Like previously done in relayd, change the keyword "ssl" to "tls" to

reflect reality.

OK benno@

9 files changed, 149 insertions, 149 deletions

diff --git a/etc/examples/httpd.conf b/etc/examples/httpd.conf
index 71496a4fae0..2fc392d2d42 100644
--- a/etc/examples/httpd.conf
+++ b/etc/examples/httpd.conf
@@ -1,4 +1,4 @@
-# $OpenBSD: httpd.conf,v 1.11 2014/08/25 14:27:54 reyk Exp $
+# $OpenBSD: httpd.conf,v 1.12 2014/12/12 14:45:59 reyk Exp $
 
 #
 # Macros
@@ -47,7 +47,7 @@ server "www.example.com" {
 
 # An HTTPS server using SSL/TLS
 server "secure.example.com" {
-	listen on 127.0.0.1 ssl port 443
+	listen on 127.0.0.1 tls port 443
 
 	# Define server-specific log files relative to /logs
 	log { access "secure-access.log", error "secure-error.log" }
diff --git a/usr.sbin/httpd/config.c b/usr.sbin/httpd/config.c
index a902004344a..b35d3de4e3a 100644
--- a/usr.sbin/httpd/config.c
+++ b/usr.sbin/httpd/config.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: config.c,v 1.24 2014/12/07 16:05:08 florian Exp $	*/
+/*	$OpenBSD: config.c,v 1.25 2014/12/12 14:45:59 reyk Exp $	*/
 
 /*
  * Copyright (c) 2011 - 2014 Reyk Floeter <reyk@openbsd.org>
@@ -185,13 +185,13 @@ config_setserver(struct httpd *env, struct server *srv)
 		c = 0;
 		iov[c].iov_base = &s;
 		iov[c++].iov_len = sizeof(s);
-		if (srv->srv_conf.ssl_cert_len != 0) {
-			iov[c].iov_base = srv->srv_conf.ssl_cert;
-			iov[c++].iov_len = srv->srv_conf.ssl_cert_len;
+		if (srv->srv_conf.tls_cert_len != 0) {
+			iov[c].iov_base = srv->srv_conf.tls_cert;
+			iov[c++].iov_len = srv->srv_conf.tls_cert_len;
 		}
-		if (srv->srv_conf.ssl_key_len != 0) {
-			iov[c].iov_base = srv->srv_conf.ssl_key;
-			iov[c++].iov_len = srv->srv_conf.ssl_key_len;
+		if (srv->srv_conf.tls_key_len != 0) {
+			iov[c].iov_base = srv->srv_conf.tls_key;
+			iov[c++].iov_len = srv->srv_conf.tls_key_len;
 		}
 
 		if (id == PROC_SERVER &&
@@ -285,7 +285,7 @@ config_getserver_config(struct httpd *env, struct server *srv,
 		if ((srv_conf->flags & f) == 0)
 			srv_conf->flags |= parent->flags & f;
 
-		f = SRVFLAG_SSL;
+		f = SRVFLAG_TLS;
 		srv_conf->flags |= parent->flags & f;
 
 		f = SRVFLAG_ACCESS_LOG;
@@ -347,7 +347,7 @@ config_getserver(struct httpd *env, struct imsg *imsg)
 	serverconfig_reset(&srv_conf);
 
 	if ((off_t)(IMSG_DATA_SIZE(imsg) - s) <
-	    (srv_conf.ssl_cert_len + srv_conf.ssl_key_len)) {
+	    (srv_conf.tls_cert_len + srv_conf.tls_key_len)) {
 		log_debug("%s: invalid message length", __func__);
 		goto fail;
 	}
@@ -384,25 +384,25 @@ config_getserver(struct httpd *env, struct imsg *imsg)
 	    srv->srv_conf.name, srv->srv_conf.id,
 	    printb_flags(srv->srv_conf.flags, SRVFLAG_BITS));
 
