More SSL -> TLS renaming

2015-07-28 20:31:42 +02:00 · 2015-07-28 20:31:42 +02:00 · 637a3d2bf7
parent a912b3f28c
commit 637a3d2bf7
3 changed files with 56 additions and 56 deletions
--- a/degesch.c
+++ b/degesch.c
@ -1552,24 +1552,24 @@ static struct config_schema g_config_server[] =
 	  .type      = CONFIG_ITEM_STRING,
 	  .validate  = config_validate_nonjunk_string },

-	{ .name      = "ssl",
+	{ .name      = "tls",
 	  .comment   = "Whether to use TLS",
 	  .type      = CONFIG_ITEM_BOOLEAN,
 	  .default_  = "off" },
-	{ .name      = "ssl_cert",
+	{ .name      = "tls_cert",
 	  .comment   = "Client TLS certificate (PEM)",
 	  .type      = CONFIG_ITEM_STRING },
-	{ .name      = "ssl_verify",
+	{ .name      = "tls_verify",
 	  .comment   = "Whether to verify certificates",
 	  .type      = CONFIG_ITEM_BOOLEAN,
 	  .default_  = "on" },
-	{ .name      = "ssl_ca_file",
+	{ .name      = "tls_ca_file",
 	  .comment   = "OpenSSL CA bundle file",
 	  .type      = CONFIG_ITEM_STRING },
-	{ .name      = "ssl_ca_path",
+	{ .name      = "tls_ca_path",
 	  .comment   = "OpenSSL CA bundle path",
 	  .type      = CONFIG_ITEM_STRING },
-	{ .name      = "ssl_ciphers",
+	{ .name      = "tls_ciphers",
 	  .comment   = "OpenSSL cipher preference list",
 	  .type      = CONFIG_ITEM_STRING,
 	  .default_  = "\"DEFAULT:!MEDIUM:!LOW\"" },
@ -4039,7 +4039,7 @@ transport_tls_verify_callback (int preverify_ok, X509_STORE_CTX *ctx)
 static bool
 transport_tls_init_ctx (struct server *s, SSL_CTX *ssl_ctx, struct error **e)
 {
-	bool verify = get_config_boolean (s->config, "ssl_verify");
+	bool verify = get_config_boolean (s->config, "tls_verify");
 	SSL_CTX_set_verify (ssl_ctx, verify ? SSL_VERIFY_PEER : SSL_VERIFY_NONE,
 		transport_tls_verify_callback);

@ -4048,7 +4048,7 @@ transport_tls_init_ctx (struct server *s, SSL_CTX *ssl_ctx, struct error **e)
 			SSL_CTX_get_ex_new_index (0, "server", NULL, NULL, NULL);
 	SSL_CTX_set_ex_data (ssl_ctx, g_transport_tls_data_index, s);

-	const char *ciphers = get_config_string (s->config, "ssl_ciphers");
+	const char *ciphers = get_config_string (s->config, "tls_ciphers");
 	if (ciphers && !SSL_CTX_set_cipher_list (ssl_ctx, ciphers))
 		log_server_error (s, s->buffer,
 			"Failed to select any cipher from the cipher list");
@ -4058,8 +4058,8 @@ transport_tls_init_ctx (struct server *s, SSL_CTX *ssl_ctx, struct error **e)
 	// Disable deprecated protocols (see RFC 7568)
 	SSL_CTX_set_options (ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);

-	const char *ca_file = get_config_string (s->config, "ssl_ca_file");
-	const char *ca_path = get_config_string (s->config, "ssl_ca_path");
+	const char *ca_file = get_config_string (s->config, "tls_ca_file");
+	const char *ca_path = get_config_string (s->config, "tls_ca_path");

 	ERR_clear_error ();

@ -4100,20 +4100,20 @@ ca_error:
 static bool
 transport_tls_init_cert (struct server *s, SSL *ssl, struct error **e)
 {
-	const char *ssl_cert = get_config_string (s->config, "ssl_cert");
-	if (!ssl_cert)
+	const char *tls_cert = get_config_string (s->config, "tls_cert");
+	if (!tls_cert)
 		return true;

