"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/configuration.c" between
hitch-1.7.0.tar.gz and hitch-1.7.2.tar.gz

About: Hitch is a libev-based high performance SSL/TLS proxy that terminates TLS/SSL connections and forwards the unencrypted traffic to some backend.

[ To the main hitch source changes report ]

configuration.c  (hitch-1.7.0):configuration.c  (hitch-1.7.2)
skipping to change at line 1181 skipping to change at line 1181
return ("UNKNOWN"); return ("UNKNOWN");
} }
} }
int int
config_scan_pem_dir(char *pemdir, hitch_config *cfg) config_scan_pem_dir(char *pemdir, hitch_config *cfg)
{ {
int n, i, plen; int n, i, plen;
int retval = 0; int retval = 0;
struct dirent **d; struct dirent **d;
struct stat st;
n = scandir(pemdir, &d, NULL, alphasort); n = scandir(pemdir, &d, NULL, alphasort);
if (n < 0) { if (n < 0) {
config_error_set("Unable to open directory '%s': %s", pemdir, config_error_set("Unable to open directory '%s': %s", pemdir,
strerror(errno)); strerror(errno));
return (1); return (1);
} }
for (i = 0; i < n; i++) { for (i = 0; i < n; i++) {
struct cfg_cert_file *cert; struct cfg_cert_file *cert;
char *fpath; char *fpath;
plen = strlen(pemdir) + strlen(d[i]->d_name) + 1; plen = strlen(pemdir) + strlen(d[i]->d_name) + 1;
if (cfg->PEM_DIR_GLOB != NULL) { if (cfg->PEM_DIR_GLOB != NULL) {
if (fnmatch(cfg->PEM_DIR_GLOB, d[i]->d_name, 0)) if (fnmatch(cfg->PEM_DIR_GLOB, d[i]->d_name, 0))
continue; continue;
} }
if (d[i]->d_type != DT_REG) if (d[i]->d_type != DT_UNKNOWN && d[i]->d_type != DT_REG)
continue; continue;
fpath = malloc(plen); fpath = malloc(plen);
AN(fpath); AN(fpath);
if (snprintf(fpath, plen, "%s%s", pemdir, d[i]->d_name) < 0) { if (snprintf(fpath, plen, "%s%s", pemdir, d[i]->d_name) < 0) {
config_error_set("An error occured while " config_error_set("An error occurred while "
"combining path"); "combining path");
free(fpath); free(fpath);
retval = 1; retval = 1;
break; break;
} }
if (d[i]->d_type == DT_UNKNOWN) {
/* The underlying filesystem does not support d_type. */
if (lstat(fpath, &st) < 0) {
fprintf(stderr, "Warning: unable to stat '%s': %s
. Skipping.\n",
fpath, strerror(errno));
free(fpath);
continue;
}
if (!S_ISREG(st.st_mode)) {
free(fpath);
continue;
}
}
cert = cfg_cert_file_new(); cert = cfg_cert_file_new();
config_assign_str(&cert->filename, fpath); config_assign_str(&cert->filename, fpath);
free(fpath); free(fpath);
int r = cfg_cert_vfy(cert); int r = cfg_cert_vfy(cert);
if (r != 0) { if (r != 0) {
/* If no default has been set, use the first /* If no default has been set, use the first
* match according to alphasort */ * match according to alphasort */
if (cfg->CERT_DEFAULT == NULL) if (cfg->CERT_DEFAULT == NULL)
cfg->CERT_DEFAULT = cert; cfg->CERT_DEFAULT = cert;
skipping to change at line 1258 skipping to change at line 1273
fprintf(out, "CONFIGURATION:\n"); fprintf(out, "CONFIGURATION:\n");
fprintf(out, "\n"); fprintf(out, "\n");
fprintf(out, "\t--config=FILE\n"); fprintf(out, "\t--config=FILE\n");
fprintf(out, "\t\tLoad configuration from specified file.\n"); fprintf(out, "\t\tLoad configuration from specified file.\n");
fprintf(out, "\n"); fprintf(out, "\n");
fprintf(out, "ENCRYPTION METHODS:\n"); fprintf(out, "ENCRYPTION METHODS:\n");
fprintf(out, "\n"); fprintf(out, "\n");
fprintf(out, "\t--tls-protos=LIST\n"); fprintf(out, "\t--tls-protos=LIST\n");
fprintf(out, "\t\tSpecifies which SSL/TLS protocols to use.\n"); fprintf(out, "\t\tSpecifies which SSL/TLS protocols to use.\n");
fprintf(out, "\t\tAvailable tokens are SSLv3, TLSv1.0, TLSv1.1\n"); fprintf(out, "\t\tAvailable tokens are SSLv3, TLSv1.0, TLSv1.1\n");
fprintf(out, "\t\tTLSv1.2 and TLSv1.3. (Default: \"TLSv1.2 TLSv1.3\"\n)") ; fprintf(out, "\t\tTLSv1.2 and TLSv1.3. (Default: \"TLSv1.2 TLSv1.3\")\n") ;
