... | ... |
@@ -35,6 +35,8 @@ |
35 | 35 |
* 2003-04-05 s/reply_route/failure_route, onreply_route introduced (jiri) |
36 | 36 |
* 2003-04-12 added force_rport, chdir and wdir (andrei) |
37 | 37 |
* 2003-04-22 strip_tail added (jiri) |
38 |
+ * 2003-07-03 tls* (disable, certificate, private_key, ca_list, verify, |
|
39 |
+ * require_certificate added (andrei) |
|
38 | 40 |
*/ |
39 | 41 |
|
40 | 42 |
|
... | ... |
@@ -160,6 +162,12 @@ WDIR "workdir"|"wdir" |
160 | 162 |
MHOMED mhomed |
161 | 163 |
DISABLE_TCP "disable_tcp" |
162 | 164 |
TCP_CHILDREN "tcp_children" |
165 |
+DISABLE_TLS "disable_tls" |
|
166 |
+TLS_VERIFY "tls_verify" |
|
167 |
+TLS_REQUIRE_CERTIFICATE "tls_require_certificate" |
|
168 |
+TLS_CERTIFICATE "tls_certificate" |
|
169 |
+TLS_PRIVATE_KEY "tls_private_key" |
|
170 |
+TLS_CA_LIST "tls_ca_list" |
|
163 | 171 |
|
164 | 172 |
LOADMODULE loadmodule |
165 | 173 |
MODPARAM modparam |
... | ... |
@@ -281,6 +289,16 @@ EAT_ABLE [\ \t\b\r] |
281 | 289 |
<INITIAL>{MHOMED} { count(); yylval.strval=yytext; return MHOMED; } |
282 | 290 |
<INITIAL>{DISABLE_TCP} { count(); yylval.strval=yytext; return DISABLE_TCP; } |
283 | 291 |
<INITIAL>{TCP_CHILDREN} { count(); yylval.strval=yytext; return TCP_CHILDREN; } |
292 |
+<INITIAL>{DISABLE_TLS} { count(); yylval.strval=yytext; return DISABLE_TLS; } |
|
293 |
+<INITIAL>{TLS_VERIFY} { count(); yylval.strval=yytext; return TLS_VERIFY; } |
|
294 |
+<INITIAL>{TLS_REQUIRE_CERTIFICATE} { count(); yylval.strval=yytext; |
|
295 |
+ return TLS_REQUIRE_CERTIFICATE; } |
|
296 |
+<INITIAL>{TLS_CERTIFICATE} { count(); yylval.strval=yytext; |
|
297 |
+ return TLS_CERTIFICATE; } |
|
298 |
+<INITIAL>{TLS_PRIVATE_KEY} { count(); yylval.strval=yytext; |
|
299 |
+ return TLS_PRIVATE_KEY; } |
|
300 |
+<INITIAL>{TLS_CA_LIST} { count(); yylval.strval=yytext; |
|
301 |
+ return TLS_CA_LIST; } |
|
284 | 302 |
<INITIAL>{FIFO} { count(); yylval.strval=yytext; return FIFO; } |
285 | 303 |
<INITIAL>{FIFO_MODE} { count(); yylval.strval=yytext; return FIFO_MODE; } |
286 | 304 |
<INITIAL>{SERVER_SIGNATURE} { count(); yylval.strval=yytext; return SERVER_SIGNATURE; } |
... | ... |
@@ -39,6 +39,8 @@ |
39 | 39 |
* 2003-04-12 added force_rport, chroot and wdir (andrei) |
40 | 40 |
* 2003-04-15 added tcp_children, disable_tcp (andrei) |
41 | 41 |
* 2003-04-22 strip_tail added (jiri) |
42 |
+ * 2003-07-03 tls* (disable, certificate, private_key, ca_list, verify, |
|
43 |
+ * require_certificate added (andrei) |
|
42 | 44 |
*/ |
43 | 45 |
|
44 | 46 |
|
... | ... |
@@ -174,6 +176,12 @@ int rt; /* Type of route block for find_export */ |
174 | 176 |
%token MHOMED |
175 | 177 |
%token DISABLE_TCP |
176 | 178 |
%token TCP_CHILDREN |
179 |
+%token DISABLE_TLS |
|
180 |
+%token TLS_VERIFY |
|
181 |
+%token TLS_REQUIRE_CERTIFICATE |
|
182 |
+%token TLS_CERTIFICATE |
|
183 |