-	if (srv->srv_conf.ssl_cert_len != 0) {
-		if ((srv->srv_conf.ssl_cert = get_data(p + s,
-		    srv->srv_conf.ssl_cert_len)) == NULL)
+	if (srv->srv_conf.tls_cert_len != 0) {
+		if ((srv->srv_conf.tls_cert = get_data(p + s,
+		    srv->srv_conf.tls_cert_len)) == NULL)
 			goto fail;
-		s += srv->srv_conf.ssl_cert_len;
+		s += srv->srv_conf.tls_cert_len;
 	}
-	if (srv->srv_conf.ssl_key_len != 0) {
-		if ((srv->srv_conf.ssl_key = get_data(p + s,
-		    srv->srv_conf.ssl_key_len)) == NULL)
+	if (srv->srv_conf.tls_key_len != 0) {
+		if ((srv->srv_conf.tls_key = get_data(p + s,
+		    srv->srv_conf.tls_key_len)) == NULL)
 			goto fail;
-		s += srv->srv_conf.ssl_key_len;
+		s += srv->srv_conf.tls_key_len;
 	}
 
 	return (0);
 
  fail:
 	if (srv != NULL) {
-		free(srv->srv_conf.ssl_cert);
-		free(srv->srv_conf.ssl_key);
+		free(srv->srv_conf.tls_cert);
+		free(srv->srv_conf.tls_key);
 	}
 	free(srv);
 
diff --git a/usr.sbin/httpd/httpd.8 b/usr.sbin/httpd/httpd.8
index ab301e1102d..e17f7de403f 100644
--- a/usr.sbin/httpd/httpd.8
+++ b/usr.sbin/httpd/httpd.8
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: httpd.8,v 1.48 2014/08/09 08:49:48 jmc Exp $
+.\"	$OpenBSD: httpd.8,v 1.49 2014/12/12 14:45:59 reyk Exp $
 .\"
 .\" Copyright (c) 2014 Reyk Floeter <reyk@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: August 9 2014 $
+.Dd $Mdocdate: December 12 2014 $
 .Dt HTTPD 8
 .Os
 .Sh NAME
@@ -28,7 +28,7 @@
 .Sh DESCRIPTION
 The
 .Nm
-daemon is an HTTP server with FastCGI and SSL support.
+daemon is an HTTP server with FastCGI and TLS support.
 .Pp
 The FastCGI implementation has optional socket support.
 .Nm
diff --git a/usr.sbin/httpd/httpd.conf.5 b/usr.sbin/httpd/httpd.conf.5
index b6177d397e8..736b7055ea0 100644
--- a/usr.sbin/httpd/httpd.conf.5
+++ b/usr.sbin/httpd/httpd.conf.5
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: httpd.conf.5,v 1.36 2014/11/12 16:52:44 jmc Exp $
+.\"	$OpenBSD: httpd.conf.5,v 1.37 2014/12/12 14:45:59 reyk Exp $
 .\"
 .\" Copyright (c) 2014 Reyk Floeter <reyk@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: November 12 2014 $
+.Dd $Mdocdate: December 12 2014 $
 .Dt HTTPD.CONF 5
 .Os
 .Sh NAME
@@ -169,7 +169,7 @@ root directory of
 .Xr httpd 8
 and defaults to
 .Pa /run/slowcgi.sock .
-.It Ic listen on Ar address Oo Ic ssl Oc Ic port Ar number
+.It Ic listen on Ar address Oo Ic tls Oc Ic port Ar number
 Set the listen address and port.
 .It Ic location Ar path Brq ...
 Specify server configuration rules for a specific location.
@@ -246,33 +246,6 @@ root directory of
 .Nm httpd .
 If not specified, it defaults to
 .Pa /htdocs .
-.It Ic ssl Ar option
-Set the SSL configuration for the server.
-These options are only used if SSL has been enabled via the listen directive.
-Valid options are:
-.Bl -tag -width Ds
-.It Ic certificate Ar file
-Specify the certificate to use for this server.
-The
-.Ar file
-should contain a PEM encoded certificate.
-.It Ic ciphers Ar string
-Specify the SSL cipher string.
-If not specified, the default value
-.Qq HIGH:!aNULL
-will be used (strong crypto cipher suites without anonymous DH).
-See the CIPHERS section of
-.Xr openssl 1
-for information about SSL cipher suites and preference lists.
-.It Ic key Ar file
-Specify the private key to use for this server.
-The
-.Ar file
-should contain a PEM encoded private key and reside outside of the
-.Xr chroot 2
-root directory of
-.Nm httpd .
-.El
 .It Ic tcp Ar option
 Enable or disable the specified TCP/IP options; see
 .Xr tcp 4
@@ -306,6 +279,33 @@ Set the socket-level buffer size for input and output for this
 connection.
 This will affect the TCP window size.
 .El
+.It Ic tls Ar option
+Set the TLS configuration for the server.
+These options are only used if TLS has been enabled via the listen directive.
+Valid options are:
+.Bl -tag -width Ds
+.It Ic certificate Ar file
+Specify the certificate to use for this server.
+The
+.Ar file
+should contain a PEM encoded certificate.
+.It Ic ciphers Ar string
+Specify the TLS cipher string.
+If not specified, the default value
+.Qq HIGH:!aNULL
+will be used (strong crypto cipher suites without anonymous DH).
+See the CIPHERS section of
+.Xr openssl 1
+for information about SSL/TLS cipher suites and preference lists.
+.It Ic key Ar file
+Specify the private key to use for this server.
+The
+.Ar file
+should contain a PEM encoded private key and reside outside of the
+.Xr chroot 2
+root directory of
+.Nm httpd .
+.El
 .El
 .Sh TYPES
 Configure the supported media types.
diff --git a/usr.sbin/httpd/httpd.h b/usr.sbin/httpd/httpd.h
index 5e39fe1b610..8c14f974004 100644
--- a/usr.sbin/httpd/httpd.h
+++ b/usr.sbin/httpd/httpd.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: httpd.h,v 1.63 2014/11/11 15:54:45 beck Exp $	*/
+/*	$OpenBSD: httpd.h,v 1.64 2014/12/12 14:45:59 reyk Exp $	*/
 
