|
 |
49a8b5 |
diff -up rsyslog-8.2102.0/runtime/nsd_ossl.c.orig rsyslog-8.2102.0/runtime/nsd_ossl.c
|
|
|
49a8b5 |
--- rsyslog-8.2102.0/runtime/nsd_ossl.c.orig 2022-04-15 13:42:05.320615894 +0200
|
|
|
49a8b5 |
+++ rsyslog-8.2102.0/runtime/nsd_ossl.c 2022-04-15 14:33:43.472482696 +0200
|
|
|
49a8b5 |
@@ -609,10 +609,10 @@ finalize_it:
|
|
|
49a8b5 |
}
|
|
|
49a8b5 |
|
|
|
49a8b5 |
static rsRetVal
|
|
|
49a8b5 |
-osslInitSession(nsd_ossl_t *pThis) /* , nsd_ossl_t *pServer) */
|
|
|
49a8b5 |
+osslInitSession(nsd_ossl_t *pThis, osslSslState_t osslType) /* , nsd_ossl_t *pServer) */
|
|
|
49a8b5 |
{
|
|
|
49a8b5 |
DEFiRet;
|
|
|
49a8b5 |
- BIO *client;
|
|
|
49a8b5 |
+ BIO *conn;
|
|
|
49a8b5 |
char pristringBuf[4096];
|
|
|
49a8b5 |
nsd_ptcp_t *pPtcp = (nsd_ptcp_t*) pThis->pTcp;
|
|
|
49a8b5 |
|
|
|
49a8b5 |
@@ -633,10 +633,8 @@ osslInitSession(nsd_ossl_t *pThis) /* ,
|
|
|
49a8b5 |
if (pThis->DrvrVerifyDepth != 0) {
|
|
|
49a8b5 |
SSL_set_verify_depth(pThis->ssl, pThis->DrvrVerifyDepth);
|
|
|
49a8b5 |
}
|
|
|
49a8b5 |
- }
|
|
|
49a8b5 |
-
|
|
|
49a8b5 |
- if (bAnonInit == 1) { /* no mutex needed, read-only after init */
|
|
|
49a8b5 |
- /* Allow ANON Ciphers */
|
|
|
49a8b5 |
+ } else if (bAnonInit == 1 && pThis->gnutlsPriorityString == NULL) {
|
|
|
49a8b5 |
+ /* Allow ANON Ciphers only in ANON Mode and if no custom priority string is defined */
|
|
|
49a8b5 |
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
|
|
|
49a8b5 |
/* NOTE: do never use: +eNULL, it DISABLES encryption! */
|
|
|
49a8b5 |
strncpy(pristringBuf, "ALL:+COMPLEMENTOFDEFAULT:+ADH:+ECDH:+aNULL@SECLEVEL=0",
|
|
|
49a8b5 |
@@ -653,21 +651,28 @@ osslInitSession(nsd_ossl_t *pThis) /* ,
|
|
|
49a8b5 |
}
|
|
|
49a8b5 |
}
|
|
|
49a8b5 |
|
|
|
49a8b5 |
- /* Create BIO from ptcp socket! */
|
|
|
49a8b5 |
- client = BIO_new_socket(pPtcp->sock, BIO_CLOSE /*BIO_NOCLOSE*/);
|
|
|
49a8b5 |
- dbgprintf("osslInitSession: Init client BIO[%p] done\n", (void *)client);
|
|
|
49a8b5 |
|
|
|
49a8b5 |
- /* Set debug Callback for client BIO as well! */
|
|
|
49a8b5 |
- BIO_set_callback(client, BIO_debug_callback);
|
|
|
49a8b5 |
+ /* Create BIO from ptcp socket! */
|
|
|
49a8b5 |
+ conn = BIO_new_socket(pPtcp->sock, BIO_CLOSE /*BIO_NOCLOSE*/);
|
|
|
49a8b5 |
+ dbgprintf("osslInitSession: Init conn BIO[%p] done\n", (void *)conn);
|
|
|
49a8b5 |
|
|
|
49a8b5 |
-/* TODO: still needed? Set to NON blocking ! */
|
|
|
49a8b5 |
-BIO_set_nbio( client, 1 );
