diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-08-05 09:54:32 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-08-05 09:54:32 +0000 |
commit | ab42b8cfd86a186447528e538ec0ae94751cfc1d (patch) | |
tree | 4fa03c118292ab8801a30fc83e53a1958426b54c /runtime | |
parent | Adding upstream version 8.2404.0. (diff) | |
download | rsyslog-ab42b8cfd86a186447528e538ec0ae94751cfc1d.tar.xz rsyslog-ab42b8cfd86a186447528e538ec0ae94751cfc1d.zip |
Adding upstream version 8.2406.0.upstream/8.2406.0upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | runtime/glbl.c | 25 | ||||
-rw-r--r-- | runtime/glbl.h | 1 | ||||
-rw-r--r-- | runtime/net_ossl.c | 97 | ||||
-rw-r--r-- | runtime/net_ossl.h | 5 | ||||
-rw-r--r-- | runtime/netstrms.c | 4 | ||||
-rw-r--r-- | runtime/netstrms.h | 1 | ||||
-rw-r--r-- | runtime/nsd.h | 1 | ||||
-rw-r--r-- | runtime/nsd_gtls.c | 1 | ||||
-rw-r--r-- | runtime/nsd_ossl.c | 4 | ||||
-rw-r--r-- | runtime/nsd_ptcp.c | 2 | ||||
-rw-r--r-- | runtime/rsconf.h | 1 | ||||
-rw-r--r-- | runtime/srutils.c | 25 | ||||
-rw-r--r-- | runtime/tcpsrv.c | 1 |
13 files changed, 152 insertions, 16 deletions
diff --git a/runtime/glbl.c b/runtime/glbl.c index 6b4cb29..84cd7b2 100644 --- a/runtime/glbl.c +++ b/runtime/glbl.c @@ -119,6 +119,7 @@ static struct cnfparamdescr cnfparamdescr[] = { { "defaultnetstreamdriverkeyfile", eCmdHdlrString, 0 }, { "defaultnetstreamdrivercertfile", eCmdHdlrString, 0 }, { "defaultnetstreamdriver", eCmdHdlrString, 0 }, + { "defaultopensslengine", eCmdHdlrString, 0 }, { "netstreamdrivercaextrafiles", eCmdHdlrString, 0 }, { "maxmessagesize", eCmdHdlrSize, 0 }, { "oversizemsg.errorfile", eCmdHdlrGetWord, 0 }, @@ -519,6 +520,15 @@ setDfltNetstrmDrvr(void __attribute__((unused)) *pVal, uchar *pNewVal) { } static rsRetVal +setDfltOpensslEngine(void __attribute__((unused)) *pVal, uchar *pNewVal) { + DEFiRet; + free(loadConf->globals.pszDfltOpensslEngine); + loadConf->globals.pszDfltOpensslEngine = pNewVal; + RETiRet; +} + + +static rsRetVal setParserControlCharacterEscapePrefix(void __attribute__((unused)) *pVal, uchar *pNewVal) { DEFiRet; loadConf->globals.parser.cCCEscapeChar = *pNewVal; @@ -904,6 +914,13 @@ GetDfltNetstrmDrvr(rsconf_t *cnf) return(cnf->globals.pszDfltNetstrmDrvr == NULL ? DFLT_NETSTRM_DRVR : cnf->globals.pszDfltNetstrmDrvr); } +/* return the current default openssl engine name */ +static uchar* +GetDfltOpensslEngine(rsconf_t *cnf) +{ + return(cnf->globals.pszDfltOpensslEngine); +} + /* [ar] Source IP for local client to be used on multihomed host */ static rsRetVal SetSourceIPofLocalClient(uchar *newname) @@ -952,6 +969,7 @@ CODESTARTobjQueryInterface(glbl) pIf->GetDfltNetstrmDrvrCertFile = GetDfltNetstrmDrvrCertFile; pIf->GetDfltNetstrmDrvrKeyFile = GetDfltNetstrmDrvrKeyFile; pIf->GetDfltNetstrmDrvr = GetDfltNetstrmDrvr; + pIf->GetDfltOpensslEngine = GetDfltOpensslEngine; pIf->GetNetstrmDrvrCAExtraFiles = GetNetstrmDrvrCAExtraFiles; pIf->GetParserControlCharacterEscapePrefix = GetParserControlCharacterEscapePrefix; pIf->GetParserDropTrailingLFOnReception = GetParserDropTrailingLFOnReception; @@ -993,6 +1011,8 @@ static rsRetVal resetConfigVariables(uchar __attribute__((unused)) *pp, void __a loadConf->globals.pszDfltNetstrmDrvrKeyFile = NULL; free(loadConf->globals.pszDfltNetstrmDrvrCertFile); loadConf->globals.pszDfltNetstrmDrvrCertFile = NULL; + free(loadConf->globals.pszDfltOpensslEngine); + loadConf->globals.pszDfltOpensslEngine = NULL; free(LocalHostNameOverride); LocalHostNameOverride = NULL; free(loadConf->globals.oversizeMsgErrorFile); @@ -1247,6 +1267,9 @@ glblDoneLoadCnf(void) } else if(!strcmp(paramblk.descr[i].name, "defaultnetstreamdriver")) { cstr = (uchar*) es_str2cstr(cnfparamvals[i].val.d.estr, NULL); setDfltNetstrmDrvr(NULL, cstr); + } else if(!strcmp(paramblk.descr[i].name, "defaultopensslengine")) { + cstr = (uchar*) es_str2cstr(cnfparamvals[i].val.d.estr, NULL); + setDfltOpensslEngine(NULL, cstr); } else if(!strcmp(paramblk.descr[i].name, "netstreamdrivercaextrafiles")) { cstr = (uchar*) es_str2cstr(cnfparamvals[i].val.d.estr, NULL); setNetstrmDrvrCAExtraFiles(NULL, cstr); @@ -1471,6 +1494,8 @@ BEGINAbstractObjClassInit(glbl, 1, OBJ_IS_CORE_MODULE) /* class, version */ NULL, NULL)); CHKiRet(regCfSysLineHdlr((uchar *)"defaultnetstreamdriver", 0, eCmdHdlrGetWord, setDfltNetstrmDrvr, NULL, NULL)); + CHKiRet(regCfSysLineHdlr((uchar *)"defaultopensslengine", 0, eCmdHdlrGetWord, setDfltOpensslEngine, NULL, + NULL)); CHKiRet(regCfSysLineHdlr((uchar *)"defaultnetstreamdrivercafile", 0, eCmdHdlrGetWord, setDfltNetstrmDrvrCAF, NULL, NULL)); CHKiRet(regCfSysLineHdlr((uchar *)"defaultnetstreamdrivercrlfile", 0, eCmdHdlrGetWord, diff --git a/runtime/glbl.h b/runtime/glbl.h index d75d867..729ed53 100644 --- a/runtime/glbl.h +++ b/runtime/glbl.h @@ -95,6 +95,7 @@ BEGINinterface(glbl) /* name must also be changed in ENDinterface macro! */ SIMP_PROP(DfltNetstrmDrvrCertFile, uchar*) SIMP_PROP(DfltNetstrmDrvrKeyFile, uchar*) SIMP_PROP(DfltNetstrmDrvr, uchar*) + SIMP_PROP(DfltOpensslEngine, uchar*) SIMP_PROP(DefPFFamily, int) SIMP_PROP(DisableDNS, int) SIMP_PROP(NetstrmDrvrCAExtraFiles, uchar*) diff --git a/runtime/net_ossl.c b/runtime/net_ossl.c index 7008731..77d2141 100644 --- a/runtime/net_ossl.c +++ b/runtime/net_ossl.c @@ -59,7 +59,9 @@ void net_ossl_set_ssl_verify_callback(SSL *pSsl, int flags); void net_ossl_set_ctx_verify_callback(SSL_CTX *pCtx, int flags); void net_ossl_set_bio_callback(BIO *conn); int net_ossl_verify_callback(int status, X509_STORE_CTX *store); +#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) rsRetVal net_ossl_apply_tlscgfcmd(net_ossl_t *pThis, uchar *tlscfgcmd); +#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L rsRetVal net_ossl_chkpeercertvalidity(net_ossl_t *pThis, SSL *ssl, uchar *fromHostIP); X509* net_ossl_getpeercert(net_ossl_t *pThis, SSL *ssl, uchar *fromHostIP); rsRetVal net_ossl_peerfingerprint(net_ossl_t *pThis, X509* certpeer, uchar *fromHostIP); @@ -188,7 +190,7 @@ int opensslh_THREAD_cleanup(void) void osslGlblInit(void) { - DBGPRINTF("openssl: entering osslGlblInit\n"); + DBGPRINTF("osslGlblInit: ENTER\n"); if((opensslh_THREAD_setup() == 0) || #if OPENSSL_VERSION_NUMBER < 0x10100000L @@ -217,6 +219,31 @@ osslGlblInit(void) ERR_load_BIO_strings(); ERR_load_crypto_strings(); #endif + +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wdeprecated-declarations" + + // Initialize OpenSSL engine library + ENGINE_load_builtin_engines(); + /* Register all of them for every algorithm they collectively