Remove references to SSL and replace by TLS.
We're using TLS, not SSL. Use the proper terminology.
This commit is contained in:
parent
8b892e3347
commit
fd2e456076
6
client.c
6
client.c
@ -69,8 +69,8 @@ static unsigned int psk_client_callback(SSL *ssl, const char *hint, char *identi
|
||||
}
|
||||
|
||||
static int dtls_client_connect(const struct keyentry_t *keyentry, const char *host_port) {
|
||||
struct generic_ssl_ctx_t gctx;
|
||||
create_generic_ssl_context(&gctx, false);
|
||||
struct generic_tls_ctx_t gctx;
|
||||
create_generic_tls_context(&gctx, false);
|
||||
|
||||
SSL_CTX_set_psk_client_callback(gctx.ctx, psk_client_callback);
|
||||
|
||||
@ -121,7 +121,7 @@ static int dtls_client_connect(const struct keyentry_t *keyentry, const char *ho
|
||||
}
|
||||
}
|
||||
BIO_free_all(conn);
|
||||
free_generic_ssl_context(&gctx);
|
||||
free_generic_tls_context(&gctx);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
22
openssl.c
22
openssl.c
@ -36,32 +36,32 @@ bool openssl_init(void) {
|
||||
return true;
|
||||
}
|
||||
|
||||
bool create_generic_ssl_context(struct generic_ssl_ctx_t *gctx, bool server) {
|
||||
memset(gctx, 0, sizeof(struct generic_ssl_ctx_t));
|
||||
bool create_generic_tls_context(struct generic_tls_ctx_t *gctx, bool server) {
|
||||
memset(gctx, 0, sizeof(struct generic_tls_ctx_t));
|
||||
|
||||
gctx->conf_ctx = SSL_CONF_CTX_new();
|
||||
if (!gctx->conf_ctx) {
|
||||
log_openssl(LLVL_FATAL, "Cannot initialize SSL generic context config context.");
|
||||
log_openssl(LLVL_FATAL, "Cannot initialize TLS generic context config context.");
|
||||
return false;
|
||||
}
|
||||
|
||||
if (server) {
|
||||
gctx->method = TLS_server_method();
|
||||
if (!gctx->method) {
|
||||
log_openssl(LLVL_FATAL, "Cannot initialize SSL server method.");
|
||||
log_openssl(LLVL_FATAL, "Cannot initialize TLS server method.");
|
||||
return false;
|
||||
}
|
||||
} else {
|
||||
gctx->method = TLS_client_method();
|
||||
if (!gctx->method) {
|
||||
log_openssl(LLVL_FATAL, "Cannot initialize SSL client method.");
|
||||
log_openssl(LLVL_FATAL, "Cannot initialize TLS client method.");
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
gctx->ctx = SSL_CTX_new(gctx->method);
|
||||
if (!gctx->ctx) {
|
||||
log_openssl(LLVL_FATAL, "Cannot initialize SSL generic context context.");
|
||||
log_openssl(LLVL_FATAL, "Cannot initialize TLS generic context context.");
|
||||
return false;
|
||||
}
|
||||
|
||||
@ -75,12 +75,12 @@ bool create_generic_ssl_context(struct generic_ssl_ctx_t *gctx, bool server) {
|
||||
SSL_CTX_set_options(gctx->ctx, flags);
|
||||
|
||||
if (!SSL_CTX_set_min_proto_version(gctx->ctx, TLS1_2_VERSION)) {
|
||||
log_openssl(LLVL_FATAL, "Cannot set SSL generic context minimal version.");
|
||||
log_openssl(LLVL_FATAL, "Cannot set TLS generic context minimal version.");
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!SSL_CTX_set_cipher_list(gctx->ctx, "ECDHE-PSK-CHACHA20-POLY1305")) {
|
||||
log_openssl(LLVL_FATAL, "Cannot set SSL generic context cipher suites.");
|
||||
log_openssl(LLVL_FATAL, "Cannot set TLS generic context cipher suites.");
|
||||
return false;
|
||||
}
|
||||
|
||||
@ -88,20 +88,20 @@ bool create_generic_ssl_context(struct generic_ssl_ctx_t *gctx, bool server) {
|
||||
* (PSK); however for the future we want to have proper crypto here as
|
||||
* well. */
|
||||
if (!SSL_CTX_set1_sigalgs_list(gctx->ctx, "ECDSA+SHA256:RSA+SHA256:ECDSA+SHA384:RSA+SHA384:ECDSA+SHA512:RSA+SHA512")) {
|
||||
log_openssl(LLVL_FATAL, "Cannot set SSL signature algorithms.");
|
||||
log_openssl(LLVL_FATAL, "Cannot set TLS generic context signature algorithms.");
|
||||
return false;
|
||||
}
|
||||
|
||||
/* TODO: When X448 becomes available, include it here. */
|
||||
if (!SSL_CTX_set1_curves_list(gctx->ctx, "X25519")) {
|
||||
log_openssl(LLVL_FATAL, "Cannot set SSL generic context ECDHE curves.");
|
||||
log_openssl(LLVL_FATAL, "Cannot set TLS generic context ECDHE curves.");
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
void free_generic_ssl_context(struct generic_ssl_ctx_t *gctx) {
|
||||
void free_generic_tls_context(struct generic_tls_ctx_t *gctx) {
|
||||
SSL_CTX_free(gctx->ctx);
|
||||
gctx->ctx = NULL;
|
||||
|
||||
|
@ -27,7 +27,7 @@
|
||||
#include <stdbool.h>
|
||||
#include <openssl/ssl.h>
|
||||
|
||||
struct generic_ssl_ctx_t {
|
||||
struct generic_tls_ctx_t {
|
||||
SSL_CONF_CTX *conf_ctx;
|
||||
const SSL_METHOD *method;
|
||||
SSL_CTX *ctx;
|
||||
@ -35,8 +35,8 @@ struct generic_ssl_ctx_t {
|
||||
|
||||
/*************** AUTO GENERATED SECTION FOLLOWS ***************/
|
||||
bool openssl_init(void);
|
||||
bool create_generic_ssl_context(struct generic_ssl_ctx_t *gctx, bool server);
|
||||
void free_generic_ssl_context(struct generic_ssl_ctx_t *gctx);
|
||||
bool create_generic_tls_context(struct generic_tls_ctx_t *gctx, bool server);
|
||||
void free_generic_tls_context(struct generic_tls_ctx_t *gctx);
|
||||
/*************** AUTO GENERATED SECTION ENDS ***************/
|
||||
|
||||
#endif
|
||||
|
12
server.c
12
server.c
@ -181,8 +181,8 @@ bool dtls_server(const struct keyentry_t *key, const struct options_t *options)
|
||||
return true;
|
||||
}
|
||||
|
||||
struct generic_ssl_ctx_t gctx;
|
||||
create_generic_ssl_context(&gctx, true);
|
||||
struct generic_tls_ctx_t gctx;
|
||||
create_generic_tls_context(&gctx, true);
|
||||
|
||||
server_key = key;
|
||||
{
|
||||
@ -195,7 +195,7 @@ bool dtls_server(const struct keyentry_t *key, const struct options_t *options)
|
||||
int tcp_sock = create_tcp_socket(options->port);
|
||||
if (tcp_sock == -1) {
|
||||
log_msg(LLVL_ERROR, "Cannot start server without server socket.");
|
||||
free_generic_ssl_context(&gctx);
|
||||
free_generic_tls_context(&gctx);
|
||||
return false;
|
||||
}
|
||||
|
||||
@ -203,7 +203,7 @@ bool dtls_server(const struct keyentry_t *key, const struct options_t *options)
|
||||
if (tcp_sock == -1) {
|
||||
log_msg(LLVL_ERROR, "Cannot broadcast without announcement UDP socket.");
|
||||
close(tcp_sock);
|
||||
free_generic_ssl_context(&gctx);
|
||||
free_generic_tls_context(&gctx);
|
||||
return false;
|
||||
}
|
||||
|
||||
@ -233,7 +233,7 @@ bool dtls_server(const struct keyentry_t *key, const struct options_t *options)
|
||||
log_libc(LLVL_ERROR, "Unable to accept(2)");
|
||||
close(udp_sock);
|
||||
close(tcp_sock);
|
||||
free_generic_ssl_context(&gctx);
|
||||
free_generic_tls_context(&gctx);
|
||||
return false;
|
||||
}
|
||||
|
||||
@ -295,7 +295,7 @@ bool dtls_server(const struct keyentry_t *key, const struct options_t *options)
|
||||
|
||||
close(udp_sock);
|
||||
close(tcp_sock);
|
||||
free_generic_ssl_context(&gctx);
|
||||
free_generic_tls_context(&gctx);
|
||||
return true;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user