More SSL -> TLS renaming
This commit is contained in:
44
kike.c
44
kike.c
@@ -44,9 +44,9 @@ static struct config_item g_config_table[] =
|
||||
|
||||
{ "bind_host", NULL, "Address of the IRC server" },
|
||||
{ "bind_port", "6667", "Port of the IRC server" },
|
||||
{ "ssl_cert", NULL, "Server TLS certificate (PEM)" },
|
||||
{ "ssl_key", NULL, "Server TLS private key (PEM)" },
|
||||
{ "ssl_ciphers", DEFAULT_CIPHERS, "OpenSSL cipher list" },
|
||||
{ "tls_cert", NULL, "Server TLS certificate (PEM)" },
|
||||
{ "tls_key", NULL, "Server TLS private key (PEM)" },
|
||||
{ "tls_ciphers", DEFAULT_CIPHERS, "OpenSSL cipher list" },
|
||||
|
||||
{ "operators", NULL, "IRCop TLS cert. fingerprints" },
|
||||
|
||||
@@ -3106,7 +3106,7 @@ irc_try_read (struct client *c)
|
||||
}
|
||||
|
||||
static bool
|
||||
irc_try_read_ssl (struct client *c)
|
||||
irc_try_read_tls (struct client *c)
|
||||
{
|
||||
if (c->ssl_tx_want_rx)
|
||||
return true;
|
||||
@@ -3174,7 +3174,7 @@ irc_try_write (struct client *c)
|
||||
}
|
||||
|
||||
static bool
|
||||
irc_try_write_ssl (struct client *c)
|
||||
irc_try_write_tls (struct client *c)
|
||||
{
|
||||
if (c->ssl_rx_want_tx)
|
||||
return true;
|
||||
@@ -3212,7 +3212,7 @@ irc_try_write_ssl (struct client *c)
|
||||
}
|
||||
|
||||
static bool
|
||||
irc_autodetect_ssl (struct client *c)
|
||||
irc_autodetect_tls (struct client *c)
|
||||
{
|
||||
// Trivial SSL/TLS autodetection. The first block of data returned by
|
||||
// recv() must be at least three bytes long for this to work reliably,
|
||||
@@ -3251,7 +3251,7 @@ start:
|
||||
}
|
||||
|
||||
static bool
|
||||
client_initialize_ssl (struct client *c)
|
||||
client_initialize_tls (struct client *c)
|
||||
{
|
||||
const char *error_info = NULL;
|
||||
if (!c->ctx->ssl_ctx)
|
||||
@@ -3288,7 +3288,7 @@ on_client_ready (const struct pollfd *pfd, void *user_data)
|
||||
if (!c->initialized)
|
||||
{
|
||||
hard_assert (pfd->events == POLLIN);
|
||||
if (irc_autodetect_ssl (c) && !client_initialize_ssl (c))
|
||||
if (irc_autodetect_tls (c) && !client_initialize_tls (c))
|
||||
{
|
||||
client_kill (c, NULL);
|
||||
return;
|
||||
@@ -3301,7 +3301,7 @@ on_client_ready (const struct pollfd *pfd, void *user_data)
|
||||
{
|
||||
// Reads may want to write, writes may want to read, poll() may
|
||||
// return unexpected things in `revents'... let's try both
|
||||
if (!irc_try_read_ssl (c) || !irc_try_write_ssl (c))
|
||||
if (!irc_try_read_tls (c) || !irc_try_write_tls (c))
|
||||
return;
|
||||
}
|
||||
else if (!irc_try_read (c) || !irc_try_write (c))
|
||||
@@ -3510,7 +3510,7 @@ irc_initialize_ssl_ctx (struct server_context *ctx,
|
||||
SSL_CTX_set_options (ctx->ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
|
||||
|
||||
// XXX: perhaps we should read the files ourselves for better messages
|
||||
const char *ciphers = str_map_find (&ctx->config, "ssl_ciphers");
|
||||
const char *ciphers = str_map_find (&ctx->config, "tls_ciphers");
|
||||
if (!SSL_CTX_set_cipher_list (ctx->ssl_ctx, ciphers))
|
||||
error_set (e, "failed to select any cipher from the cipher list");
|
||||
else if (!SSL_CTX_use_certificate_chain_file (ctx->ssl_ctx, cert_path))
|
||||
@@ -3531,33 +3531,33 @@ irc_initialize_ssl_ctx (struct server_context *ctx,
|
||||
}
|
||||
|
||||
static bool
|
||||
irc_initialize_ssl (struct server_context *ctx, struct error **e)
|
||||
irc_initialize_tls (struct server_context *ctx, struct error **e)
|
||||
{
|
||||
const char *ssl_cert = str_map_find (&ctx->config, "ssl_cert");
|
||||
const char *ssl_key = str_map_find (&ctx->config, "ssl_key");
|
||||
const char *tls_cert = str_map_find (&ctx->config, "tls_cert");
|
||||
const char *tls_key = str_map_find (&ctx->config, "tls_key");
|
||||
|
||||
// Only try to enable SSL support if the user configures it; it is not
|
||||
// a failure if no one has requested it.
|
||||
if (!ssl_cert && !ssl_key)
|
||||
if (!tls_cert && !tls_key)
|
||||
return true;
|
||||
|
||||
if (!ssl_cert)
|
||||
if (!tls_cert)
|
||||
error_set (e, "no TLS certificate set");
|
||||
else if (!ssl_key)
|
||||
else if (!tls_key)
|
||||
error_set (e, "no TLS private key set");
|
||||
if (!ssl_cert || !ssl_key)
|
||||
if (!tls_cert || !tls_key)
|
||||
return false;
|
||||
|
||||
bool result = false;
|
||||
|
||||
char *cert_path = resolve_filename
|
||||
(ssl_cert, resolve_relative_config_filename);
|
||||
(tls_cert, resolve_relative_config_filename);
|
||||
char *key_path = resolve_filename
|
||||
(ssl_key, resolve_relative_config_filename);
|
||||
(tls_key, resolve_relative_config_filename);
|
||||
if (!cert_path)
|
||||
error_set (e, "%s: %s", "cannot open file", ssl_cert);
|
||||
error_set (e, "%s: %s", "cannot open file", tls_cert);
|
||||
else if (!key_path)
|
||||
error_set (e, "%s: %s", "cannot open file", ssl_key);
|
||||
error_set (e, "%s: %s", "cannot open file", tls_key);
|
||||
else
|
||||
result = irc_initialize_ssl_ctx (ctx, cert_path, key_path, e);
|
||||
|
||||
@@ -4019,7 +4019,7 @@ main (int argc, char *argv[])
|
||||
ctx.signal_event.user_data = &ctx;
|
||||
poller_fd_set (&ctx.signal_event, POLLIN);
|
||||
|
||||
if (!irc_initialize_ssl (&ctx, &e)
|
||||
if (!irc_initialize_tls (&ctx, &e)
|
||||
|| !irc_initialize_server_name (&ctx, &e)
|
||||
|| !irc_initialize_motd (&ctx, &e)
|
||||
|| !irc_initialize_catalog (&ctx, &e)
|
||||
|
||||
Reference in New Issue
Block a user