Georg/luksrku
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Remove references to SSL and replace by TLS.

Browse Source 
We're using TLS, not SSL. Use the proper terminology.
This commit is contained in:
Johannes Bauer 2017-03-07 21:48:00 +01:00
parent 8b892e3347
commit fd2e456076
4 changed files with 23 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
client.c
View File

@ -69,8 +69,8 @@ static unsigned int psk_client_callback(SSL *ssl, const char *hint, char *identi
} }
static int dtls_client_connect(const struct keyentry_t *keyentry, const char *host_port) { static int dtls_client_connect(const struct keyentry_t *keyentry, const char *host_port) {
struct generic_ssl_ctx_t gctx; struct generic_tls_ctx_t gctx;
create_generic_ssl_context(&gctx, false); create_generic_tls_context(&gctx, false);
SSL_CTX_set_psk_client_callback(gctx.ctx, psk_client_callback); SSL_CTX_set_psk_client_callback(gctx.ctx, psk_client_callback);
@ -121,7 +121,7 @@ static int dtls_client_connect(const struct keyentry_t *keyentry, const char *ho
} }
} }
BIO_free_all(conn); BIO_free_all(conn);
free_generic_ssl_context(&gctx); free_generic_tls_context(&gctx);
return 0; return 0;
} }

22
openssl.c
View File

@ -36,32 +36,32 @@ bool openssl_init(void) {
return true; return true;
} }
bool create_generic_ssl_context(struct generic_ssl_ctx_t *gctx, bool server) { bool create_generic_tls_context(struct generic_tls_ctx_t *gctx, bool server) {
memset(gctx, 0, sizeof(struct generic_ssl_ctx_t)); memset(gctx, 0, sizeof(struct generic_tls_ctx_t));
gctx->conf_ctx = SSL_CONF_CTX_new(); gctx->conf_ctx = SSL_CONF_CTX_new();
if (!gctx->conf_ctx) { if (!gctx->conf_ctx) {
log_openssl(LLVL_FATAL, "Cannot initialize SSL generic context config context."); log_openssl(LLVL_FATAL, "Cannot initialize TLS generic context config context.");
return false; return false;
} }
if (server) { if (server) {
gctx->method = TLS_server_method(); gctx->method = TLS_server_method();
if (!gctx->method) { if (!gctx->method) {
log_openssl(LLVL_FATAL, "Cannot initialize SSL server method."); log_openssl(LLVL_FATAL, "Cannot initialize TLS server method.");
return false; return false;
} }
} else { } else {
gctx->method = TLS_client_method(); gctx->method = TLS_client_method();
if (!gctx->method) { if (!gctx->method) {
log_openssl(LLVL_FATAL, "Cannot initialize SSL client method."); log_openssl(LLVL_FATAL, "Cannot initialize TLS client method.");
return false; return false;
} }
} }
gctx->ctx = SSL_CTX_new(gctx->method); gctx->ctx = SSL_CTX_new(gctx->method);
if (!gctx->ctx) { if (!gctx->ctx) {
log_openssl(LLVL_FATAL, "Cannot initialize SSL generic context context."); log_openssl(LLVL_FATAL, "Cannot initialize TLS generic context context.");
return false; return false;
} }
@ -75,12 +75,12 @@ bool create_generic_ssl_context(struct generic_ssl_ctx_t *gctx, bool server) {
SSL_CTX_set_options(gctx->ctx, flags); SSL_CTX_set_options(gctx->ctx, flags);
if (!SSL_CTX_set_min_proto_version(gctx->ctx, TLS1_2_VERSION)) { if (!SSL_CTX_set_min_proto_version(gctx->ctx, TLS1_2_VERSION)) {
log_openssl(LLVL_FATAL, "Cannot set SSL generic context minimal version."); log_openssl(LLVL_FATAL, "Cannot set TLS generic context minimal version.");
return false; return false;
} }
if (!SSL_CTX_set_cipher_list(gctx->ctx, "ECDHE-PSK-CHACHA20-POLY1305")) { if (!SSL_CTX_set_cipher_list(gctx->ctx, "ECDHE-PSK-CHACHA20-POLY1305")) {
log_openssl(LLVL_FATAL, "Cannot set SSL generic context cipher suites."); log_openssl(LLVL_FATAL, "Cannot set TLS generic context cipher suites.");
return false; return false;
} }
@ -88,20 +88,20 @@ bool create_generic_ssl_context(struct generic_ssl_ctx_t *gctx, bool server) {
* (PSK); however for the future we want to have proper crypto here as * (PSK); however for the future we want to have proper crypto here as
* well. */ * well. */
if (!SSL_CTX_set1_sigalgs_list(gctx->ctx, "ECDSA+SHA256:RSA+SHA256:ECDSA+SHA384:RSA+SHA384:ECDSA+SHA512:RSA+SHA512")) { if (!SSL_CTX_set1_sigalgs_list(gctx->ctx, "ECDSA+SHA256:RSA+SHA256:ECDSA+SHA384:RSA+SHA384:ECDSA+SHA512:RSA+SHA512")) {
log_openssl(LLVL_FATAL, "Cannot set SSL signature algorithms."); log_openssl(LLVL_FATAL, "Cannot set TLS generic context signature algorithms.");
return false; return false;
} }
/* TODO: When X448 becomes available, include it here. */ /* TODO: When X448 becomes available, include it here. */
if (!SSL_CTX_set1_curves_list(gctx->ctx, "X25519")) { if (!SSL_CTX_set1_curves_list(gctx->ctx, "X25519")) {
log_openssl(LLVL_FATAL, "Cannot set SSL generic context ECDHE curves."); log_openssl(LLVL_FATAL, "Cannot set TLS generic context ECDHE curves.");
return false; return false;
} }
return true; return true;
} }
void free_generic_ssl_context(struct generic_ssl_ctx_t *gctx) { void free_generic_tls_context(struct generic_tls_ctx_t *gctx) {
SSL_CTX_free(gctx->ctx); SSL_CTX_free(gctx->ctx);
gctx->ctx = NULL; gctx->ctx = NULL;