 	ERR_clear_error ();

 	bool result = false;
-	char *path = resolve_filename (ssl_cert, resolve_relative_config_filename);
+	char *path = resolve_filename (tls_cert, resolve_relative_config_filename);
 	if (!path)
-		error_set (e, "%s: %s", "Cannot open file", ssl_cert);
+		error_set (e, "%s: %s", "Cannot open file", tls_cert);
 	// XXX: perhaps we should read the file ourselves for better messages
 	else if (!SSL_use_certificate_file (ssl, path, SSL_FILETYPE_PEM)
 		|| !SSL_use_PrivateKey_file (ssl, path, SSL_FILETYPE_PEM))
-		error_set (e, "%s: %s", "Setting the SSL client certificate failed",
+		error_set (e, "%s: %s", "Setting the TLS client certificate failed",
 			ERR_reason_error_string (ERR_get_error ()));
 	else
 		result = true;
@ -4384,7 +4384,7 @@ irc_finish_connection (struct server *s, int socket)

 	set_blocking (socket, false);
 	s->socket = socket;
-	s->transport = get_config_boolean (s->config, "ssl")
+	s->transport = get_config_boolean (s->config, "tls")
 		? &g_transport_tls
 		: &g_transport_plain;

--- a/kike.c
+++ b/kike.c
@ -44,9 +44,9 @@ static struct config_item g_config_table[] =

 	{ "bind_host",       NULL,              "Address of the IRC server"      },
 	{ "bind_port",       "6667",            "Port of the IRC server"         },
-	{ "ssl_cert",        NULL,              "Server TLS certificate (PEM)"   },
-	{ "ssl_key",         NULL,              "Server TLS private key (PEM)"   },
-	{ "ssl_ciphers",     DEFAULT_CIPHERS,   "OpenSSL cipher list"            },
+	{ "tls_cert",        NULL,              "Server TLS certificate (PEM)"   },
+	{ "tls_key",         NULL,              "Server TLS private key (PEM)"   },
+	{ "tls_ciphers",     DEFAULT_CIPHERS,   "OpenSSL cipher list"            },

 	{ "operators",       NULL,              "IRCop TLS cert. fingerprints"   },

@ -3106,7 +3106,7 @@ irc_try_read (struct client *c)
 }

 static bool
-irc_try_read_ssl (struct client *c)
+irc_try_read_tls (struct client *c)
 {
 	if (c->ssl_tx_want_rx)
 		return true;
@ -3174,7 +3174,7 @@ irc_try_write (struct client *c)
 }

 static bool
-irc_try_write_ssl (struct client *c)
+irc_try_write_tls (struct client *c)
 {
 	if (c->ssl_rx_want_tx)
 		return true;
@ -3212,7 +3212,7 @@ irc_try_write_ssl (struct client *c)
 }

 static bool
-irc_autodetect_ssl (struct client *c)
+irc_autodetect_tls (struct client *c)
 {
 	// Trivial SSL/TLS autodetection.  The first block of data returned by
 	// recv() must be at least three bytes long for this to work reliably,
@ -3251,7 +3251,7 @@ start:
 }

 static bool
-client_initialize_ssl (struct client *c)
+client_initialize_tls (struct client *c)
 {
 	const char *error_info = NULL;
 	if (!c->ctx->ssl_ctx)
@ -3288,7 +3288,7 @@ on_client_ready (const struct pollfd *pfd, void *user_data)
 	if (!c->initialized)
 	{
 		hard_assert (pfd->events == POLLIN);
-		if (irc_autodetect_ssl (c) && !client_initialize_ssl (c))
+		if (irc_autodetect_tls (c) && !client_initialize_tls (c))
 		{
 			client_kill (c, NULL);
 			return;
@ -3301,7 +3301,7 @@ on_client_ready (const struct pollfd *pfd, void *user_data)
 	{
 		// Reads may want to write, writes may want to read, poll() may
 		// return unexpected things in `revents'... let's try both
-		if (!irc_try_read_ssl (c) || !irc_try_write_ssl (c))
+		if (!irc_try_read_tls (c) || !irc_try_write_tls (c))
 			return;
 	}
 	else if (!irc_try_read (c) || !irc_try_write (c))
@ -3510,7 +3510,7 @@ irc_initialize_ssl_ctx (struct server_context *ctx,
 	SSL_CTX_set_options (ctx->ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);

