Mercurial > hg > webserver / file comparison

comparison: src/server/daemon/httplistener.c

src/server/daemon/httplistener.c

changeset 130
198ad9d8cec1
parent 129
fd324464f56f
child 133
87b405d61f64
equal deleted inserted replaced
129:fd324464f56f 130:198ad9d8cec1
158 listener->nacceptors = conf->nacceptors; 158 listener->nacceptors = conf->nacceptors;
159 listener->port = conf->port; 159 listener->port = conf->port;
160 listener->ref = 1; 160 listener->ref = 1;
161 listener->next = NULL; 161 listener->next = NULL;
162 listener->ssl = NULL; 162 listener->ssl = NULL;
163
164 int error = 0;
165
163 if(conf->ssl) { 166 if(conf->ssl) {
164 listener->ssl = malloc(sizeof(HttpSSL)); 167 listener->ssl = malloc(sizeof(HttpSSL));
165 168
166 SSL_CTX *ctx = SSL_CTX_new( SSLv23_server_method()); 169 SSL_CTX *ctx = SSL_CTX_new(SSLv23_server_method());
167 SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE); 170 SSL_CTX_set_options(
168 171 ctx,
172 SSL_OP_SINGLE_DH_USE | SSL_OP_NO_SSLv3);
173 if(conf->disable_proto.ptr) {
174 ssize_t n = 0;
175 sstr_t *plist = sstrsplit(conf->disable_proto, S(","), &n);
176 if(plist) {
177 for(int i=0;i<n;i++) {
178 sstr_t proto = plist[i];
179 log_ereport(
180 LOG_VERBOSE,
181 "Listener %s: Disable protocol %s",
182 listener->name.ptr,
183 proto.ptr);
184 if(!sstrcasecmp(sstrtrim(proto), S("SSLv2"))) {
185 SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
186 } else if(!sstrcasecmp(sstrtrim(proto), S("SSLv3"))) {
187 SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3);
188 } else if(!sstrcasecmp(sstrtrim(proto), S("TLSv1"))) {
189 SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1);
190 } else if(!sstrcasecmp(sstrtrim(proto), S("TLSv1.1"))) {
191 #ifdef SSL_OP_NO_TLSv1_1
192 SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1_1);
193 #else
194 log_ereport(
195 LOG_WARN,
196 "Listener: %s: TLSv1.1 already not supported",
197 listener->name.ptr);
198 #endif
199 } else if(sstrcasecmp(sstrtrim(proto), S("TLSv1.2"))) {
200 #ifdef SSL_OP_NO_TLSv1_2
201 SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1_2);
202 #else
203 log_ereport(
204 LOG_WARN,
205 "Listener: %s: TLSv1.2 already not supported",
206 listener->name.ptr);
207 #endif
208 } else if(sstrcasecmp(sstrtrim(proto), S("TLSv1.3"))) {
209 #ifdef SSL_OP_NO_TLSv1_3
210 SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1_3);
211 #else
212 log_ereport(
213 LOG_WARN,
214 "Listener: %s: TLSv1.3 already not supported",
215 listener->name.ptr);
216 #endif
217 } else {
218 error = 1;
219 log_ereport(
220 LOG_MISCONFIG,
221 "Listener: %s: Unknown protocol %s",
222 listener->name.ptr,
223 proto.ptr);
224 }
225 free(proto.ptr);
226 }
227 free(plist);
228 }
229 }
230
231 if(error) {
232 return NULL;
233 }
169 // TODO: cleanup on error 234 // TODO: cleanup on error
170 235
171 sstr_t file; 236 sstr_t file;
172 int ret; 237 int ret;
173 char errbuf[512]; 238 char errbuf[512];

Mercurial Repository: webserver

mercurial