Changeset View
Changeset View
Standalone View
Standalone View
contrib/openbsm/bin/auditdistd/proto_tls.c
| Show First 20 Lines • Show All 365 Lines • ▼ Show 20 Lines | #endif | ||||||||||||
| if (daddr == NULL) | if (daddr == NULL) | ||||||||||||
| pjdlog_exitx(EX_TEMPFAIL, "Unable to allocate memory."); | pjdlog_exitx(EX_TEMPFAIL, "Unable to allocate memory."); | ||||||||||||
| bcopy("tcp://", daddr, 6); | bcopy("tcp://", daddr, 6); | ||||||||||||
| /* Establish TCP connection. */ | /* Establish TCP connection. */ | ||||||||||||
| if (proto_connect(saddr, daddr, timeout, &tcp) == -1) | if (proto_connect(saddr, daddr, timeout, &tcp) == -1) | ||||||||||||
| exit(EX_TEMPFAIL); | exit(EX_TEMPFAIL); | ||||||||||||
| #if OPENSSL_VERSION_NUMBER < 0x10100000L | |||||||||||||
| SSL_load_error_strings(); | SSL_load_error_strings(); | ||||||||||||
| SSL_library_init(); | SSL_library_init(); | ||||||||||||
| #endif | |||||||||||||
ngie: Why not just delete the code, given that all supported versions of FreeBSD come with 1.1.1? | |||||||||||||
| /* | /* | ||||||||||||
| * TODO: On FreeBSD we could move this below sandbox() once libc and | * TODO: On FreeBSD we could move this below sandbox() once libc and | ||||||||||||
| * libcrypto use sysctl kern.arandom to obtain random data | * libcrypto use sysctl kern.arandom to obtain random data | ||||||||||||
| * instead of /dev/urandom and friends. | * instead of /dev/urandom and friends. | ||||||||||||
| */ | */ | ||||||||||||
| sslctx = SSL_CTX_new(TLS_client_method()); | sslctx = SSL_CTX_new(TLS_client_method()); | ||||||||||||
| if (sslctx == NULL) | if (sslctx == NULL) | ||||||||||||
| ▲ Show 20 Lines • Show All 274 Lines • ▼ Show 20 Lines | tls_exec_server(const char *user, int startfd, const char *privkey, | ||||||||||||
| pjdlog_prefix_set("[TLS sandbox] (server) "); | pjdlog_prefix_set("[TLS sandbox] (server) "); | ||||||||||||
| #ifdef HAVE_SETPROCTITLE | #ifdef HAVE_SETPROCTITLE | ||||||||||||
| setproctitle("[TLS sandbox] (server) "); | setproctitle("[TLS sandbox] (server) "); | ||||||||||||
| #endif | #endif | ||||||||||||
| sockfd = startfd; | sockfd = startfd; | ||||||||||||
| tcpfd = startfd + 1; | tcpfd = startfd + 1; | ||||||||||||
| #if OPENSSL_VERSION_NUMBER < 0x10100000L | |||||||||||||
| SSL_load_error_strings(); | SSL_load_error_strings(); | ||||||||||||
| SSL_library_init(); | SSL_library_init(); | ||||||||||||
| #endif | |||||||||||||
ngieUnsubmitted Not Done Inline Actions
Why not just delete the code, given that all supported versions of FreeBSD come with 1.1.1? ngie: Why not just delete the code, given that all supported versions of FreeBSD come with 1.1.1? | |||||||||||||
| sslctx = SSL_CTX_new(TLS_server_method()); | sslctx = SSL_CTX_new(TLS_server_method()); | ||||||||||||
| if (sslctx == NULL) | if (sslctx == NULL) | ||||||||||||
| pjdlog_exitx(EX_TEMPFAIL, "SSL_CTX_new() failed."); | pjdlog_exitx(EX_TEMPFAIL, "SSL_CTX_new() failed."); | ||||||||||||
| SSL_CTX_set_options(sslctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); | SSL_CTX_set_options(sslctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); | ||||||||||||
| ssl = SSL_new(sslctx); | ssl = SSL_new(sslctx); | ||||||||||||
| ▲ Show 20 Lines • Show All 399 Lines • Show Last 20 Lines | |||||||||||||
Why not just delete the code, given that all supported versions of FreeBSD come with 1.1.1?