diff options
| author | Eric Faurot <eric@cvs.openbsd.org> | 2021-04-09 16:43:44 +0000 |
|---|---|---|
| committer | Eric Faurot <eric@cvs.openbsd.org> | 2021-04-09 16:43:44 +0000 |
| commit | b62858496a2f725103703c9f41d3acb98e90e870 (patch) | |
| tree | de027548b10c4bde30a8d973777591d5b834bca2 /usr.sbin/smtpd/smtp.c | |
| parent | a19e7027d8e0c24ac518d03f2187af8fcee84cfa (diff) | |
allow to specify tls ciphers and protocols on listeners
ok tb@
Diffstat (limited to 'usr.sbin/smtpd/smtp.c')
| -rw-r--r-- | usr.sbin/smtpd/smtp.c | 18 |
1 files changed, 15 insertions, 3 deletions
diff --git a/usr.sbin/smtpd/smtp.c b/usr.sbin/smtpd/smtp.c index 5ca11adb870..a2371f75611 100644 --- a/usr.sbin/smtpd/smtp.c +++ b/usr.sbin/smtpd/smtp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: smtp.c,v 1.168 2021/03/10 17:25:59 eric Exp $ */ +/* $OpenBSD: smtp.c,v 1.169 2021/04/09 16:43:43 eric Exp $ */ /* * Copyright (c) 2008 Gilles Chehade <gilles@poolp.org> @@ -169,6 +169,8 @@ smtp_setup_listener_tls(struct listener *l) { static const char *dheparams[] = { "none", "auto", "legacy" }; struct tls_config *config; + const char *ciphers; + uint32_t protos; struct pki *pki; struct ca *ca; int i; @@ -176,9 +178,19 @@ smtp_setup_listener_tls(struct listener *l) if ((config = tls_config_new()) == NULL) fatal("smtpd: tls_config_new"); - if (env->sc_tls_ciphers && - tls_config_set_ciphers(config, env->sc_tls_ciphers) == -1) + ciphers = env->sc_tls_ciphers; + if (l->tls_ciphers) + ciphers = l->tls_ciphers; + if (ciphers && tls_config_set_ciphers(config, ciphers) == -1) + err(1, "%s", tls_config_error(config)); + + if (l->tls_protocols) { + if (tls_config_parse_protocols(&protos, l->tls_protocols) == -1) + err(1, "failed to parse protocols \"%s\"", + l->tls_protocols); + if (tls_config_set_protocols(config, protos) == -1) err(1, "%s", tls_config_error(config)); + } pki = l->pki[0]; if (pki == NULL) |