|
|
|
49a8b5 |
+ /* Set debug Callback for conn BIO as well! */
|
|
|
49a8b5 |
+ BIO_set_callback(conn, BIO_debug_callback);
|
|
|
49a8b5 |
|
|
|
49a8b5 |
- SSL_set_bio(pThis->ssl, client, client);
|
|
|
49a8b5 |
- SSL_set_accept_state(pThis->ssl); /* sets ssl to work in server mode. */
|
|
|
49a8b5 |
+ /* TODO: still needed? Set to NON blocking ! */
|
|
|
49a8b5 |
+ BIO_set_nbio( conn, 1 );
|
|
|
49a8b5 |
+ SSL_set_bio(pThis->ssl, conn, conn);
|
|
|
49a8b5 |
|
|
|
49a8b5 |
+ if (osslType == osslServer) {
|
|
|
49a8b5 |
+ /* Server Socket */
|
|
|
49a8b5 |
+ SSL_set_accept_state(pThis->ssl); /* sets ssl to work in server mode. */
|
|
|
49a8b5 |
+ pThis->sslState = osslServer; /*set Server state */
|
|
|
49a8b5 |
+ } else {
|
|
|
49a8b5 |
+ /* Client Socket */
|
|
|
49a8b5 |
+ SSL_set_connect_state(pThis->ssl); /*sets ssl to work in client mode.*/
|
|
|
49a8b5 |
+ pThis->sslState = osslClient; /*set Client state */
|
|
|
49a8b5 |
+ }
|
|
|
49a8b5 |
pThis->bHaveSess = 1;
|
|
|
49a8b5 |
- pThis->sslState = osslServer; /*set Server state */
|
|
|
49a8b5 |
|
|
|
49a8b5 |
/* we are done */
|
|
|
49a8b5 |
FINALIZE;
|
|
|
49a8b5 |
@@ -1136,8 +1141,8 @@ SetAuthMode(nsd_t *const pNsd, uchar *co
|
|
|
49a8b5 |
ABORT_FINALIZE(RS_RET_VALUE_NOT_SUPPORTED);
|
|
|
49a8b5 |
}
|
|
|
49a8b5 |
|
|
|
49a8b5 |
- /* Init Anon OpenSSL stuff */
|
|
|
49a8b5 |
- CHKiRet(osslAnonInit());
|
|
|
49a8b5 |
+ /* Init Anon OpenSSL stuff */
|
|
|
49a8b5 |
+ CHKiRet(osslAnonInit());
|
|
|
49a8b5 |
|
|
|
49a8b5 |
dbgprintf("SetAuthMode: Set Mode %s/%d\n", mode, pThis->authMode);
|
|
|
49a8b5 |
|
|
|
49a8b5 |
@@ -1394,8 +1399,9 @@ osslPostHandshakeCheck(nsd_ossl_t *pNsd)
|
|
|
49a8b5 |
|
|
|
49a8b5 |
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
|
|
|
49a8b5 |
if(SSL_get_shared_curve(pNsd->ssl, -1) == 0) {
|
|
|
49a8b5 |
- LogError(0, RS_RET_NO_ERRCODE, "nsd_ossl:"
|
|
|
49a8b5 |
- "No shared curve between syslog client and server.");
|
|
|
49a8b5 |
+ // This is not a failure
|
|
|
49a8b5 |
+ LogMsg(0, RS_RET_NO_ERRCODE, LOG_INFO, "nsd_ossl: "
|
|
|
49a8b5 |
+ "Information, no shared curve between syslog client and server");
|
|
|
49a8b5 |
}
|
|
|
49a8b5 |
#endif
|
|
|
49a8b5 |
sslCipher = (const SSL_CIPHER*) SSL_get_current_cipher(pNsd->ssl);
|
|
|
49a8b5 |
@@ -1518,7 +1524,7 @@ AcceptConnReq(nsd_t *pNsd, nsd_t **ppNew
|
|
|
49a8b5 |
pNew->permitExpiredCerts = pThis->permitExpiredCerts;
|
|
|
49a8b5 |
