstVho:R:" #define SHORT_OPTS "c:e:Ob:f:n:B:l:L:C:U:p:P:M:k:r:u:g:qstVho:R:"
if (argc == 1) { if (argc == 1) {
config_print_usage(argv[0]); config_print_usage(argv[0]);
return (1); return (1);
skipping to change at line 1490 skipping to change at line 1587
if (c == -1) if (c == -1)
break; break;
switch (c) { switch (c) {
case 0: case 0:
break; break;
case CFG_PARAM_CFGFILE: case CFG_PARAM_CFGFILE:
/* Handled above */ /* Handled above */
break; break;
#define CFG_ARG(opt, key) \ #define CFG_ARG(opt, key) \
case opt: \ case opt: \
ret = config_param_validate(key, optarg, cfg, NULL, 0); \ ret = config_param_validate(key, \
optarg, cfg, NULL, 0); \
break; break;
#define CFG_ON(opt, key) \ #define CFG_BOOL(opt, key) \
case opt: \ case opt: \
ret = config_param_validate(key, CFG_BOOL_ON, cfg, \ ret = config_param_validate(key, \
NULL, 0); \ optarg ? optarg : CFG_BOOL_ON, \
cfg, NULL, 0); \
break; break;
CFG_ARG(CFG_PARAM_SYSLOG_FACILITY, CFG_SYSLOG_FACILITY); CFG_ARG(CFG_PARAM_SYSLOG_FACILITY, CFG_SYSLOG_FACILITY);
CFG_ARG(CFG_PARAM_SEND_BUFSIZE, CFG_SEND_BUFSIZE); CFG_ARG(CFG_PARAM_SEND_BUFSIZE, CFG_SEND_BUFSIZE);
CFG_ARG(CFG_PARAM_RECV_BUFSIZE, CFG_RECV_BUFSIZE); CFG_ARG(CFG_PARAM_RECV_BUFSIZE, CFG_RECV_BUFSIZE);
CFG_ARG(CFG_PARAM_ALPN_PROTOS, CFG_ALPN_PROTOS); CFG_ARG(CFG_PARAM_ALPN_PROTOS, CFG_ALPN_PROTOS);
CFG_ARG(CFG_PARAM_TLS_PROTOS, CFG_TLS_PROTOS);
CFG_ARG(CFG_PARAM_DBG_LISTEN, CFG_DBG_LISTEN);
CFG_ARG('c', CFG_CIPHERS); CFG_ARG('c', CFG_CIPHERS);
CFG_ARG('e', CFG_SSL_ENGINE); CFG_ARG('e', CFG_SSL_ENGINE);
CFG_ARG('b', CFG_BACKEND); CFG_ARG('b', CFG_BACKEND);
CFG_ARG('f', CFG_FRONTEND); CFG_ARG('f', CFG_FRONTEND);
CFG_ARG('n', CFG_WORKERS); CFG_ARG('n', CFG_WORKERS);
CFG_ARG('B', CFG_BACKLOG); CFG_ARG('B', CFG_BACKLOG);
#ifdef USE_SHARED_CACHE #ifdef USE_SHARED_CACHE
CFG_ARG('C', CFG_SHARED_CACHE); CFG_ARG('C', CFG_SHARED_CACHE);
CFG_ARG('U', CFG_SHARED_CACHE_LISTEN); CFG_ARG('U', CFG_SHARED_CACHE_LISTEN);
CFG_ARG('P', CFG_SHARED_CACHE_PEER); CFG_ARG('P', CFG_SHARED_CACHE_PEER);
CFG_ARG('M', CFG_SHARED_CACHE_MCASTIF); CFG_ARG('M', CFG_SHARED_CACHE_MCASTIF);
#endif #endif
CFG_ARG('p', CFG_PIDFILE); CFG_ARG('p', CFG_PIDFILE);
CFG_ARG('k', CFG_KEEPALIVE); CFG_ARG('k', CFG_KEEPALIVE);
CFG_ARG('R', CFG_BACKEND_REFRESH); CFG_ARG('R', CFG_BACKEND_REFRESH);
CFG_ARG('r', CFG_CHROOT); CFG_ARG('r', CFG_CHROOT);
CFG_ARG('u', CFG_USER); CFG_ARG('u', CFG_USER);
CFG_ARG('g', CFG_GROUP); CFG_ARG('g', CFG_GROUP);
CFG_ARG('o', CFG_OCSP_DIR); CFG_ARG('o', CFG_OCSP_DIR);
CFG_ON('O', CFG_PREFER_SERVER_CIPHERS); CFG_BOOL('O', CFG_PREFER_SERVER_CIPHERS);
CFG_ON('q', CFG_QUIET); CFG_BOOL('q', CFG_QUIET);
CFG_ARG('l', CFG_LOG_FILENAME); CFG_ARG('l', CFG_LOG_FILENAME);
CFG_ARG('L', CFG_LOG_LEVEL); CFG_ARG('L', CFG_LOG_LEVEL);
CFG_ON('s', CFG_SYSLOG); CFG_BOOL('s', CFG_SYSLOG);
#undef CFG_ARG #undef CFG_ARG
#undef CFG_ON #undef CFG_BOOL
case 1:
assert (option_index > 0);
if (optarg != NULL) {
if (strcmp(optarg, "on") &&
strcmp(optarg, "off")) {
config_error_set(
"Invalid argument '%s' for option
'%s': "
"expected one of 'on' or 'off
",
optarg,
long_options[option_index].na
me);
return (1);
}
}
ret = config_param_validate(
long_options[option_index].name,
optarg ? optarg : CFG_BOOL_ON,
cfg, NULL, 0);
break;
case 't': case 't':
cfg->TEST = 1; cfg->TEST = 1;
break; break;
case 'V': case 'V':
printf("%s %s\n", basename(argv[0]), VERSION); printf("%s %s\n", basename(argv[0]), VERSION);
exit(0); exit(0);
case 'h': case 'h':
config_print_usage(argv[0]); config_print_usage(argv[0]);
exit(0); exit(0);
default: default:
 End of changes. 33 change blocks. 
140 lines changed or deleted 216 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)