@@ -40,7 +40,7 @@ export makefile_defs

 VERSION = 0

 PATCHLEVEL = 8

 SUBLEVEL =   12

-EXTRAVERSION = dev-t05

+EXTRAVERSION = dev-t06

 RELEASE=$(VERSION).$(PATCHLEVEL).$(SUBLEVEL)$(EXTRAVERSION)

 OS = $(shell uname -s | sed -e s/SunOS/solaris/ | tr "[A-Z]" "[a-z]")

@@ -686,7 +686,7 @@ endif

 #add libssl if needed

 ifneq ($(TLS),)

-LIBS+= -lssl

+LIBS+= -lssl 

 endif

 ifneq ($(found_lock_method), yes)

@@ -37,6 +37,7 @@

  *  2003-04-22  strip_tail added (jiri)

  *  2003-07-03  tls* (disable, certificate, private_key, ca_list, verify, 

  *               require_certificate added (andrei)

+ *  2003-07-06  more tls config. vars added: tls_method, tls_port_no (andrei)

  */

@@ -149,7 +150,7 @@ MAXBUFFER maxbuffer

 CHILDREN children

 CHECK_VIA	check_via

 SYN_BRANCH syn_branch

-MEMLOG	memlog

+MEMLOG		"memlog"|"mem_log"

 SIP_WARNING sip_warning

 FIFO fifo

 FIFO_MODE fifo_mode

@@ -163,6 +164,9 @@ MHOMED		mhomed

 DISABLE_TCP		"disable_tcp"

 TCP_CHILDREN	"tcp_children"

 DISABLE_TLS		"disable_tls"

+TLSLOG			"tlslog"|"tls_log"

+TLS_PORT_NO		"tls_port_no"

+TLS_METHOD		"tls_method"

 TLS_VERIFY		"tls_verify"

 TLS_REQUIRE_CERTIFICATE "tls_require_certificate"

 TLS_CERTIFICATE	"tls_certificate"

@@ -175,11 +179,15 @@ MODPARAM        modparam

 /* values */

 YES			"yes"|"true"|"on"|"enable"

 NO			"no"|"false"|"off"|"disable"

-UDP			"udp"

-TCP			"tcp"

-TLS			"tls"

-INET		"inet"

-INET6		"inet6"

+UDP			"udp"|"UDP"

+TCP			"tcp"|"TCP"

+TLS			"tls"|"TLS"

+INET		"inet"|"INET"

+INET6		"inet6"|"INET6"

+SSLv23			"sslv23"|"SSLv23"|"SSLV23"

+SSLv2			"sslv2"|"SSLv2"|"SSLV2"

+SSLv3			"sslv3"|"SSLv3"|"SSLV3"

+TLSv1			"tlsv1"|"TLSv1"|"TLSV1"

 LETTER		[a-zA-Z]

 DIGIT		[0-9]

@@ -290,6 +298,9 @@ EAT_ABLE	[\ \t\b\r]

 <INITIAL>{DISABLE_TCP}	{ count(); yylval.strval=yytext; return DISABLE_TCP; }

 <INITIAL>{TCP_CHILDREN}	{ count(); yylval.strval=yytext; return TCP_CHILDREN; }

 <INITIAL>{DISABLE_TLS}	{ count(); yylval.strval=yytext; return DISABLE_TLS; }

+<INITIAL>{TLSLOG}		{ count(); yylval.strval=yytext; return TLS_PORT_NO; }

+<INITIAL>{TLS_PORT_NO}	{ count(); yylval.strval=yytext; return TLS_PORT_NO; }

+<INITIAL>{TLS_METHOD}	{ count(); yylval.strval=yytext; return TLS_METHOD; }

 <INITIAL>{TLS_VERIFY}	{ count(); yylval.strval=yytext; return TLS_VERIFY; }

 <INITIAL>{TLS_REQUIRE_CERTIFICATE}	{ count(); yylval.strval=yytext;

 										return TLS_REQUIRE_CERTIFICATE; }

@@ -330,6 +341,10 @@ EAT_ABLE	[\ \t\b\r]

 						  yylval.intval=-1; /* no match*/

 						#endif

 						  return NUMBER; }

+<INITIAL>{SSLv23}		{ count(); yylval.strval=yytext; return SSLv23; }

+<INITIAL>{SSLv2}		{ count(); yylval.strval=yytext; return SSLv2; }

+<INITIAL>{SSLv3}		{ count(); yylval.strval=yytext; return SSLv3; }

+<INITIAL>{TLSv1}		{ count(); yylval.strval=yytext; return TLSv1; }

 <INITIAL>{COMMA}		{ count(); return COMMA; }

 <INITIAL>{SEMICOLON}	{ count(); return SEMICOLON; }

@@ -41,6 +41,7 @@

  * 2003-04-22  strip_tail added (jiri)