pNew->pPermPeers = pThis->pPermPeers;
|
|
|
49a8b5 |
pNew->DrvrVerifyDepth = pThis->DrvrVerifyDepth;
|
|
|
49a8b5 |
- CHKiRet(osslInitSession(pNew));
|
|
|
49a8b5 |
+ CHKiRet(osslInitSession(pNew, osslServer));
|
|
|
49a8b5 |
|
|
|
49a8b5 |
/* Store nsd_ossl_t* reference in SSL obj */
|
|
|
49a8b5 |
SSL_set_ex_data(pNew->ssl, 0, pThis);
|
|
|
49a8b5 |
@@ -1729,9 +1735,6 @@ Connect(nsd_t *pNsd, int family, uchar *
|
|
|
49a8b5 |
DEFiRet;
|
|
|
49a8b5 |
DBGPRINTF("openssl: entering Connect family=%d, device=%s\n", family, device);
|
|
|
49a8b5 |
nsd_ossl_t* pThis = (nsd_ossl_t*) pNsd;
|
|
|
49a8b5 |
- nsd_ptcp_t* pPtcp = (nsd_ptcp_t*) pThis->pTcp;
|
|
|
49a8b5 |
- BIO *conn;
|
|
|
49a8b5 |
- char pristringBuf[4096];
|
|
|
49a8b5 |
|
|
|
49a8b5 |
ISOBJ_TYPE_assert(pThis, nsd_ossl);
|
|
|
49a8b5 |
assert(port != NULL);
|
|
|
49a8b5 |
@@ -1745,61 +1748,13 @@ Connect(nsd_t *pNsd, int family, uchar *
|
|
|
49a8b5 |
FINALIZE;
|
|
|
49a8b5 |
}
|
|
|
49a8b5 |
|
|
|
49a8b5 |
- /* Create BIO from ptcp socket! */
|
|
|
49a8b5 |
- conn = BIO_new_socket(pPtcp->sock, BIO_CLOSE /*BIO_NOCLOSE*/);
|
|
|
49a8b5 |
- dbgprintf("Connect: Init conn BIO[%p] done\n", (void *)conn);
|
|
|
49a8b5 |
-
|
|
|
49a8b5 |
LogMsg(0, RS_RET_NO_ERRCODE, LOG_INFO, "nsd_ossl: "
|
|
|
49a8b5 |
"TLS Connection initiated with remote syslog server.");
|
|
|
49a8b5 |
/*if we reach this point we are in tls mode */
|
|
|
49a8b5 |
DBGPRINTF("Connect: TLS Mode\n");
|
|
|
49a8b5 |
- if(!(pThis->ssl = SSL_new(ctx))) {
|
|
|
49a8b5 |
- pThis->ssl = NULL;
|
|
|
49a8b5 |
- osslLastSSLErrorMsg(0, pThis->ssl, LOG_ERR, "Connect");
|
|
|
49a8b5 |
- ABORT_FINALIZE(RS_RET_NO_ERRCODE);
|
|
|
49a8b5 |
- }
|
|
|
49a8b5 |
|
|
|
49a8b5 |
- // Set SSL_MODE_AUTO_RETRY to SSL obj
|
|
|
49a8b5 |
- SSL_set_mode(pThis->ssl, SSL_MODE_AUTO_RETRY);
|
|
|
49a8b5 |
-
|
|
|
49a8b5 |
- if (pThis->authMode != OSSL_AUTH_CERTANON) {
|
|
|
49a8b5 |
- dbgprintf("Connect: enable certificate checking (Mode=%d, VerifyDepth=%d)\n",
|
|
|
49a8b5 |
- pThis->authMode, pThis->DrvrVerifyDepth);
|
|
|
49a8b5 |
- /* Enable certificate valid checking */
|
|
|
49a8b5 |
- SSL_set_verify(pThis->ssl, SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT, verify_callback);
|
|
|
49a8b5 |
- if (pThis->DrvrVerifyDepth != 0) {
|
|
|
49a8b5 |
- SSL_set_verify_depth(pThis->ssl, pThis->DrvrVerifyDepth);
|
|
|
49a8b5 |
- }
|
|
|
49a8b5 |
- }
|
|
|
49a8b5 |
-
|
|
|
49a8b5 |
- if (bAnonInit == 1) { /* no mutex needed, read-only after init */
