summaryrefslogtreecommitdiffstats
path: root/runtime
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-08-05 09:54:32 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-08-05 09:54:32 +0000
commitab42b8cfd86a186447528e538ec0ae94751cfc1d (patch)
tree4fa03c118292ab8801a30fc83e53a1958426b54c /runtime
parentAdding upstream version 8.2404.0. (diff)
downloadrsyslog-ab42b8cfd86a186447528e538ec0ae94751cfc1d.tar.xz
rsyslog-ab42b8cfd86a186447528e538ec0ae94751cfc1d.zip
Adding upstream version 8.2406.0.upstream/8.2406.0upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r--runtime/glbl.c25
-rw-r--r--runtime/glbl.h1
-rw-r--r--runtime/net_ossl.c97
-rw-r--r--runtime/net_ossl.h5
-rw-r--r--runtime/netstrms.c4
-rw-r--r--runtime/netstrms.h1
-rw-r--r--runtime/nsd.h1
-rw-r--r--runtime/nsd_gtls.c1
-rw-r--r--runtime/nsd_ossl.c4
-rw-r--r--runtime/nsd_ptcp.c2
-rw-r--r--runtime/rsconf.h1
-rw-r--r--runtime/srutils.c25
-rw-r--r--runtime/tcpsrv.c1
13 files changed, 152 insertions, 16 deletions
diff --git a/runtime/glbl.c b/runtime/glbl.c
index 6b4cb29..84cd7b2 100644
--- a/runtime/glbl.c
+++ b/runtime/glbl.c
@@ -119,6 +119,7 @@ static struct cnfparamdescr cnfparamdescr[] = {
{ "defaultnetstreamdriverkeyfile", eCmdHdlrString, 0 },
{ "defaultnetstreamdrivercertfile", eCmdHdlrString, 0 },
{ "defaultnetstreamdriver", eCmdHdlrString, 0 },
+ { "defaultopensslengine", eCmdHdlrString, 0 },
{ "netstreamdrivercaextrafiles", eCmdHdlrString, 0 },
{ "maxmessagesize", eCmdHdlrSize, 0 },
{ "oversizemsg.errorfile", eCmdHdlrGetWord, 0 },
@@ -519,6 +520,15 @@ setDfltNetstrmDrvr(void __attribute__((unused)) *pVal, uchar *pNewVal) {
}
static rsRetVal
+setDfltOpensslEngine(void __attribute__((unused)) *pVal, uchar *pNewVal) {
+ DEFiRet;
+ free(loadConf->globals.pszDfltOpensslEngine);
+ loadConf->globals.pszDfltOpensslEngine = pNewVal;
+ RETiRet;
+}
+
+
+static rsRetVal
setParserControlCharacterEscapePrefix(void __attribute__((unused)) *pVal, uchar *pNewVal) {
DEFiRet;
loadConf->globals.parser.cCCEscapeChar = *pNewVal;
@@ -904,6 +914,13 @@ GetDfltNetstrmDrvr(rsconf_t *cnf)
return(cnf->globals.pszDfltNetstrmDrvr == NULL ? DFLT_NETSTRM_DRVR : cnf->globals.pszDfltNetstrmDrvr);
}
+/* return the current default openssl engine name */
+static uchar*
+GetDfltOpensslEngine(rsconf_t *cnf)
+{
+ return(cnf->globals.pszDfltOpensslEngine);
+}
+
/* [ar] Source IP for local client to be used on multihomed host */
static rsRetVal
SetSourceIPofLocalClient(uchar *newname)
@@ -952,6 +969,7 @@ CODESTARTobjQueryInterface(glbl)
pIf->GetDfltNetstrmDrvrCertFile = GetDfltNetstrmDrvrCertFile;
pIf->GetDfltNetstrmDrvrKeyFile = GetDfltNetstrmDrvrKeyFile;
pIf->GetDfltNetstrmDrvr = GetDfltNetstrmDrvr;
+ pIf->GetDfltOpensslEngine = GetDfltOpensslEngine;
pIf->GetNetstrmDrvrCAExtraFiles = GetNetstrmDrvrCAExtraFiles;
pIf->GetParserControlCharacterEscapePrefix = GetParserControlCharacterEscapePrefix;
pIf->GetParserDropTrailingLFOnReception = GetParserDropTrailingLFOnReception;
@@ -993,6 +1011,8 @@ static rsRetVal resetConfigVariables(uchar __attribute__((unused)) *pp, void __a
loadConf->globals.pszDfltNetstrmDrvrKeyFile = NULL;
free(loadConf->globals.pszDfltNetstrmDrvrCertFile);
loadConf->globals.pszDfltNetstrmDrvrCertFile = NULL;
