16 files changed, 43 insertions, 36 deletions

diff --git a/src/conn-tools/deps-exe/s6-tlsc b/src/conn-tools/deps-exe/s6-tlsc
index 953d34f..60671be 100644
--- a/src/conn-tools/deps-exe/s6-tlsc
+++ b/src/conn-tools/deps-exe/s6-tlsc
@@ -1,5 +1,4 @@
 ${LIBCRYPTOSUPPORT}
-${LIBS6NET}
 -lskarnet
 ${CRYPTO_LIB}
 ${SOCKET_LIB}
diff --git a/src/conn-tools/deps-exe/s6-tlsd b/src/conn-tools/deps-exe/s6-tlsd
index 953d34f..60671be 100644
--- a/src/conn-tools/deps-exe/s6-tlsd
+++ b/src/conn-tools/deps-exe/s6-tlsd
@@ -1,5 +1,4 @@
 ${LIBCRYPTOSUPPORT}
-${LIBS6NET}
 -lskarnet
 ${CRYPTO_LIB}
 ${SOCKET_LIB}
diff --git a/src/include/s6-networking/s6net-utils.h b/src/include/s6-networking/s6net-utils.h
deleted file mode 100644
index 2e7d2f9..0000000
--- a/src/include/s6-networking/s6net-utils.h
+++ /dev/null
@@ -1,10 +0,0 @@
-/* ISC license. */
-
-#ifndef S6NET_UTILS_H
-#define S6NET_UTILS_H
-
-#include <sys/types.h>
-
-extern pid_t s6net_clean_tls_and_spawn (char const *const *, char const *const *, int *, uint32_t) ;
-
-#endif
diff --git a/src/include/s6-networking/s6net.h b/src/include/s6-networking/s6net.h
index fef4ef7..8778527 100644
--- a/src/include/s6-networking/s6net.h
+++ b/src/include/s6-networking/s6net.h
@@ -4,6 +4,5 @@
 #define S6NET_H
 
 #include <s6-networking/ident.h>
-#include <s6-networking/s6net-utils.h>
 
 #endif
diff --git a/src/include/s6-networking/stls.h b/src/include/s6-networking/stls.h
index dff3bcf..dbb55fe 100644
--- a/src/include/s6-networking/stls.h
+++ b/src/include/s6-networking/stls.h
@@ -1,7 +1,7 @@
 /* ISC license. */
 
-#ifndef STLS_INTERNAL_H
-#define STLS_INTERNAL_H
+#ifndef STLS_H
+#define STLS_H
 
 #include <sys/types.h>
 #include <tls.h>
diff --git a/src/libs6net/deps-lib/s6net b/src/libs6net/deps-lib/s6net
index b8be843..27067c4 100644
--- a/src/libs6net/deps-lib/s6net
+++ b/src/libs6net/deps-lib/s6net
@@ -2,5 +2,4 @@ s6net_ident_client.o
 s6net_ident_reply_get.o
 s6net_ident_reply_parse.o
 s6net_ident_error.o
-s6net_clean_tls_and_spawn.o
 -lskarnet
diff --git a/src/sbearssl/deps-lib/sbearssl b/src/sbearssl/deps-lib/sbearssl
index d5964e6..b3e69bb 100644
--- a/src/sbearssl/deps-lib/sbearssl
+++ b/src/sbearssl/deps-lib/sbearssl
@@ -1,4 +1,5 @@
 sbearssl_append.o
+sbearssl_clean_tls_and_spawn.o
 sbearssl_cert_from.o
 sbearssl_cert_readbigpem.o
 sbearssl_cert_readfile.o
@@ -33,5 +34,4 @@ sbearssl_x509_minimal_set_tai.o
 sbearssl_s6tlsc.o
 sbearssl_s6tlsd.o
 -lbearssl
--ls6net
 -lskarnet
diff --git a/src/sbearssl/sbearssl-internal.h b/src/sbearssl/sbearssl-internal.h
index eee3b84..ac5e4e2 100644
--- a/src/sbearssl/sbearssl-internal.h
+++ b/src/sbearssl/sbearssl-internal.h
@@ -18,5 +18,6 @@ struct sbearssl_strallocerr_s
 
 extern void sbearssl_append (void *, void const *, size_t) ;
 extern int sbearssl_pem_push (br_pem_decoder_context *, char const *, size_t, sbearssl_pemobject *, genalloc *, sbearssl_strallocerr *, int *) ;
+extern pid_t sbearssl_clean_tls_and_spawn (char const *const *, char const *const *, int *, uint32_t) ;
 
