summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLaurent Bercot <ska-skaware@skarnet.org>2023-11-19 03:05:39 +0000
committerLaurent Bercot <ska@appnovation.com>2023-11-19 03:05:39 +0000
commit8fe924c3da6ab919f512029a15464e77cbeede8a (patch)
tree2b66be3ffe064f98621f8d2c10214a3e001ca19f
parent06b1f4f397d53e9a4c9abe4c8c4c20a7240e7736 (diff)
downloads6-networking-8fe924c3da6ab919f512029a15464e77cbeede8a.tar.xz
Small bugfixes, update deps, update doc
Signed-off-by: Laurent Bercot <ska@appnovation.com>
-rw-r--r--INSTALL10
-rw-r--r--NEWS7
-rw-r--r--doc/index.html10
-rw-r--r--doc/s6-tcpserver.html5
-rw-r--r--doc/s6-tcpserverd.html8
-rw-r--r--doc/upgrade.html8
-rw-r--r--src/conn-tools/s6-tcpserverd.c2
-rw-r--r--src/sbearssl/sbearssl_run.c15
8 files changed, 42 insertions, 23 deletions
diff --git a/INSTALL b/INSTALL
index c76def3..f4028d0 100644
--- a/INSTALL
+++ b/INSTALL
@@ -6,15 +6,15 @@ Build Instructions
- A POSIX-compliant C development environment
- GNU make version 3.81 or later
- - skalibs version 2.14.0.0 or later: https://skarnet.org/software/skalibs/
+ - skalibs version 2.14.0.1 or later: https://skarnet.org/software/skalibs/
- Optional (but recommended): execline version 2.9.4.0 or later: https://skarnet.org/software/execline/
- - s6 version 2.12.0.0 or later: https://skarnet.org/software/s6/
- - s6-dns version 2.3.6.0 or later: https://skarnet.org/software/s6-dns/
+ - s6 version 2.12.0.1 or later: https://skarnet.org/software/s6/
+ - s6-dns version 2.3.7.0 or later: https://skarnet.org/software/s6-dns/
- Depending on whether you build the SSL tools,
bearssl version 0.6 or later: https://bearssl.org/
- or libressl version 3.7.3 or later: https://libressl.org/
+ or libressl version 3.8.2 or later: https://libressl.org/
or openssl version 1.1.1w or later: https://openssl.org/ *in addition to*
- libretls version 3.7.0 or later: https://git.causal.agency/libretls/about/
+ libretls version 3.8.1 or later: https://git.causal.agency/libretls/about/
This software will run on any operating system that implements
POSIX.1-2008, available at:
diff --git a/NEWS b/NEWS
index 5ddb8f8..d961c80 100644
--- a/NEWS
+++ b/NEWS
@@ -4,9 +4,10 @@ In 2.7.0.0
----------
- Bugfixes.
- - Better API for s6-tlsc-io: now "s6-tlsc-io 6 7" = s6-ioconnect with TLS.
- - The -K option for TLS programs now determines the handshake timeout.
- - /etc/hosts support added.
+ - Better API for s6-tlsc-io: now "s6-tlsc-io 6 7" is the equivalent
+of s6-ioconnect with TLS, and can be used interactively as a client
+program to talk to TLS-tunneled services.
+ - The -K option for TLS programs now set a timeout for the whole handshake.
- The -h option for s6-tcpclient and s6-tcpserver-access now indicates
/etc/hosts should be consulted before DNS.
diff --git a/doc/index.html b/doc/index.html
index 95294f2..b7209a9 100644
--- a/doc/index.html
+++ b/doc/index.html
@@ -55,27 +55,27 @@ as extensions to the s6 ecosystem.