 /*
  * Copyright (c) 2006 - 2014 Reyk Floeter <reyk@openbsd.org>
@@ -38,9 +38,9 @@
 #define HTTPD_LOGROOT		"/logs"
 #define HTTPD_ACCESS_LOG	"access.log"
 #define HTTPD_ERROR_LOG		"error.log"
-#define HTTPD_SSL_CERT		"/etc/ssl/server.crt"
-#define HTTPD_SSL_KEY		"/etc/ssl/private/server.key"
-#define HTTPD_SSL_CIPHERS	"HIGH:!aNULL"
+#define HTTPD_TLS_CERT		"/etc/ssl/server.crt"
+#define HTTPD_TLS_KEY		"/etc/ssl/private/server.key"
+#define HTTPD_TLS_CIPHERS	"HIGH:!aNULL"
 #define FD_RESERVE		5
 
 #define SERVER_MAX_CLIENTS	1024
@@ -322,14 +322,14 @@ SPLAY_HEAD(client_tree, client);
 #define SRVFLAG_SOCKET		0x0400
 #define SRVFLAG_SYSLOG		0x0800
 #define SRVFLAG_NO_SYSLOG	0x1000
-#define SRVFLAG_SSL		0x2000
+#define SRVFLAG_TLS		0x2000
 #define SRVFLAG_ACCESS_LOG	0x4000
 #define SRVFLAG_ERROR_LOG	0x8000
 
 #define SRVFLAG_BITS							\
 	"\10\01INDEX\02NO_INDEX\03AUTO_INDEX\04NO_AUTO_INDEX"		\
 	"\05ROOT\06LOCATION\07FCGI\10NO_FCGI\11LOG\12NO_LOG\13SOCKET"	\
-	"\14SYSLOG\15NO_SYSLOG\16SSL\17ACCESS_LOG\20ERROR_LOG"
+	"\14SYSLOG\15NO_SYSLOG\16TLS\17ACCESS_LOG\20ERROR_LOG"
 
 #define TCPFLAG_NODELAY		0x01
 #define TCPFLAG_NNODELAY	0x02
@@ -376,13 +376,13 @@ struct server_config {
 	u_int32_t		 maxrequests;
 	size_t			 maxrequestbody;
 