+ free(loadConf->globals.pszDfltOpensslEngine);
+ loadConf->globals.pszDfltOpensslEngine = NULL;
free(LocalHostNameOverride);
LocalHostNameOverride = NULL;
free(loadConf->globals.oversizeMsgErrorFile);
@@ -1247,6 +1267,9 @@ glblDoneLoadCnf(void)
} else if(!strcmp(paramblk.descr[i].name, "defaultnetstreamdriver")) {
cstr = (uchar*) es_str2cstr(cnfparamvals[i].val.d.estr, NULL);
setDfltNetstrmDrvr(NULL, cstr);
+ } else if(!strcmp(paramblk.descr[i].name, "defaultopensslengine")) {
+ cstr = (uchar*) es_str2cstr(cnfparamvals[i].val.d.estr, NULL);
+ setDfltOpensslEngine(NULL, cstr);
} else if(!strcmp(paramblk.descr[i].name, "netstreamdrivercaextrafiles")) {
cstr = (uchar*) es_str2cstr(cnfparamvals[i].val.d.estr, NULL);
setNetstrmDrvrCAExtraFiles(NULL, cstr);
@@ -1471,6 +1494,8 @@ BEGINAbstractObjClassInit(glbl, 1, OBJ_IS_CORE_MODULE) /* class, version */
NULL, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"defaultnetstreamdriver", 0, eCmdHdlrGetWord, setDfltNetstrmDrvr, NULL,
NULL));
+ CHKiRet(regCfSysLineHdlr((uchar *)"defaultopensslengine", 0, eCmdHdlrGetWord, setDfltOpensslEngine, NULL,
+ NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"defaultnetstreamdrivercafile", 0, eCmdHdlrGetWord,
setDfltNetstrmDrvrCAF, NULL, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"defaultnetstreamdrivercrlfile", 0, eCmdHdlrGetWord,
diff --git a/runtime/glbl.h b/runtime/glbl.h
index d75d867..729ed53 100644
--- a/runtime/glbl.h
+++ b/runtime/glbl.h
@@ -95,6 +95,7 @@ BEGINinterface(glbl) /* name must also be changed in ENDinterface macro! */
SIMP_PROP(DfltNetstrmDrvrCertFile, uchar*)
SIMP_PROP(DfltNetstrmDrvrKeyFile, uchar*)
SIMP_PROP(DfltNetstrmDrvr, uchar*)
+ SIMP_PROP(DfltOpensslEngine, uchar*)
SIMP_PROP(DefPFFamily, int)
SIMP_PROP(DisableDNS, int)
SIMP_PROP(NetstrmDrvrCAExtraFiles, uchar*)
diff --git a/runtime/net_ossl.c b/runtime/net_ossl.c
index 7008731..77d2141 100644
--- a/runtime/net_ossl.c
+++ b/runtime/net_ossl.c
@@ -59,7 +59,9 @@ void net_ossl_set_ssl_verify_callback(SSL *pSsl, int flags);
void net_ossl_set_ctx_verify_callback(SSL_CTX *pCtx, int flags);
void net_ossl_set_bio_callback(BIO *conn);
int net_ossl_verify_callback(int status, X509_STORE_CTX *store);
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
rsRetVal net_ossl_apply_tlscgfcmd(net_ossl_t *pThis, uchar *tlscfgcmd);
+#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
rsRetVal net_ossl_chkpeercertvalidity(net_ossl_t *pThis, SSL *ssl, uchar *fromHostIP);
X509* net_ossl_getpeercert(net_ossl_t *pThis, SSL *ssl, uchar *fromHostIP);
rsRetVal net_ossl_peerfingerprint(net_ossl_t *pThis, X509* certpeer, uchar *fromHostIP);
@@ -188,7 +190,7 @@ int opensslh_THREAD_cleanup(void)
void
osslGlblInit(void)
{
- DBGPRINTF("openssl: entering osslGlblInit\n");
+ DBGPRINTF("osslGlblInit: ENTER\n");
if((opensslh_THREAD_setup() == 0) ||
#if OPENSSL_VERSION_NUMBER < 0x10100000L
@@ -217,6 +219,31 @@ osslGlblInit(void)
ERR_load_BIO_strings();
ERR_load_crypto_strings();
#endif
+
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
+
+ // Initialize OpenSSL engine library
+ ENGINE_load_builtin_engines();
+ /* Register all of them for every algorithm they collectively implement */
+ ENGINE_register_all_complete();
+
+ // Iterate through all available engines
