diff options
Diffstat (limited to 'degesch.c')
-rw-r--r-- | degesch.c | 32 |
1 files changed, 16 insertions, 16 deletions
@@ -1552,24 +1552,24 @@ static struct config_schema g_config_server[] = .type = CONFIG_ITEM_STRING, .validate = config_validate_nonjunk_string }, - { .name = "ssl", + { .name = "tls", .comment = "Whether to use TLS", .type = CONFIG_ITEM_BOOLEAN, .default_ = "off" }, - { .name = "ssl_cert", + { .name = "tls_cert", .comment = "Client TLS certificate (PEM)", .type = CONFIG_ITEM_STRING }, - { .name = "ssl_verify", + { .name = "tls_verify", .comment = "Whether to verify certificates", .type = CONFIG_ITEM_BOOLEAN, .default_ = "on" }, - { .name = "ssl_ca_file", + { .name = "tls_ca_file", .comment = "OpenSSL CA bundle file", .type = CONFIG_ITEM_STRING }, - { .name = "ssl_ca_path", + { .name = "tls_ca_path", .comment = "OpenSSL CA bundle path", .type = CONFIG_ITEM_STRING }, - { .name = "ssl_ciphers", + { .name = "tls_ciphers", .comment = "OpenSSL cipher preference list", .type = CONFIG_ITEM_STRING, .default_ = "\"DEFAULT:!MEDIUM:!LOW\"" }, @@ -4039,7 +4039,7 @@ transport_tls_verify_callback (int preverify_ok, X509_STORE_CTX *ctx) static bool transport_tls_init_ctx (struct server *s, SSL_CTX *ssl_ctx, struct error **e) { - bool verify = get_config_boolean (s->config, "ssl_verify"); + bool verify = get_config_boolean (s->config, "tls_verify"); SSL_CTX_set_verify (ssl_ctx, verify ? SSL_VERIFY_PEER : SSL_VERIFY_NONE, transport_tls_verify_callback); @@ -4048,7 +4048,7 @@ transport_tls_init_ctx (struct server *s, SSL_CTX *ssl_ctx, struct error **e) SSL_CTX_get_ex_new_index (0, "server", NULL, NULL, NULL); SSL_CTX_set_ex_data (ssl_ctx, g_transport_tls_data_index, s); - const char *ciphers = get_config_string (s->config, "ssl_ciphers"); + const char *ciphers = get_config_string (s->config, "tls_ciphers"); if (ciphers && !SSL_CTX_set_cipher_list (ssl_ctx, ciphers)) log_server_error (s, s->buffer, "Failed to select any cipher from the cipher list"); @@ -4058,8 +4058,8 @@ transport_tls_init_ctx (struct server *s, SSL_CTX *ssl_ctx, struct error **e) // Disable deprecated protocols (see RFC 7568) SSL_CTX_set_options (ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); - const char *ca_file = get_config_string (s->config, "ssl_ca_file"); - const char *ca_path = get_config_string (s->config, "ssl_ca_path"); + const char *ca_file = get_config_string (s->config, "tls_ca_file"); + const char *ca_path = get_config_string (s->config, "tls_ca_path"); ERR_clear_error (); @@ -4100,20 +4100,20 @@ ca_error: static bool transport_tls_init_cert (struct server *s, SSL *ssl, struct error **e) { - const char *ssl_cert = get_config_string (s->config, "ssl_cert"); - if (!ssl_cert) + const char *tls_cert = get_config_string (s->config, "tls_cert"); + if (!tls_cert) return true; ERR_clear_error (); bool result = false; - char *path = resolve_filename (ssl_cert, resolve_relative_config_filename); + char *path = resolve_filename (tls_cert, resolve_relative_config_filename); if (!path) - error_set (e, "%s: %s", "Cannot open file", ssl_cert); + error_set (e, "%s: %s", "Cannot open file", tls_cert); // XXX: perhaps we should read the file ourselves for better messages else if (!SSL_use_certificate_file (ssl, path, SSL_FILETYPE_PEM) || !SSL_use_PrivateKey_file (ssl, path, SSL_FILETYPE_PEM)) - error_set (e, "%s: %s", "Setting the SSL client certificate failed", + error_set (e, "%s: %s", "Setting the TLS client certificate failed", ERR_reason_error_string (ERR_get_error ())); else result = true; @@ -4384,7 +4384,7 @@ irc_finish_connection (struct server *s, int socket) set_blocking (socket, false); s->socket = socket; - s->transport = get_config_boolean (s->config, "ssl") + s->transport = get_config_boolean (s->config, "tls") ? &g_transport_tls : &g_transport_plain; |