| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | /* $NetBSD: tls.c,v 1.5 2010/05/13 17:52:12 tnozaki Exp $ */ | | 1 | /* $NetBSD: tls.c,v 1.6 2011/05/24 13:26:41 joerg Exp $ */ |
2 | | | 2 | |
3 | /*- | | 3 | /*- |
4 | * Copyright (c) 2008 The NetBSD Foundation, Inc. | | 4 | * Copyright (c) 2008 The NetBSD Foundation, Inc. |
5 | * All rights reserved. | | 5 | * All rights reserved. |
6 | * | | 6 | * |
7 | * This code is derived from software contributed to The NetBSD Foundation | | 7 | * This code is derived from software contributed to The NetBSD Foundation |
8 | * by Martin Schütte. | | 8 | * by Martin Schütte. |
9 | * | | 9 | * |
10 | * Redistribution and use in source and binary forms, with or without | | 10 | * Redistribution and use in source and binary forms, with or without |
11 | * modification, are permitted provided that the following conditions | | 11 | * modification, are permitted provided that the following conditions |
12 | * are met: | | 12 | * are met: |
13 | * 1. Redistributions of source code must retain the above copyright | | 13 | * 1. Redistributions of source code must retain the above copyright |
14 | * notice, this list of conditions and the following disclaimer. | | 14 | * notice, this list of conditions and the following disclaimer. |
| @@ -35,27 +35,27 @@ | | | @@ -35,27 +35,27 @@ |
35 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | | 35 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
36 | * POSSIBILITY OF SUCH DAMAGE. | | 36 | * POSSIBILITY OF SUCH DAMAGE. |
37 | */ | | 37 | */ |
38 | /* | | 38 | /* |
39 | * tls.c TLS related code for syslogd | | 39 | * tls.c TLS related code for syslogd |
40 | * | | 40 | * |
41 | * implements the TLS init and handshake callbacks with all required | | 41 | * implements the TLS init and handshake callbacks with all required |
42 | * checks from http://tools.ietf.org/html/draft-ietf-syslog-transport-tls-13 | | 42 | * checks from http://tools.ietf.org/html/draft-ietf-syslog-transport-tls-13 |
43 | * | | 43 | * |
44 | * Martin Schütte | | 44 | * Martin Schütte |
45 | */ | | 45 | */ |
46 | | | 46 | |
47 | #include <sys/cdefs.h> | | 47 | #include <sys/cdefs.h> |
48 | __RCSID("$NetBSD: tls.c,v 1.5 2010/05/13 17:52:12 tnozaki Exp $"); | | 48 | __RCSID("$NetBSD: tls.c,v 1.6 2011/05/24 13:26:41 joerg Exp $"); |
49 | | | 49 | |
50 | #ifndef DISABLE_TLS | | 50 | #ifndef DISABLE_TLS |
51 | #include "syslogd.h" | | 51 | #include "syslogd.h" |
52 | #include "tls.h" | | 52 | #include "tls.h" |
53 | #include <netinet/in.h> | | 53 | #include <netinet/in.h> |
54 | #include <ifaddrs.h> | | 54 | #include <ifaddrs.h> |
55 | #include "extern.h" | | 55 | #include "extern.h" |
56 | | | 56 | |
57 | static unsigned getVerifySetting(const char *x509verifystring); | | 57 | static unsigned getVerifySetting(const char *x509verifystring); |
58 | | | 58 | |
59 | /* to output SSL error codes */ | | 59 | /* to output SSL error codes */ |
60 | static const char *SSL_ERRCODE[] = { | | 60 | static const char *SSL_ERRCODE[] = { |
61 | "SSL_ERROR_NONE", | | 61 | "SSL_ERROR_NONE", |
| @@ -819,27 +819,27 @@ socksetup_tls(const int af, const char * | | | @@ -819,27 +819,27 @@ socksetup_tls(const int af, const char * |
819 | | | 819 | |
820 | if(!tls_opt.server | | 820 | if(!tls_opt.server |
821 | || !tls_opt.global_TLS_CTX) | | 821 | || !tls_opt.global_TLS_CTX) |
822 | return NULL; | | 822 | return NULL; |
823 | | | 823 | |
