Changeset View
Changeset View
Standalone View
Standalone View
contrib/openbsm/bin/auditdistd/proto_tls.c
Show First 20 Lines • Show All 365 Lines • ▼ Show 20 Lines | #endif | ||||||||||||
if (daddr == NULL) | if (daddr == NULL) | ||||||||||||
pjdlog_exitx(EX_TEMPFAIL, "Unable to allocate memory."); | pjdlog_exitx(EX_TEMPFAIL, "Unable to allocate memory."); | ||||||||||||
bcopy("tcp://", daddr, 6); | bcopy("tcp://", daddr, 6); | ||||||||||||
/* Establish TCP connection. */ | /* Establish TCP connection. */ | ||||||||||||
if (proto_connect(saddr, daddr, timeout, &tcp) == -1) | if (proto_connect(saddr, daddr, timeout, &tcp) == -1) | ||||||||||||
exit(EX_TEMPFAIL); | exit(EX_TEMPFAIL); | ||||||||||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L | |||||||||||||
SSL_load_error_strings(); | SSL_load_error_strings(); | ||||||||||||
SSL_library_init(); | SSL_library_init(); | ||||||||||||
#endif | |||||||||||||
ngie: Why not just delete the code, given that all supported versions of FreeBSD come with 1.1.1? | |||||||||||||
/* | /* | ||||||||||||
* TODO: On FreeBSD we could move this below sandbox() once libc and | * TODO: On FreeBSD we could move this below sandbox() once libc and | ||||||||||||
* libcrypto use sysctl kern.arandom to obtain random data | * libcrypto use sysctl kern.arandom to obtain random data | ||||||||||||
* instead of /dev/urandom and friends. | * instead of /dev/urandom and friends. | ||||||||||||
*/ | */ | ||||||||||||
sslctx = SSL_CTX_new(TLS_client_method()); | sslctx = SSL_CTX_new(TLS_client_method()); | ||||||||||||
if (sslctx == NULL) | if (sslctx == NULL) | ||||||||||||
▲ Show 20 Lines • Show All 274 Lines • ▼ Show 20 Lines | tls_exec_server(const char *user, int startfd, const char *privkey, | ||||||||||||
pjdlog_prefix_set("[TLS sandbox] (server) "); | pjdlog_prefix_set("[TLS sandbox] (server) "); | ||||||||||||
#ifdef HAVE_SETPROCTITLE | #ifdef HAVE_SETPROCTITLE | ||||||||||||
setproctitle("[TLS sandbox] (server) "); | setproctitle("[TLS sandbox] (server) "); | ||||||||||||
#endif | #endif | ||||||||||||
sockfd = startfd; | sockfd = startfd; | ||||||||||||
tcpfd = startfd + 1; | tcpfd = startfd + 1; | ||||||||||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L | |||||||||||||
SSL_load_error_strings(); | SSL_load_error_strings(); | ||||||||||||
SSL_library_init(); | SSL_library_init(); | ||||||||||||
#endif | |||||||||||||
ngieUnsubmitted Not Done Inline Actions
Why not just delete the code, given that all supported versions of FreeBSD come with 1.1.1? ngie: Why not just delete the code, given that all supported versions of FreeBSD come with 1.1.1? | |||||||||||||
sslctx = SSL_CTX_new(TLS_server_method()); | sslctx = SSL_CTX_new(TLS_server_method()); | ||||||||||||
if (sslctx == NULL) | if (sslctx == NULL) | ||||||||||||
pjdlog_exitx(EX_TEMPFAIL, "SSL_CTX_new() failed."); | pjdlog_exitx(EX_TEMPFAIL, "SSL_CTX_new() failed."); | ||||||||||||
SSL_CTX_set_options(sslctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); | SSL_CTX_set_options(sslctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); | ||||||||||||
ssl = SSL_new(sslctx); | ssl = SSL_new(sslctx); | ||||||||||||
▲ Show 20 Lines • Show All 399 Lines • Show Last 20 Lines |
Why not just delete the code, given that all supported versions of FreeBSD come with 1.1.1?