  * 2003-07-03  tls* (disable, certificate, private_key, ca_list, verify, 

  *              require_certificate added (andrei)

+ * 2003-07-06  more tls config. vars added: tls_method, tls_port_no (andrei)

  */

@@ -64,6 +65,9 @@

 #include "name_alias.h"

 #include "config.h"

+#ifdef USE_TLS

+#include "tls/tls_config.h"

+#endif

 #ifdef DEBUG_DMALLOC

 #include <dmalloc.h>

@@ -84,6 +88,8 @@ char* tmp;

 void* f_tmp;

 struct id_list* lst_tmp;

 int rt;  /* Type of route block for find_export */

+

+void warn(char* s);

 %}

@@ -177,6 +183,13 @@ int rt;  /* Type of route block for find_export */

 %token DISABLE_TCP

 %token TCP_CHILDREN

 %token DISABLE_TLS

+%token TLSLOG

+%token TLS_PORT_NO

+%token TLS_METHOD

+%token SSLv23

+%token SSLv2

+%token SSLv3

+%token TLSv1

 %token TLS_VERIFY

 %token TLS_REQUIRE_CERTIFICATE

 %token TLS_CERTIFICATE

@@ -363,8 +376,7 @@ assign_stm:	DEBUG EQUAL NUMBER { debug=$3; }

 									#ifdef USE_TCP

 										tcp_disable=$3;

 									#else

-										fprintf(stderr, "WARNING: tcp support"

-												"not compiled in\n");

+										warn("tcp support not compiled in");

 									#endif

 									}

 		| DISABLE_TCP EQUAL error { yyerror("boolean value expected"); }

@@ -372,8 +384,7 @@ assign_stm:	DEBUG EQUAL NUMBER { debug=$3; }

 									#ifdef USE_TCP

 										tcp_children_no=$3;

 									#else

-										fprintf(stderr, "WARNING: tcp support"

-												"not compiled in\n");

+										warn("tcp support not compiled in");

 									#endif

 									}

 		| TCP_CHILDREN EQUAL error { yyerror("number expected"); }

@@ -381,17 +392,68 @@ assign_stm:	DEBUG EQUAL NUMBER { debug=$3; }

 									#ifdef USE_TLS

 										tls_disable=$3;

 									#else

-										fprintf(stderr, "WARNING: tls support"

-												"not compiled in\n");

+										warn("tls support not compiled in");

 									#endif

 									}

 		| DISABLE_TLS EQUAL error { yyerror("boolean value expected"); }

+		| TLSLOG EQUAL NUMBER 		{ 

+									#ifdef USE_TLS

+										tls_log=$3;

+									#else

+										warn("tls support not compiled in");

+									#endif

+									}

+		| TLSLOG EQUAL error { yyerror("int value expected"); }

+		| TLS_PORT_NO EQUAL NUMBER {

+									#ifdef USE_TLS

+										tls_port_no=$3;

+									#else

+										warn("tls support not compiled in");

+									#endif

+									}

+		| TLS_PORT_NO EQUAL error { yyerror("number expected"); }

+		| TLS_METHOD EQUAL SSLv23 {

+									#ifdef USE_TLS

+										tls_method=TLS_USE_SSLv23;

+									#else

+										warn("tls support not compiled in");

+									#endif

+									}

+		| TLS_METHOD EQUAL SSLv2 {

+									#ifdef USE_TLS

+										tls_method=TLS_USE_SSLv2;

+									#else

+										warn("tls support not compiled in");

+									#endif

+									}

+		| TLS_METHOD EQUAL SSLv3 {

+									#ifdef USE_TLS

+										tls_method=TLS_USE_SSLv3;

+									#else

+										warn("tls support not compiled in");

+									#endif

+									}

+		| TLS_METHOD EQUAL TLSv1 {

+									#ifdef USE_TLS

+										tls_method=TLS_USE_TLSv1;

+									#else

+										warn("tls support not compiled in");

+									#endif

+									}

+		| TLS_METHOD EQUAL error {

+									#ifdef USE_TLS

+										yyerror("SSLv23, SSLv2, SSLv3 or TLSv1"

+													" expected");

+									#else

+										warn("tls support not compiled in");

