net_help.c (266114) | net_help.c (276605) |
---|---|
1/* 2 * util/net_help.c - implementation of the network helper code 3 * 4 * Copyright (c) 2007, NLnet Labs. All rights reserved. 5 * 6 * This software is open source. 7 * 8 * Redistribution and use in source and binary forms, with or without --- 315 unchanged lines hidden (view full) --- 324 dname_str(zone, namebuf); 325 if(af != AF_INET && af != AF_INET6) 326 verbose(v, "%s <%s> %s%s#%d (addrlen %d)", 327 str, namebuf, family, dest, (int)port, (int)addrlen); 328 else verbose(v, "%s <%s> %s%s#%d", 329 str, namebuf, family, dest, (int)port); 330} 331 | 1/* 2 * util/net_help.c - implementation of the network helper code 3 * 4 * Copyright (c) 2007, NLnet Labs. All rights reserved. 5 * 6 * This software is open source. 7 * 8 * Redistribution and use in source and binary forms, with or without --- 315 unchanged lines hidden (view full) --- 324 dname_str(zone, namebuf); 325 if(af != AF_INET && af != AF_INET6) 326 verbose(v, "%s <%s> %s%s#%d (addrlen %d)", 327 str, namebuf, family, dest, (int)port, (int)addrlen); 328 else verbose(v, "%s <%s> %s%s#%d", 329 str, namebuf, family, dest, (int)port); 330} 331 |
332void log_err_addr(const char* str, const char* err, 333 struct sockaddr_storage* addr, socklen_t addrlen) 334{ 335 uint16_t port; 336 char dest[100]; 337 int af = (int)((struct sockaddr_in*)addr)->sin_family; 338 void* sinaddr = &((struct sockaddr_in*)addr)->sin_addr; 339 if(af == AF_INET6) 340 sinaddr = &((struct sockaddr_in6*)addr)->sin6_addr; 341 if(inet_ntop(af, sinaddr, dest, (socklen_t)sizeof(dest)) == 0) { 342 (void)strlcpy(dest, "(inet_ntop error)", sizeof(dest)); 343 } 344 dest[sizeof(dest)-1] = 0; 345 port = ntohs(((struct sockaddr_in*)addr)->sin_port); 346 if(verbosity >= 4) 347 log_err("%s: %s for %s port %d (len %d)", str, err, dest, 348 (int)port, (int)addrlen); 349 else log_err("%s: %s for %s", str, err, dest); 350} 351 |
|
332int 333sockaddr_cmp(struct sockaddr_storage* addr1, socklen_t len1, 334 struct sockaddr_storage* addr2, socklen_t len2) 335{ 336 struct sockaddr_in* p1_in = (struct sockaddr_in*)addr1; 337 struct sockaddr_in* p2_in = (struct sockaddr_in*)addr2; 338 struct sockaddr_in6* p1_in6 = (struct sockaddr_in6*)addr1; 339 struct sockaddr_in6* p2_in6 = (struct sockaddr_in6*)addr2; --- 248 unchanged lines hidden (view full) --- 588void* listen_sslctx_create(char* key, char* pem, char* verifypem) 589{ 590#ifdef HAVE_SSL 591 SSL_CTX* ctx = SSL_CTX_new(SSLv23_server_method()); 592 if(!ctx) { 593 log_crypto_err("could not SSL_CTX_new"); 594 return NULL; 595 } | 352int 353sockaddr_cmp(struct sockaddr_storage* addr1, socklen_t len1, 354 struct sockaddr_storage* addr2, socklen_t len2) 355{ 356 struct sockaddr_in* p1_in = (struct sockaddr_in*)addr1; 357 struct sockaddr_in* p2_in = (struct sockaddr_in*)addr2; 358 struct sockaddr_in6* p1_in6 = (struct sockaddr_in6*)addr1; 359 struct sockaddr_in6* p2_in6 = (struct sockaddr_in6*)addr2; --- 248 unchanged lines hidden (view full) --- 608void* listen_sslctx_create(char* key, char* pem, char* verifypem) 609{ 610#ifdef HAVE_SSL 611 SSL_CTX* ctx = SSL_CTX_new(SSLv23_server_method()); 612 if(!ctx) { 613 log_crypto_err("could not SSL_CTX_new"); 614 return NULL; 615 } |
596 /* no SSLv2 because has defects */ | 616 /* no SSLv2, SSLv3 because has defects */ |
597 if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)){ 598 log_crypto_err("could not set SSL_OP_NO_SSLv2"); 599 SSL_CTX_free(ctx); 600 return NULL; 601 } | 617 if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)){ 618 log_crypto_err("could not set SSL_OP_NO_SSLv2"); 619 SSL_CTX_free(ctx); 620 return NULL; 621 } |
