| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
| 1 | /* $NetBSD: tls.c,v 1.5 2010/05/13 17:52:12 tnozaki Exp $ */ | | 1 | /* $NetBSD: tls.c,v 1.6 2011/05/24 13:26:41 joerg Exp $ */ |
| 2 | | | 2 | |
| 3 | /*- | | 3 | /*- |
| 4 | * Copyright (c) 2008 The NetBSD Foundation, Inc. | | 4 | * Copyright (c) 2008 The NetBSD Foundation, Inc. |
| 5 | * All rights reserved. | | 5 | * All rights reserved. |
| 6 | * | | 6 | * |
| 7 | * This code is derived from software contributed to The NetBSD Foundation | | 7 | * This code is derived from software contributed to The NetBSD Foundation |
| 8 | * by Martin Schütte. | | 8 | * by Martin Schütte. |
| 9 | * | | 9 | * |
| 10 | * Redistribution and use in source and binary forms, with or without | | 10 | * Redistribution and use in source and binary forms, with or without |
| 11 | * modification, are permitted provided that the following conditions | | 11 | * modification, are permitted provided that the following conditions |
| 12 | * are met: | | 12 | * are met: |
| 13 | * 1. Redistributions of source code must retain the above copyright | | 13 | * 1. Redistributions of source code must retain the above copyright |
| 14 | * notice, this list of conditions and the following disclaimer. | | 14 | * notice, this list of conditions and the following disclaimer. |
| @@ -35,27 +35,27 @@ | | | @@ -35,27 +35,27 @@ |
| 35 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | | 35 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
| 36 | * POSSIBILITY OF SUCH DAMAGE. | | 36 | * POSSIBILITY OF SUCH DAMAGE. |
| 37 | */ | | 37 | */ |
| 38 | /* | | 38 | /* |
| 39 | * tls.c TLS related code for syslogd | | 39 | * tls.c TLS related code for syslogd |
| 40 | * | | 40 | * |
| 41 | * implements the TLS init and handshake callbacks with all required | | 41 | * implements the TLS init and handshake callbacks with all required |
| 42 | * checks from http://tools.ietf.org/html/draft-ietf-syslog-transport-tls-13 | | 42 | * checks from http://tools.ietf.org/html/draft-ietf-syslog-transport-tls-13 |
| 43 | * | | 43 | * |
| 44 | * Martin Schütte | | 44 | * Martin Schütte |
| 45 | */ | | 45 | */ |
| 46 | | | 46 | |
| 47 | #include <sys/cdefs.h> | | 47 | #include <sys/cdefs.h> |
| 48 | __RCSID("$NetBSD: tls.c,v 1.5 2010/05/13 17:52:12 tnozaki Exp $"); | | 48 | __RCSID("$NetBSD: tls.c,v 1.6 2011/05/24 13:26:41 joerg Exp $"); |
| 49 | | | 49 | |
| 50 | #ifndef DISABLE_TLS | | 50 | #ifndef DISABLE_TLS |
| 51 | #include "syslogd.h" | | 51 | #include "syslogd.h" |
| 52 | #include "tls.h" | | 52 | #include "tls.h" |
| 53 | #include <netinet/in.h> | | 53 | #include <netinet/in.h> |
| 54 | #include <ifaddrs.h> | | 54 | #include <ifaddrs.h> |
| 55 | #include "extern.h" | | 55 | #include "extern.h" |
| 56 | | | 56 | |
| 57 | static unsigned getVerifySetting(const char *x509verifystring); | | 57 | static unsigned getVerifySetting(const char *x509verifystring); |
| 58 | | | 58 | |
| 59 | /* to output SSL error codes */ | | 59 | /* to output SSL error codes */ |
| 60 | static const char *SSL_ERRCODE[] = { | | 60 | static const char *SSL_ERRCODE[] = { |
| 61 | "SSL_ERROR_NONE", | | 61 | "SSL_ERROR_NONE", |
| @@ -819,27 +819,27 @@ socksetup_tls(const int af, const char * | | | @@ -819,27 +819,27 @@ socksetup_tls(const int af, const char * |
| 819 | | | 819 | |
| 820 | if(!tls_opt.server | | 820 | if(!tls_opt.server |
| 821 | || !tls_opt.global_TLS_CTX) | | 821 | || !tls_opt.global_TLS_CTX) |
| 822 | return NULL; | | 822 | return NULL; |
| 823 | | | 823 | |
| 824 | memset(&hints, 0, sizeof(hints)); | | 824 | memset(&hints, 0, sizeof(hints)); |
| 825 | hints.ai_flags = AI_PASSIVE; | | 825 | hints.ai_flags = AI_PASSIVE; |
| 826 | hints.ai_family = af; | | 826 | hints.ai_family = af; |
| 827 | hints.ai_socktype = SOCK_STREAM; | | 827 | hints.ai_socktype = SOCK_STREAM; |
| 828 | | | 828 | |
| 829 | error = getaddrinfo(bindhostname, (port ? port : "syslog-tls"), | | 829 | error = getaddrinfo(bindhostname, (port ? port : "syslog-tls"), |
| 830 | &hints, &res); | | 830 | &hints, &res); |
| 831 | if (error) { | | 831 | if (error) { |
| 832 | logerror(gai_strerror(error)); | | 832 | logerror("%s", gai_strerror(error)); |
| 833 | errno = 0; | | 833 | errno = 0; |
| 834 | die(0, 0, NULL); | | 834 | die(0, 0, NULL); |
| 835 | } | | 835 | } |
| 836 | | | 836 | |
| 837 | /* Count max number of sockets we may open */ | | 837 | /* Count max number of sockets we may open */ |
| 838 | for (maxs = 0, r = res; r; r = r->ai_next, maxs++) | | 838 | for (maxs = 0, r = res; r; r = r->ai_next, maxs++) |
| 839 | continue; | | 839 | continue; |
| 840 | socks = malloc((maxs+1) * sizeof(*socks)); | | 840 | socks = malloc((maxs+1) * sizeof(*socks)); |
| 841 | if (!socks) { | | 841 | if (!socks) { |
| 842 | logerror("Unable to allocate memory for sockets"); | | 842 | logerror("Unable to allocate memory for sockets"); |
| 843 | die(0, 0, NULL); | | 843 | die(0, 0, NULL); |
| 844 | } | | 844 | } |
| 845 | | | 845 | |
| @@ -979,27 +979,27 @@ tls_connect(struct tls_conn_settings *co | | | @@ -979,27 +979,27 @@ tls_connect(struct tls_conn_settings *co |
| 979 | assert(conn_info->state == ST_NONE); | | 979 | assert(conn_info->state == ST_NONE); |
| 980 | | | 980 | |
| 981 | if(!tls_opt.global_TLS_CTX) | | 981 | if(!tls_opt.global_TLS_CTX) |
| 982 | return false; | | 982 | return false; |
| 983 | | | 983 | |
| 984 | memset(&hints, 0, sizeof(hints)); | | 984 | memset(&hints, 0, sizeof(hints)); |
| 985 | hints.ai_family = AF_UNSPEC; | | 985 | hints.ai_family = AF_UNSPEC; |
| 986 | hints.ai_socktype = SOCK_STREAM; | | 986 | hints.ai_socktype = SOCK_STREAM; |
| 987 | hints.ai_protocol = 0; | | 987 | hints.ai_protocol = 0; |
| 988 | hints.ai_flags = AI_CANONNAME; | | 988 | hints.ai_flags = AI_CANONNAME; |
| 989 | error = getaddrinfo(conn_info->hostname, | | 989 | error = getaddrinfo(conn_info->hostname, |
| 990 | (conn_info->port ? conn_info->port : "syslog-tls"), &hints, &res); | | 990 | (conn_info->port ? conn_info->port : "syslog-tls"), &hints, &res); |
| 991 | if (error) { | | 991 | if (error) { |
| 992 | logerror(gai_strerror(error)); | | 992 | logerror("%s", gai_strerror(error)); |
| 993 | return false; | | 993 | return false; |
| 994 | } | | 994 | } |
| 995 | | | 995 | |
| 996 | sock = -1; | | 996 | sock = -1; |
| 997 | for (res1 = res; res1; res1 = res1->ai_next) { | | 997 | for (res1 = res; res1; res1 = res1->ai_next) { |
| 998 | if ((sock = socket(res1->ai_family, res1->ai_socktype, | | 998 | if ((sock = socket(res1->ai_family, res1->ai_socktype, |
| 999 | res1->ai_protocol)) == -1) { | | 999 | res1->ai_protocol)) == -1) { |
| 1000 | DPRINTF(D_NET, "Unable to open socket.\n"); | | 1000 | DPRINTF(D_NET, "Unable to open socket.\n"); |
| 1001 | continue; | | 1001 | continue; |
| 1002 | } | | 1002 | } |
| 1003 | if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, | | 1003 | if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, |
| 1004 | &one, sizeof(one)) == -1) { | | 1004 | &one, sizeof(one)) == -1) { |
| 1005 | DPRINTF(D_NET, "Unable to setsockopt(): %s\n", | | 1005 | DPRINTF(D_NET, "Unable to setsockopt(): %s\n", |