Commit 1388d630 authored by Robert Dubner's avatar Robert Dubner
Browse files

Reformatting tls.c/tls.h

parent 3f93da6a
Pipeline #3661 passed with stage
in 48 minutes and 46 seconds
......@@ -710,24 +710,6 @@ tls_init_ctx(SSL_CONFIGURATION *conf)
SSL_CTX_set_cert_store(ctx, certstore);
}
conf->ca_path_last_reload = time(NULL);
conf->old_x509_store = NULL;
/*
* Disable reloading of cert store if we're not using CA path
*/
if (!conf->ca_path)
{
conf->ca_path_reload_interval = 0;
}
if (conf->ca_path_reload_interval > 0 && conf->ca_path_reload_interval < 300)
{
Debug( LDAP_DEBUG_ANY,
"ca_path_reload_interval is set too low, reset it to 300\n");
conf->ca_path_reload_interval = 300;
}
/*
* We never want SSLv3.
*/
......@@ -888,63 +870,6 @@ tls_init_ctx(SSL_CONFIGURATION *conf)
return ctx;
}
#if 0
void
tls_establish_default_configuration(TLS_SERVER_CONF *conf)
{
DENTER;
// These values copied from a default FreeRADIUS instance trap at
// their tls_init_ctx()
// char const *private_key_password;
// char const *private_key_file;
// char const *certificate_file;
// char const *ca_path;
// char const *ca_file;
// char const *dh_file;
// int include_length;
// int file_type;
// int auto_chain;
// int disable_single_dh_use;
// int min_version;
// int max_version;
// char const *tls_min_version;
// char const *tls_max_version;
// uint32_t fragment_size;
// int check_crl;
// int check_all_crl;
// uint32_t ca_path_reload_interval;
// uint32_t ca_path_last_reload;
// X509_STORE *old_x509_store;
// char const *cipher_list;
// char const *ecdh_curve;
memset(conf,0,sizeof(TLS_SERVER_CONF));
conf->private_key_password = "whatever";
conf->private_key_file = "/usr/local/etc/raddb/certs/server.pem";
conf->certificate_file = "/usr/local/etc/raddb/certs/server.pem";
conf->ca_path = "/usr/local/etc/raddb/certs";
conf->ca_file = "/usr/local/etc/raddb/certs/ca.pem";
conf->dh_file = "/usr/local/etc/raddb/certs/dh";
conf->file_type = (1);
conf->auto_chain = (1);
conf->disable_single_dh_use = (0);
conf->min_version = 0;
conf->max_version = 0;
conf->tls_min_version = "1.2";
conf->tls_max_version = "1.2";
conf->fragment_size = 994;
conf->check_crl = (0);
conf->check_all_crl = (0);
conf->ca_path_reload_interval = 0;
conf->ca_path_last_reload = 0;
conf->old_x509_store = NULL;
conf->cipher_list = "DEFAULT";
conf->ecdh_curve = "prime256v1";
}
#endif
void
tls_session_information(STATE *tls_session)
{
......
......@@ -46,7 +46,6 @@ typedef struct _TLS_INFO
int version;
} TLS_INFO;
typedef struct _SSL_CONFIGURATION
{
// This structure is used after creating a new SSL_CTX context, but before
......@@ -79,9 +78,6 @@ typedef struct _SSL_CONFIGURATION
size_t fragment_size; // Relevant when using UDP packets, where
// // we have to control packet size
size_t ca_path_reload_interval; // In seconds
X509_STORE *old_x509_store; // Persists when creating a new one, so that
// // race conditions are avoided
int tls_min_version; // As of 2021-09-17, probably TLS1_2_VERSION
int tls_max_version; // As of 2021-09-17, probably TLS1_3_VERSION
// // or TLS_MAX_VERSION, or zero for "max supported
......@@ -94,13 +90,13 @@ typedef struct _SSL_CONFIGURATION
int check_cert_issuer;
int check_cert_cn;
int file_type; // Certificate file type; 1 = PEM, 2 = ASN1
char *ca_file; // Certificate Authority file
char *ca_path; // Path to a group of CA files
char *certificate_file; // Path to the primary certificate
char *private_key_file; // Path to the primary certificate's private
char *ca_file; // Certificate Authority file
char *ca_path; // Path to a group of CA files
char *certificate_file; // Path to the primary certificate
char *private_key_file; // Path to the primary certificate's private
// // key file
char *private_key_password; // Needed when the private key is
// // Password protected
// // password protected
//
//char *ecdh_curve;
char *cipher_list;
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment