From dbde9f0fe3c9fcd7eb8e56e9b1beffb71b0607e1 Mon Sep 17 00:00:00 2001 From: Jari Matilainen Date: Thu, 11 May 2017 10:57:24 +0200 Subject: [PATCH 1/4] Added support for -notls and -notls_verify --- src/fe-common/core/fe-server.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/src/fe-common/core/fe-server.c b/src/fe-common/core/fe-server.c index f4c1d3ee..207dae7d 100644 --- a/src/fe-common/core/fe-server.c +++ b/src/fe-common/core/fe-server.c @@ -156,6 +156,10 @@ static void cmd_server_add_modify(const char *data, gboolean add) if (g_hash_table_lookup(optlist, "tls") || g_hash_table_lookup(optlist, "ssl")) rec->use_tls = TRUE; + else if (g_hash_table_lookup(optlist, "notls") || g_hash_table_lookup(optlist, "nossl")) { + rec->use_tls = FALSE; + rec->tls_verify = FALSE; + } value = g_hash_table_lookup(optlist, "tls_cert"); if (value == NULL) @@ -177,6 +181,8 @@ static void cmd_server_add_modify(const char *data, gboolean add) if (g_hash_table_lookup(optlist, "tls_verify") || g_hash_table_lookup(optlist, "ssl_verify")) rec->tls_verify = TRUE; + else if (g_hash_table_lookup(optlist, "notls_verify") || g_hash_table_lookup(optlist, "nossl_verify")) + rec->tls_verify = FALSE; value = g_hash_table_lookup(optlist, "tls_cafile"); if (value == NULL) @@ -434,8 +440,8 @@ void fe_server_init(void) command_bind_first("server", NULL, (SIGNAL_FUNC) server_command); command_bind_first("disconnect", NULL, (SIGNAL_FUNC) server_command); - command_set_options("server add", "4 6 !! ssl +ssl_cert +ssl_pkey +ssl_pass ssl_verify +ssl_cafile +ssl_capath +ssl_ciphers +ssl_fingerprint tls +tls_cert +tls_pkey +tls_pass tls_verify +tls_cafile +tls_capath +tls_ciphers +tls_pinned_cert +tls_pinned_pubkey auto noauto proxy noproxy -host -port noautosendcmd"); - command_set_options("server modify", "4 6 !! ssl +ssl_cert +ssl_pkey +ssl_pass ssl_verify +ssl_cafile +ssl_capath +ssl_ciphers +ssl_fingerprint tls +tls_cert +tls_pkey +tls_pass tls_verify +tls_cafile +tls_capath +tls_ciphers +tls_pinned_cert +tls_pinned_pubkey auto noauto proxy noproxy -host -port noautosendcmd"); + command_set_options("server add", "4 6 !! ssl nossl +ssl_cert +ssl_pkey +ssl_pass ssl_verify nossl_verify +ssl_cafile +ssl_capath +ssl_ciphers +ssl_fingerprint tls notls +tls_cert +tls_pkey +tls_pass tls_verify notls_verify +tls_cafile +tls_capath +tls_ciphers +tls_pinned_cert +tls_pinned_pubkey auto noauto proxy noproxy -host -port noautosendcmd"); + command_set_options("server modify", "4 6 !! ssl nossl +ssl_cert +ssl_pkey +ssl_pass ssl_verify nossl_verify +ssl_cafile +ssl_capath +ssl_ciphers +ssl_fingerprint tls notls +tls_cert +tls_pkey +tls_pass tls_verify notls_verify +tls_cafile +tls_capath +tls_ciphers +tls_pinned_cert +tls_pinned_pubkey auto noauto proxy noproxy -host -port noautosendcmd"); signal_add("server looking", (SIGNAL_FUNC) sig_server_looking); signal_add("server connecting", (SIGNAL_FUNC) sig_server_connecting); From f060292a9cd0835dd9cc8c24a4ede67909a2b68b Mon Sep 17 00:00:00 2001 From: Jari Matilainen Date: Thu, 11 May 2017 11:17:14 +0200 Subject: [PATCH 2/4] Added braces --- src/fe-common/core/fe-server.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/fe-common/core/fe-server.c b/src/fe-common/core/fe-server.c index 207dae7d..c9488e25 100644 --- a/src/fe-common/core/fe-server.c +++ b/src/fe-common/core/fe-server.c @@ -154,8 +154,9 @@ static void cmd_server_add_modify(const char *data, gboolean add) else if (g_hash_table_lookup(optlist, "4")) rec->family = AF_INET; - if (g_hash_table_lookup(optlist, "tls") || g_hash_table_lookup(optlist, "ssl")) + if (g_hash_table_lookup(optlist, "tls") || g_hash_table_lookup(optlist, "ssl")) { rec->use_tls = TRUE; + } else if (g_hash_table_lookup(optlist, "notls") || g_hash_table_lookup(optlist, "nossl")) { rec->use_tls = FALSE; rec->tls_verify = FALSE; From 783458e9ba068117089d23730add317069cf6447 Mon Sep 17 00:00:00 2001 From: Jari Matilainen Date: Thu, 11 May 2017 14:08:45 +0200 Subject: [PATCH 3/4] Added code comments --- src/fe-common/core/fe-server.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/fe-common/core/fe-server.c b/src/fe-common/core/fe-server.c index c9488e25..03feba32 100644 --- a/src/fe-common/core/fe-server.c +++ b/src/fe-common/core/fe-server.c @@ -159,6 +159,8 @@ static void cmd_server_add_modify(const char *data, gboolean add) } else if (g_hash_table_lookup(optlist, "notls") || g_hash_table_lookup(optlist, "nossl")) { rec->use_tls = FALSE; + /* if rec has tls_verify = TRUE then use_tls will be set to true on lines 224-225 + so explicitly set tls_verify to FALSE when -notls is used */ rec->tls_verify = FALSE; } From 81cf8d8813c4226e0d9db5f776e0f6a6904813e0 Mon Sep 17 00:00:00 2001 From: ailin-nemui Date: Sun, 14 May 2017 09:43:38 +0200 Subject: [PATCH 4/4] Update fe-server.c --- src/fe-common/core/fe-server.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/fe-common/core/fe-server.c b/src/fe-common/core/fe-server.c index 03feba32..e8e9f33f 100644 --- a/src/fe-common/core/fe-server.c +++ b/src/fe-common/core/fe-server.c @@ -159,8 +159,7 @@ static void cmd_server_add_modify(const char *data, gboolean add) } else if (g_hash_table_lookup(optlist, "notls") || g_hash_table_lookup(optlist, "nossl")) { rec->use_tls = FALSE; - /* if rec has tls_verify = TRUE then use_tls will be set to true on lines 224-225 - so explicitly set tls_verify to FALSE when -notls is used */ + /* tls_verify implies use_tls, disable it explicitly */ rec->tls_verify = FALSE; }