fprintf(out, "\t-c --ciphers=SUITE\n"); fprintf(out, "\t-c --ciphers=SUITE\n");
fprintf(out, "\t\tSets allowed ciphers (Default: \"%s\")\n", fprintf(out, "\t\tSets allowed ciphers (Default: \"%s\")\n",
config_disp_str(cfg->CIPHERS_TLSv12)); config_disp_str(cfg->CIPHERS_TLSv12));
fprintf(out, "\t-e --ssl-engine=NAME\n"); fprintf(out, "\t-e --ssl-engine=NAME\n");
fprintf(out, "\t\tSets OpenSSL engine (Default: \"%s\")\n", fprintf(out, "\t\tSets OpenSSL engine (Default: \"%s\")\n",
config_disp_str(cfg->ENGINE)); config_disp_str(cfg->ENGINE));
fprintf(out, "\t-O --prefer-server-ciphers[=on|off]\n"); fprintf(out, "\t-O --prefer-server-ciphers[=on|off]\n");
fprintf(out, "\t\tPrefer server list order (Default: \"%s\")\n", fprintf(out, "\t\tPrefer server list order (Default: \"%s\")\n",
config_disp_bool(cfg->PREFER_SERVER_CIPHERS)); config_disp_bool(cfg->PREFER_SERVER_CIPHERS));
fprintf(out, "\n"); fprintf(out, "\n");
skipping to change at line 1742 skipping to change at line 1757
config_error_set("alpn-protos configuration" config_error_set("alpn-protos configuration"
" \"%s\" is bad. %s", " \"%s\" is bad. %s",
cfg->ALPN_PROTOS, error); cfg->ALPN_PROTOS, error);
else else
config_error_set("alpn-protos configuration" config_error_set("alpn-protos configuration"
" \"%s\" is bad. See man page for more" " \"%s\" is bad. See man page for more"
" info.", " info.",
cfg->ALPN_PROTOS); cfg->ALPN_PROTOS);
return (1); return (1);
} }
AN(cfg->ALPN_PROTOS_LV);
int multi_proto =
cfg->ALPN_PROTOS_LV[0] != cfg->ALPN_PROTOS_LV_LEN - 1;
if (multi_proto && !cfg->WRITE_PROXY_LINE_V2) {
config_error_set("alpn-protos is specified with"
" more than one protocol while proxy-v2 is "
" not selected. This is a configuration"
" error.");
return (1);
/* Note that this test was carried out indepenently of
the availability of ALPN / NPN */
}
#if defined(OPENSSL_WITH_NPN) || defined(OPENSSL_WITH_ALPN) #if defined(OPENSSL_WITH_NPN) || defined(OPENSSL_WITH_ALPN)
/* /*
if (cfg->WRITE_PROXY_LINE_V2) if (cfg->WRITE_PROXY_LINE_V2)
fprintf(stderr, ALPN_NPN_PREFIX_STR fprintf(stderr, ALPN_NPN_PREFIX_STR
" Negotiated protocol will be communicated to the" " Negotiated protocol will be communicated to the"
" backend.\n"); " backend.\n");
*/ */
# ifndef OPENSSL_WITH_ALPN # ifndef OPENSSL_WITH_ALPN
fprintf(stderr, ALPN_NPN_PREFIX_STR " Warning: Hitch has been" fprintf(stderr, ALPN_NPN_PREFIX_STR " Warning: Hitch has been"
" compiled against a version of OpenSSL without ALPN" " compiled against a version of OpenSSL without ALPN"
" support.\n"); " support.\n");
# endif # endif
#else #else
AN(cfg->ALPN_PROTOS_LV);
int multi_proto =
cfg->ALPN_PROTOS_LV[0] != cfg->ALPN_PROTOS_LV_LEN - 1;
/* No support for ALPN / NPN support in OpenSSL */ /* No support for ALPN / NPN support in OpenSSL */
if (multi_proto || if (multi_proto ||
0 != strncmp((char *)cfg->ALPN_PROTOS_LV, "\x8http/1.1", 9)) { 0 != strncmp((char *)cfg->ALPN_PROTOS_LV, "\x8http/1.1", 9)) {
config_error_set("This is compiled against OpenSSL versio n" config_error_set("This is compiled against OpenSSL versio n"
" %lx, which does not have NPN or ALPN support," " %lx, which does not have NPN or ALPN support,"
" yet alpn-protos has been set to %s.", " yet alpn-protos has been set to %s.",
OPENSSL_VERSION_NUMBER, cfg->ALPN_PROTOS); OPENSSL_VERSION_NUMBER, cfg->ALPN_PROTOS);
return (1); return (1);
} }
else else
 End of changes. 7 change blocks. 
15 lines changed or deleted 22 lines changed or added
To the C Programs section of the hitch source changes report or the top of this page
Mainly generated by pkgdiff using rfcdiff
Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)