 #endif
diff --git a/src/libs6net/s6net_clean_tls_and_spawn.c b/src/sbearssl/sbearssl_clean_tls_and_spawn.c
index 67ba79b..258db90 100644
--- a/src/libs6net/s6net_clean_tls_and_spawn.c
+++ b/src/sbearssl/sbearssl_clean_tls_and_spawn.c
@@ -3,9 +3,9 @@
 #include <sys/types.h>
 #include <skalibs/env.h>
 #include <skalibs/djbunix.h>
-#include <s6-networking/s6net-utils.h>
+#include "sbearssl-internal.h"
 
-pid_t s6net_clean_tls_and_spawn (char const *const *argv, char const *const *envp, int *fds, uint32_t options)
+pid_t sbearssl_clean_tls_and_spawn (char const *const *argv, char const *const *envp, int *fds, uint32_t options)
 {
   if (!(options & 1)) return child_spawn2(argv[0], argv, envp, fds) ;
   else
diff --git a/src/sbearssl/sbearssl_s6tlsc.c b/src/sbearssl/sbearssl_s6tlsc.c
index f20f293..598774a 100644
--- a/src/sbearssl/sbearssl_s6tlsc.c
+++ b/src/sbearssl/sbearssl_s6tlsc.c
@@ -11,7 +11,6 @@
 #include <skalibs/genalloc.h>
 #include <skalibs/djbunix.h>
 #include <skalibs/random.h>
-#include <s6-networking/s6net-utils.h>
 #include <s6-networking/sbearssl.h>
 
 int sbearssl_s6tlsc (char const *const *argv, char const *const *envp, tain_t const *tto, uint32_t preoptions, uint32_t options, uid_t uid, gid_t gid, unsigned int verbosity, char const *servername, int *sfd)
@@ -67,7 +66,7 @@ int sbearssl_s6tlsc (char const *const *argv, char const *const *envp, tain_t co
     br_ssl_engine_inject_entropy(&cc.eng, buf, 32) ;
     random_finish() ;
 
-    pid = s6net_clean_tls_and_spawn(argv, envp, fds, !!(preoptions & 2)) ;
+    pid = sbearssl_clean_tls_and_spawn(argv, envp, fds, !!(preoptions & 2)) ;
     if (gid && setgid(gid) < 0) strerr_diefu1sys(111, "setgid") ;
     if (uid && setuid(uid) < 0) strerr_diefu1sys(111, "setuid") ;
 
diff --git a/src/sbearssl/sbearssl_s6tlsd.c b/src/sbearssl/sbearssl_s6tlsd.c
index 2cb3d21..aa32ed1 100644
--- a/src/sbearssl/sbearssl_s6tlsd.c
+++ b/src/sbearssl/sbearssl_s6tlsd.c
@@ -11,7 +11,6 @@
 #include <skalibs/genalloc.h>
 #include <skalibs/djbunix.h>
 #include <skalibs/random.h>
-#include <s6-networking/s6net-utils.h>
 #include <s6-networking/sbearssl.h>
 
 int sbearssl_s6tlsd (char const *const *argv, char const *const *envp, tain_t const *tto, uint32_t preoptions, uint32_t options, uid_t uid, gid_t gid, unsigned int verbosity)
diff --git a/src/stls/deps-lib/stls b/src/stls/deps-lib/stls
index f215998..03cebfa 100644
--- a/src/stls/deps-lib/stls
+++ b/src/stls/deps-lib/stls
@@ -1,6 +1,6 @@
+stls_clean_tls_and_spawn.o
 stls_run.o
 stls_s6tlsc.o
 stls_s6tlsd.o
 -ltls
--ls6net
 -lskarnet
diff --git a/src/stls/stls-internal.h b/src/stls/stls-internal.h
new file mode 100644
index 0000000..85fc825
--- /dev/null
+++ b/src/stls/stls-internal.h
@@ -0,0 +1,10 @@
+/* ISC license. */
+
+#ifndef STLS_INTERNAL_H
+#define STLS_INTERNAL_H
+
+#include <sys/types.h>
+
+extern pid_t stls_clean_tls_and_spawn (char const *const *, char const *const *, int *, uint32_t) ;
+
+#endif
diff --git a/src/stls/stls_clean_tls_and_spawn.c b/src/stls/stls_clean_tls_and_spawn.c
new file mode 100644
index 0000000..37ea619
--- /dev/null
+++ b/src/stls/stls_clean_tls_and_spawn.c
@@ -0,0 +1,21 @@
+/* ISC license. */
+
+#include <sys/types.h>
+#include <skalibs/env.h>
+#include <skalibs/djbunix.h>
+#include "stls-internal.h"
+
+pid_t stls_clean_tls_and_spawn (char const *const *argv, char const *const *envp, int *fds, uint32_t options)
+{
+  if (!(options & 1)) return child_spawn2(argv[0], argv, envp, fds) ;
+  else
+  {
+    char const modifs[] = "CADIR\0CAFILE\0KEYFILE\0CERTFILE\0TLS_UID\0TLS_GID" ;
+    size_t modiflen = sizeof(modifs) ;
+    size_t n = env_len(envp) ;
+    char const *newenv[n + 7] ;
+    size_t newenvlen = env_merge(newenv, n+7, envp, n, modifs, modiflen) ;
+    if (!newenvlen) return 0 ;
+    return child_spawn2(argv[0], argv, newenv, fds) ;
+  }
+}
diff --git a/src/stls/stls_s6tlsc.c b/src/stls/stls_s6tlsc.c
index bafc2b8..9c30b60 100644
--- a/src/stls/stls_s6tlsc.c
+++ b/src/stls/stls_s6tlsc.c
@@ -8,21 +8,12 @@
 #include <skalibs/tai.h>
 #include <skalibs/env.h>
 #include <skalibs/djbunix.h>
-#include <s6-networking/s6net-utils.h>
 #include <s6-networking/stls.h>
+#include "stls-internal.h"
 
