diff options
| author | Laurent Bercot <ska-skaware@skarnet.org> | 2017-01-10 02:17:16 +0000 |
|---|---|---|
| committer | Laurent Bercot <ska-skaware@skarnet.org> | 2017-01-10 02:17:16 +0000 |
| commit | 334d807b924427434b42d4fbae745d3d1b38a218 (patch) | |
| tree | 6daf12c1e2fa07d2ac6255ef4439e2fb95a57f57 /src/stls/stls_s6tlsd.c | |
| parent | 43cb3ee4227de70e0225e9ac142b4d397f93cc41 (diff) | |
| download | s6-networking-334d807b924427434b42d4fbae745d3d1b38a218.tar.xz | |
Types fix, first pass
XXX marks what must change when skalibs changes.
Also started writing functions for client certificate support
in sbearssl, but it's not working yet (need more high-level
support from BearSSL before it can work)
Diffstat (limited to 'src/stls/stls_s6tlsd.c')
| -rw-r--r-- | src/stls/stls_s6tlsd.c | 37 |
1 files changed, 22 insertions, 15 deletions
diff --git a/src/stls/stls_s6tlsd.c b/src/stls/stls_s6tlsd.c index 0e82ab0..4b04560 100644 --- a/src/stls/stls_s6tlsd.c +++ b/src/stls/stls_s6tlsd.c @@ -1,6 +1,7 @@ /* ISC license. */ #include <sys/types.h> +#include <stdint.h> #include <unistd.h> #include <errno.h> #include <tls.h> @@ -27,20 +28,6 @@ int stls_s6tlsd (char const *const *argv, char const *const *envp, tain_t const cfg = tls_config_new() ; if (!cfg) strerr_diefu1sys(111, "tls_config_new") ; - x = env_get2(envp, "CAFILE") ; - if (x) - { - if (tls_config_set_ca_file(cfg, x) < 0) - diecfg(cfg, "tls_config_set_ca_file") ; - } - - x = env_get2(envp, "CADIR") ; - if (x) - { - if (tls_config_set_ca_path(cfg, x) < 0) - diecfg(cfg, "tls_config_set_ca_path") ; - } - x = env_get2(envp, "CERTFILE") ; if (!x) strerr_dienotset(100, "CERTFILE") ; if (tls_config_set_cert_file(cfg, x) < 0) @@ -60,7 +47,27 @@ int stls_s6tlsd (char const *const *argv, char const *const *envp, tain_t const if (tls_config_set_ecdhecurve(cfg, "auto") < 0) diecfg(cfg, "tls_config_set_ecdhecurve") ; - if (preoptions & 1) tls_config_verify_client(cfg) ; + if (preoptions & 1) + { + x = env_get2(envp, "CADIR") ; + if (x) + { + if (tls_config_set_ca_path(cfg, x) < 0) + diecfg(cfg, "tls_config_set_ca_path") ; + } + else + { + x = env_get2(envp, "CAFILE") ; + if (x) + { + if (tls_config_set_ca_file(cfg, x) < 0) + diecfg(cfg, "tls_config_set_ca_file") ; + } + else strerr_dienotset(100, "CADIR or CAFILE") ; + } + if (preoptions & 4) tls_config_verify_client(cfg) ; + else tls_config_verify_client_optional(cfg) ; + } else tls_config_insecure_noverifycert(cfg) ; tls_config_set_protocols(cfg, TLS_PROTOCOLS_DEFAULT) ; |