Browse code

- added tls config parameters support

Andrei Pelinescu-Onciul authored on 03/07/2003 19:40:02
Showing 3 changed files
... ...
@@ -35,6 +35,8 @@
35 35
  *  2003-04-05  s/reply_route/failure_route, onreply_route introduced (jiri)
36 36
  *  2003-04-12  added force_rport, chdir and wdir (andrei)
37 37
  *  2003-04-22  strip_tail added (jiri)
38
+ *  2003-07-03  tls* (disable, certificate, private_key, ca_list, verify, 
39
+ *               require_certificate added (andrei)
38 40
  */
39 41
 
40 42
 
... ...
@@ -160,6 +162,12 @@ WDIR		"workdir"|"wdir"
160 162
 MHOMED		mhomed
161 163
 DISABLE_TCP		"disable_tcp"
162 164
 TCP_CHILDREN	"tcp_children"
165
+DISABLE_TLS		"disable_tls"
166
+TLS_VERIFY		"tls_verify"
167
+TLS_REQUIRE_CERTIFICATE "tls_require_certificate"
168
+TLS_CERTIFICATE	"tls_certificate"
169
+TLS_PRIVATE_KEY "tls_private_key"
170
+TLS_CA_LIST		"tls_ca_list"
163 171
 
164 172
 LOADMODULE	loadmodule
165 173
 MODPARAM        modparam
... ...
@@ -281,6 +289,16 @@ EAT_ABLE	[\ \t\b\r]
281 289
 <INITIAL>{MHOMED}	{ count(); yylval.strval=yytext; return MHOMED; }
282 290
 <INITIAL>{DISABLE_TCP}	{ count(); yylval.strval=yytext; return DISABLE_TCP; }
283 291
 <INITIAL>{TCP_CHILDREN}	{ count(); yylval.strval=yytext; return TCP_CHILDREN; }
292
+<INITIAL>{DISABLE_TLS}	{ count(); yylval.strval=yytext; return DISABLE_TLS; }
293
+<INITIAL>{TLS_VERIFY}	{ count(); yylval.strval=yytext; return TLS_VERIFY; }
294
+<INITIAL>{TLS_REQUIRE_CERTIFICATE}	{ count(); yylval.strval=yytext;
295
+										return TLS_REQUIRE_CERTIFICATE; }
296
+<INITIAL>{TLS_CERTIFICATE}	{ count(); yylval.strval=yytext; 
297
+										return TLS_CERTIFICATE; }
298
+<INITIAL>{TLS_PRIVATE_KEY}	{ count(); yylval.strval=yytext; 
299
+										return TLS_PRIVATE_KEY; }
300
+<INITIAL>{TLS_CA_LIST}	{ count(); yylval.strval=yytext; 
301
+										return TLS_CA_LIST; }
284 302
 <INITIAL>{FIFO}	{ count(); yylval.strval=yytext; return FIFO; }
285 303
 <INITIAL>{FIFO_MODE}	{ count(); yylval.strval=yytext; return FIFO_MODE; }
286 304
 <INITIAL>{SERVER_SIGNATURE}	{ count(); yylval.strval=yytext; return SERVER_SIGNATURE; }
... ...
@@ -39,6 +39,8 @@
39 39
  * 2003-04-12  added force_rport, chroot and wdir (andrei)
40 40
  * 2003-04-15  added tcp_children, disable_tcp (andrei)
41 41
  * 2003-04-22  strip_tail added (jiri)
42
+ * 2003-07-03  tls* (disable, certificate, private_key, ca_list, verify, 
43
+ *              require_certificate added (andrei)
42 44
  */
43 45
 
44 46
 
... ...
@@ -174,6 +176,12 @@ int rt;  /* Type of route block for find_export */
174 176
 %token MHOMED
175 177
 %token DISABLE_TCP
176 178
 %token TCP_CHILDREN
179
+%token DISABLE_TLS
180
+%token TLS_VERIFY
181
+%token TLS_REQUIRE_CERTIFICATE
182
+%token TLS_CERTIFICATE
183
+%token TLS_PRIVATE_KEY
184
+%token TLS_CA_LIST
177 185
 
178 186
 
179 187
 
... ...
@@ -369,6 +377,61 @@ assign_stm:	DEBUG EQUAL NUMBER { debug=$3; }
369 377
 									#endif
370 378
 									}
371 379
 		| TCP_CHILDREN EQUAL error { yyerror("number expected"); }
380
+		| DISABLE_TLS EQUAL NUMBER {
381
+									#ifdef USE_TLS
382
+										tls_disable=$3;
383
+									#else
384
+										fprintf(stderr, "WARNING: tls support"
385
+												"not compiled in\n");
386
+									#endif
387
+									}
388
+		| DISABLE_TLS EQUAL error { yyerror("boolean value expected"); }
389
+		| TLS_VERIFY EQUAL NUMBER {
390
+									#ifdef USE_TLS
391
+										tls_verify_cert=$3;
392
+									#else
393
+										fprintf(stderr, "WARNING: tcp support"
394
+												"not compiled in\n");
395
+									#endif
396
+									}
397
+		| TLS_VERIFY EQUAL error { yyerror("boolean value expected"); }
398
+		| TLS_REQUIRE_CERTIFICATE EQUAL NUMBER {
399
+									#ifdef USE_TLS
400
+										tls_require_cert=$3;
401
+									#else
402
+										fprintf(stderr, "WARNING: tcp support"
403
+												"not compiled in\n");
404
+									#endif
405
+									}
406
+		| TLS_REQUIRE_CERTIFICATE EQUAL error { yyerror("boolean value"
407
+																" expected"); }
408
+		| TLS_CERTIFICATE EQUAL STRING { 
409
+									#ifdef USE_TLS
410
+											tls_cert_file=$3;
411
+									#else
412
+										fprintf(stderr, "WARNING: tls support"
413
+												"not compiled in\n");
414
+									#endif
415
+									}
416
+		| TLS_CERTIFICATE EQUAL error { yyerror("string value expected"); }
417
+		| TLS_PRIVATE_KEY EQUAL STRING { 
418
+									#ifdef USE_TLS
419
+											tls_pkey_file=$3;
420
+									#else
421
+										fprintf(stderr, "WARNING: tls support"
422
+												"not compiled in\n");
423
+									#endif
424
+									}
425
+		| TLS_PRIVATE_KEY EQUAL error { yyerror("string value expected"); }
426
+		| TLS_CA_LIST EQUAL STRING { 
427
+									#ifdef USE_TLS
428
+											tls_ca_file=$3;
429
+									#else
430
+										fprintf(stderr, "WARNING: tls support"
431
+												"not compiled in\n");
432
+									#endif
433
+									}
434
+		| TLS_CA_LIST EQUAL error { yyerror("string value expected"); }
372 435
 		| SERVER_SIGNATURE EQUAL NUMBER { server_signature=$3; }
373 436
 		| SERVER_SIGNATURE EQUAL error { yyerror("boolean value expected"); }
374 437
 		| REPLY_TO_VIA EQUAL NUMBER { reply_to_via=$3; }
... ...
@@ -81,6 +81,11 @@ extern int tcp_disable;
81 81
 #endif
82 82
 #ifdef USE_TLS
83 83
 extern int tls_disable;
84
+extern int tls_verify_cert;
85
+extern int tls_require_cert;
86
+extern char* tls_cert_file;
87
+extern char* tls_pkey_file;
88
+extern char* tls_ca_file;
84 89
 #endif
85 90
 extern int dont_fork;
86 91
 extern int check_via;