622 if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)){ 623 log_crypto_err("could not set SSL_OP_NO_SSLv3"); 624 SSL_CTX_free(ctx); 625 return NULL; 626 } |
|
602 if(!SSL_CTX_use_certificate_file(ctx, pem, SSL_FILETYPE_PEM)) { 603 log_err("error for cert file: %s", pem); 604 log_crypto_err("error in SSL_CTX use_certificate_file"); 605 SSL_CTX_free(ctx); 606 return NULL; 607 } 608 if(!SSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM)) { 609 log_err("error for private key file: %s", key); --- 33 unchanged lines hidden (view full) --- 643 log_crypto_err("could not allocate SSL_CTX pointer"); 644 return NULL; 645 } 646 if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)) { 647 log_crypto_err("could not set SSL_OP_NO_SSLv2"); 648 SSL_CTX_free(ctx); 649 return NULL; 650 } | 627 if(!SSL_CTX_use_certificate_file(ctx, pem, SSL_FILETYPE_PEM)) { 628 log_err("error for cert file: %s", pem); 629 log_crypto_err("error in SSL_CTX use_certificate_file"); 630 SSL_CTX_free(ctx); 631 return NULL; 632 } 633 if(!SSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM)) { 634 log_err("error for private key file: %s", key); --- 33 unchanged lines hidden (view full) --- 668 log_crypto_err("could not allocate SSL_CTX pointer"); 669 return NULL; 670 } 671 if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)) { 672 log_crypto_err("could not set SSL_OP_NO_SSLv2"); 673 SSL_CTX_free(ctx); 674 return NULL; 675 } |
676 if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)) { 677 log_crypto_err("could not set SSL_OP_NO_SSLv3"); 678 SSL_CTX_free(ctx); 679 return NULL; 680 } |
|
651 if(key && key[0]) { 652 if(!SSL_CTX_use_certificate_file(ctx, pem, SSL_FILETYPE_PEM)) { 653 log_err("error in client certificate %s", pem); 654 log_crypto_err("error in certificate file"); 655 SSL_CTX_free(ctx); 656 return NULL; 657 } 658 if(!SSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM)) { --- 5 unchanged lines hidden (view full) --- 664 if(!SSL_CTX_check_private_key(ctx)) { 665 log_err("error in client key %s", key); 666 log_crypto_err("error in SSL_CTX_check_private_key"); 667 SSL_CTX_free(ctx); 668 return NULL; 669 } 670 } 671 if(verifypem && verifypem[0]) { | 681 if(key && key[0]) { 682 if(!SSL_CTX_use_certificate_file(ctx, pem, SSL_FILETYPE_PEM)) { 683 log_err("error in client certificate %s", pem); 684 log_crypto_err("error in certificate file"); 685 SSL_CTX_free(ctx); 686 return NULL; 687 } 688 if(!SSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM)) { --- 5 unchanged lines hidden (view full) --- 694 if(!SSL_CTX_check_private_key(ctx)) { 695 log_err("error in client key %s", key); 696 log_crypto_err("error in SSL_CTX_check_private_key"); 697 SSL_CTX_free(ctx); 698 return NULL; 699 } 700 } 701 if(verifypem && verifypem[0]) { |
672 if(!SSL_CTX_load_verify_locations(ctx, verifypem, NULL) != 1) { | 702 if(!SSL_CTX_load_verify_locations(ctx, verifypem, NULL)) { |
673 log_crypto_err("error in SSL_CTX verify"); 674 SSL_CTX_free(ctx); 675 return NULL; 676 } 677 SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); 678 } 679 return ctx; 680#else --- 104 unchanged lines hidden --- | 703 log_crypto_err("error in SSL_CTX verify"); 704 SSL_CTX_free(ctx); 705 return NULL; 706 } 707 SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); 708 } 709 return ctx; 710#else --- 104 unchanged lines hidden --- |