mirror of https://github.com/omar-polo/gmid.git
add protocols to the config
This commit is contained in:
parent
8696c5ea24
commit
5bc3c98ed4
|
@ -1,5 +1,7 @@
|
|||
2021-01-15 Omar Polo <op@omarpolo.com>
|
||||
|
||||
* parse.y (option): add ability to specify the tls versions with "protocols"
|
||||
|
||||
* gmid.c (handle_open_conn): ensure the port number of the request matches
|
||||
|
||||
* sandbox.c (sandbox): sandbox on OpenBSD (pledge/unveil, as before) and on FreeBSD (capsicum) too
|
||||
|
|
4
gmid.c
4
gmid.c
|
@ -979,6 +979,7 @@ main(int argc, char **argv)
|
|||
conf.foreground = 1;
|
||||
conf.port = 1965;
|
||||
conf.ipv6 = 0;
|
||||
conf.protos = TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3;
|
||||
|
||||
connected_clients = 0;
|
||||
|
||||
|
@ -1067,8 +1068,7 @@ main(int argc, char **argv)
|
|||
tls_config_verify_client_optional(tlsconf);
|
||||
tls_config_insecure_noverifycert(tlsconf);
|
||||
|
||||
if (tls_config_set_protocols(tlsconf,
|
||||
TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3) == -1)
|
||||
if (tls_config_set_protocols(tlsconf, conf.protos) == -1)
|
||||
err(1, "tls_config_set_protocols");
|
||||
|
||||
load_vhosts(tlsconf);
|
||||
|
|
1
gmid.h
1
gmid.h
|
@ -68,6 +68,7 @@ struct conf {
|
|||
int foreground;
|
||||
int port;
|
||||
int ipv6;
|
||||
uint32_t protos;
|
||||
};
|
||||
|
||||
extern struct conf conf;
|
||||
|
|
1
lex.l
1
lex.l
|
@ -54,6 +54,7 @@ off yylval.num = 0; return TBOOL;
|
|||
daemon return TDAEMON;
|
||||
ipv6 return TIPV6;
|
||||
port return TPORT;
|
||||
protocols return TPROTOCOLS;
|
||||
server return TSERVER;
|
||||
|
||||
cert return TCERT;
|
||||
|
|
6
parse.y
6
parse.y
|
@ -43,7 +43,7 @@ extern void yyerror(const char*);
|
|||
}
|
||||
|
||||
%token TBOOL TSTRING TNUM
|
||||
%token TDAEMON TIPV6 TPORT TSERVER
|
||||
%token TDAEMON TIPV6 TPORT TPROTOCOLS TSERVER
|
||||
%token TCERT TKEY TROOT TCGI
|
||||
%token TERR
|
||||
|
||||
|
@ -62,6 +62,10 @@ options : /* empty */
|
|||
option : TDAEMON TBOOL { conf.foreground = !$2; }
|
||||
| TIPV6 TBOOL { conf.ipv6 = $2; }
|
||||
| TPORT TNUM { conf.port = $2; }
|
||||
| TPROTOCOLS TSTRING {
|
||||
if (tls_config_parse_protocols(&conf.protos, $2) == -1)
|
||||
errx(1, "invalid protocols string \"%s\"", $2);
|
||||
}
|
||||
;
|
||||
|
||||
vhosts : /* empty */
|
||||
|
|
|
@ -1,6 +1,9 @@
|
|||
ipv6 on # enable ipv6
|
||||
daemon on # enable daemon mode
|
||||
|
||||
# decomment to allow only TLSv1.3
|
||||
#protocols "tlsv1.3"
|
||||
|
||||
# server block example
|
||||
server "example.com" {
|
||||
cert "/path/to/cert.pem"
|
||||
|
|
Loading…
Reference in New Issue