|
|
|
49a8b5 |
- /* Allow ANON Ciphers */
|
|
|
49a8b5 |
- #if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
|
|
|
49a8b5 |
- /* NOTE: do never use: +eNULL, it DISABLES encryption! */
|
|
|
49a8b5 |
- strncpy(pristringBuf, "ALL:+COMPLEMENTOFDEFAULT:+ADH:+ECDH:+aNULL@SECLEVEL=0",
|
|
|
49a8b5 |
- sizeof(pristringBuf));
|
|
|
49a8b5 |
- #else
|
|
|
49a8b5 |
- strncpy(pristringBuf, "ALL:+COMPLEMENTOFDEFAULT:+ADH:+ECDH:+aNULL",
|
|
|
49a8b5 |
- sizeof(pristringBuf));
|
|
|
49a8b5 |
- #endif
|
|
|
49a8b5 |
-
|
|
|
49a8b5 |
- dbgprintf("Connect: setting anon ciphers: %s\n", pristringBuf);
|
|
|
49a8b5 |
- if ( SSL_set_cipher_list(pThis->ssl, pristringBuf) == 0 ){
|
|
|
49a8b5 |
- dbgprintf("Connect: Error setting ciphers '%s'\n", pristringBuf);
|
|
|
49a8b5 |
- ABORT_FINALIZE(RS_RET_SYS_ERR);
|
|
|
49a8b5 |
- }
|
|
|
49a8b5 |
- }
|
|
|
49a8b5 |
-
|
|
|
49a8b5 |
- /* Set debug Callback for client BIO as well! */
|
|
|
49a8b5 |
- BIO_set_callback(conn, BIO_debug_callback);
|
|
|
49a8b5 |
-
|
|
|
49a8b5 |
-/* TODO: still needed? Set to NON blocking ! */
|
|
|
49a8b5 |
-BIO_set_nbio( conn, 1 );
|
|
|
49a8b5 |
-
|
|
|
49a8b5 |
- SSL_set_bio(pThis->ssl, conn, conn);
|
|
|
49a8b5 |
- SSL_set_connect_state(pThis->ssl); /*sets ssl to work in client mode.*/
|
|
|
49a8b5 |
- pThis->sslState = osslClient; /*set Client state */
|
|
|
49a8b5 |
- pThis->bHaveSess = 1;
|
|
|
49a8b5 |
+ /* Do SSL Session init */
|
|
|
49a8b5 |
+ CHKiRet(osslInitSession(pThis, osslClient));
|
|
|
49a8b5 |
|
|
|
49a8b5 |
/* Store nsd_ossl_t* reference in SSL obj */
|
|
|
49a8b5 |
SSL_set_ex_data(pThis->ssl, 0, pThis);
|
|
|
49a8b5 |
@@ -1828,90 +1783,106 @@ SetGnutlsPriorityString(nsd_t *const pNs
|
|
|
49a8b5 |
nsd_ossl_t* pThis = (nsd_ossl_t*) pNsd;
|
|
|
49a8b5 |
ISOBJ_TYPE_assert(pThis, nsd_ossl);
|
|
|
49a8b5 |
|
|
|
49a8b5 |
- pThis->gnutlsPriorityString = gnutlsPriorityString;
|
|
|
49a8b5 |
+ dbgprintf("gnutlsPriorityString: set to '%s'\n",
|
|
|
49a8b5 |
+ (gnutlsPriorityString != NULL ? (char*)gnutlsPriorityString : "NULL"));
|
|
|
49a8b5 |
|
|
|
49a8b5 |
/* Skip function if function is NULL gnutlsPriorityString */
|
|
|
49a8b5 |
- if (gnutlsPriorityString == NULL) {
|
|
|
49a8b5 |
- RETiRet;
|
|
|
49a8b5 |
- } else {
|
|
|
49a8b5 |
- dbgprintf("gnutlsPriorityString: set to '%s'\n", gnutlsPriorityString);
|
|
|
49a8b5 |
#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
|
|
|
49a8b5 |