-	char			*ssl_cert;
-	off_t			 ssl_cert_len;
-	char			*ssl_cert_file;
-	char			 ssl_ciphers[NAME_MAX];
-	char			*ssl_key;
-	off_t			 ssl_key_len;
-	char			*ssl_key_file;
+	char			*tls_cert;
+	off_t			 tls_cert_len;
+	char			*tls_cert_file;
+	char			 tls_ciphers[NAME_MAX];
+	char			*tls_key;
+	off_t			 tls_key_len;
+	char			*tls_key_file;
 
 	u_int16_t		 flags;
 	u_int8_t		 tcpflags;
@@ -464,7 +464,7 @@ int	 cmdline_symset(char *);
 
 /* server.c */
 pid_t	 server(struct privsep *, struct privsep_proc *);
-int	 server_ssl_load_keypair(struct server *);
+int	 server_tls_load_keypair(struct server *);
 int	 server_privinit(struct server *);
 void	 server_purge(struct server *);
 void	 serverconfig_free(struct server_config *);
diff --git a/usr.sbin/httpd/parse.y b/usr.sbin/httpd/parse.y
index f02334f1392..849d35088d0 100644
--- a/usr.sbin/httpd/parse.y
+++ b/usr.sbin/httpd/parse.y
@@ -1,4 +1,4 @@
-/*	$OpenBSD: parse.y,v 1.43 2014/12/04 02:44:42 tedu Exp $	*/
+/*	$OpenBSD: parse.y,v 1.44 2014/12/12 14:45:59 reyk Exp $	*/
 
 /*
  * Copyright (c) 2007 - 2014 Reyk Floeter <reyk@openbsd.org>
@@ -129,12 +129,12 @@ typedef struct {
 %token	ACCESS AUTO BACKLOG BODY BUFFER CERTIFICATE CHROOT CIPHERS COMMON
 %token	COMBINED CONNECTION DIRECTORY ERR FCGI INDEX IP KEY LISTEN LOCATION
 %token	LOG LOGDIR MAXIMUM NO NODELAY ON PORT PREFORK REQUEST REQUESTS ROOT
-%token	SACK SERVER SOCKET SSL STYLE SYSLOG TCP TIMEOUT TYPES
+%token	SACK SERVER SOCKET STYLE SYSLOG TCP TIMEOUT TLS TYPES 
 %token	ERROR INCLUDE
 %token	<v.string>	STRING
 %token  <v.number>	NUMBER
 %type	<v.port>	port
-%type	<v.number>	optssl
+%type	<v.number>	opttls
 %type	<v.tv>		timeout
 %type	<v.string>	numberstring
 
@@ -173,8 +173,8 @@ varset		: STRING '=' STRING	{
 		}
 		;
 
-optssl		: /*empty*/	{ $$ = 0; }
-		| SSL		{ $$ = 1; }
+opttls		: /*empty*/	{ $$ = 0; }
+		| TLS		{ $$ = 1; }
 		;
 
 main		: PREFORK NUMBER	{
@@ -230,14 +230,14 @@ server		: SERVER STRING		{
 			s->srv_conf.maxrequestbody = SERVER_MAXREQUESTBODY;
 			s->srv_conf.flags |= SRVFLAG_LOG;
 			s->srv_conf.logformat = LOG_FORMAT_COMMON;
-			if ((s->srv_conf.ssl_cert_file =
-			    strdup(HTTPD_SSL_CERT)) == NULL)
+			if ((s->srv_conf.tls_cert_file =
+			    strdup(HTTPD_TLS_CERT)) == NULL)
 				fatal("out of memory");
-			if ((s->srv_conf.ssl_key_file =
-			    strdup(HTTPD_SSL_KEY)) == NULL)
+			if ((s->srv_conf.tls_key_file =
+			    strdup(HTTPD_TLS_KEY)) == NULL)
 				fatal("out of memory");
-			strlcpy(s->srv_conf.ssl_ciphers, HTTPD_SSL_CIPHERS,
-			    sizeof(s->srv_conf.ssl_ciphers));
+			strlcpy(s->srv_conf.tls_ciphers, HTTPD_TLS_CIPHERS,
+			    sizeof(s->srv_conf.tls_ciphers));
 
 			if (last_server_id == INT_MAX) {
 				yyerror("too many servers defined");
@@ -278,7 +278,7 @@ server		: SERVER STRING		{
 				YYERROR;
 			}
 
-			if (server_ssl_load_keypair(srv) == -1) {
+			if (server_tls_load_keypair(srv) == -1) {
 				yyerror("failed to load public/private keys "
 				    "for server %s", srv->srv_conf.name);
 				serverconfig_free(srv_conf);
@@ -300,7 +300,7 @@ serveropts_l	: serveropts_l serveroptsl nl
 		| serveroptsl optnl
 		;
 
-serveroptsl	: LISTEN ON STRING optssl port {
+serveroptsl	: LISTEN ON STRING opttls port {
 			struct addresslist	 al;
 			struct address		*h;
 			struct server		*s;
@@ -338,7 +338,7 @@ serveroptsl	: LISTEN ON STRING optssl port {
 			host_free(&al);
 
 			if ($4) {
-				s->srv_conf.flags |= SRVFLAG_SSL;
+				s->srv_conf.flags |= SRVFLAG_TLS;
 			}
 		}
 		| TCP			{
@@ -353,12 +353,12 @@ serveroptsl	: LISTEN ON STRING optssl port {
 				YYERROR;
 			}
 		} connection
-		| SSL			{
+		| TLS			{
 			if (parentsrv != NULL) {
-				yyerror("ssl configuration inside location");
+				yyerror("tls configuration inside location");
 				YYERROR;
 			}
-		} ssl
+		} tls
 		| ROOT STRING		{
 			if (strlcpy(srv->srv_conf.root, $2,
 			    sizeof(srv->srv_conf.root)) >=
@@ -518,30 +518,30 @@ conflags	: TIMEOUT timeout		{
 		}
 		;
 
-ssl		: '{' sslopts_l '}'
-		| sslopts
+tls		: '{' tlsopts_l '}'
+		| tlsopts
 		;
 
-sslopts_l	: sslopts comma sslopts_l
-		| sslopts
+tlsopts_l	: tlsopts comma tlsopts_l
+		| tlsopts
 		;
 
-sslopts		: CERTIFICATE STRING		{
-			free(srv_conf->ssl_cert_file);
-			if ((srv_conf->ssl_cert_file = strdup($2)) == NULL)
+tlsopts		: CERTIFICATE STRING		{
+			free(srv_conf->tls_cert_file);
+			if ((srv_conf->tls_cert_file = strdup($2)) == NULL)
 				fatal("out of memory");
 			free($2);
 		}
 		| KEY STRING			{
-			free(srv_conf->ssl_key_file);
-			if ((srv_conf->ssl_key_file = strdup($2)) == NULL)
+			free(srv_conf->tls_key_file);
+			if ((srv_conf->tls_key_file = strdup($2)) == NULL)
 				fatal("out of memory");
 			free($2);
 		}
 		| CIPHERS STRING		{
-			if (strlcpy(srv_conf->ssl_ciphers, $2,
-			    sizeof(srv_conf->ssl_ciphers)) >=
-			    sizeof(srv_conf->ssl_ciphers)) {
+			if (strlcpy(srv_conf->tls_ciphers, $2,
+			    sizeof(srv_conf->tls_ciphers)) >=
+			    sizeof(srv_conf->tls_ciphers)) {
 				yyerror("ciphers too long");
 				free($2);
 				YYERROR;
@@ -886,11 +886,11 @@ lookup(char *s)
 		{ "sack",		SACK },
 		{ "server",		SERVER },
 		{ "socket",		SOCKET },
-		{ "ssl",		SSL },
 		{ "style",		STYLE },
 		{ "syslog",		SYSLOG },
 		{ "tcp",		TCP },
 		{ "timeout",		TIMEOUT },
+		{ "tls",		TLS },
 		{ "types",		TYPES }
 	};
 	const struct keywords	*p;
diff --git a/usr.sbin/httpd/server.c b/usr.sbin/httpd/server.c
index ebefc681e54..cc4c69075fe 100644
--- a/usr.sbin/httpd/server.c
+++ b/usr.sbin/httpd/server.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: server.c,v 1.47 2014/12/04 02:44:42 tedu Exp $	*/
+/*	$OpenBSD: server.c,v 1.48 2014/12/12 14:45:59 reyk Exp $	*/
 
 /*
  * Copyright (c) 2006 - 2014 Reyk Floeter <reyk@openbsd.org>
@@ -59,12 +59,12 @@ int		 server_socket(struct sockaddr_storage *, in_port_t,
 int		 server_socket_listen(struct sockaddr_storage *, in_port_t,
 		    struct server_config *);
 
-int		 server_ssl_init(struct server *);
-void		 server_ssl_readcb(int, short, void *);
-void		 server_ssl_writecb(int, short, void *);
+int		 server_tls_init(struct server *);
+void		 server_tls_readcb(int, short, void *);
+void		 server_tls_writecb(int, short, void *);
 
 void		 server_accept(int, short, void *);
-void		 server_accept_ssl(int, short, void *);
+void		 server_accept_tls(int, short, void *);
 void		 server_input(struct client *);
 
 extern void	 bufferevent_read_pressure_cb(struct evbuffer *, size_t,
@@ -145,33 +145,33 @@ server_load_file(const char *filename, off_t *len)
 }
 
 int
-server_ssl_load_keypair(struct server *srv)
+server_tls_load_keypair(struct server *srv)
 {
-	if ((srv->srv_conf.flags & SRVFLAG_SSL) == 0)
+	if ((srv->srv_conf.flags & SRVFLAG_TLS) == 0)
 		return (0);
 
-	if ((srv->srv_conf.ssl_cert = server_load_file(
-	    srv->srv_conf.ssl_cert_file, &srv->srv_conf.ssl_cert_len)) == NULL)
+	if ((srv->srv_conf.tls_cert = server_load_file(
+	    srv->srv_conf.tls_cert_file, &srv->srv_conf.tls_cert_len)) == NULL)
 		return (-1);
 	log_debug("%s: using certificate %s", __func__,
-	    srv->srv_conf.ssl_cert_file);
+	    srv->srv_conf.tls_cert_file);
 
-	if ((srv->srv_conf.ssl_key = server_load_file(
-	    srv->srv_conf.ssl_key_file, &srv->srv_conf.ssl_key_len)) == NULL)
+	if ((srv->srv_conf.tls_key = server_load_file(
+	    srv->srv_conf.tls_key_file, &srv->srv_conf.tls_key_len)) == NULL)
 		return (-1);
 	log_debug("%s: using private key %s", __func__,
-	    srv->srv_conf.ssl_key_file);
+	    srv->srv_conf.tls_key_file);
 
 	return (0);
 }
 
 int
-server_ssl_init(struct server *srv)
+server_tls_init(struct server *srv)
 {
-	if ((srv->srv_conf.flags & SRVFLAG_SSL) == 0)
+	if ((srv->srv_conf.flags & SRVFLAG_TLS) == 0)
 		return (0);
 
-	log_debug("%s: setting up SSL for %s", __func__, srv->srv_conf.name);
+	log_debug("%s: setting up TLS for %s", __func__, srv->srv_conf.name);
 
 	if (tls_init() != 0) {
 		log_warn("%s: failed to initialise tls", __func__);
@@ -187,37 +187,37 @@ server_ssl_init(struct server *srv)
 	}
 
 	if (tls_config_set_ciphers(srv->srv_tls_config,
-	    srv->srv_conf.ssl_ciphers) != 0) {
+	    srv->srv_conf.tls_ciphers) != 0) {
 		log_warn("%s: failed to set tls ciphers", __func__);
 		return (-1);
 	}
 	if (tls_config_set_cert_mem(srv->srv_tls_config,
-	    srv->srv_conf.ssl_cert, srv->srv_conf.ssl_cert_len) != 0) {
+	    srv->srv_conf.tls_cert, srv->srv_conf.tls_cert_len) != 0) {
 		log_warn("%s: failed to set tls cert", __func__);
 		return (-1);
 	}
 	if (tls_config_set_key_mem(srv->srv_tls_config,
-	    srv->srv_conf.ssl_key, srv->srv_conf.ssl_key_len) != 0) {
+	    srv->srv_conf.tls_key, srv->srv_conf.tls_key_len) != 0) {
 		log_warn("%s: failed to set tls key", __func__);
 		return (-1);
 	}
 
 	if (tls_configure(srv->srv_tls_ctx, srv->srv_tls_config) != 0) {
-		log_warn("%s: failed to configure SSL - %s", __func__,
+		log_warn("%s: failed to configure TLS - %s", __func__,
 		    tls_error(srv->srv_tls_ctx));
 		return (-1);
 	}
 