 	// XXX: perhaps we should read the files ourselves for better messages
-	const char *ciphers = str_map_find (&ctx->config, "ssl_ciphers");
+	const char *ciphers = str_map_find (&ctx->config, "tls_ciphers");
 	if (!SSL_CTX_set_cipher_list (ctx->ssl_ctx, ciphers))
 		error_set (e, "failed to select any cipher from the cipher list");
 	else if (!SSL_CTX_use_certificate_chain_file (ctx->ssl_ctx, cert_path))
@ -3531,33 +3531,33 @@ irc_initialize_ssl_ctx (struct server_context *ctx,
 }

 static bool
-irc_initialize_ssl (struct server_context *ctx, struct error **e)
+irc_initialize_tls (struct server_context *ctx, struct error **e)
 {
-	const char *ssl_cert = str_map_find (&ctx->config, "ssl_cert");
-	const char *ssl_key = str_map_find (&ctx->config, "ssl_key");
+	const char *tls_cert = str_map_find (&ctx->config, "tls_cert");
+	const char *tls_key  = str_map_find (&ctx->config, "tls_key");

 	// Only try to enable SSL support if the user configures it; it is not
 	// a failure if no one has requested it.
-	if (!ssl_cert && !ssl_key)
+	if (!tls_cert && !tls_key)
 		return true;

-	if (!ssl_cert)
+	if (!tls_cert)
 		error_set (e, "no TLS certificate set");
-	else if (!ssl_key)
+	else if (!tls_key)
 		error_set (e, "no TLS private key set");
-	if (!ssl_cert || !ssl_key)
+	if (!tls_cert || !tls_key)
 		return false;

 	bool result = false;

 	char *cert_path = resolve_filename
-		(ssl_cert, resolve_relative_config_filename);
+		(tls_cert, resolve_relative_config_filename);
 	char *key_path = resolve_filename
-		(ssl_key, resolve_relative_config_filename);
+		(tls_key, resolve_relative_config_filename);
 	if (!cert_path)
-		error_set (e, "%s: %s", "cannot open file", ssl_cert);
+		error_set (e, "%s: %s", "cannot open file", tls_cert);
 	else if (!key_path)
-		error_set (e, "%s: %s", "cannot open file", ssl_key);
+		error_set (e, "%s: %s", "cannot open file", tls_key);
 	else
 		result = irc_initialize_ssl_ctx (ctx, cert_path, key_path, e);

@ -4019,7 +4019,7 @@ main (int argc, char *argv[])
 	ctx.signal_event.user_data = &ctx;
 	poller_fd_set (&ctx.signal_event, POLLIN);

-	if (!irc_initialize_ssl (&ctx, &e)
+	if (!irc_initialize_tls (&ctx, &e)
 	 || !irc_initialize_server_name (&ctx, &e)
 	 || !irc_initialize_motd (&ctx, &e)
 	 || !irc_initialize_catalog (&ctx, &e)
--- a/zyklonb.c
+++ b/zyklonb.c
@ -32,11 +32,11 @@ static struct config_item g_config_table[] =

 	{ "irc_host",        NULL,              "Address of the IRC server"      },
 	{ "irc_port",        "6667",            "Port of the IRC server"         },
-	{ "ssl",             "off",             "Whether to use SSL"             },
-	{ "ssl_cert",        NULL,              "Client SSL certificate (PEM)"   },
-	{ "ssl_verify",      "on",              "Whether to verify certificates" },
-	{ "ssl_ca_file",     NULL,              "OpenSSL CA bundle file"         },
-	{ "ssl_ca_path",     NULL,              "OpenSSL CA bundle path"         },
+	{ "tls",             "off",             "Whether to use TLS"             },
+	{ "tls_cert",        NULL,              "Client TLS certificate (PEM)"   },
+	{ "tls_verify",      "on",              "Whether to verify certificates" },
+	{ "tls_ca_file",     NULL,              "OpenSSL CA bundle file"         },
+	{ "tls_ca_path",     NULL,              "OpenSSL CA bundle path"         },
 	{ "autojoin",        NULL,              "Channels to join on start"      },
 	{ "reconnect",       "on",              "Whether to reconnect on error"  },
 	{ "reconnect_delay", "5",               "Time between reconnecting"      },
@ -320,7 +320,7 @@ irc_initialize_ssl_ctx (struct bot_context *ctx, struct error **e)
 	SSL_CTX_set_options (ctx->ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);