+ ENGINE *osslEngine = ENGINE_get_first();
+ const char *engine_id = NULL;
+ const char *engine_name = NULL;
+ while (osslEngine) {
+ // Print engine ID and name if the engine is loaded
+ if (ENGINE_get_init_function(osslEngine)) { // Check if engine is initialized
+ engine_id = ENGINE_get_id(osslEngine);
+ engine_name = ENGINE_get_name(osslEngine);
+ DBGPRINTF("osslGlblInit: Loaded Engine: ID = %s, Name = %s\n", engine_id, engine_name);
+ }
+ osslEngine = ENGINE_get_next(osslEngine);
+ }
+ // Free the engine reference when done
+ ENGINE_free(osslEngine);
+#pragma GCC diagnostic pop
}
/* globally de-initialize OpenSSL */
@@ -472,6 +499,7 @@ void net_ossl_lastOpenSSLErrorMsg
}
}
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
/* initialize tls config commands in openssl context
*/
rsRetVal net_ossl_apply_tlscgfcmd(net_ossl_t *pThis, uchar *tlscfgcmd)
@@ -557,7 +585,7 @@ rsRetVal net_ossl_apply_tlscgfcmd(net_ossl_t *pThis, uchar *tlscfgcmd)
finalize_it:
RETiRet;
}
-
+#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
/* Convert a fingerprint to printable data. The conversion is carried out
* according IETF I-D syslog-transport-tls-12. The fingerprint string is
@@ -730,7 +758,7 @@ net_ossl_peerfingerprint(net_ossl_t *pThis, X509* certpeer, uchar *fromHostIP)
if(pThis->bReportAuthErr == 1) {
errno = 0;
LogMsg(0, RS_RET_INVALID_FINGERPRINT, LOG_WARNING,
- "nsd_ossl:TLS session terminated with remote syslog server '%s': "
+ "net_ossl:TLS session terminated with remote syslog server '%s': "
"Fingerprint check failed, not permitted to talk to %s",
fromHostIP, cstrGetSzStrNoNULL(pstrFingerprint));
pThis->bReportAuthErr = 0;
@@ -775,7 +803,7 @@ net_ossl_chkpeername(net_ossl_t *pThis, X509* certpeer, uchar *fromHostIP)
cstrFinalize(pStr);
errno = 0;
LogMsg(0, RS_RET_INVALID_FINGERPRINT, LOG_WARNING,
- "nsd_ossl:TLS session terminated with remote syslog server: "
+ "net_ossl:TLS session terminated with remote syslog server: "
"peer name not authorized, not permitted to talk to %s",
cstrGetSzStrNoNULL(pStr));
pThis->bReportAuthErr = 0;
@@ -813,7 +841,7 @@ net_ossl_getpeercert(net_ossl_t *pThis, SSL *ssl, uchar *fromHostIP)
errno = 0;
pThis->bReportAuthErr = 0;
LogMsg(0, RS_RET_TLS_NO_CERT, LOG_WARNING,
- "nsd_ossl:TLS session terminated with remote syslog server '%s': "
+ "net_ossl:TLS session terminated with remote syslog server '%s': "
"Peer check failed, peer did not provide a certificate.", fromHostIP);
}
}
@@ -1115,6 +1143,58 @@ net_ossl_verify_cookie(SSL *ssl, const unsigned char *cookie, unsigned int cooki
}
static rsRetVal
+net_ossl_init_engine(__attribute__((unused)) net_ossl_t *pThis)
+{
+ DEFiRet;
+ const char *engine_id = NULL;
+ const char *engine_name = NULL;
+
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
+ // Get the default RSA engine
+ ENGINE *default_engine = ENGINE_get_default_RSA();
+ if (default_engine) {
+ engine_id = ENGINE_get_id(default_engine);
+ engine_name = ENGINE_get_name(default_engine);
+ DBGPRINTF("net_ossl_init_engine: Default RSA Engine: ID = %s, Name = %s\n", engine_id, engine_name);
+
+ // Free the engine reference when done
+ ENGINE_free(default_engine);
+ } else {
+ DBGPRINTF("net_ossl_init_engine: No default RSA Engine set.\n");