+									#endif

+									}

+										

 		| TLS_VERIFY EQUAL NUMBER {

 									#ifdef USE_TLS

 										tls_verify_cert=$3;

 									#else

-										fprintf(stderr, "WARNING: tcp support"

-												"not compiled in\n");

+										warn("tls support not compiled in");

 									#endif

 									}

 		| TLS_VERIFY EQUAL error { yyerror("boolean value expected"); }

@@ -399,8 +461,7 @@ assign_stm:	DEBUG EQUAL NUMBER { debug=$3; }

 									#ifdef USE_TLS

 										tls_require_cert=$3;

 									#else

-										fprintf(stderr, "WARNING: tcp support"

-												"not compiled in\n");

+										warn( "tls support not compiled in");

 									#endif

 									}

 		| TLS_REQUIRE_CERTIFICATE EQUAL error { yyerror("boolean value"

@@ -409,8 +470,7 @@ assign_stm:	DEBUG EQUAL NUMBER { debug=$3; }

 									#ifdef USE_TLS

 											tls_cert_file=$3;

 									#else

-										fprintf(stderr, "WARNING: tls support"

-												"not compiled in\n");

+										warn("tls support not compiled in");

 									#endif

 									}

 		| TLS_CERTIFICATE EQUAL error { yyerror("string value expected"); }

@@ -418,8 +478,7 @@ assign_stm:	DEBUG EQUAL NUMBER { debug=$3; }

 									#ifdef USE_TLS

 											tls_pkey_file=$3;

 									#else

-										fprintf(stderr, "WARNING: tls support"

-												"not compiled in\n");

+										warn("tls support not compiled in");

 									#endif

 									}

 		| TLS_PRIVATE_KEY EQUAL error { yyerror("string value expected"); }

@@ -427,8 +486,7 @@ assign_stm:	DEBUG EQUAL NUMBER { debug=$3; }

 									#ifdef USE_TLS

 											tls_ca_file=$3;

 									#else

-										fprintf(stderr, "WARNING: tls support"

-												"not compiled in\n");

+										warn("tls support not compiled in");

 									#endif

 									}

 		| TLS_CA_LIST EQUAL error { yyerror("string value expected"); }

@@ -985,69 +1043,118 @@ cmd:		FORWARD LPAREN host RPAREN	{ $$=mk_action(	FORWARD_T,

 		| FORWARD_TCP error { $$=0; yyerror("missing '(' or ')' ?"); }

 		| FORWARD_TCP LPAREN error RPAREN { $$=0; yyerror("bad forward_tcp"

 										"argument"); }

-		| FORWARD_TLS LPAREN host RPAREN	{ $$=mk_action(	FORWARD_TLS_T,

+		| FORWARD_TLS LPAREN host RPAREN	{

+										#ifdef USE_TLS

+											$$=mk_action(	FORWARD_TLS_T,

 														STRING_ST,

 														NUMBER_ST,

 														$3,

 														0);

+										#else

+											yyerror("tls support not "

+													"compiled in");

+										#endif

 										}

-		| FORWARD_TLS LPAREN STRING RPAREN	{ $$=mk_action(	FORWARD_TLS_T,

-														STRING_ST,

-														NUMBER_ST,

-														$3,

-														0);

+		| FORWARD_TLS LPAREN STRING RPAREN	{

+										#ifdef USE_TLS

+											$$=mk_action(	FORWARD_TLS_T,

+															STRING_ST,

+															NUMBER_ST,

+															$3,

+															0);

+										#else

+											yyerror("tls support not "

+													"compiled in");

+										#endif

 										}

-		| FORWARD_TLS LPAREN ip RPAREN	{ $$=mk_action(	FORWARD_TLS_T,

-														IP_ST,

-														NUMBER_ST,

-														(void*)$3,

-														0);

+		| FORWARD_TLS LPAREN ip RPAREN	{ 

+										#ifdef USE_TLS

+											$$=mk_action(	FORWARD_TLS_T,

+															IP_ST,

+															NUMBER_ST,

+															(void*)$3,

+															0);

+										#else

+											yyerror("tls support not "

+													"compiled in");

+										#endif

 										}

-		| FORWARD_TLS LPAREN host COMMA NUMBER RPAREN { $$=mk_action(

-																FORWARD_TLS_T,

-																 STRING_ST,

-																 NUMBER_ST,

-																$3,

-																(void*)$5);