 	bool verify;
-	if (!irc_get_boolean_from_config (ctx, "ssl_verify", &verify, e))
+	if (!irc_get_boolean_from_config (ctx, "tls_verify", &verify, e))
 		return false;
 	SSL_CTX_set_verify (ctx->ssl_ctx,
 		verify ? SSL_VERIFY_PEER : SSL_VERIFY_NONE, NULL);
@ -363,7 +363,7 @@ ca_error:
 }

 static bool
-irc_initialize_ssl (struct bot_context *ctx, struct error **e)
+irc_initialize_tls (struct bot_context *ctx, struct error **e)
 {
 	const char *error_info = NULL;
 	ctx->ssl_ctx = SSL_CTX_new (SSLv23_client_method ());
@ -376,17 +376,17 @@ irc_initialize_ssl (struct bot_context *ctx, struct error **e)
 	if (!ctx->ssl)
 		goto error_ssl_2;

-	const char *ssl_cert = str_map_find (&ctx->config, "ssl_cert");
-	if (ssl_cert)
+	const char *tls_cert = str_map_find (&ctx->config, "tls_cert");
+	if (tls_cert)
 	{
 		char *path = resolve_filename
-			(ssl_cert, resolve_relative_config_filename);
+			(tls_cert, resolve_relative_config_filename);
 		if (!path)
-			print_error ("%s: %s", "cannot open file", ssl_cert);
+			print_error ("%s: %s", "cannot open file", tls_cert);
 		// XXX: perhaps we should read the file ourselves for better messages
 		else if (!SSL_use_certificate_file (ctx->ssl, path, SSL_FILETYPE_PEM)
 			|| !SSL_use_PrivateKey_file (ctx->ssl, path, SSL_FILETYPE_PEM))
-			print_error ("%s: %s", "setting the SSL client certificate failed",
+			print_error ("%s: %s", "setting the TLS client certificate failed",
 				ERR_error_string (ERR_get_error (), NULL));
 		free (path);
 	}
@ -418,7 +418,7 @@ error_ssl_1:
 	//   multiple errors on the OpenSSL stack.
 	if (!error_info)
 		error_info = ERR_error_string (ERR_get_error (), NULL);
-	error_set (e, "%s: %s", "could not initialize SSL", error_info);
+	error_set (e, "%s: %s", "could not initialize TLS", error_info);
 	return false;
 }

@ -1444,7 +1444,7 @@ enum irc_read_result
 };

 static enum irc_read_result
-irc_fill_read_buffer_ssl (struct bot_context *ctx, struct str *buf)
+irc_fill_read_buffer_tls (struct bot_context *ctx, struct str *buf)
 {
 	int n_read;
 start:
@ -1608,7 +1608,7 @@ on_irc_readable (const struct pollfd *fd, struct bot_context *ctx)
 	struct str *buf = &ctx->read_buffer;
 	enum irc_read_result (*fill_buffer)(struct bot_context *, struct str *)
 		= ctx->ssl
-		? irc_fill_read_buffer_ssl
+		? irc_fill_read_buffer_tls
 		: irc_fill_read_buffer;
 	bool disconnected = false;
 	while (true)
@ -1754,8 +1754,8 @@ irc_connect (struct bot_context *ctx, struct error **e)
 		return false;
 	}

-	bool use_ssl;
-	if (!irc_get_boolean_from_config (ctx, "ssl", &use_ssl, e))
+	bool use_tls;
+	if (!irc_get_boolean_from_config (ctx, "tls", &use_tls, e))
 		return false;

 	bool connected = socks_host
@ -1765,7 +1765,7 @@ irc_connect (struct bot_context *ctx, struct error **e)
 	if (!connected)
 		return false;

-	if (use_ssl && !irc_initialize_ssl (ctx, e))
+	if (use_tls && !irc_initialize_tls (ctx, e))
 	{
 		xclose (ctx->irc_fd);
 		ctx->irc_fd = -1;