- char *pCurrentPos;
|
|
|
49a8b5 |
- char *pNextPos;
|
|
|
49a8b5 |
- char *pszCmd;
|
|
|
49a8b5 |
- char *pszValue;
|
|
|
49a8b5 |
- int iConfErr;
|
|
|
49a8b5 |
-
|
|
|
49a8b5 |
- /* Set working pointer */
|
|
|
49a8b5 |
- pCurrentPos = (char*) pThis->gnutlsPriorityString;
|
|
|
49a8b5 |
- if (pCurrentPos != NULL && strlen(pCurrentPos) > 0) {
|
|
|
49a8b5 |
- // Create CTX Config Helper
|
|
|
49a8b5 |
- SSL_CONF_CTX *cctx;
|
|
|
49a8b5 |
- cctx = SSL_CONF_CTX_new();
|
|
|
49a8b5 |
- if (pThis->sslState == osslServer) {
|
|
|
49a8b5 |
- SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_SERVER);
|
|
|
49a8b5 |
- } else {
|
|
|
49a8b5 |
- SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CLIENT);
|
|
|
49a8b5 |
- }
|
|
|
49a8b5 |
- SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_FILE);
|
|
|
49a8b5 |
- SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_SHOW_ERRORS);
|
|
|
49a8b5 |
- SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
|
|
|
49a8b5 |
-
|
|
|
49a8b5 |
- do
|
|
|
49a8b5 |
- {
|
|
|
49a8b5 |
- pNextPos = index(pCurrentPos, '=');
|
|
|
49a8b5 |
- if (pNextPos != NULL) {
|
|
|
49a8b5 |
- while ( *pCurrentPos != '\0' &&
|
|
|
49a8b5 |
- (*pCurrentPos == ' ' || *pCurrentPos == '\t') )
|
|
|
49a8b5 |
- pCurrentPos++;
|
|
|
49a8b5 |
- pszCmd = strndup(pCurrentPos, pNextPos-pCurrentPos);
|
|
|
49a8b5 |
- pCurrentPos = pNextPos+1;
|
|
|
49a8b5 |
- pNextPos = index(pCurrentPos, '\n');
|
|
|
49a8b5 |
- pszValue = (pNextPos == NULL ?
|
|
|
49a8b5 |
- strdup(pCurrentPos) :
|
|
|
49a8b5 |
- strndup(pCurrentPos, pNextPos - pCurrentPos));
|
|
|
49a8b5 |
- pCurrentPos = (pNextPos == NULL ? NULL : pNextPos+1);
|
|
|
49a8b5 |
-
|
|
|
49a8b5 |
- /* Add SSL Conf Command */
|
|
|
49a8b5 |
- iConfErr = SSL_CONF_cmd(cctx, pszCmd, pszValue);
|
|
|
49a8b5 |
- if (iConfErr > 0) {
|
|
|
49a8b5 |
- dbgprintf("gnutlsPriorityString: Successfully added Command "
|
|
|
49a8b5 |
- "'%s':'%s'\n",
|
|
|
49a8b5 |
- pszCmd, pszValue);
|
|
|
49a8b5 |
- }
|
|
|
49a8b5 |
- else {
|
|
|
49a8b5 |
- LogError(0, RS_RET_SYS_ERR, "Failed to added Command: %s:'%s' "
|
|
|
49a8b5 |
- "in gnutlsPriorityString with error '%d'",
|
|
|
49a8b5 |
- pszCmd, pszValue, iConfErr);
|
|
|
49a8b5 |
- }
|
|
|
49a8b5 |
+ sbool ApplySettings = 0;
|
|
|
49a8b5 |
+ if ((gnutlsPriorityString != NULL && pThis->gnutlsPriorityString == NULL) ||
|
|
|
49a8b5 |
+ (gnutlsPriorityString != NULL &&
|
|
|
49a8b5 |
