diff options
| author |   reyk <reyk@openbsd.org> | 2015-02-07 23:56:02 +0000 |
|---|---|---|
| committer | reyk <reyk@openbsd.org> | 2015-02-07 23:56:02 +0000 |
| commit | 9ed684740c97d1305d78f5046c169e14e0ee0425 (patch) | |
| tree | 9faab7f8b459fe8d96a732c1463a18195fb31f0d | |
| parent | jmc reminded me that if we document new functions we should link them up (diff) | |
| download | wireguard-openbsd-9ed684740c97d1305d78f5046c169e14e0ee0425.tar.xz wireguard-openbsd-9ed684740c97d1305d78f5046c169e14e0ee0425.zip | |
Remove server_load_file() in favor of tls_load_file(3)
| -rw-r--r-- | usr.sbin/httpd/config.c | 4 | ||||
| -rw-r--r-- | usr.sbin/httpd/httpd.h | 10 | ||||
| -rw-r--r-- | usr.sbin/httpd/server.c | 47 |
3 files changed, 17 insertions, 44 deletions
diff --git a/usr.sbin/httpd/config.c b/usr.sbin/httpd/config.c index e3dd94f0148..f631214e7b4 100644 --- a/usr.sbin/httpd/config.c +++ b/usr.sbin/httpd/config.c @@ -1,4 +1,4 @@ -/* $OpenBSD: config.c,v 1.34 2015/02/07 01:23:12 reyk Exp $ */ +/* $OpenBSD: config.c,v 1.35 2015/02/07 23:56:02 reyk Exp $ */ /* * Copyright (c) 2011 - 2015 Reyk Floeter <reyk@openbsd.org> @@ -407,7 +407,7 @@ config_getserver(struct httpd *env, struct imsg *imsg) /* Reset these variables to avoid free'ing invalid pointers */ serverconfig_reset(&srv_conf); - if ((off_t)(IMSG_DATA_SIZE(imsg) - s) < + if ((IMSG_DATA_SIZE(imsg) - s) < (srv_conf.tls_cert_len + srv_conf.tls_key_len)) { log_debug("%s: invalid message length", __func__); goto fail; diff --git a/usr.sbin/httpd/httpd.h b/usr.sbin/httpd/httpd.h index b046d04f8b3..98096c9ac39 100644 --- a/usr.sbin/httpd/httpd.h +++ b/usr.sbin/httpd/httpd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: httpd.h,v 1.76 2015/02/07 06:26:28 jsing Exp $ */ +/* $OpenBSD: httpd.h,v 1.77 2015/02/07 23:56:02 reyk Exp $ */ /* * Copyright (c) 2006 - 2015 Reyk Floeter <reyk@openbsd.org> @@ -401,14 +401,14 @@ struct server_config { u_int32_t maxrequests; size_t maxrequestbody; - char *tls_cert; - off_t tls_cert_len; + u_int8_t *tls_cert; + size_t tls_cert_len; char *tls_cert_file; char tls_ciphers[NAME_MAX]; char tls_dhe_params[NAME_MAX]; char tls_ecdhe_curve[NAME_MAX]; - char *tls_key; - off_t tls_key_len; + u_int8_t *tls_key; + size_t tls_key_len; char *tls_key_file; u_int32_t flags; diff --git a/usr.sbin/httpd/server.c b/usr.sbin/httpd/server.c index a999b4faa15..6e63120b95f 100644 --- a/usr.sbin/httpd/server.c +++ b/usr.sbin/httpd/server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: server.c,v 1.56 2015/02/07 06:26:28 jsing Exp $ */ +/* $OpenBSD: server.c,v 1.57 2015/02/07 23:56:02 reyk Exp $ */ /* * Copyright (c) 2006 - 2015 Reyk Floeter <reyk@openbsd.org> @@ -130,50 +130,23 @@ server_privinit(struct server *srv) return (0); } -static char * -server_load_file(const char *filename, off_t *len) -{ - struct stat st; - off_t size; - char *buf = NULL; - int fd; - - if ((fd = open(filename, O_RDONLY)) == -1) - return (NULL); - if (fstat(fd, &st) != 0) - goto fail; - size = st.st_size; - if ((buf = calloc(1, size + 1)) == NULL) - goto fail; - if (read(fd, buf, size) != size) - goto fail; - - close(fd); - - *len = size; - return (buf); - - fail: - free(buf); - close(fd); - - return (NULL); -} - int server_tls_load_keypair(struct server *srv) { if ((srv->srv_conf.flags & SRVFLAG_TLS) == 0) return (0); - if ((srv->srv_conf.tls_cert = server_load_file( - srv->srv_conf.tls_cert_file, &srv->srv_conf.tls_cert_len)) == NULL) + if ((srv->srv_conf.tls_cert = tls_load_file( + srv->srv_conf.tls_cert_file, &srv->srv_conf.tls_cert_len, + NULL)) == NULL) return (-1); log_debug("%s: using certificate %s", __func__, srv->srv_conf.tls_cert_file); - if ((srv->srv_conf.tls_key = server_load_file( - srv->srv_conf.tls_key_file, &srv->srv_conf.tls_key_len)) == NULL) + /* XXX allow to specify password for encrypted key */ + if ((srv->srv_conf.tls_key = tls_load_file( + srv->srv_conf.tls_key_file, &srv->srv_conf.tls_key_len, + NULL)) == NULL) return (-1); log_debug("%s: using private key %s", __func__, srv->srv_conf.tls_key_file); @@ -345,8 +318,8 @@ serverconfig_free(struct server_config *srv_conf) void serverconfig_reset(struct server_config *srv_conf) { - srv_conf->tls_cert_file = srv_conf->tls_cert = - srv_conf->tls_key_file = srv_conf->tls_key = NULL; + srv_conf->tls_cert_file = srv_conf->tls_key_file = NULL; + srv_conf->tls_cert = srv_conf->tls_key = NULL; srv_conf->auth = NULL; } |