<li> A POSIX-compliant system with a standard C development environment </li>
<li> GNU make, version 3.81 or later </li>
<li> <a href="//skarnet.org/software/skalibs/">skalibs</a> version
-2.14.0.0 or later. It's a build-time requirement. It's also a run-time
+2.14.0.1 or later. It's a build-time requirement. It's also a run-time
requirement if you link against the shared version of the skalibs
library. </li>
<li> (Optional, but recommended) <a href="//skarnet.org/software/execline/">execline</a> version
2.9.4.0 or later. It's a build-time and run-time requirement. </li>
<li> <a href="//skarnet.org/software/s6/">s6</a> version
-2.12.0.0 or later. It's a build-time and run-time requirement. </li>
+2.12.0.1 or later. It's a build-time and run-time requirement. </li>
<li> <a href="//skarnet.org/software/s6-dns/">s6-dns</a> version
-2.3.6.0 or later. It's a build-time requirement. It's also a run-time
+2.3.7.0 or later. It's a build-time requirement. It's also a run-time
requirement if you link against the shared version of the s6-dns
libraries. </li>
<li> If you want to build the secure communication tools:
<ul>
<li> Either <a href="https://bearssl.org/">BearSSL</a> version 0.6
or later. </li>
- <li> Or <a href="https://libressl.org/">LibreSSL</a> version 3.7.3
+ <li> Or <a href="https://libressl.org/">LibreSSL</a> version 3.8.2
or later. </li>
<li> Or <a href="https://openssl.org/">OpenSSL</a> version 1.1.1w
or later <em>and</em>
<a href="https://git.causal.agency/libretls/about/">LibreTLS</a>
-version 3.7.0 or later. </li>
+version 3.8.1 or later. </li>
</ul> The chosen library is a build-time requirement, and also a
run-time requirement if you link against its shared version. </li>
</ul>
diff --git a/doc/s6-tcpserver.html b/doc/s6-tcpserver.html
index 561c00f..f80fd18 100644
--- a/doc/s6-tcpserver.html
+++ b/doc/s6-tcpserver.html
@@ -135,6 +135,11 @@ that the name of the process is <tt>s6-tcpserverd</tt>, that's why. </li>
<em>all</em> the addresses of a machine no matter whether v4 or v6, then you
need to run <em>two</em> s6-tcpserver processes: one on <tt>0.0.0.0</tt> and
and one on <tt>::</tt>. </li>
+ <li> The option to make s6-tcpserver verbose is <tt>-v</tt>, without an
+argument. This is different from the <a href="s6-tcpserverd.html">s6-tcpserverd</a>
+interface, where that would be <tt>-v 2</tt>. The difference exists because
+s6-tcpserver follows the <a href="https://cr.yp.to/proto/ucspi.txt">UCSPI tool</a>
+interface, whereas s6-tcpserverd has no such constraint. </li>
</ul>
</body>
diff --git a/doc/s6-tcpserverd.html b/doc/s6-tcpserverd.html
index 6600a7b..55651e3 100644
--- a/doc/s6-tcpserverd.html
+++ b/doc/s6-tcpserverd.html
@@ -107,6 +107,14 @@ the listening socket. That program is normally
which creates the socket itself; but it can be a different one if the
socket is to be retrieved by another means, for instance by fd-passing
from a fd-holding daemon (some people call this "socket activation"). </li>
+ <li> The option to make s6-tcpserverd verbose is <tt>-v 2</tt>, where the
+verbosity level is given as an argument, 0 being quiet, 1 normal and 2 verbose.
+This is different from the <a href="s6-tcpserver.html">s6-tcpserver</a>
+interface, where <tt>-v</tt> without an argument would indicate extra verbosity.