+ strcmp( (const char*)pThis->gnutlsPriorityString, (const char*)gnutlsPriorityString) != 0)
|
|
|
49a8b5 |
+ ) {
|
|
|
49a8b5 |
+ ApplySettings = 1;
|
|
|
49a8b5 |
+ }
|
|
|
49a8b5 |
+
|
|
|
49a8b5 |
+ pThis->gnutlsPriorityString = gnutlsPriorityString;
|
|
|
49a8b5 |
+ dbgprintf("gnutlsPriorityString: set to '%s' Apply %s\n",
|
|
|
49a8b5 |
+ (gnutlsPriorityString != NULL ? (char*)gnutlsPriorityString : "NULL"),
|
|
|
49a8b5 |
+ (ApplySettings == 1? "TRUE" : "FALSE"));
|
|
|
49a8b5 |
|
|
|
49a8b5 |
- free(pszCmd);
|
|
|
49a8b5 |
- free(pszValue);
|
|
|
49a8b5 |
+ if (ApplySettings) {
|
|
|
49a8b5 |
+
|
|
|
49a8b5 |
+ if (gnutlsPriorityString == NULL || ctx == NULL) {
|
|
|
49a8b5 |
+ RETiRet;
|
|
|
49a8b5 |
+ } else {
|
|
|
49a8b5 |
+ dbgprintf("gnutlsPriorityString: set to '%s'\n", gnutlsPriorityString);
|
|
|
49a8b5 |
+ char *pCurrentPos;
|
|
|
49a8b5 |
+ char *pNextPos;
|
|
|
49a8b5 |
+ char *pszCmd;
|
|
|
49a8b5 |
+ char *pszValue;
|
|
|
49a8b5 |
+ int iConfErr;
|
|
|
49a8b5 |
+
|
|
|
49a8b5 |
+ /* Set working pointer */
|
|
|
49a8b5 |
+ pCurrentPos = (char*) pThis->gnutlsPriorityString;
|
|
|
49a8b5 |
+ if (pCurrentPos != NULL && strlen(pCurrentPos) > 0) {
|
|
|
49a8b5 |
+ // Create CTX Config Helper
|
|
|
49a8b5 |
+ SSL_CONF_CTX *cctx;
|
|
|
49a8b5 |
+ cctx = SSL_CONF_CTX_new();
|
|
|
49a8b5 |
+ if (pThis->sslState == osslServer) {
|
|
|
49a8b5 |
+ SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_SERVER);
|
|
|
49a8b5 |
} else {
|
|
|
49a8b5 |
- /* Abort further parsing */
|
|
|
49a8b5 |
- pCurrentPos = NULL;
|
|
|
49a8b5 |
+ SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CLIENT);
|
|
|
49a8b5 |
}
|
|
|
49a8b5 |
- }
|
|
|
49a8b5 |
- while (pCurrentPos != NULL);
|
|
|
49a8b5 |
+ SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_FILE);
|
|
|
49a8b5 |
+ SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_SHOW_ERRORS);
|
|
|
49a8b5 |
+ SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
|
|
|
49a8b5 |
+
|
|
|
49a8b5 |
+ do
|
|
|
49a8b5 |
+ {
|
|
|
49a8b5 |
+ pNextPos = index(pCurrentPos, '=');
|
|
|
49a8b5 |
+ if (pNextPos != NULL) {
|
|
|
49a8b5 |
+ while ( *pCurrentPos != '\0' &&
|
|
|
49a8b5 |
+ (*pCurrentPos == ' ' || *pCurrentPos == '\t') )
|
|
|
49a8b5 |
+ pCurrentPos++;
|
|
|
49a8b5 |
+ pszCmd = strndup(pCurrentPos, pNextPos-pCurrentPos);
|
|
|
49a8b5 |
+ pCurrentPos = pNextPos+1;
|
|
|
49a8b5 |
+ pNextPos = index(pCurrentPos, '\n');
|
|
|
49a8b5 |
+ pszValue = (pNextPos == NULL ?
