diff options
author | Joel Sing <jsing@cvs.openbsd.org> | 2014-10-31 13:49:53 +0000 |
---|---|---|
committer | Joel Sing <jsing@cvs.openbsd.org> | 2014-10-31 13:49:53 +0000 |
commit | 6823694d2f683d8a1d136c4f3cbb2fbfe8817287 (patch) | |
tree | 77ba5d2727d0edc57b642a55413052b0e6e2cdf5 /usr.sbin/httpd | |
parent | 749e16d7caeeaba4eade708a2f1a92fd5c7c6312 (diff) |
Update httpd(8) to use libtls instead of libressl.
Diffstat (limited to 'usr.sbin/httpd')
-rw-r--r-- | usr.sbin/httpd/Makefile | 6 | ||||
-rw-r--r-- | usr.sbin/httpd/httpd.h | 10 | ||||
-rw-r--r-- | usr.sbin/httpd/server.c | 68 |
3 files changed, 42 insertions, 42 deletions
diff --git a/usr.sbin/httpd/Makefile b/usr.sbin/httpd/Makefile index 63d50f420b3..441e02c1350 100644 --- a/usr.sbin/httpd/Makefile +++ b/usr.sbin/httpd/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.25 2014/08/04 17:38:12 reyk Exp $ +# $OpenBSD: Makefile,v 1.26 2014/10/31 13:49:52 jsing Exp $ PROG= httpd SRCS= parse.y @@ -6,8 +6,8 @@ SRCS+= config.c control.c httpd.c log.c logger.c proc.c SRCS+= server.c server_http.c server_file.c server_fcgi.c MAN= httpd.8 httpd.conf.5 -LDADD= -levent -lressl -lssl -lcrypto -lutil -DPADD= ${LIBEVENT} ${LIBRESSL} ${LIBSSL} ${LIBCRYPTO} ${LIBUTIL} +LDADD= -levent -ltls -lssl -lcrypto -lutil +DPADD= ${LIBEVENT} ${LIBTLS} ${LIBSSL} ${LIBCRYPTO} ${LIBUTIL} #DEBUG= -g -DDEBUG=3 CFLAGS+= -Wall -I${.CURDIR} CFLAGS+= -Wstrict-prototypes -Wmissing-prototypes diff --git a/usr.sbin/httpd/httpd.h b/usr.sbin/httpd/httpd.h index 7b86efaf701..76cabf015d8 100644 --- a/usr.sbin/httpd/httpd.h +++ b/usr.sbin/httpd/httpd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: httpd.h,v 1.60 2014/10/22 09:48:03 reyk Exp $ */ +/* $OpenBSD: httpd.h,v 1.61 2014/10/31 13:49:52 jsing Exp $ */ /* * Copyright (c) 2006 - 2014 Reyk Floeter <reyk@openbsd.org> @@ -26,7 +26,7 @@ #include <sys/param.h> /* MAXHOSTNAMELEN */ #include <limits.h> #include <imsg.h> -#include <ressl.h> +#include <tls.h> #define CONF_FILE "/etc/httpd.conf" #define HTTPD_SOCKET "/var/run/httpd.sock" @@ -281,7 +281,7 @@ struct client { int clt_sndbufsiz; int clt_fd; - struct ressl *clt_ressl_ctx; + struct tls *clt_tls_ctx; struct bufferevent *clt_srvbev; off_t clt_toread; @@ -408,8 +408,8 @@ struct server { struct event srv_ev; struct event srv_evt; - struct ressl *srv_ressl_ctx; - struct ressl_config *srv_ressl_config; + struct tls *srv_tls_ctx; + struct tls_config *srv_tls_config; struct client_tree srv_clients; }; diff --git a/usr.sbin/httpd/server.c b/usr.sbin/httpd/server.c index ced9a317348..4aa8307c708 100644 --- a/usr.sbin/httpd/server.c +++ b/usr.sbin/httpd/server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: server.c,v 1.45 2014/10/25 03:23:49 lteo Exp $ */ +/* $OpenBSD: server.c,v 1.46 2014/10/31 13:49:52 jsing Exp $ */ /* * Copyright (c) 2006 - 2014 Reyk Floeter <reyk@openbsd.org> @@ -43,7 +43,7 @@ #include <pwd.h> #include <event.h> #include <fnmatch.h> -#include <ressl.h> +#include <tls.h> #include "httpd.h" @@ -174,43 +174,43 @@ server_ssl_init(struct server *srv) log_debug("%s: setting up SSL for %s", __func__, srv->srv_conf.name); - if (ressl_init() != 0) { - log_warn("%s: failed to initialise ressl", __func__); + if (tls_init() != 0) { + log_warn("%s: failed to initialise tls", __func__); return (-1); } - if ((srv->srv_ressl_config = ressl_config_new()) == NULL) { - log_warn("%s: failed to get ressl config", __func__); + if ((srv->srv_tls_config = tls_config_new()) == NULL) { + log_warn("%s: failed to get tls config", __func__); return (-1); } - if ((srv->srv_ressl_ctx = ressl_server()) == NULL) { - log_warn("%s: failed to get ressl server", __func__); + if ((srv->srv_tls_ctx = tls_server()) == NULL) { + log_warn("%s: failed to get tls server", __func__); return (-1); } - if (ressl_config_set_ciphers(srv->srv_ressl_config, + if (tls_config_set_ciphers(srv->srv_tls_config, srv->srv_conf.ssl_ciphers) != 0) { - log_warn("%s: failed to set ressl ciphers", __func__); + log_warn("%s: failed to