+The difference exists because
+s6-tcpserver follows the <a href="https://cr.yp.to/proto/ucspi.txt">UCSPI tool</a>
+interface, whereas s6-tcpserverd has no such constraint, and giving the
+verbosity level as a number is a better interface. </li>
</ul>
</body>
diff --git a/doc/upgrade.html b/doc/upgrade.html
index a688976..4ff12d3 100644
--- a/doc/upgrade.html
+++ b/doc/upgrade.html
@@ -21,6 +21,14 @@
<h2> in 2.7.0.0 </h2>
<ul>
+ <li> <a href="//skarnet.org/software/skalibs/">skalibs</a>
+dependency bumped to 2.14.0.1 </li>
+ <li> <a href="//skarnet.org/software/s6/">s6</a>
+dependency bumped to 2.12.0.1 </li>
+ <li> <a href="https://libressl.org">LibreSSL</a>
+optional dependency bumped to 3.8.2 </li>
+ <li> <a href="https://git.causal.agency/libretls/about/">LibreTLS</a>
+optional dependency bumped to 3.8.1 </li>
<li> <a href="s6-tlsc-io.html">s6-tlsc-io</a> has changed
interfaces: now it uses stdin/stdout as the <em>local</em>
side, and the descriptors given as arguments as the <em>remote</em>
diff --git a/src/conn-tools/s6-tcpserverd.c b/src/conn-tools/s6-tcpserverd.c
index 5b35301..e8c2c34 100644
--- a/src/conn-tools/s6-tcpserverd.c
+++ b/src/conn-tools/s6-tcpserverd.c
@@ -122,7 +122,7 @@ static inline void log_reject (char const *ip, uint16_t port, uint32_t num)
fmtip[is6 ? ip6_fmt(fmtip, ip) : ip4_fmt(fmtip, ip)] = 0 ;
fmtport[uint16_fmt(fmtport, port)] = 0 ;
fmtnum[uint32_fmt(fmtnum, num)] = 0 ;
- strerr_warni7sys("reject ", fmtip, "_", fmtport, " count ", fmtnum, fmtlocalmaxconn) ;
+ strerr_warni7x("reject ", fmtip, "_", fmtport, " count ", fmtnum, fmtlocalmaxconn) ;
}
static inline void log_accept (pid_t pid, char const *ip, uint16_t port, uint32_t num)
diff --git a/src/sbearssl/sbearssl_run.c b/src/sbearssl/sbearssl_run.c
index 9f59302..af8b10e 100644
--- a/src/sbearssl/sbearssl_run.c
+++ b/src/sbearssl/sbearssl_run.c
@@ -33,20 +33,19 @@ void sbearssl_run (br_ssl_engine_context *ctx, int *fd, tain const *tto, uint32_
int handshake_done = 0 ;
int closing = 0 ;
tain deadline ;
+ tain_add_g(&deadline, tto) ;
if (ndelay_on(fd[0]) == -1
|| ndelay_on(fd[1]) == -1
|| ndelay_on(fd[2]) == -1
|| ndelay_on(fd[3]) == -1)
strerr_diefu1sys(111, "set fds non-blocking") ;
- tain_add_g(&deadline, tto) ;
- while (fd[0] >= 0 || fd[1] >= 0 || fd[3] >= 0)
+ while ((fd[0] >= 0 || fd[1] >= 0 || fd[3] >= 0) && !(state & BR_SSL_CLOSED))
{
uint8_t y[4] ;
uint8_t j = 0 ;
-
/* Preparation */
if (fd[0] >= 0 && state & BR_SSL_SENDAPP)
@@ -64,10 +63,10 @@ void sbearssl_run (br_ssl_engine_context *ctx, int *fd, tain const *tto, uint32_
}
else y[0] = 4 ;
- if (fd[1] >= 0 && state & BR_SSL_RECVAPP)
+ if (fd[1] >= 0)
{
x[j].fd = fd[1] ;
- x[j].events = IOPAUSE_WRITE ;
+ x[j].events = state & BR_SSL_RECVAPP ? IOPAUSE_WRITE : 0 ;
y[1] = j++ ;
}
else y[1] = 4 ;
@@ -80,16 +79,14 @@ void sbearssl_run (br_ssl_engine_context *ctx, int *fd, tain const *tto, uint32_
}
else y[2] = 4 ;
- if (fd[3] >= 0 && state & BR_SSL_SENDREC)
+ if (fd[3] >= 0)
{
x[j].fd = fd[3] ;
- x[j].events = IOPAUSE_WRITE ;
+ x[j].events = state & BR_SSL_SENDREC ? IOPAUSE_WRITE : 0 ;
y[3] = j++ ;
}
else y[3] = 4 ;
- if (!j) break ;
-
/* Wait for events */
switch (iopause_g(x, j, &deadline))