6
openssl.h
View File

@ -27,7 +27,7 @@
#include <stdbool.h> #include <stdbool.h>
#include <openssl/ssl.h> #include <openssl/ssl.h>
struct generic_ssl_ctx_t { struct generic_tls_ctx_t {
SSL_CONF_CTX *conf_ctx; SSL_CONF_CTX *conf_ctx;
const SSL_METHOD *method; const SSL_METHOD *method;
SSL_CTX *ctx; SSL_CTX *ctx;
@ -35,8 +35,8 @@ struct generic_ssl_ctx_t {
/*************** AUTO GENERATED SECTION FOLLOWS ***************/ /*************** AUTO GENERATED SECTION FOLLOWS ***************/
bool openssl_init(void); bool openssl_init(void);
bool create_generic_ssl_context(struct generic_ssl_ctx_t *gctx, bool server); bool create_generic_tls_context(struct generic_tls_ctx_t *gctx, bool server);
void free_generic_ssl_context(struct generic_ssl_ctx_t *gctx); void free_generic_tls_context(struct generic_tls_ctx_t *gctx);
/*************** AUTO GENERATED SECTION ENDS ***************/ /*************** AUTO GENERATED SECTION ENDS ***************/
#endif #endif

12
server.c
View File

@ -181,8 +181,8 @@ bool dtls_server(const struct keyentry_t *key, const struct options_t *options)
return true; return true;
} }
struct generic_ssl_ctx_t gctx; struct generic_tls_ctx_t gctx;
create_generic_ssl_context(&gctx, true); create_generic_tls_context(&gctx, true);
server_key = key; server_key = key;
{ {
@ -195,7 +195,7 @@ bool dtls_server(const struct keyentry_t *key, const struct options_t *options)
int tcp_sock = create_tcp_socket(options->port); int tcp_sock = create_tcp_socket(options->port);
if (tcp_sock == -1) { if (tcp_sock == -1) {
log_msg(LLVL_ERROR, "Cannot start server without server socket."); log_msg(LLVL_ERROR, "Cannot start server without server socket.");
free_generic_ssl_context(&gctx); free_generic_tls_context(&gctx);
return false; return false;
} }
@ -203,7 +203,7 @@ bool dtls_server(const struct keyentry_t *key, const struct options_t *options)
if (tcp_sock == -1) { if (tcp_sock == -1) {
log_msg(LLVL_ERROR, "Cannot broadcast without announcement UDP socket."); log_msg(LLVL_ERROR, "Cannot broadcast without announcement UDP socket.");
close(tcp_sock); close(tcp_sock);
free_generic_ssl_context(&gctx); free_generic_tls_context(&gctx);
return false; return false;
} }
@ -233,7 +233,7 @@ bool dtls_server(const struct keyentry_t *key, const struct options_t *options)
log_libc(LLVL_ERROR, "Unable to accept(2)"); log_libc(LLVL_ERROR, "Unable to accept(2)");
close(udp_sock); close(udp_sock);
close(tcp_sock); close(tcp_sock);
free_generic_ssl_context(&gctx); free_generic_tls_context(&gctx);
return false; return false;
} }
@ -295,7 +295,7 @@ bool dtls_server(const struct keyentry_t *key, const struct options_t *options)
close(udp_sock); close(udp_sock);
close(tcp_sock); close(tcp_sock);
free_generic_ssl_context(&gctx); free_generic_tls_context(&gctx);
return true; return true;
} }