mirror of https://github.com/omar-polo/gmid.git
disable the privsep crypto engine on !OpenBSD
it fails bandly at runtime on various linux distros and on freebsd. Until a fix is found, disable it so I can move forward.
This commit is contained in:
parent
237095fd9a
commit
ba290ef3af
20
config.c
20
config.c
|
@ -46,6 +46,10 @@ config_new(void)
|
|||
|
||||
conf->prefork = 3;
|
||||
|
||||
#ifdef __OpenBSD__
|
||||
conf->use_privsep_crypto = 1;
|
||||
#endif
|
||||
|
||||
conf->sock4 = -1;
|
||||
conf->sock6 = -1;
|
||||
|
||||
|
@ -63,8 +67,10 @@ config_purge(struct conf *conf)
|
|||
struct envlist *e, *te;
|
||||
struct alist *a, *ta;
|
||||
struct pki *pki, *tpki;
|
||||
int use_privsep_crypto;
|
||||
|
||||
ps = conf->ps;
|
||||
use_privsep_crypto = conf->use_privsep_crypto;
|
||||
|
||||
if (conf->sock4 != -1) {
|
||||
event_del(&conf->evsock4);
|
||||
|
@ -136,6 +142,7 @@ config_purge(struct conf *conf)
|
|||
memset(conf, 0, sizeof(*conf));
|
||||
|
||||
conf->ps = ps;
|
||||
conf->use_privsep_crypto = use_privsep_crypto;
|
||||
conf->sock4 = conf->sock6 = -1;
|
||||
conf->protos = TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3;
|
||||
init_mime(&conf->mime);
|
||||
|
@ -184,7 +191,8 @@ static int
|
|||
config_send_kp(struct privsep *ps, int cert_type, int key_type,
|
||||
const char *cert, const char *key)
|
||||
{
|
||||
int fd, d;
|
||||
struct conf *conf = ps->ps_env;
|
||||
int fd, d, key_target;
|
||||
|
||||
log_debug("sending %s", cert);
|
||||
if ((fd = open(cert, O_RDONLY)) == -1)
|
||||
|
@ -196,13 +204,19 @@ config_send_kp(struct privsep *ps, int cert_type, int key_type,
|
|||
close(d);
|
||||
return -1;
|
||||
}
|
||||
if (config_send_file(ps, PROC_CRYPTO, cert_type, d, NULL, 0) == -1)
|
||||
if (conf->use_privsep_crypto &&
|
||||
config_send_file(ps, PROC_CRYPTO, cert_type, d, NULL, 0) == -1)
|
||||
return -1;
|
||||
|
||||
log_debug("sending %s", key);
|
||||
if ((fd = open(key, O_RDONLY)) == -1)
|
||||
return -1;
|
||||
if (config_send_file(ps, PROC_CRYPTO, key_type, fd, NULL, 0) == -1)
|
||||
|
||||
key_target = PROC_CRYPTO;
|
||||
if (!conf->use_privsep_crypto)
|
||||
key_target = PROC_SERVER;
|
||||
|
||||
if (config_send_file(ps, key_target, key_type, fd, NULL, 0) == -1)
|
||||
return -1;
|
||||
|
||||
if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1)
|
||||
|
|
3
ge.c
3
ge.c
|
@ -249,6 +249,9 @@ main(int argc, char **argv)
|
|||
log_setverbose(0);
|
||||
conf = config_new();
|
||||
|
||||
/* ge doesn't do privsep so no privsep crypto engine. */
|
||||
conf->use_privsep_crypto = 0;
|
||||
|
||||
while ((ch = getopt_long(argc, argv, "d:H:hp:Vv", opts, NULL)) != -1) {
|
||||
switch (ch) {
|
||||
case 'd':
|
||||
|
|
1
gmid.h
1
gmid.h
|
@ -228,6 +228,7 @@ struct conf {
|
|||
char user[LOGIN_NAME_MAX];
|
||||
int prefork;
|
||||
int reload;
|
||||
int use_privsep_crypto;
|
||||
|
||||
int sock4;
|
||||
struct event evsock4;
|
||||
|
|
15
server.c
15
server.c
|
@ -1395,11 +1395,7 @@ setup_tls(struct conf *conf)
|
|||
if ((tlsconf = tls_config_new()) == NULL)
|
||||
fatal("tls_config_new");
|
||||
|
||||
/*
|
||||
* ge doesn't use the privsep crypto engine; it doesn't use
|
||||
* privsep at all so `ps' is NULL.
|
||||
*/
|
||||
if (conf->ps != NULL)
|
||||
if (conf->use_privsep_crypto)
|
||||
tls_config_use_fake_private_key(tlsconf);
|
||||
|
||||
/* optionally accept client certs, but don't try to verify them */
|
||||
|
@ -1462,6 +1458,8 @@ server(struct privsep *ps, struct privsep_proc *p)
|
|||
void
|
||||
server_init(struct privsep *ps, struct privsep_proc *p, void *arg)
|
||||
{
|
||||
struct conf *c;
|
||||
|
||||
SPLAY_INIT(&clients);
|
||||
|
||||
#ifdef SIGINFO
|
||||
|
@ -1477,8 +1475,11 @@ server_init(struct privsep *ps, struct privsep_proc *p, void *arg)
|
|||
* ge doesn't use the privsep crypto engine; it doesn't use
|
||||
* privsep at all so `ps' is NULL.
|
||||
*/
|
||||
if (ps != NULL)
|
||||
crypto_engine_init(ps->ps_env);
|
||||
if (ps != NULL) {
|
||||
c = ps->ps_env;
|
||||
if (c->use_privsep_crypto)
|
||||
crypto_engine_init(ps->ps_env);
|
||||
}
|
||||
}
|
||||
|
||||
int
|
||||
|
|
Loading…
Reference in New Issue