diff options
| author | Claudio Jeker <claudio@cvs.openbsd.org> | 2021-04-10 10:10:08 +0000 |
|---|---|---|
| committer | Claudio Jeker <claudio@cvs.openbsd.org> | 2021-04-10 10:10:08 +0000 |
| commit | 94eaccfa92d220ca8df2f1d2189c3da60854355f (patch) | |
| tree | a1050cc357d3a2b69bf9d40d26dd9c685e52163a /usr.sbin | |
| parent | 95fb5b975c7bebf3b9719b3a12742c64b13f949b (diff) | |
Do not compare TLS config params for non-TLS servers. This allows to
mix 'listen * port 80' and 'listen * tls port 443' in one server block.
Also the last argument of server_tls_cmp - match_keypair - is always 0
so remove this code.
OK florian@ tb@ some long time ago
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/httpd/httpd.h | 4 | ||||
| -rw-r--r-- | usr.sbin/httpd/parse.y | 5 | ||||
| -rw-r--r-- | usr.sbin/httpd/server.c | 11 |
3 files changed, 7 insertions, 13 deletions
diff --git a/usr.sbin/httpd/httpd.h b/usr.sbin/httpd/httpd.h index 67c385157b6..39b10893588 100644 --- a/usr.sbin/httpd/httpd.h +++ b/usr.sbin/httpd/httpd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: httpd.h,v 1.154 2021/01/27 07:21:52 deraadt Exp $ */ +/* $OpenBSD: httpd.h,v 1.155 2021/04/10 10:10:07 claudio Exp $ */ /* * Copyright (c) 2006 - 2015 Reyk Floeter <reyk@openbsd.org> @@ -622,7 +622,7 @@ int cmdline_symset(char *); /* server.c */ void server(struct privsep *, struct privsep_proc *); -int server_tls_cmp(struct server *, struct server *, int); +int server_tls_cmp(struct server *, struct server *); int server_tls_load_ca(struct server *); int server_tls_load_crl(struct server *); int server_tls_load_keypair(struct server *); diff --git a/usr.sbin/httpd/parse.y b/usr.sbin/httpd/parse.y index b207dcab1e9..0edec5acc9f 100644 --- a/usr.sbin/httpd/parse.y +++ b/usr.sbin/httpd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.124 2021/01/22 13:07:17 benno Exp $ */ +/* $OpenBSD: parse.y,v 1.125 2021/04/10 10:10:07 claudio Exp $ */ /* * Copyright (c) 2020 Matthias Pressfreund <mpfr@fn.de> @@ -333,7 +333,8 @@ server : SERVER optmatch STRING { free(srv); YYERROR; } - if (server_tls_cmp(s, srv, 0) != 0) { + if (srv->srv_conf.flags & SRVFLAG_TLS && + server_tls_cmp(s, srv) != 0) { yyerror("server \"%s\": tls " "configuration mismatch on same " "address/port", diff --git a/usr.sbin/httpd/server.c b/usr.sbin/httpd/server.c index 1cd8c15b77e..5ec3fac6a29 100644 --- a/usr.sbin/httpd/server.c +++ b/usr.sbin/httpd/server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: server.c,v 1.124 2021/01/02 18:35:07 tb Exp $ */ +/* $OpenBSD: server.c,v 1.125 2021/04/10 10:10:07 claudio Exp $ */ /* * Copyright (c) 2006 - 2015 Reyk Floeter <reyk@openbsd.org> @@ -127,7 +127,7 @@ server_privinit(struct server *srv) } int -server_tls_cmp(struct server *s1, struct server *s2, int match_keypair) +server_tls_cmp(struct server *s1, struct server *s2) { struct server_config *sc1, *sc2; @@ -147,13 +147,6 @@ server_tls_cmp(struct server *s1, struct server *s2, int match_keypair) if (strcmp(sc1->tls_ecdhe_curves, sc2->tls_ecdhe_curves) != 0) return (-1); - if (match_keypair) { - if (strcmp(sc1->tls_cert_file, sc2->tls_cert_file) != 0) - return (-1); - if (strcmp(sc1->tls_key_file, sc2->tls_key_file) != 0) - return (-1); - } - return (0); } |