 #define diecfg(cfg, s) strerr_diefu3x(96, (s), ": ", tls_config_error(cfg))
 #define diectx(e, ctx, s) strerr_diefu3x(e, (s), ": ", tls_error(ctx))
 
-#ifdef DEBUG
-# include <skalibs/buffer.h>
-# include <skalibs/strerr2.h>
-# include <skalibs/lolstdio.h>
-# define PLM(...) (bprintf(buffer_2, "%s: debug: ", PROG), bprintf(buffer_2, __VA_ARGS__), buffer_putflush(buffer_2, "\n", 1))
-#else
-# define PLM(...)
-#endif
-
 int stls_s6tlsc (char const *const *argv, char const *const *envp, tain_t const *tto, uint32_t preoptions, uint32_t options, uid_t uid, gid_t gid, unsigned int verbosity, char const *servername, int *sfd)
 {
   int fds[4] = { sfd[0], sfd[1], sfd[0], sfd[1] } ;
@@ -83,7 +74,7 @@ int stls_s6tlsc (char const *const *argv, char const *const *envp, tain_t const
   if (!ctx) strerr_diefu1sys(111, "tls_client") ;
   if (tls_configure(ctx, cfg) < 0) diectx(97, ctx, "tls_configure") ;
 
-  pid = s6net_clean_tls_and_spawn(argv, envp, fds, !!(preoptions & 2)) ;
+  pid = stls_clean_tls_and_spawn(argv, envp, fds, !!(preoptions & 2)) ;
   if (!pid) strerr_diefu2sys(111, "spawn ", argv[0]) ;
   if (gid && setgid(gid) < 0) strerr_diefu1sys(111, "setgid") ;
   if (uid && setuid(uid) < 0) strerr_diefu1sys(111, "setuid") ;
diff --git a/src/stls/stls_s6tlsd.c b/src/stls/stls_s6tlsd.c
index 64cf01f..0e82ab0 100644
--- a/src/stls/stls_s6tlsd.c
+++ b/src/stls/stls_s6tlsd.c
@@ -8,8 +8,8 @@
 #include <skalibs/tai.h>
 #include <skalibs/env.h>
 #include <skalibs/djbunix.h>
-#include <s6-networking/s6net-utils.h>
 #include <s6-networking/stls.h>
+#include "stls-internal.h"
 
 #define diecfg(cfg, s) strerr_diefu3x(96, (s), ": ", tls_config_error(cfg))
 #define diectx(e, ctx, s) strerr_diefu3x(e, (s), ": ", tls_error(ctx))
@@ -71,7 +71,7 @@ int stls_s6tlsd (char const *const *argv, char const *const *envp, tain_t const
   if (tls_configure(ctx, cfg) < 0) diectx(97, ctx, "tls_configure") ;
   tls_config_free(cfg) ;
 
-  pid = s6net_clean_tls_and_spawn(argv, envp, fds, !!(preoptions & 2)) ;
+  pid = stls_clean_tls_and_spawn(argv, envp, fds, !!(preoptions & 2)) ;
   if (!pid) strerr_diefu2sys(111, "spawn ", argv[0]) ;
   if (gid && setgid(gid) < 0) strerr_diefu1sys(111, "setgid") ;
   if (uid && setuid(uid) < 0) strerr_diefu1sys(111, "setuid") ;