aboutsummaryrefslogtreecommitdiff
path: root/degesch.c
diff options
context:
space:
mode:
Diffstat (limited to 'degesch.c')
-rw-r--r--degesch.c32
1 files changed, 16 insertions, 16 deletions
diff --git a/degesch.c b/degesch.c
index 3c0ed94..4f51039 100644
--- a/degesch.c
+++ b/degesch.c
@@ -1552,24 +1552,24 @@ static struct config_schema g_config_server[] =
.type = CONFIG_ITEM_STRING,
.validate = config_validate_nonjunk_string },
- { .name = "ssl",
+ { .name = "tls",
.comment = "Whether to use TLS",
.type = CONFIG_ITEM_BOOLEAN,
.default_ = "off" },
- { .name = "ssl_cert",
+ { .name = "tls_cert",
.comment = "Client TLS certificate (PEM)",
.type = CONFIG_ITEM_STRING },
- { .name = "ssl_verify",
+ { .name = "tls_verify",
.comment = "Whether to verify certificates",
.type = CONFIG_ITEM_BOOLEAN,
.default_ = "on" },
- { .name = "ssl_ca_file",
+ { .name = "tls_ca_file",
.comment = "OpenSSL CA bundle file",
.type = CONFIG_ITEM_STRING },
- { .name = "ssl_ca_path",
+ { .name = "tls_ca_path",
.comment = "OpenSSL CA bundle path",
.type = CONFIG_ITEM_STRING },
- { .name = "ssl_ciphers",
+ { .name = "tls_ciphers",
.comment = "OpenSSL cipher preference list",
.type = CONFIG_ITEM_STRING,
.default_ = "\"DEFAULT:!MEDIUM:!LOW\"" },
@@ -4039,7 +4039,7 @@ transport_tls_verify_callback (int preverify_ok, X509_STORE_CTX *ctx)
static bool
transport_tls_init_ctx (struct server *s, SSL_CTX *ssl_ctx, struct error **e)
{
- bool verify = get_config_boolean (s->config, "ssl_verify");
+ bool verify = get_config_boolean (s->config, "tls_verify");
SSL_CTX_set_verify (ssl_ctx, verify ? SSL_VERIFY_PEER : SSL_VERIFY_NONE,
transport_tls_verify_callback);
@@ -4048,7 +4048,7 @@ transport_tls_init_ctx (struct server *s, SSL_CTX *ssl_ctx, struct error **e)
SSL_CTX_get_ex_new_index (0, "server", NULL, NULL, NULL);
SSL_CTX_set_ex_data (ssl_ctx, g_transport_tls_data_index, s);
- const char *ciphers = get_config_string (s->config, "ssl_ciphers");
+ const char *ciphers = get_config_string (s->config, "tls_ciphers");
if (ciphers && !SSL_CTX_set_cipher_list (ssl_ctx, ciphers))
log_server_error (s, s->buffer,
"Failed to select any cipher from the cipher list");
@@ -4058,8 +4058,8 @@ transport_tls_init_ctx (struct server *s, SSL_CTX *ssl_ctx, struct error **e)
// Disable deprecated protocols (see RFC 7568)
SSL_CTX_set_options (ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
- const char *ca_file = get_config_string (s->config, "ssl_ca_file");
- const char *ca_path = get_config_string (s->config, "ssl_ca_path");
+ const char *ca_file = get_config_string (s->config, "tls_ca_file");
+ const char *ca_path = get_config_string (s->config, "tls_ca_path");
ERR_clear_error ();
@@ -4100,20 +4100,20 @@ ca_error:
static bool
transport_tls_init_cert (struct server *s, SSL *ssl, struct error **e)
{
- const char *ssl_cert = get_config_string (s->config, "ssl_cert");
- if (!ssl_cert)
+ const char *tls_cert = get_config_string (s->config, "tls_cert");
+ if (!tls_cert)
return true;
ERR_clear_error ();
bool result = false;
- char *path = resolve_filename (ssl_cert, resolve_relative_config_filename);
+ char *path = resolve_filename (tls_cert, resolve_relative_config_filename);
if (!path)
- error_set (e, "%s: %s", "Cannot open file", ssl_cert);
+ error_set (e, "%s: %s", "Cannot open file", tls_cert);
// XXX: perhaps we should read the file ourselves for better messages
else if (!SSL_use_certificate_file (ssl, path, SSL_FILETYPE_PEM)
|| !SSL_use_PrivateKey_file (ssl, path, SSL_FILETYPE_PEM))
- error_set (e, "%s: %s", "Setting the SSL client certificate failed",
+ error_set (e, "%s: %s", "Setting the TLS client certificate failed",
ERR_reason_error_string (ERR_get_error ()));
else
result = true;
@@ -4384,7 +4384,7 @@ irc_finish_connection (struct server *s, int socket)
set_blocking (socket, false);
s->socket = socket;
- s->transport = get_config_boolean (s->config, "ssl")
+ s->transport = get_config_boolean (s->config, "tls")
? &g_transport_tls
: &g_transport_plain;