implement */ + ENGINE_register_all_complete(); + + // Iterate through all available engines + ENGINE *osslEngine = ENGINE_get_first(); + const char *engine_id = NULL; + const char *engine_name = NULL; + while (osslEngine) { + // Print engine ID and name if the engine is loaded + if (ENGINE_get_init_function(osslEngine)) { // Check if engine is initialized + engine_id = ENGINE_get_id(osslEngine); + engine_name = ENGINE_get_name(osslEngine); + DBGPRINTF("osslGlblInit: Loaded Engine: ID = %s, Name = %s\n", engine_id, engine_name); + } + osslEngine = ENGINE_get_next(osslEngine); + } + // Free the engine reference when done + ENGINE_free(osslEngine); +#pragma GCC diagnostic pop } /* globally de-initialize OpenSSL */ @@ -472,6 +499,7 @@ void net_ossl_lastOpenSSLErrorMsg } } +#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) /* initialize tls config commands in openssl context */ rsRetVal net_ossl_apply_tlscgfcmd(net_ossl_t *pThis, uchar *tlscfgcmd) @@ -557,7 +585,7 @@ rsRetVal net_ossl_apply_tlscgfcmd(net_ossl_t *pThis, uchar *tlscfgcmd) finalize_it: RETiRet; } - +#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L /* Convert a fingerprint to printable data. The conversion is carried out * according IETF I-D syslog-transport-tls-12. The fingerprint string is @@ -730,7 +758,7 @@ net_ossl_peerfingerprint(net_ossl_t *pThis, X509* certpeer, uchar *fromHostIP) if(pThis->bReportAuthErr == 1) { errno = 0; LogMsg(0, RS_RET_INVALID_FINGERPRINT, LOG_WARNING, - "nsd_ossl:TLS session terminated with remote syslog server '%s': " + "net_ossl:TLS session terminated with remote syslog server '%s': " "Fingerprint check failed, not permitted to talk to %s", fromHostIP, cstrGetSzStrNoNULL(pstrFingerprint)); pThis->bReportAuthErr = 0; @@ -775,7 +803,7 @@ net_ossl_chkpeername(net_ossl_t *pThis, X509* certpeer, uchar *fromHostIP) cstrFinalize(pStr); errno = 0; LogMsg(0, RS_RET_INVALID_FINGERPRINT, LOG_WARNING, - "nsd_ossl:TLS session terminated with remote syslog server: " + "net_ossl:TLS session terminated with remote syslog server: " "peer name not authorized, not permitted to talk to %s", cstrGetSzStrNoNULL(pStr)); pThis->bReportAuthErr = 0; @@ -813,7 +841,7 @@ net_ossl_getpeercert(net_ossl_t *pThis, SSL *ssl, uchar *fromHostIP) errno = 0; pThis->bReportAuthErr = 0; LogMsg(0, RS_RET_TLS_NO_CERT, LOG_WARNING, - "nsd_ossl:TLS session terminated with remote syslog server '%s': " + "net_ossl:TLS session terminated with remote syslog server '%s': " "Peer check failed, peer did not provide a certificate.", fromHostIP); } } @@ -1115,6 +1143,58 @@ net_ossl_verify_cookie(SSL *ssl, const unsigned char *cookie, unsigned int cooki } static rsRetVal +net_ossl_init_engine(__attribute__((unused)) net_ossl_t *pThis) +{ + DEFiRet; + const char *engine_id = NULL; + const char *engine_name = NULL; + +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wdeprecated-declarations" + // Get the default RSA engine + ENGINE *default_engine = ENGINE_get_default_RSA(); + if (default_engine) { + engine_id = ENGINE_get_id(default_engine); + engine_name = ENGINE_get_name(default_engine); + DBGPRINTF("net_ossl_init_engine: Default RSA Engine: ID = %s, Name = %s\n", engine_id, engine_name); + + // Free the engine reference when done + ENGINE_free(default_engine); + } else { + DBGPRINTF("net_ossl_init_engine: No default RSA Engine set.