+		| FORWARD_TLS LPAREN host COMMA NUMBER RPAREN { 

+										#ifdef USE_TLS

+											$$=mk_action(	FORWARD_TLS_T,

+															 STRING_ST,

+															 NUMBER_ST,

+															$3,

+															(void*)$5);

+										#else

+											yyerror("tls support not "

+													"compiled in");

+										#endif

 												 }

-		| FORWARD_TLS LPAREN STRING COMMA NUMBER RPAREN {$$=mk_action(

-																FORWARD_TLS_T,

-																 STRING_ST,

-																 NUMBER_ST,

-																$3,

-																(void*)$5);

+		| FORWARD_TLS LPAREN STRING COMMA NUMBER RPAREN {

+										#ifdef USE_TLS

+											$$=mk_action(	FORWARD_TLS_T,

+															 STRING_ST,

+															 NUMBER_ST,

+															$3,

+															(void*)$5);

+										#else

+											yyerror("tls support not "

+													"compiled in");

+										#endif

 													}

-		| FORWARD_TLS LPAREN ip COMMA NUMBER RPAREN { $$=mk_action(FORWARD_TLS_T,

-																 IP_ST,

-																 NUMBER_ST,

-																 (void*)$3,

-																(void*)$5);

+		| FORWARD_TLS LPAREN ip COMMA NUMBER RPAREN {

+										#ifdef USE_TLS

+											$$=mk_action(	FORWARD_TLS_T,

+															 IP_ST,

+															 NUMBER_ST,

+															 (void*)$3,

+															(void*)$5);

+										#else

+											yyerror("tls support not "

+													"compiled in");

+										#endif

 												  }

 		| FORWARD_TLS LPAREN URIHOST COMMA URIPORT RPAREN {

-													$$=mk_action(FORWARD_TLS_T,

-																 URIHOST_ST,

-																 URIPORT_ST,

-																0,

-																0);

+										#ifdef USE_TLS

+											$$=mk_action(	FORWARD_TLS_T,

+															 URIHOST_ST,

+															 URIPORT_ST,

+															0,

+															0);

+										#else

+											yyerror("tls support not "

+													"compiled in");

+										#endif

 													}

 		| FORWARD_TLS LPAREN URIHOST COMMA NUMBER RPAREN {

-													$$=mk_action(FORWARD_TLS_T,

-																 URIHOST_ST,

-																 NUMBER_ST,

-																0,

-																(void*)$5);

+										#ifdef USE_TLS

+											$$=mk_action(	FORWARD_TLS_T,

+															 URIHOST_ST,

+															 NUMBER_ST,

+															0,

+															(void*)$5);

+										#else

+											yyerror("tls support not "

+													"compiled in");

+										#endif

 													}

 		| FORWARD_TLS LPAREN URIHOST RPAREN {

-													$$=mk_action(FORWARD_TLS_T,

-																 URIHOST_ST,

-																 NUMBER_ST,

-																0,

-																0);

+										#ifdef USE_TLS

+											$$=mk_action(	FORWARD_TLS_T,

+															 URIHOST_ST,

+															 NUMBER_ST,

+															0,

+															0);

+										#else

+											yyerror("tls support not "

+													"compiled in");

+										#endif

 										}

 		| FORWARD_TLS error { $$=0; yyerror("missing '(' or ')' ?"); }

-		| FORWARD_TLS LPAREN error RPAREN { $$=0; yyerror("bad forward_tcp"

+		| FORWARD_TLS LPAREN error RPAREN { $$=0; yyerror("bad forward_tls"

 										"argument"); }

 		| SEND LPAREN host RPAREN	{ $$=mk_action(	SEND_T,

@@ -1301,6 +1408,13 @@ cmd:		FORWARD LPAREN host RPAREN	{ $$=mk_action(	FORWARD_T,

 extern int line;

 extern int column;

 extern int startcolumn;

+void warn(char* s)

+{

+	LOG(L_WARN, "cfg. warning: (%d,%d-%d): %s\n", line, startcolumn, 

+			column, s);

+	cfg_errors++;

+}

+

 void yyerror(char* s)

 {

 	LOG(L_CRIT, "parse error (%d,%d-%d): %s\n", line, startcolumn, 

@@ -81,11 +81,7 @@ extern int tcp_disable;

 #endif

 #ifdef USE_TLS

 extern int tls_disable;

-extern int tls_verify_cert;

-extern int tls_require_cert;

-extern char* tls_cert_file;

-extern char* tls_pkey_file;

-extern char* tls_ca_file;

+extern unsigned short tls_port_no;

 #endif

 extern int dont_fork;

 extern int check_via;