 	/* We're now done with the public/private key... */
 	tls_config_clear_keys(srv->srv_tls_config);
-	explicit_bzero(srv->srv_conf.ssl_cert, srv->srv_conf.ssl_cert_len);
-	explicit_bzero(srv->srv_conf.ssl_key, srv->srv_conf.ssl_key_len);
-	free(srv->srv_conf.ssl_cert);
-	free(srv->srv_conf.ssl_key);
-	srv->srv_conf.ssl_cert = NULL;
-	srv->srv_conf.ssl_key = NULL;
-	srv->srv_conf.ssl_cert_len = 0;
-	srv->srv_conf.ssl_key_len = 0;
+	explicit_bzero(srv->srv_conf.tls_cert, srv->srv_conf.tls_cert_len);
+	explicit_bzero(srv->srv_conf.tls_key, srv->srv_conf.tls_key_len);
+	free(srv->srv_conf.tls_cert);
+	free(srv->srv_conf.tls_key);
+	srv->srv_conf.tls_cert = NULL;
+	srv->srv_conf.tls_key = NULL;
+	srv->srv_conf.tls_cert_len = 0;
+	srv->srv_conf.tls_key_len = 0;
 
 	return (0);
 }
@@ -253,7 +253,7 @@ server_launch(void)
 	struct server		*srv;
 
 	TAILQ_FOREACH(srv, env->sc_servers, srv_entry) {
-		server_ssl_init(srv);
+		server_tls_init(srv);
 		server_http_init(srv);
 
 		log_debug("%s: running server %s", __func__,
@@ -307,17 +307,17 @@ server_purge(struct server *srv)
 void
 serverconfig_free(struct server_config *srv_conf)
 {
-	free(srv_conf->ssl_cert_file);
-	free(srv_conf->ssl_cert);
-	free(srv_conf->ssl_key_file);
-	free(srv_conf->ssl_key);
+	free(srv_conf->tls_cert_file);
+	free(srv_conf->tls_cert);
+	free(srv_conf->tls_key_file);
+	free(srv_conf->tls_key);
 }
 
 void
 serverconfig_reset(struct server_config *srv_conf)
 {
-	srv_conf->ssl_cert_file = srv_conf->ssl_cert =
-	    srv_conf->ssl_key_file = srv_conf->ssl_key = NULL;
+	srv_conf->tls_cert_file = srv_conf->tls_cert =
+	    srv_conf->tls_key_file = srv_conf->tls_key = NULL;
 }
 
 struct server *
@@ -537,7 +537,7 @@ server_socket_connect(struct sockaddr_storage *ss, in_port_t port,
 }
 
 void
-server_ssl_readcb(int fd, short event, void *arg)
+server_tls_readcb(int fd, short event, void *arg)
 {
 	struct bufferevent	*bufev = arg;
 	struct client		*clt = bufev->cbarg;
@@ -593,7 +593,7 @@ server_ssl_readcb(int fd, short event, void *arg)
 }
 
 void
-server_ssl_writecb(int fd, short event, void *arg)
+server_tls_writecb(int fd, short event, void *arg)
 {
 	struct bufferevent	*bufev = arg;
 	struct client		*clt = bufev->cbarg;
@@ -687,11 +687,11 @@ server_input(struct client *clt)
 		return;
 	}
 
-	if (srv_conf->flags & SRVFLAG_SSL) {
+	if (srv_conf->flags & SRVFLAG_TLS) {
 		event_set(&clt->clt_bev->ev_read, clt->clt_s, EV_READ,
-		    server_ssl_readcb, clt->clt_bev);
+		    server_tls_readcb, clt->clt_bev);
 		event_set(&clt->clt_bev->ev_write, clt->clt_s, EV_WRITE,
-		    server_ssl_writecb, clt->clt_bev);
+		    server_tls_writecb, clt->clt_bev);
 	}
 