\n"); + } + + /* Setting specific Engine */ + if (runConf != NULL && glbl.GetDfltOpensslEngine(runConf) != NULL) { + default_engine = ENGINE_by_id((char *)glbl.GetDfltOpensslEngine(runConf)); + if (default_engine && ENGINE_init(default_engine)) { + /* engine initialised */ + ENGINE_set_default_DSA(default_engine); + ENGINE_set_default_ciphers(default_engine); + + /* Switch to Engine */ + DBGPRINTF("net_ossl_init_engine: Changed default Engine to %s\n", + glbl.GetDfltOpensslEngine(runConf)); + + /* Release the functional reference from ENGINE_init() */ + ENGINE_finish(default_engine); + } else { + LogError(0, RS_RET_VALUE_NOT_SUPPORTED, "error: ENGINE_init failed to load Engine '%s'" + "ossl netstream driver", glbl.GetDfltOpensslEngine(runConf)); + net_ossl_lastOpenSSLErrorMsg(NULL, 0, NULL, LOG_ERR, "net_ossl_init_engine", "ENGINE_init"); + } + // Free the engine reference when done + ENGINE_free(default_engine); + } else { + DBGPRINTF("net_ossl_init_engine: use openssl default Engine"); + } +#pragma GCC diagnostic pop + + RETiRet; +} + + +static rsRetVal net_ossl_ctx_init_cookie(net_ossl_t *pThis) { DEFiRet; @@ -1159,6 +1239,10 @@ net_ossl_set_bio_callback(BIO *conn) BEGINobjConstruct(net_ossl) /* be sure to specify the object type also in END macro! */ DBGPRINTF("net_ossl_construct: [%p]\n", pThis); pThis->bReportAuthErr = 1; +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + CHKiRet(net_ossl_init_engine(pThis)); +finalize_it: +#endif ENDobjConstruct(net_ossl) /* destructor for the net_ossl object */ @@ -1195,13 +1279,16 @@ CODESTARTobjQueryInterface(net_ossl) pIf->osslPeerfingerprint = net_ossl_peerfingerprint; pIf->osslGetpeercert = net_ossl_getpeercert; pIf->osslChkpeercertvalidity = net_ossl_chkpeercertvalidity; +#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) pIf->osslApplyTlscgfcmd = net_ossl_apply_tlscgfcmd; +#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L pIf->osslSetBioCallback = net_ossl_set_bio_callback; pIf->osslSetCtxVerifyCallback = net_ossl_set_ctx_verify_callback; pIf->osslSetSslVerifyCallback = net_ossl_set_ssl_verify_callback; pIf->osslLastOpenSSLErrorMsg = net_ossl_lastOpenSSLErrorMsg; #if OPENSSL_VERSION_NUMBER >= 0x10100000L pIf->osslCtxInitCookie = net_ossl_ctx_init_cookie; + pIf->osslInitEngine = net_ossl_init_engine; #endif finalize_it: ENDobjQueryInterface(net_ossl) diff --git a/runtime/net_ossl.h b/runtime/net_ossl.h index eef69dd..af36ffe 100644 --- a/runtime/net_ossl.h +++ b/runtime/net_ossl.h @@ -33,6 +33,7 @@ #endif #include <openssl/engine.h> #include <openssl/rand.h> +#include <openssl/evp.h> /* Internal OpenSSL defined ENUMS */ typedef enum { @@ -83,12 +84,15 @@ BEGINinterface(net_ossl) /* name must also be changed in ENDinterface macro! */ #if OPENSSL_VERSION_NUMBER >= 0x10100000L rsRetVal (*osslCtxInitCookie)(net_ossl_t *pThis); #endif // OPENSSL_VERSION_NUMBER >= 0x10100000L + rsRetVal (*osslInitEngine)(net_ossl_t *pThis); // OpenSSL Helper function exports rsRetVal (*osslChkpeername)(net_ossl_t *pThis, X509* certpeer, uchar *fromHostIP); rsRetVal (*osslPeerfingerprint)(net_ossl_t *pThis, X509* certpeer, uchar *fromHostIP); X509* (*osslGetpeercert)(net_ossl_t *pThis, SSL *ssl, uchar *fromHostIP); rsRetVal (*osslChkpeercertvalidity)(net_ossl_t *pThis, SSL *ssl, uchar *fromHostIP); +#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) rsRetVal (*osslApplyTlscgfcmd)(net_ossl_t *pThis, uchar *tlscfgcmd); +#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L void (*osslSetBioCallback)(BIO *conn); void (*osslSetCtxVerifyCallback)(SSL_CTX *pCtx, int flags); void (*osslSetSslVerifyCallback)(SSL *pSsl, int flags); @@ -142,7 +146,6 @@ int opensslh_THREAD_cleanup(void); void osslGlblInit(void); void osslGlblExit(void); - /*-----------------------------------------------------------------------------*/ /* prototypes */ diff --git a/runtime/netstrms.c b/runtime/netstrms.c index 74795ff..263abb7 100644 --- a/runtime/netstrms.c +++ b/runtime/netstrms.c @@ -289,7 +289,7 @@ finalize_it: } -/* Set the priorityString for GnuTLS +/* Set the priorityString * PascalWithopf 2017-08-16 */ static rsRetVal @@ -303,7 +303,7 @@ finalize_it: } -/* return the priorityString for GnuTLS +/* return the priorityString * PascalWithopf, 2017-08-16 */ static uchar* diff --git a/runtime/netstrms.h b/runtime/netstrms.h index 203ad22..982a349 100644 --- a/runtime/netstrms.h +++ b/runtime/netstrms.h @@ -82,6 +82,7 @@ BEGINinterface(netstrms) /* name must also be changed in ENDinterface macro! */ /* v3 */ rsRetVal (*SetDrvrTlsCRLFile)(netstrms_t *pThis, const uchar *); const uchar* (*GetDrvrTlsCRLFile)(netstrms_t *pThis); + ENDinterface(netstrms) #define netstrmsCURR_IF_VERSION 3 /* increment whenever you change the interface structure! */ diff --git a/runtime/nsd.h b/runtime/nsd.h index 03df7d2..b9501b4 100644 --- a/runtime/nsd.h +++ b/runtime/nsd.h @@ -100,6 +100,7 @@ BEGINinterface(nsd) /* name must also be changed in ENDinterface macro! */ /* v16 - Tls CRL */ rsRetVal (*SetTlsCRLFile)(nsd_t *pThis, const uchar *); + ENDinterface(nsd) #define nsdCURR_IF_VERSION 16 /* increment whenever you change the interface structure! */ /* interface version 4 added GetRemAddr() diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c index b9c0f8a..7d4f314 100644 --- a/runtime/nsd_gtls.c +++ b/runtime/nsd_gtls.c @@ -2385,6 +2385,7 @@ CODESTARTobjQueryInterface(nsd_gtls) pIf->SetTlsCRLFile = SetTlsCRLFile; pIf->SetTlsKeyFile = SetTlsKeyFile; pIf->SetTlsCertFile = SetTlsCertFile; + finalize_it: ENDobjQueryInterface(nsd_gtls) diff --git a/runtime/nsd_ossl.c b/runtime/nsd_ossl.c index 095328b..e9dece2 100644 --- a/runtime/nsd_ossl.c +++ b/runtime/nsd_ossl.c @@ -443,6 +443,7 @@ osslEndSess(nsd_ossl_t *pThis) /* Standard-Constructor */ BEGINobjConstruct(nsd_ossl) /* be sure to specify the object type also in END macro! */ + DBGPRINTF("nsd_ossl_construct: [%p]\n", pThis); /* construct nsd_ptcp helper */ CHKiRet(nsd_ptcp.Construct(&pThis->pTcp)); /* construct net_ossl helper */ @@ -813,7 +814,7 @@ osslPostHandshakeCheck(nsd_ossl_t *pNsd) if (sslCipher != NULL){ if(SSL_CIPHER_get_version(sslCipher) == NULL) { LogError(0, RS_RET_NO_ERRCODE, "nsd_ossl:" - "TLS version mismatch between syslog client and server."); + "TLS version mismatch between syslog client and server."); } dbgprintf("osslPostHandshakeCheck: Debug Cipher Version: %s Name: %s\n", SSL_CIPHER_get_version(sslCipher), SSL_CIPHER_get_name(sslCipher)); @@ -1505,6 +1506,7 @@ CODESTARTmodInit *ipIFVersProvided = CURR_MOD_IF_VERSION; /* we only support the current interface specification */ /* Initialize all classes that are in our module - this includes ourselfs */ + DBGPRINTF("modInit\n"); CHKiRet(net_osslClassInit(pModInfo)); /* must be done after tcps_sess, as we use it */ CHKiRet(nsd_osslClassInit(pModInfo)); /* must be done after tcps_sess, as we use it */ CHKiRet(nsdsel_osslClassInit(pModInfo)); /* must be done after tcps_sess, as we use it */ diff --git a/runtime/nsd_ptcp.c b/runtime/nsd_ptcp.c index 6e2fd67..7452094 100644 --- a/runtime/nsd_ptcp.c +++ b/runtime/nsd_ptcp.c @@ -231,7 +231,7 @@ SetPermitExpiredCerts(nsd_t __attribute__((unused)) *pNsd, uchar *mode) { DEFiRet; if(mode != NULL) { - LogError(0, RS_RET_VALUE_NOT_SUPPORTED, "error: permitexpiredcerts settingnot supported by " + LogError(0, RS_RET_VALUE_NOT_SUPPORTED, "error: permitexpiredcerts setting not supported by " "ptcp netstream driver"); ABORT_FINALIZE(RS_RET_VALUE_NOT_SUPPORTED); } diff --git a/runtime/rsconf.h b/runtime/rsconf.h index 453861e..63b251a 100644 --- a/runtime/rsconf.h +++ b/runtime/rsconf.h @@ -116,6 +116,7 @@ struct globals_s { uchar *pszDfltNetstrmDrvrKeyFile; /* default key file for the netstrm driver (server) */ uchar *pszDfltNetstrmDrvr; /* module name of default netstream driver */ uchar *pszNetstrmDrvrCAExtraFiles; /* CA extra file for the netstrm driver */ + uchar *pszDfltOpensslEngine; /* custom openssl engine */ uchar *oversizeMsgErrorFile; /* File where oversize messages are written to */ int reportOversizeMsg; /* shall error messages be generated for oversize messages? */ int oversizeMsgInputMode; /* Mode which oversize messages will be forwarded */ diff --git a/runtime/srutils.c b/runtime/srutils.c index 3369975..f949d5b 100644 --- a/runtime/srutils.c +++ b/runtime/srutils.c @@ -836,12 +836,25 @@ split_binary_parameters(uchar **const szBinary, char ***const __restrict__ aPara iCnt = iStr = 0; c = es_getBufAddr(estrParams); /* Reset to beginning */ while(iCnt < es_strlen(estrParams) ) { - if ( c[iCnt] == ' ' && !bInQuotes ) { - estrTmp = es_newStrFromSubStr( estrParams, iStr, iCnt-iStr); - } else if ( iCnt+1 >= es_strlen(estrParams) ) { - estrTmp = es_newStrFromSubStr( estrParams, iStr, iCnt-iStr+1); - } else if (c[iCnt] == '"') { - bInQuotes = !bInQuotes; + if (c[iCnt] == '"' && iCnt == iStr && !bInQuotes) { + bInQuotes = TRUE; + iStr++; + } else { + int bEOL = iCnt+1 == es_strlen(estrParams); + int bSpace = c[iCnt] == ' '; + int bQuoteEnd = bInQuotes && ((bSpace && c[iCnt-1] == '"') || + (c[iCnt] == '"' && bEOL)); + if (bEOL || bQuoteEnd || (bSpace && !bInQuotes)) { + int iSubCnt = iCnt - iStr; + if (bEOL) + iSubCnt++; + if (bQuoteEnd) + iSubCnt--; + estrTmp = es_newStrFromSubStr(estrParams, iStr, iSubCnt); + } + + if (bQuoteEnd) + bInQuotes = FALSE; } if ( estrTmp != NULL ) { diff --git a/runtime/tcpsrv.c b/runtime/tcpsrv.c index df9bcec..c66b3c9 100644 --- a/runtime/tcpsrv.c +++ b/runtime/tcpsrv.c @@ -1525,6 +1525,7 @@ SetDrvrTlsVerifyDepth(tcpsrv_t *pThis, int verifyDepth) RETiRet; } + /* End of methods to shuffle autentication settings to the driver.; * -------------------------------------------------------------------------- */ |