set tls ciphers", __func__); return (-1); } - if (ressl_config_set_cert_mem(srv->srv_ressl_config, + if (tls_config_set_cert_mem(srv->srv_tls_config, srv->srv_conf.ssl_cert, srv->srv_conf.ssl_cert_len) != 0) { - log_warn("%s: failed to set ressl cert", __func__); + log_warn("%s: failed to set tls cert", __func__); return (-1); } - if (ressl_config_set_key_mem(srv->srv_ressl_config, + if (tls_config_set_key_mem(srv->srv_tls_config, srv->srv_conf.ssl_key, srv->srv_conf.ssl_key_len) != 0) { - log_warn("%s: failed to set ressl key", __func__); + log_warn("%s: failed to set tls key", __func__); return (-1); } - if (ressl_configure(srv->srv_ressl_ctx, srv->srv_ressl_config) != 0) { + if (tls_configure(srv->srv_tls_ctx, srv->srv_tls_config) != 0) { log_warn("%s: failed to configure SSL - %s", __func__, - ressl_error(srv->srv_ressl_ctx)); + tls_error(srv->srv_tls_ctx)); return (-1); } /* We're now done with the public/private key... */ - ressl_config_clear_keys(srv->srv_ressl_config); + tls_config_clear_keys(srv->srv_tls_config); explicit_bzero(srv->srv_conf.ssl_cert, srv->srv_conf.ssl_cert_len); explicit_bzero(srv->srv_conf.ssl_key, srv->srv_conf.ssl_key_len); free(srv->srv_conf.ssl_cert); @@ -299,8 +299,8 @@ server_purge(struct server *srv) } } - ressl_config_free(srv->srv_ressl_config); - ressl_free(srv->srv_ressl_ctx); + tls_config_free(srv->srv_tls_config); + tls_free(srv->srv_tls_ctx); free(srv); } @@ -556,8 +556,8 @@ server_ssl_readcb(int fd, short event, void *arg) if (bufev->wm_read.high != 0) howmuch = MIN(sizeof(rbuf), bufev->wm_read.high); - ret = ressl_read(clt->clt_ressl_ctx, rbuf, howmuch, &len); - if (ret == RESSL_READ_AGAIN || ret == RESSL_WRITE_AGAIN) { + ret = tls_read(clt->clt_tls_ctx, rbuf, howmuch, &len); + if (ret == TLS_READ_AGAIN || ret == TLS_WRITE_AGAIN) { goto retry; } else if (ret != 0) { what |= EVBUFFER_ERROR; @@ -617,9 +617,9 @@ server_ssl_writecb(int fd, short event, void *arg) bcopy(EVBUFFER_DATA(bufev->output), clt->clt_buf, clt->clt_buflen); } - ret = ressl_write(clt->clt_ressl_ctx, clt->clt_buf, + ret = tls_write(clt->clt_tls_ctx, clt->clt_buf, clt->clt_buflen, &len); - if (ret == RESSL_READ_AGAIN || ret == RESSL_WRITE_AGAIN) { + if (ret == TLS_READ_AGAIN || ret == TLS_WRITE_AGAIN) { goto retry; } else if (ret != 0) { what |= EVBUFFER_ERROR; @@ -742,8 +742,8 @@ server_dump(struct client *clt, const void *buf, size_t len) * of non-blocking events etc. This is useful to print an * error message before gracefully closing the client. */ - if (clt->clt_ressl_ctx != NULL) - (void)ressl_write(clt->clt_ressl_ctx, buf, len, &outlen); + if (clt->clt_tls_ctx != NULL) + (void)tls_write(clt->clt_tls_ctx, buf, len, &outlen); else (void)write(clt->clt_s, buf, len); } @@ -934,22 +934,22 @@ server_accept_ssl(int fd, short event, void *arg) return; } - if (srv->srv_ressl_ctx == NULL) - fatalx("NULL ressl context"); + if (srv->srv_tls_ctx == NULL) + fatalx("NULL tls context"); - ret = ressl_accept_socket(srv->srv_ressl_ctx, &clt->clt_ressl_ctx, + ret = tls_accept_socket(srv->srv_tls_ctx, &clt->clt_tls_ctx, clt->clt_s); - if (ret == RESSL_READ_AGAIN) { + if (ret == TLS_READ_AGAIN) { event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_READ, server_accept_ssl, &clt->clt_tv_start, &srv->srv_conf.timeout, clt); - } else if (ret == RESSL_WRITE_AGAIN) { + } else if (ret == TLS_WRITE_AGAIN) { event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_WRITE, server_accept_ssl, &clt->clt_tv_start, &srv->srv_conf.timeout, clt); } else if (ret != 0) { log_warnx("%s: SSL accept failed - %s", __func__, - ressl_error(srv->srv_ressl_ctx)); + tls_error(srv->srv_tls_ctx)); return; } @@ -1084,9 +1084,9 @@ server_close(struct client *clt, const char *msg) if (clt->clt_s != -1) close(clt->clt_s); - if (clt->clt_ressl_ctx != NULL) - ressl_close(clt->clt_ressl_ctx); - ressl_free(clt->clt_ressl_ctx); + if (clt->clt_tls_ctx != NULL) + tls_close(clt->clt_tls_ctx); + tls_free(clt->clt_tls_ctx); server_inflight_dec(clt, __func__); |