+%token TLS_PRIVATE_KEY |
|
184 |
+%token TLS_CA_LIST |
|
177 | 185 |
|
178 | 186 |
|
179 | 187 |
|
... | ... |
@@ -369,6 +377,61 @@ assign_stm: DEBUG EQUAL NUMBER { debug=$3; } |
369 | 377 |
#endif |
370 | 378 |
} |
371 | 379 |
| TCP_CHILDREN EQUAL error { yyerror("number expected"); } |
380 |
+ | DISABLE_TLS EQUAL NUMBER { |
|
381 |
+ #ifdef USE_TLS |
|
382 |
+ tls_disable=$3; |
|
383 |
+ #else |
|
384 |
+ fprintf(stderr, "WARNING: tls support" |
|
385 |
+ "not compiled in\n"); |
|
386 |
+ #endif |
|
387 |
+ } |
|
388 |
+ | DISABLE_TLS EQUAL error { yyerror("boolean value expected"); } |
|
389 |
+ | TLS_VERIFY EQUAL NUMBER { |
|
390 |
+ #ifdef USE_TLS |
|
391 |
+ tls_verify_cert=$3; |
|
392 |
+ #else |
|
393 |
+ fprintf(stderr, "WARNING: tcp support" |
|
394 |
+ "not compiled in\n"); |
|
395 |
+ #endif |
|
396 |
+ } |
|
397 |
+ | TLS_VERIFY EQUAL error { yyerror("boolean value expected"); } |
|
398 |
+ | TLS_REQUIRE_CERTIFICATE EQUAL NUMBER { |
|
399 |
+ #ifdef USE_TLS |
|
400 |
+ tls_require_cert=$3; |
|
401 |
+ #else |
|
402 |
+ fprintf(stderr, "WARNING: tcp support" |
|
403 |
+ "not compiled in\n"); |
|
404 |
+ #endif |
|
405 |
+ } |
|
406 |
+ | TLS_REQUIRE_CERTIFICATE EQUAL error { yyerror("boolean value" |
|
407 |
+ " expected"); } |
|
408 |
+ | TLS_CERTIFICATE EQUAL STRING { |
|
409 |
+ #ifdef USE_TLS |
|
410 |
+ tls_cert_file=$3; |
|
411 |
+ #else |
|
412 |
+ fprintf(stderr, "WARNING: tls support" |
|
413 |
+ "not compiled in\n"); |
|
414 |
+ #endif |
|
415 |
+ } |
|
416 |
+ | TLS_CERTIFICATE EQUAL error { yyerror("string value expected"); } |
|
417 |
+ | TLS_PRIVATE_KEY EQUAL STRING { |
|
418 |
+ #ifdef USE_TLS |
|
419 |
+ tls_pkey_file=$3; |
|
420 |
+ #else |
|
421 |
+ fprintf(stderr, "WARNING: tls support" |
|
422 |
+ "not compiled in\n"); |
|
423 |
+ #endif |
|
424 |
+ } |
|
425 |
+ | TLS_PRIVATE_KEY EQUAL error { yyerror("string value expected"); } |
|
426 |
+ | TLS_CA_LIST EQUAL STRING { |
|
427 |
+ #ifdef USE_TLS |
|
428 |
+ tls_ca_file=$3; |
|
429 |
+ #else |
|
430 |
+ fprintf(stderr, "WARNING: tls support" |
|
431 |
+ "not compiled in\n"); |
|
432 |
+ #endif |
|
433 |
+ } |
|
434 |
+ | TLS_CA_LIST EQUAL error { yyerror("string value expected"); } |
|
372 | 435 |
| SERVER_SIGNATURE EQUAL NUMBER { server_signature=$3; } |
373 | 436 |
| SERVER_SIGNATURE EQUAL error { yyerror("boolean value expected"); } |
374 | 437 |
| REPLY_TO_VIA EQUAL NUMBER { reply_to_via=$3; } |
... | ... |
@@ -81,6 +81,11 @@ extern int tcp_disable; |
81 | 81 |
#endif |
82 | 82 |
#ifdef USE_TLS |
83 | 83 |
extern int tls_disable; |
84 |
+extern int tls_verify_cert; |
|
85 |
+extern int tls_require_cert; |
|
86 |
+extern char* tls_cert_file; |
|
87 |
+extern char* tls_pkey_file; |
|
88 |
+extern char* tls_ca_file; |
|
84 | 89 |
#endif |
85 | 90 |
extern int dont_fork; |
86 | 91 |
extern int check_via; |