diff options
| -rw-r--r-- | degesch.c | 32 | ||||
| -rw-r--r-- | kike.c | 44 | ||||
| -rw-r--r-- | zyklonb.c | 36 |
3 files changed, 56 insertions, 56 deletions
@@ -1552,24 +1552,24 @@ static struct config_schema g_config_server[] = .type = CONFIG_ITEM_STRING, .validate = config_validate_nonjunk_string }, - { .name = "ssl", + { .name = "tls", .comment = "Whether to use TLS", .type = CONFIG_ITEM_BOOLEAN, .default_ = "off" }, - { .name = "ssl_cert", + { .name = "tls_cert", .comment = "Client TLS certificate (PEM)", .type = CONFIG_ITEM_STRING }, - { .name = "ssl_verify", + { .name = "tls_verify", .comment = "Whether to verify certificates", .type = CONFIG_ITEM_BOOLEAN, .default_ = "on" }, - { .name = "ssl_ca_file", + { .name = "tls_ca_file", .comment = "OpenSSL CA bundle file", .type = CONFIG_ITEM_STRING }, - { .name = "ssl_ca_path", + { .name = "tls_ca_path", .comment = "OpenSSL CA bundle path", .type = CONFIG_ITEM_STRING }, - { .name = "ssl_ciphers", + { .name = "tls_ciphers", .comment = "OpenSSL cipher preference list", .type = CONFIG_ITEM_STRING, .default_ = "\"DEFAULT:!MEDIUM:!LOW\"" }, @@ -4039,7 +4039,7 @@ transport_tls_verify_callback (int preverify_ok, X509_STORE_CTX *ctx) static bool transport_tls_init_ctx (struct server *s, SSL_CTX *ssl_ctx, struct error **e) { - bool verify = get_config_boolean (s->config, "ssl_verify"); + bool verify = get_config_boolean (s->config, "tls_verify"); SSL_CTX_set_verify (ssl_ctx, verify ? SSL_VERIFY_PEER : SSL_VERIFY_NONE, transport_tls_verify_callback); @@ -4048,7 +4048,7 @@ transport_tls_init_ctx (struct server *s, SSL_CTX *ssl_ctx, struct error **e) SSL_CTX_get_ex_new_index (0, "server", NULL, NULL, NULL); SSL_CTX_set_ex_data (ssl_ctx, g_transport_tls_data_index, s); - const char *ciphers = get_config_string (s->config, "ssl_ciphers"); + const char *ciphers = get_config_string (s->config, "tls_ciphers"); if (ciphers && !SSL_CTX_set_cipher_list (ssl_ctx, ciphers)) log_server_error (s, s->buffer, "Failed to select any cipher from the cipher list"); @@ -4058,8 +4058,8 @@ transport_tls_init_ctx (struct server *s, SSL_CTX *ssl_ctx, struct error **e) // Disable deprecated protocols (see RFC 7568) SSL_CTX_set_options (ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); - const char *ca_file = get_config_string (s->config, "ssl_ca_file"); - const char *ca_path = get_config_string (s->config, "ssl_ca_path"); + const char *ca_file = get_config_string (s->config, "tls_ca_file"); + const char *ca_path = get_config_string (s->config, "tls_ca_path"); ERR_clear_error (); @@ -4100,20 +4100,20 @@ ca_error: static bool transport_tls_init_cert (struct server *s, SSL *ssl, struct error **e) { - const char *ssl_cert = get_config_string (s->config, "ssl_cert"); - if (!ssl_cert) + const char *tls_cert = get_config_string (s->config, "tls_cert"); + if (!tls_cert) return true; ERR_clear_error (); bool result = false; - char *path = resolve_filename (ssl_cert, resolve_relative_config_filename); + char *path = resolve_filename (tls_cert, resolve_relative_config_filename); if (!path) - error_set (e, "%s: %s", "Cannot open file", ssl_cert); + error_set (e, "%s: %s", "Cannot open file", tls_cert); // XXX: perhaps we should read the file ourselves for better messages else if (!SSL_use_certificate_file (ssl, path, SSL_FILETYPE_PEM) || !SSL_use_PrivateKey_file (ssl, path, SSL_FILETYPE_PEM)) - error_set (e, "%s: %s", "Setting the SSL client certificate failed", + error_set (e, "%s: %s", "Setting the TLS client certificate failed", ERR_reason_error_string (ERR_get_error ())); else result = true; @@ -4384,7 +4384,7 @@ irc_finish_connection (struct server *s, int socket) set_blocking (socket, false); s->socket = socket; - s->transport = get_config_boolean (s->config, "ssl") + s->transport = get_config_boolean (s->config, "tls") ? &g_transport_tls : &g_transport_plain; @@ -44,9 +44,9 @@ static struct config_item g_config_table[] = { "bind_host", NULL, "Address of the IRC server" }, { "bind_port", "6667", "Port of the IRC server" }, - { "ssl_cert", NULL, "Server TLS certificate (PEM)" }, - { "ssl_key", NULL, "Server TLS private key (PEM)" }, - { "ssl_ciphers", DEFAULT_CIPHERS, "OpenSSL cipher list" }, + { "tls_cert", NULL, "Server TLS certificate (PEM)" }, + { "tls_key", NULL, "Server TLS private key (PEM)" }, + { "tls_ciphers", DEFAULT_CIPHERS, "OpenSSL cipher list" }, { "operators", NULL, "IRCop TLS cert. fingerprints" }, @@ -3106,7 +3106,7 @@ irc_try_read (struct client *c) } static bool -irc_try_read_ssl (struct client *c) +irc_try_read_tls (struct client *c) { if (c->ssl_tx_want_rx) return true; @@ -3174,7 +3174,7 @@ irc_try_write (struct client *c) } static bool -irc_try_write_ssl (struct client *c) +irc_try_write_tls (struct client *c) { if (c->ssl_rx_want_tx) return true; @@ -3212,7 +3212,7 @@ irc_try_write_ssl (struct client *c) } static bool -irc_autodetect_ssl (struct client *c) +irc_autodetect_tls (struct client *c) { // Trivial SSL/TLS autodetection. The first block of data returned by // recv() must be at least three bytes long for this to work reliably, @@ -3251,7 +3251,7 @@ start: } static bool -client_initialize_ssl (struct client *c) +client_initialize_tls (struct client *c) { const char *error_info = NULL; if (!c->ctx->ssl_ctx) @@ -3288,7 +3288,7 @@ on_client_ready (const struct pollfd *pfd, void *user_data) if (!c->initialized) { hard_assert (pfd->events == POLLIN); - if (irc_autodetect_ssl (c) && !client_initialize_ssl (c)) + if (irc_autodetect_tls (c) && !client_initialize_tls (c)) { client_kill (c, NULL); return; @@ -3301,7 +3301,7 @@ on_client_ready (const struct pollfd *pfd, void *user_data) { // Reads may want to write, writes may want to read, poll() may // return unexpected things in `revents'... let's try both - if (!irc_try_read_ssl (c) || !irc_try_write_ssl (c)) + if (!irc_try_read_tls (c) || !irc_try_write_tls (c)) return; } else if (!irc_try_read (c) || !irc_try_write (c)) @@ -3510,7 +3510,7 @@ irc_initialize_ssl_ctx (struct server_context *ctx, SSL_CTX_set_options (ctx->ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); // XXX: perhaps we should read the files ourselves for better messages - const char *ciphers = str_map_find (&ctx->config, "ssl_ciphers"); + const char *ciphers = str_map_find (&ctx->config, "tls_ciphers"); if (!SSL_CTX_set_cipher_list (ctx->ssl_ctx, ciphers)) error_set (e, "failed to select any cipher from the cipher list"); else if (!SSL_CTX_use_certificate_chain_file (ctx->ssl_ctx, cert_path)) @@ -3531,33 +3531,33 @@ irc_initialize_ssl_ctx (struct server_context *ctx, } static bool -irc_initialize_ssl (struct server_context *ctx, struct error **e) +irc_initialize_tls (struct server_context *ctx, struct error **e) { - const char *ssl_cert = str_map_find (&ctx->config, "ssl_cert"); - const char *ssl_key = str_map_find (&ctx->config, "ssl_key"); + const char *tls_cert = str_map_find (&ctx->config, "tls_cert"); + const char *tls_key = str_map_find (&ctx->config, "tls_key"); // Only try to enable SSL support if the user configures it; it is not // a failure if no one has requested it. - if (!ssl_cert && !ssl_key) + if (!tls_cert && !tls_key) return true; - if (!ssl_cert) + if (!tls_cert) error_set (e, "no TLS certificate set"); - else if (!ssl_key) + else if (!tls_key) error_set (e, "no TLS private key set"); - if (!ssl_cert || !ssl_key) + if (!tls_cert || !tls_key) return false; bool result = false; char *cert_path = resolve_filename - (ssl_cert, resolve_relative_config_filename); + (tls_cert, resolve_relative_config_filename); char *key_path = resolve_filename - (ssl_key, resolve_relative_config_filename); + (tls_key, resolve_relative_config_filename); if (!cert_path) - error_set (e, "%s: %s", "cannot open file", ssl_cert); + error_set (e, "%s: %s", "cannot open file", tls_cert); else if (!key_path) - error_set (e, "%s: %s", "cannot open file", ssl_key); + error_set (e, "%s: %s", "cannot open file", tls_key); else result = irc_initialize_ssl_ctx (ctx, cert_path, key_path, e); @@ -4019,7 +4019,7 @@ main (int argc, char *argv[]) ctx.signal_event.user_data = &ctx; poller_fd_set (&ctx.signal_event, POLLIN); - if (!irc_initialize_ssl (&ctx, &e) + if (!irc_initialize_tls (&ctx, &e) || !irc_initialize_server_name (&ctx, &e) || !irc_initialize_motd (&ctx, &e) || !irc_initialize_catalog (&ctx, &e) @@ -32,11 +32,11 @@ static struct config_item g_config_table[] = { "irc_host", NULL, "Address of the IRC server" }, { "irc_port", "6667", "Port of the IRC server" }, - { "ssl", "off", "Whether to use SSL" }, - { "ssl_cert", NULL, "Client SSL certificate (PEM)" }, - { "ssl_verify", "on", "Whether to verify certificates" }, - { "ssl_ca_file", NULL, "OpenSSL CA bundle file" }, - { "ssl_ca_path", NULL, "OpenSSL CA bundle path" }, + { "tls", "off", "Whether to use TLS" }, + { "tls_cert", NULL, "Client TLS certificate (PEM)" }, + { "tls_verify", "on", "Whether to verify certificates" }, + { "tls_ca_file", NULL, "OpenSSL CA bundle file" }, + { "tls_ca_path", NULL, "OpenSSL CA bundle path" }, { "autojoin", NULL, "Channels to join on start" }, { "reconnect", "on", "Whether to reconnect on error" }, { "reconnect_delay", "5", "Time between reconnecting" }, @@ -320,7 +320,7 @@ irc_initialize_ssl_ctx (struct bot_context *ctx, struct error **e) SSL_CTX_set_options (ctx->ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); bool verify; - if (!irc_get_boolean_from_config (ctx, "ssl_verify", &verify, e)) + if (!irc_get_boolean_from_config (ctx, "tls_verify", &verify, e)) return false; SSL_CTX_set_verify (ctx->ssl_ctx, verify ? SSL_VERIFY_PEER : SSL_VERIFY_NONE, NULL); @@ -363,7 +363,7 @@ ca_error: } static bool -irc_initialize_ssl (struct bot_context *ctx, struct error **e) +irc_initialize_tls (struct bot_context *ctx, struct error **e) { const char *error_info = NULL; ctx->ssl_ctx = SSL_CTX_new (SSLv23_client_method ()); @@ -376,17 +376,17 @@ irc_initialize_ssl (struct bot_context *ctx, struct error **e) if (!ctx->ssl) goto error_ssl_2; - const char *ssl_cert = str_map_find (&ctx->config, "ssl_cert"); - if (ssl_cert) + const char *tls_cert = str_map_find (&ctx->config, "tls_cert"); + if (tls_cert) { char *path = resolve_filename - (ssl_cert, resolve_relative_config_filename); + (tls_cert, resolve_relative_config_filename); if (!path) - print_error ("%s: %s", "cannot open file", ssl_cert); + print_error ("%s: %s", "cannot open file", tls_cert); // XXX: perhaps we should read the file ourselves for better messages else if (!SSL_use_certificate_file (ctx->ssl, path, SSL_FILETYPE_PEM) || !SSL_use_PrivateKey_file (ctx->ssl, path, SSL_FILETYPE_PEM)) - print_error ("%s: %s", "setting the SSL client certificate failed", + print_error ("%s: %s", "setting the TLS client certificate failed", ERR_error_string (ERR_get_error (), NULL)); free (path); } @@ -418,7 +418,7 @@ error_ssl_1: // multiple errors on the OpenSSL stack. if (!error_info) error_info = ERR_error_string (ERR_get_error (), NULL); - error_set (e, "%s: %s", "could not initialize SSL", error_info); + error_set (e, "%s: %s", "could not initialize TLS", error_info); return false; } @@ -1444,7 +1444,7 @@ enum irc_read_result }; static enum irc_read_result -irc_fill_read_buffer_ssl (struct bot_context *ctx, struct str *buf) +irc_fill_read_buffer_tls (struct bot_context *ctx, struct str *buf) { int n_read; start: @@ -1608,7 +1608,7 @@ on_irc_readable (const struct pollfd *fd, struct bot_context *ctx) struct str *buf = &ctx->read_buffer; enum irc_read_result (*fill_buffer)(struct bot_context *, struct str *) = ctx->ssl - ? irc_fill_read_buffer_ssl + ? irc_fill_read_buffer_tls : irc_fill_read_buffer; bool disconnected = false; while (true) @@ -1754,8 +1754,8 @@ irc_connect (struct bot_context *ctx, struct error **e) return false; } - bool use_ssl; - if (!irc_get_boolean_from_config (ctx, "ssl", &use_ssl, e)) + bool use_tls; + if (!irc_get_boolean_from_config (ctx, "tls", &use_tls, e)) return false; bool connected = socks_host @@ -1765,7 +1765,7 @@ irc_connect (struct bot_context *ctx, struct error **e) if (!connected) return false; - if (use_ssl && !irc_initialize_ssl (ctx, e)) + if (use_tls && !irc_initialize_tls (ctx, e)) { xclose (ctx->irc_fd); ctx->irc_fd = -1; |