|
|
|
49a8b5 |
+ strdup(pCurrentPos) :
|
|
|
49a8b5 |
+ strndup(pCurrentPos, pNextPos - pCurrentPos));
|
|
|
49a8b5 |
+ pCurrentPos = (pNextPos == NULL ? NULL : pNextPos+1);
|
|
|
49a8b5 |
+
|
|
|
49a8b5 |
+ /* Add SSL Conf Command */
|
|
|
49a8b5 |
+ iConfErr = SSL_CONF_cmd(cctx, pszCmd, pszValue);
|
|
|
49a8b5 |
+ if (iConfErr > 0) {
|
|
|
49a8b5 |
+ dbgprintf("gnutlsPriorityString: Successfully added Command "
|
|
|
49a8b5 |
+ "'%s':'%s'\n",
|
|
|
49a8b5 |
+ pszCmd, pszValue);
|
|
|
49a8b5 |
+ }
|
|
|
49a8b5 |
+ else {
|
|
|
49a8b5 |
+ LogError(0, RS_RET_SYS_ERR, "Failed to added Command: %s:'%s' "
|
|
|
49a8b5 |
+ "in gnutlsPriorityString with error '%d'",
|
|
|
49a8b5 |
+ pszCmd, pszValue, iConfErr);
|
|
|
49a8b5 |
+ }
|
|
|
49a8b5 |
+
|
|
|
49a8b5 |
+ free(pszCmd);
|
|
|
49a8b5 |
+ free(pszValue);
|
|
|
49a8b5 |
+ } else {
|
|
|
49a8b5 |
+ /* Abort further parsing */
|
|
|
49a8b5 |
+ pCurrentPos = NULL;
|
|
|
49a8b5 |
+ }
|
|
|
49a8b5 |
+ }
|
|
|
49a8b5 |
+ while (pCurrentPos != NULL);
|
|
|
49a8b5 |
|
|
|
49a8b5 |
- /* Finalize SSL Conf */
|
|
|
49a8b5 |
- iConfErr = SSL_CONF_CTX_finish(cctx);
|
|
|
49a8b5 |
- if (!iConfErr) {
|
|
|
49a8b5 |
- LogError(0, RS_RET_SYS_ERR, "Error: setting openssl command parameters: %s"
|
|
|
49a8b5 |
- "Open ssl error info may follow in next messages",
|
|
|
49a8b5 |
- pThis->gnutlsPriorityString);
|
|
|
49a8b5 |
- osslLastSSLErrorMsg(0, NULL, LOG_ERR, "SetGnutlsPriorityString");
|
|
|
49a8b5 |
+ /* Finalize SSL Conf */
|
|
|
49a8b5 |
+ iConfErr = SSL_CONF_CTX_finish(cctx);
|
|
|
49a8b5 |
+ if (!iConfErr) {
|
|
|
49a8b5 |
+ LogError(0, RS_RET_SYS_ERR, "Error: setting openssl command parameters: %s"
|
|
|
49a8b5 |
+ "Open ssl error info may follow in next messages",
|
|
|
49a8b5 |
+ pThis->gnutlsPriorityString);
|
|
|
49a8b5 |
+ osslLastSSLErrorMsg(0, NULL, LOG_ERR, "SetGnutlsPriorityString");
|
|
|
49a8b5 |
+ }
|
|
|
49a8b5 |
+ SSL_CONF_CTX_free(cctx);
|
|
|
49a8b5 |
}
|
|
|
49a8b5 |
- SSL_CONF_CTX_free(cctx);
|
|
|
49a8b5 |
}
|
|
|
49a8b5 |
+ }
|
|
|
49a8b5 |
#else
|
|
|
49a8b5 |
- dbgprintf("gnutlsPriorityString: set to '%s'\n", gnutlsPriorityString);
|
|
|
49a8b5 |
- LogError(0, RS_RET_SYS_ERR, "Warning: TLS library does not support SSL_CONF_cmd API"
|
|
|
49a8b5 |
- "(maybe it is too old?). Cannot use gnutlsPriorityString ('%s'). For more see: "
|
|
|
49a8b5 |
- "https://www.rsyslog.com/doc/master/configuration/modules/imtcp.html#gnutlsprioritystring",
|
|
|
49a8b5 |
- gnutlsPriorityString);
|
|
|
49a8b5 |
+ LogError(0, RS_RET_SYS_ERR, "Warning: TLS library does not support SSL_CONF_cmd API"
|
|
|
49a8b5 |
+ "(maybe it is too old?). Cannot use gnutlsPriorityString ('%s'). For more see: "
|
|
|
49a8b5 |
+ "https://www.rsyslog.com/doc/master/configuration/modules/imtcp.html#gnutlsprioritystring",
|
|
|
49a8b5 |
+ gnutlsPriorityString);
|
|
|
49a8b5 |
#endif
|
|
|
49a8b5 |
- }
|
|
|
49a8b5 |
|
|
|
49a8b5 |
RETiRet;
|
|
|
49a8b5 |
}
|