824 | memset(&hints, 0, sizeof(hints)); | | 824 | memset(&hints, 0, sizeof(hints)); |
825 | hints.ai_flags = AI_PASSIVE; | | 825 | hints.ai_flags = AI_PASSIVE; |
826 | hints.ai_family = af; | | 826 | hints.ai_family = af; |
827 | hints.ai_socktype = SOCK_STREAM; | | 827 | hints.ai_socktype = SOCK_STREAM; |
828 | | | 828 | |
829 | error = getaddrinfo(bindhostname, (port ? port : "syslog-tls"), | | 829 | error = getaddrinfo(bindhostname, (port ? port : "syslog-tls"), |
830 | &hints, &res); | | 830 | &hints, &res); |
831 | if (error) { | | 831 | if (error) { |
832 | logerror(gai_strerror(error)); | | 832 | logerror("%s", gai_strerror(error)); |
833 | errno = 0; | | 833 | errno = 0; |
834 | die(0, 0, NULL); | | 834 | die(0, 0, NULL); |
835 | } | | 835 | } |
836 | | | 836 | |
837 | /* Count max number of sockets we may open */ | | 837 | /* Count max number of sockets we may open */ |
838 | for (maxs = 0, r = res; r; r = r->ai_next, maxs++) | | 838 | for (maxs = 0, r = res; r; r = r->ai_next, maxs++) |
839 | continue; | | 839 | continue; |
840 | socks = malloc((maxs+1) * sizeof(*socks)); | | 840 | socks = malloc((maxs+1) * sizeof(*socks)); |
841 | if (!socks) { | | 841 | if (!socks) { |
842 | logerror("Unable to allocate memory for sockets"); | | 842 | logerror("Unable to allocate memory for sockets"); |
843 | die(0, 0, NULL); | | 843 | die(0, 0, NULL); |
844 | } | | 844 | } |
845 | | | 845 | |
| @@ -979,27 +979,27 @@ tls_connect(struct tls_conn_settings *co | | | @@ -979,27 +979,27 @@ tls_connect(struct tls_conn_settings *co |
979 | assert(conn_info->state == ST_NONE); | | 979 | assert(conn_info->state == ST_NONE); |
980 | | | 980 | |
981 | if(!tls_opt.global_TLS_CTX) | | 981 | if(!tls_opt.global_TLS_CTX) |
982 | return false; | | 982 | return false; |
983 | | | 983 | |
984 | memset(&hints, 0, sizeof(hints)); | | 984 | memset(&hints, 0, sizeof(hints)); |
985 | hints.ai_family = AF_UNSPEC; | | 985 | hints.ai_family = AF_UNSPEC; |
986 | hints.ai_socktype = SOCK_STREAM; | | 986 | hints.ai_socktype = SOCK_STREAM; |
987 | hints.ai_protocol = 0; | | 987 | hints.ai_protocol = 0; |
988 | hints.ai_flags = AI_CANONNAME; | | 988 | hints.ai_flags = AI_CANONNAME; |
989 | error = getaddrinfo(conn_info->hostname, | | 989 | error = getaddrinfo(conn_info->hostname, |
990 | (conn_info->port ? conn_info->port : "syslog-tls"), &hints, &res); | | 990 | (conn_info->port ? conn_info->port : "syslog-tls"), &hints, &res); |
991 | if (error) { | | 991 | if (error) { |
992 | logerror(gai_strerror(error)); | | 992 | logerror("%s", gai_strerror(error)); |
993 | return false; | | 993 | return false; |
994 | } | | 994 | } |
995 | | | 995 | |
996 | sock = -1; | | 996 | sock = -1; |
997 | for (res1 = res; res1; res1 = res1->ai_next) { | | 997 | for (res1 = res; res1; res1 = res1->ai_next) { |
998 | if ((sock = socket(res1->ai_family, res1->ai_socktype, | | 998 | if ((sock = socket(res1->ai_family, res1->ai_socktype, |
999 | res1->ai_protocol)) == -1) { | | 999 | res1->ai_protocol)) == -1) { |
1000 | DPRINTF(D_NET, "Unable to open socket.\n"); | | 1000 | DPRINTF(D_NET, "Unable to open socket.\n"); |
1001 | continue; | | 1001 | continue; |
1002 | } | | 1002 | } |
1003 | if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, | | 1003 | if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, |
1004 | &one, sizeof(one)) == -1) { | | 1004 | &one, sizeof(one)) == -1) { |
1005 | DPRINTF(D_NET, "Unable to setsockopt(): %s\n", | | 1005 | DPRINTF(D_NET, "Unable to setsockopt(): %s\n", |