+ }
+
+ /* Setting specific Engine */
+ if (runConf != NULL && glbl.GetDfltOpensslEngine(runConf) != NULL) {
+ default_engine = ENGINE_by_id((char *)glbl.GetDfltOpensslEngine(runConf));
+ if (default_engine && ENGINE_init(default_engine)) {
+ /* engine initialised */
+ ENGINE_set_default_DSA(default_engine);
+ ENGINE_set_default_ciphers(default_engine);
+
+ /* Switch to Engine */
+ DBGPRINTF("net_ossl_init_engine: Changed default Engine to %s\n",
+ glbl.GetDfltOpensslEngine(runConf));
+
+ /* Release the functional reference from ENGINE_init() */
+ ENGINE_finish(default_engine);
+ } else {
+ LogError(0, RS_RET_VALUE_NOT_SUPPORTED, "error: ENGINE_init failed to load Engine '%s'"
+ "ossl netstream driver", glbl.GetDfltOpensslEngine(runConf));
+ net_ossl_lastOpenSSLErrorMsg(NULL, 0, NULL, LOG_ERR, "net_ossl_init_engine", "ENGINE_init");
+ }
+ // Free the engine reference when done
+ ENGINE_free(default_engine);
+ } else {
+ DBGPRINTF("net_ossl_init_engine: use openssl default Engine");
+ }
+#pragma GCC diagnostic pop
+
+ RETiRet;
+}
+
+
+static rsRetVal
net_ossl_ctx_init_cookie(net_ossl_t *pThis)
{
DEFiRet;
@@ -1159,6 +1239,10 @@ net_ossl_set_bio_callback(BIO *conn)
BEGINobjConstruct(net_ossl) /* be sure to specify the object type also in END macro! */
DBGPRINTF("net_ossl_construct: [%p]\n", pThis);
pThis->bReportAuthErr = 1;
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ CHKiRet(net_ossl_init_engine(pThis));
+finalize_it:
+#endif
ENDobjConstruct(net_ossl)
/* destructor for the net_ossl object */
@@ -1195,13 +1279,16 @@ CODESTARTobjQueryInterface(net_ossl)
pIf->osslPeerfingerprint = net_ossl_peerfingerprint;
pIf->osslGetpeercert = net_ossl_getpeercert;
pIf->osslChkpeercertvalidity = net_ossl_chkpeercertvalidity;
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
pIf->osslApplyTlscgfcmd = net_ossl_apply_tlscgfcmd;
+#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
pIf->osslSetBioCallback = net_ossl_set_bio_callback;
pIf->osslSetCtxVerifyCallback = net_ossl_set_ctx_verify_callback;
pIf->osslSetSslVerifyCallback = net_ossl_set_ssl_verify_callback;
pIf->osslLastOpenSSLErrorMsg = net_ossl_lastOpenSSLErrorMsg;
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
pIf->osslCtxInitCookie = net_ossl_ctx_init_cookie;
+ pIf->osslInitEngine = net_ossl_init_engine;
#endif
finalize_it:
ENDobjQueryInterface(net_ossl)
diff --git a/runtime/net_ossl.h b/runtime/net_ossl.h
index eef69dd..af36ffe 100644
--- a/runtime/net_ossl.h
+++ b/runtime/net_ossl.h
@@ -33,6 +33,7 @@
#endif
#include <openssl/engine.h>
#include <openssl/rand.h>
+#include <openssl/evp.h>
/* Internal OpenSSL defined ENUMS */
typedef enum {
@@ -83,12 +84,15 @@ BEGINinterface(net_ossl) /* name must also be changed in ENDinterface macro! */
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
rsRetVal (*osslCtxInitCookie)(net_ossl_t *pThis);
#endif // OPENSSL_VERSION_NUMBER >= 0x10100000L
+ rsRetVal (*osslInitEngine)(net_ossl_t *pThis);
// OpenSSL Helper function exports
rsRetVal (*osslChkpeername)(net_ossl_t *pThis, X509* certpeer, uchar *fromHostIP);
rsRetVal (*osslPeerfingerprint)(net_ossl_t *pThis, X509* certpeer, uchar *fromHostIP);
X509* (*osslGetpeercert)(net_ossl_t *pThis, SSL *ssl, uchar *fromHostIP);
