diff options
| -rw-r--r-- | INSTALL | 10 | ||||
| -rw-r--r-- | NEWS | 7 | ||||
| -rw-r--r-- | doc/index.html | 10 | ||||
| -rw-r--r-- | doc/s6-tcpserver.html | 5 | ||||
| -rw-r--r-- | doc/s6-tcpserverd.html | 8 | ||||
| -rw-r--r-- | doc/upgrade.html | 8 | ||||
| -rw-r--r-- | src/conn-tools/s6-tcpserverd.c | 2 | ||||
| -rw-r--r-- | src/sbearssl/sbearssl_run.c | 15 |
8 files changed, 42 insertions, 23 deletions
@@ -6,15 +6,15 @@ Build Instructions - A POSIX-compliant C development environment - GNU make version 3.81 or later - - skalibs version 2.14.0.0 or later: https://skarnet.org/software/skalibs/ + - skalibs version 2.14.0.1 or later: https://skarnet.org/software/skalibs/ - Optional (but recommended): execline version 2.9.4.0 or later: https://skarnet.org/software/execline/ - - s6 version 2.12.0.0 or later: https://skarnet.org/software/s6/ - - s6-dns version 2.3.6.0 or later: https://skarnet.org/software/s6-dns/ + - s6 version 2.12.0.1 or later: https://skarnet.org/software/s6/ + - s6-dns version 2.3.7.0 or later: https://skarnet.org/software/s6-dns/ - Depending on whether you build the SSL tools, bearssl version 0.6 or later: https://bearssl.org/ - or libressl version 3.7.3 or later: https://libressl.org/ + or libressl version 3.8.2 or later: https://libressl.org/ or openssl version 1.1.1w or later: https://openssl.org/ *in addition to* - libretls version 3.7.0 or later: https://git.causal.agency/libretls/about/ + libretls version 3.8.1 or later: https://git.causal.agency/libretls/about/ This software will run on any operating system that implements POSIX.1-2008, available at: @@ -4,9 +4,10 @@ In 2.7.0.0 ---------- - Bugfixes. - - Better API for s6-tlsc-io: now "s6-tlsc-io 6 7" = s6-ioconnect with TLS. - - The -K option for TLS programs now determines the handshake timeout. - - /etc/hosts support added. + - Better API for s6-tlsc-io: now "s6-tlsc-io 6 7" is the equivalent +of s6-ioconnect with TLS, and can be used interactively as a client +program to talk to TLS-tunneled services. + - The -K option for TLS programs now set a timeout for the whole handshake. - The -h option for s6-tcpclient and s6-tcpserver-access now indicates /etc/hosts should be consulted before DNS. diff --git a/doc/index.html b/doc/index.html index 95294f2..b7209a9 100644 --- a/doc/index.html +++ b/doc/index.html @@ -55,27 +55,27 @@ as extensions to the s6 ecosystem. <li> A POSIX-compliant system with a standard C development environment </li> <li> GNU make, version 3.81 or later </li> <li> <a href="//skarnet.org/software/skalibs/">skalibs</a> version -2.14.0.0 or later. It's a build-time requirement. It's also a run-time +2.14.0.1 or later. It's a build-time requirement. It's also a run-time requirement if you link against the shared version of the skalibs library. </li> <li> (Optional, but recommended) <a href="//skarnet.org/software/execline/">execline</a> version 2.9.4.0 or later. It's a build-time and run-time requirement. </li> <li> <a href="//skarnet.org/software/s6/">s6</a> version -2.12.0.0 or later. It's a build-time and run-time requirement. </li> +2.12.0.1 or later. It's a build-time and run-time requirement. </li> <li> <a href="//skarnet.org/software/s6-dns/">s6-dns</a> version -2.3.6.0 or later. It's a build-time requirement. It's also a run-time +2.3.7.0 or later. It's a build-time requirement. It's also a run-time requirement if you link against the shared version of the s6-dns libraries. </li> <li> If you want to build the secure communication tools: <ul> <li> Either <a href="https://bearssl.org/">BearSSL</a> version 0.6 or later. </li> - <li> Or <a href="https://libressl.org/">LibreSSL</a> version 3.7.3 + <li> Or <a href="https://libressl.org/">LibreSSL</a> version 3.8.2 or later. </li> <li> Or <a href="https://openssl.org/">OpenSSL</a> version 1.1.1w or later <em>and</em> <a href="https://git.causal.agency/libretls/about/">LibreTLS</a> -version 3.7.0 or later. </li> +version 3.8.1 or later. </li> </ul> The chosen library is a build-time requirement, and also a run-time requirement if you link against its shared version. </li> </ul> diff --git a/doc/s6-tcpserver.html b/doc/s6-tcpserver.html index 561c00f..f80fd18 100644 --- a/doc/s6-tcpserver.html +++ b/doc/s6-tcpserver.html @@ -135,6 +135,11 @@ that the name of the process is <tt>s6-tcpserverd</tt>, that's why. </li> <em>all</em> the addresses of a machine no matter whether v4 or v6, then you need to run <em>two</em> s6-tcpserver processes: one on <tt>0.0.0.0</tt> and and one on <tt>::</tt>. </li> + <li> The option to make s6-tcpserver verbose is <tt>-v</tt>, without an +argument. This is different from the <a href="s6-tcpserverd.html">s6-tcpserverd</a> +interface, where that would be <tt>-v 2</tt>. The difference exists because +s6-tcpserver follows the <a href="https://cr.yp.to/proto/ucspi.txt">UCSPI tool</a> +interface, whereas s6-tcpserverd has no such constraint. </li> </ul> </body> diff --git a/doc/s6-tcpserverd.html b/doc/s6-tcpserverd.html index 6600a7b..55651e3 100644 --- a/doc/s6-tcpserverd.html +++ b/doc/s6-tcpserverd.html @@ -107,6 +107,14 @@ the listening socket. That program is normally which creates the socket itself; but it can be a different one if the socket is to be retrieved by another means, for instance by fd-passing from a fd-holding daemon (some people call this "socket activation"). </li> + <li> The option to make s6-tcpserverd verbose is <tt>-v 2</tt>, where the +verbosity level is given as an argument, 0 being quiet, 1 normal and 2 verbose. +This is different from the <a href="s6-tcpserver.html">s6-tcpserver</a> +interface, where <tt>-v</tt> without an argument would indicate extra verbosity. +The difference exists because +s6-tcpserver follows the <a href="https://cr.yp.to/proto/ucspi.txt">UCSPI tool</a> +interface, whereas s6-tcpserverd has no such constraint, and giving the +verbosity level as a number is a better interface. </li> </ul> </body> diff --git a/doc/upgrade.html b/doc/upgrade.html index a688976..4ff12d3 100644 --- a/doc/upgrade.html +++ b/doc/upgrade.html @@ -21,6 +21,14 @@ <h2> in 2.7.0.0 </h2> <ul> + <li> <a href="//skarnet.org/software/skalibs/">skalibs</a> +dependency bumped to 2.14.0.1 </li> + <li> <a href="//skarnet.org/software/s6/">s6</a> +dependency bumped to 2.12.0.1 </li> + <li> <a href="https://libressl.org">LibreSSL</a> +optional dependency bumped to 3.8.2 </li> + <li> <a href="https://git.causal.agency/libretls/about/">LibreTLS</a> +optional dependency bumped to 3.8.1 </li> <li> <a href="s6-tlsc-io.html">s6-tlsc-io</a> has changed interfaces: now it uses stdin/stdout as the <em>local</em> side, and the descriptors given as arguments as the <em>remote</em> diff --git a/src/conn-tools/s6-tcpserverd.c b/src/conn-tools/s6-tcpserverd.c index 5b35301..e8c2c34 100644 --- a/src/conn-tools/s6-tcpserverd.c +++ b/src/conn-tools/s6-tcpserverd.c @@ -122,7 +122,7 @@ static inline void log_reject (char const *ip, uint16_t port, uint32_t num) fmtip[is6 ? ip6_fmt(fmtip, ip) : ip4_fmt(fmtip, ip)] = 0 ; fmtport[uint16_fmt(fmtport, port)] = 0 ; fmtnum[uint32_fmt(fmtnum, num)] = 0 ; - strerr_warni7sys("reject ", fmtip, "_", fmtport, " count ", fmtnum, fmtlocalmaxconn) ; + strerr_warni7x("reject ", fmtip, "_", fmtport, " count ", fmtnum, fmtlocalmaxconn) ; } static inline void log_accept (pid_t pid, char const *ip, uint16_t port, uint32_t num) diff --git a/src/sbearssl/sbearssl_run.c b/src/sbearssl/sbearssl_run.c index 9f59302..af8b10e 100644 --- a/src/sbearssl/sbearssl_run.c +++ b/src/sbearssl/sbearssl_run.c @@ -33,20 +33,19 @@ void sbearssl_run (br_ssl_engine_context *ctx, int *fd, tain const *tto, uint32_ int handshake_done = 0 ; int closing = 0 ; tain deadline ; + tain_add_g(&deadline, tto) ; if (ndelay_on(fd[0]) == -1 || ndelay_on(fd[1]) == -1 || ndelay_on(fd[2]) == -1 || ndelay_on(fd[3]) == -1) strerr_diefu1sys(111, "set fds non-blocking") ; - tain_add_g(&deadline, tto) ; - while (fd[0] >= 0 || fd[1] >= 0 || fd[3] >= 0) + while ((fd[0] >= 0 || fd[1] >= 0 || fd[3] >= 0) && !(state & BR_SSL_CLOSED)) { uint8_t y[4] ; uint8_t j = 0 ; - /* Preparation */ if (fd[0] >= 0 && state & BR_SSL_SENDAPP) @@ -64,10 +63,10 @@ void sbearssl_run (br_ssl_engine_context *ctx, int *fd, tain const *tto, uint32_ } else y[0] = 4 ; - if (fd[1] >= 0 && state & BR_SSL_RECVAPP) + if (fd[1] >= 0) { x[j].fd = fd[1] ; - x[j].events = IOPAUSE_WRITE ; + x[j].events = state & BR_SSL_RECVAPP ? IOPAUSE_WRITE : 0 ; y[1] = j++ ; } else y[1] = 4 ; @@ -80,16 +79,14 @@ void sbearssl_run (br_ssl_engine_context *ctx, int *fd, tain const *tto, uint32_ } else y[2] = 4 ; - if (fd[3] >= 0 && state & BR_SSL_SENDREC) + if (fd[3] >= 0) { x[j].fd = fd[3] ; - x[j].events = IOPAUSE_WRITE ; + x[j].events = state & BR_SSL_SENDREC ? IOPAUSE_WRITE : 0 ; y[3] = j++ ; } else y[3] = 4 ; - if (!j) break ; - /* Wait for events */ switch (iopause_g(x, j, &deadline)) |