commit 80383024a39a1c338a213ca1181a092694f80fba
parent a9f7bd7faf065f4d958da0527e94dd8e910c6feb
Author: Joris Vink <joris@coders.se>
Date: Fri, 18 Feb 2022 10:47:05 +0100
For each TLS backend let us use correct types.
Diffstat:
5 files changed, 28 insertions(+), 13 deletions(-)
diff --git a/Makefile b/Makefile
@@ -40,6 +40,8 @@ LDFLAGS+=-rdynamic
ifeq ("$(TLS_BACKEND)", "openssl")
S_SRC+=src/keymgr_openssl.c
+ CFLAGS+=-DTLS_BACKEND_OPENSSL
+ FEATURES+=-DTLS_BACKEND_OPENSSL
ifneq ("$(OPENSSL_PATH)", "")
CFLAGS+=-I$(OPENSSL_PATH)/include
diff --git a/include/kore/kore.h b/include/kore/kore.h
@@ -61,6 +61,20 @@ extern int daemon(int, int);
#define KORE_USE_PLATFORM_PLEDGE 1
#endif
+#if defined(TLS_BACKEND_OPENSSL)
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
+typedef X509 KORE_X509;
+typedef SSL KORE_TLS;
+typedef SSL_CTX KORE_TLS_CTX;
+typedef X509_NAME KORE_X509_NAMES;
+#else
+typedef void KORE_X509;
+typedef void KORE_TLS;
+typedef void KORE_TLS_CTX;
+typedef void KORE_X509_NAMES;
+#endif
+
#define KORE_RSAKEY_BITS 4096
#define KORE_RESULT_ERROR 0
@@ -78,7 +92,6 @@ extern int daemon(int, int);
#define errno_s strerror(errno)
#define ssl_errno_s ERR_error_string(ERR_get_error(), NULL)
-
#define KORE_DOMAINNAME_LEN 255
#define KORE_PIDFILE_DEFAULT "kore.pid"
#define KORE_DHPARAM_PATH PREFIX "/share/kore/ffdhe4096.pem"
@@ -214,8 +227,8 @@ struct connection {
u_int8_t state;
u_int8_t proto;
struct listener *owner;
- void *tls;
- void *tls_cert;
+ KORE_TLS *tls;
+ KORE_X509 *tls_cert;
char *tls_sni;
int tls_reneg;
@@ -338,7 +351,7 @@ struct kore_domain {
char *crlfile;
char *certfile;
char *certkey;
- void *ssl_ctx;
+ KORE_TLS_CTX *tls_ctx;
int x509_verify_depth;
#if !defined(KORE_NO_HTTP)
TAILQ_HEAD(, kore_route) routes;
@@ -826,9 +839,9 @@ void *kore_tls_rsakey_load(const char *);
void *kore_tls_rsakey_generate(const char *);
int kore_tls_x509_data(struct connection *, u_int8_t **, size_t *);
-void *kore_tls_x509_issuer_name(struct connection *);
-void *kore_tls_x509_subject_name(struct connection *);
-int kore_tls_x509name_foreach(void *, int, void *,
+KORE_X509_NAMES *kore_tls_x509_issuer_name(struct connection *);
+KORE_X509_NAMES *kore_tls_x509_subject_name(struct connection *);
+int kore_tls_x509name_foreach(KORE_X509_NAMES *, int, void *,
int (*)(void *, int, int, const char *,
const void *, size_t, int));
/* accesslog.c */
diff --git a/src/python.c b/src/python.c
@@ -2935,7 +2935,7 @@ pyconnection_get_peer_x509(struct pyconnection *pyc, void *closure)
static PyObject *
pyconnection_get_peer_x509dict(struct pyconnection *pyc, void *closure)
{
- void *name;
+ KORE_X509_NAMES *name;
PyObject *dict, *issuer, *subject, *ret;
ret = NULL;
diff --git a/src/tls_openssl.c b/src/tls_openssl.c
@@ -651,7 +651,7 @@ kore_tls_rsakey_generate(const char *path)
return (pkey);
}
-void *
+KORE_X509_NAMES *
kore_tls_x509_subject_name(struct connection *c)
{
X509_NAME *name;
@@ -662,7 +662,7 @@ kore_tls_x509_subject_name(struct connection *c)
return (name);
}
-void *
+KORE_X509_NAMES *
kore_tls_x509_issuer_name(struct connection *c)
{
X509_NAME *name;
@@ -674,7 +674,7 @@ kore_tls_x509_issuer_name(struct connection *c)
}
int
-kore_tls_x509name_foreach(void *name, int flags, void *udata,
+kore_tls_x509name_foreach(KORE_X509_NAMES *name, int flags, void *udata,
int (*cb)(void *, int, int, const char *, const void *, size_t, int))
{
u_int8_t *data;
diff --git a/src/utils.c b/src/utils.c
@@ -495,7 +495,7 @@ int
kore_x509_issuer_name(struct connection *c, char **out, int flags)
{
struct kore_buf buf;
- void *name;
+ KORE_X509_NAMES *name;
if ((name = kore_tls_x509_issuer_name(c)) == NULL)
return (KORE_RESULT_ERROR);
@@ -520,7 +520,7 @@ int
kore_x509_subject_name(struct connection *c, char **out, int flags)
{
struct kore_buf buf;
- void *name;
+ KORE_X509_NAMES *name;
if ((name = kore_tls_x509_subject_name(c)) == NULL)
return (KORE_RESULT_ERROR);