rsRetVal (*osslChkpeercertvalidity)(net_ossl_t *pThis, SSL *ssl, uchar *fromHostIP);
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
rsRetVal (*osslApplyTlscgfcmd)(net_ossl_t *pThis, uchar *tlscfgcmd);
+#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
void (*osslSetBioCallback)(BIO *conn);
void (*osslSetCtxVerifyCallback)(SSL_CTX *pCtx, int flags);
void (*osslSetSslVerifyCallback)(SSL *pSsl, int flags);
@@ -142,7 +146,6 @@ int opensslh_THREAD_cleanup(void);
void osslGlblInit(void);
void osslGlblExit(void);
-
/*-----------------------------------------------------------------------------*/
/* prototypes */
diff --git a/runtime/netstrms.c b/runtime/netstrms.c
index 74795ff..263abb7 100644
--- a/runtime/netstrms.c
+++ b/runtime/netstrms.c
@@ -289,7 +289,7 @@ finalize_it:
}
-/* Set the priorityString for GnuTLS
+/* Set the priorityString
* PascalWithopf 2017-08-16
*/
static rsRetVal
@@ -303,7 +303,7 @@ finalize_it:
}
-/* return the priorityString for GnuTLS
+/* return the priorityString
* PascalWithopf, 2017-08-16
*/
static uchar*
diff --git a/runtime/netstrms.h b/runtime/netstrms.h
index 203ad22..982a349 100644
--- a/runtime/netstrms.h
+++ b/runtime/netstrms.h
@@ -82,6 +82,7 @@ BEGINinterface(netstrms) /* name must also be changed in ENDinterface macro! */
/* v3 */
rsRetVal (*SetDrvrTlsCRLFile)(netstrms_t *pThis, const uchar *);
const uchar* (*GetDrvrTlsCRLFile)(netstrms_t *pThis);
+
ENDinterface(netstrms)
#define netstrmsCURR_IF_VERSION 3 /* increment whenever you change the interface structure! */
diff --git a/runtime/nsd.h b/runtime/nsd.h
index 03df7d2..b9501b4 100644
--- a/runtime/nsd.h
+++ b/runtime/nsd.h
@@ -100,6 +100,7 @@ BEGINinterface(nsd) /* name must also be changed in ENDinterface macro! */
/* v16 - Tls CRL */
rsRetVal (*SetTlsCRLFile)(nsd_t *pThis, const uchar *);
+
ENDinterface(nsd)
#define nsdCURR_IF_VERSION 16 /* increment whenever you change the interface structure! */
/* interface version 4 added GetRemAddr()
diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c
index b9c0f8a..7d4f314 100644
--- a/runtime/nsd_gtls.c
+++ b/runtime/nsd_gtls.c
@@ -2385,6 +2385,7 @@ CODESTARTobjQueryInterface(nsd_gtls)
pIf->SetTlsCRLFile = SetTlsCRLFile;
pIf->SetTlsKeyFile = SetTlsKeyFile;
pIf->SetTlsCertFile = SetTlsCertFile;
+
finalize_it:
ENDobjQueryInterface(nsd_gtls)
diff --git a/runtime/nsd_ossl.c b/runtime/nsd_ossl.c
index 095328b..e9dece2 100644
--- a/runtime/nsd_ossl.c
+++ b/runtime/nsd_ossl.c
@@ -443,6 +443,7 @@ osslEndSess(nsd_ossl_t *pThis)
/* Standard-Constructor */
BEGINobjConstruct(nsd_ossl) /* be sure to specify the object type also in END macro! */
+ DBGPRINTF("nsd_ossl_construct: [%p]\n", pThis);
/* construct nsd_ptcp helper */
CHKiRet(nsd_ptcp.Construct(&pThis->pTcp));
/* construct net_ossl helper */
@@ -813,7 +814,7 @@ osslPostHandshakeCheck(nsd_ossl_t *pNsd)
if (sslCipher != NULL){
if(SSL_CIPHER_get_version(sslCipher) == NULL) {
LogError(0, RS_RET_NO_ERRCODE, "nsd_ossl:"
- "TLS version mismatch between syslog client and server.");
+ "TLS version mismatch between syslog client and server.");
}
dbgprintf("osslPostHandshakeCheck: Debug Cipher Version: %s Name: %s\n",
SSL_CIPHER_get_version(sslCipher), SSL_CIPHER_get_name(sslCipher));