 	/* Adjust write watermark to the socket buffer output size */
@@ -898,9 +898,9 @@ server_accept(int fd, short event, void *arg)
 		return;
 	}
 
-	if (srv->srv_conf.flags & SRVFLAG_SSL) {
+	if (srv->srv_conf.flags & SRVFLAG_TLS) {
 		event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_READ,
-		    server_accept_ssl, &clt->clt_tv_start,
+		    server_accept_tls, &clt->clt_tv_start,
 		    &srv->srv_conf.timeout, clt);
 		return;
 	}
@@ -922,14 +922,14 @@ server_accept(int fd, short event, void *arg)
 }
 
 void
-server_accept_ssl(int fd, short event, void *arg)
+server_accept_tls(int fd, short event, void *arg)
 {
 	struct client *clt = (struct client *)arg;
 	struct server *srv = (struct server *)clt->clt_srv;
 	int ret;
 
 	if (event == EV_TIMEOUT) {
-		server_close(clt, "SSL accept timeout");
+		server_close(clt, "TLS accept timeout");
 		return;
 	}
 
@@ -940,14 +940,14 @@ server_accept_ssl(int fd, short event, void *arg)
 	    clt->clt_s);
 	if (ret == TLS_READ_AGAIN) {
 		event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_READ,
-		    server_accept_ssl, &clt->clt_tv_start,
+		    server_accept_tls, &clt->clt_tv_start,
 		    &srv->srv_conf.timeout, clt);
 	} else if (ret == TLS_WRITE_AGAIN) {
 		event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_WRITE,
-		    server_accept_ssl, &clt->clt_tv_start,
+		    server_accept_tls, &clt->clt_tv_start,
 		    &srv->srv_conf.timeout, clt);
 	} else if (ret != 0) {
-		log_warnx("%s: SSL accept failed - %s", __func__,
+		log_warnx("%s: TLS accept failed - %s", __func__,
 		    tls_error(srv->srv_tls_ctx));
 		return;
 	}
diff --git a/usr.sbin/httpd/server_fcgi.c b/usr.sbin/httpd/server_fcgi.c
index 4353f2df4a4..43fe45ccfd2 100644
--- a/usr.sbin/httpd/server_fcgi.c
+++ b/usr.sbin/httpd/server_fcgi.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: server_fcgi.c,v 1.41 2014/12/04 02:44:42 tedu Exp $	*/
+/*	$OpenBSD: server_fcgi.c,v 1.42 2014/12/12 14:45:59 reyk Exp $	*/
 
 /*
  * Copyright (c) 2014 Florian Obser <florian@openbsd.org>
@@ -253,7 +253,7 @@ server_fcgi(struct httpd *env, struct client *clt)
 		goto fail;
 	}
 
-	if (srv_conf->flags & SRVFLAG_SSL)
+	if (srv_conf->flags & SRVFLAG_TLS)
 		if (fcgi_add_param(&param, "HTTPS", "on", clt) == -1) {
 			errstr = "failed to encode param";
 			goto fail;
diff --git a/usr.sbin/httpd/server_file.c b/usr.sbin/httpd/server_file.c
index b1fdd49952f..cd751584b63 100644
--- a/usr.sbin/httpd/server_file.c
+++ b/usr.sbin/httpd/server_file.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: server_file.c,v 1.40 2014/12/04 02:44:42 tedu Exp $	*/
+/*	$OpenBSD: server_file.c,v 1.41 2014/12/12 14:45:59 reyk Exp $	*/
 
 /*
  * Copyright (c) 2006 - 2014 Reyk Floeter <reyk@openbsd.org>
@@ -82,7 +82,7 @@ server_file_access(struct httpd *env, struct client *clt,
 		/* Redirect to path with trailing "/" */
 		if (path[strlen(path) - 1] != '/') {
 			if (asprintf(&newpath, "http%s://%s%s/",
-			    srv_conf->flags & SRVFLAG_SSL ? "s" : "",
+			    srv_conf->flags & SRVFLAG_TLS ? "s" : "",
 			    desc->http_host, desc->http_path) == -1)
 				return (500);
 			/* Path alias will be used for the redirection */