Link: <http://intra.balabit/cgi-bin/viewarch.cgi/devel@balabit.hu--other-1/syslog-ng--mainline--2.1--patch-2> Revision: syslog-ng--mainline--2.1--patch-2 Archive: devel@balabit.hu--other-1 Creator: Balazs Scheidler <bazsi@balabit.hu> Date: Wed Oct 25 09:59:41 CEST 2006 Standard-date: 2006-10-25 07:59:41 GMT New-files: src/.arch-ids/tlsread.c.id src/.arch-ids/tlsread.h.id src/tlsread.c src/tlsread.h Modified-files: src/Makefile.am src/afsocket.c src/cfg-grammar.y src/cfg-lex.l src/fdread.c src/fdread.h src/fdwrite.c src/fdwrite.h src/tlscontext.c src/tlswrite.c New-patches: devel@balabit.hu--other-1/syslog-ng--mainline--2.1--patch-2 Summary: added TLS support for incoming TCP connections Keywords: * src/afsocket.c (afsocket_sc_init): use TLSRead instance to fetch messages if self->tls_context is set, (afsocket_sd_set_tls_context): new function, called by the config parser to set a TLS context, * src/cfg-grammar.y (source_afinet_tcp_option): removed never-implemented crypt/auth/mac keywords, added TLS specific parsing code * src/cfg-lex.l: removed keywords for required/allow/deny * src/fdread.c (fd_read_free): use a function pointer to actually free the FDRead instance, moved the bulk of fd_read_free to a static function, (fd_read_free_method): the bulk of the task of freeing FDRead is moved here * src/fdwrite.c (fd_write_free_method): removed static qualifier * src/tlscontext.c (tls_context_setup_session): added CA verification setup code, initial handshake is now performed as a non-blocking operation during normal read/write, thus we need to call set_connect_state() and/or set_accept_state() * src/tlswrite.c (tls_write_write_method): removed the call to SSL_connect(), nonblocking handshake is performed instead, making the code much simpler, (tls_write_new): initialize cond to (G_IO_IN | G_IO_OUT) as the SSL handshake will define the exact I/O order, and it is possible that the client reads first (which is not the case, but let's leave that possibility delegated to libssl) * src/tlsread.c: new file, implements SSL wrapped reading Diff stats: Makefile.am | 2 +- afsocket.c | 12 +++++++++++- cfg-grammar.y | 18 +++++------------- cfg-lex.l | 3 --- fdread.c | 9 ++++++++- fdread.h | 11 ++++++++--- fdwrite.c | 5 +---- fdwrite.h | 1 + tlscontext.c | 38 +++++++++++++++++++++++++++++++++++++- tlswrite.c | 33 ++++++++------------------------- 10 files changed, 80 insertions(+), 52 deletions(-)