@@ -1505,6 +1506,7 @@ CODESTARTmodInit
*ipIFVersProvided = CURR_MOD_IF_VERSION; /* we only support the current interface specification */
/* Initialize all classes that are in our module - this includes ourselfs */
+ DBGPRINTF("modInit\n");
CHKiRet(net_osslClassInit(pModInfo)); /* must be done after tcps_sess, as we use it */
CHKiRet(nsd_osslClassInit(pModInfo)); /* must be done after tcps_sess, as we use it */
CHKiRet(nsdsel_osslClassInit(pModInfo)); /* must be done after tcps_sess, as we use it */
diff --git a/runtime/nsd_ptcp.c b/runtime/nsd_ptcp.c
index 6e2fd67..7452094 100644
--- a/runtime/nsd_ptcp.c
+++ b/runtime/nsd_ptcp.c
@@ -231,7 +231,7 @@ SetPermitExpiredCerts(nsd_t __attribute__((unused)) *pNsd, uchar *mode)
{
DEFiRet;
if(mode != NULL) {
- LogError(0, RS_RET_VALUE_NOT_SUPPORTED, "error: permitexpiredcerts settingnot supported by "
+ LogError(0, RS_RET_VALUE_NOT_SUPPORTED, "error: permitexpiredcerts setting not supported by "
"ptcp netstream driver");
ABORT_FINALIZE(RS_RET_VALUE_NOT_SUPPORTED);
}
diff --git a/runtime/rsconf.h b/runtime/rsconf.h
index 453861e..63b251a 100644
--- a/runtime/rsconf.h
+++ b/runtime/rsconf.h
@@ -116,6 +116,7 @@ struct globals_s {
uchar *pszDfltNetstrmDrvrKeyFile; /* default key file for the netstrm driver (server) */
uchar *pszDfltNetstrmDrvr; /* module name of default netstream driver */
uchar *pszNetstrmDrvrCAExtraFiles; /* CA extra file for the netstrm driver */
+ uchar *pszDfltOpensslEngine; /* custom openssl engine */
uchar *oversizeMsgErrorFile; /* File where oversize messages are written to */
int reportOversizeMsg; /* shall error messages be generated for oversize messages? */
int oversizeMsgInputMode; /* Mode which oversize messages will be forwarded */
diff --git a/runtime/srutils.c b/runtime/srutils.c
index 3369975..f949d5b 100644
--- a/runtime/srutils.c
+++ b/runtime/srutils.c
@@ -836,12 +836,25 @@ split_binary_parameters(uchar **const szBinary, char ***const __restrict__ aPara
iCnt = iStr = 0;
c = es_getBufAddr(estrParams); /* Reset to beginning */
while(iCnt < es_strlen(estrParams) ) {
- if ( c[iCnt] == ' ' && !bInQuotes ) {
- estrTmp = es_newStrFromSubStr( estrParams, iStr, iCnt-iStr);
- } else if ( iCnt+1 >= es_strlen(estrParams) ) {
- estrTmp = es_newStrFromSubStr( estrParams, iStr, iCnt-iStr+1);
- } else if (c[iCnt] == '"') {
- bInQuotes = !bInQuotes;
+ if (c[iCnt] == '"' && iCnt == iStr && !bInQuotes) {
+ bInQuotes = TRUE;
+ iStr++;
+ } else {
+ int bEOL = iCnt+1 == es_strlen(estrParams);
+ int bSpace = c[iCnt] == ' ';
+ int bQuoteEnd = bInQuotes && ((bSpace && c[iCnt-1] == '"') ||
+ (c[iCnt] == '"' && bEOL));
+ if (bEOL || bQuoteEnd || (bSpace && !bInQuotes)) {
+ int iSubCnt = iCnt - iStr;
+ if (bEOL)
+ iSubCnt++;
+ if (bQuoteEnd)
+ iSubCnt--;
+ estrTmp = es_newStrFromSubStr(estrParams, iStr, iSubCnt);
+ }
+
+ if (bQuoteEnd)
+ bInQuotes = FALSE;
}
if ( estrTmp != NULL ) {
diff --git a/runtime/tcpsrv.c b/runtime/tcpsrv.c
index df9bcec..c66b3c9 100644
--- a/runtime/tcpsrv.c
+++ b/runtime/tcpsrv.c
@@ -1525,6 +1525,7 @@ SetDrvrTlsVerifyDepth(tcpsrv_t *pThis, int verifyDepth)
RETiRet;
}
+
/* End of methods to shuffle autentication settings to the driver.;
* -------------------------------------------------------------------------- */