summaryrefslogtreecommitdiffstats
path: root/plugins
diff options
context:
space:
mode:
Diffstat (limited to 'plugins')
-rw-r--r--plugins/imdtls/Makefile.am4
-rw-r--r--plugins/imdtls/Makefile.in4
-rw-r--r--plugins/imdtls/imdtls.c32
-rw-r--r--plugins/mmdblookup/mmdblookup.c5
-rw-r--r--plugins/omdtls/Makefile.am4
-rw-r--r--plugins/omdtls/Makefile.in4
-rw-r--r--plugins/omdtls/omdtls.c20
7 files changed, 40 insertions, 33 deletions
diff --git a/plugins/imdtls/Makefile.am b/plugins/imdtls/Makefile.am
index bf544b3..3253444 100644
--- a/plugins/imdtls/Makefile.am
+++ b/plugins/imdtls/Makefile.am
@@ -1,6 +1,6 @@
pkglib_LTLIBRARIES = imdtls.la
-imdtls_la_DEPENDENCIES = ../../runtime/lmnsd_ossl.la
+imdtls_la_DEPENDENCIES =
imdtls_la_SOURCES = imdtls.c
imdtls_la_CPPFLAGS = -I$(top_srcdir) $(PTHREADS_CFLAGS) $(RSRT_CFLAGS) $(OPENSSL_CFLAGS)
imdtls_la_LDFLAGS = -module -avoid-version
-imdtls_la_LIBADD = $(OPENSSL_LIBS) ../../runtime/lmnsd_ossl.la
+imdtls_la_LIBADD = $(OPENSSL_LIBS)
diff --git a/plugins/imdtls/Makefile.in b/plugins/imdtls/Makefile.in
index 03043f4..d9a5d48 100644
--- a/plugins/imdtls/Makefile.in
+++ b/plugins/imdtls/Makefile.in
@@ -451,11 +451,11 @@ top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
pkglib_LTLIBRARIES = imdtls.la
-imdtls_la_DEPENDENCIES = ../../runtime/lmnsd_ossl.la
+imdtls_la_DEPENDENCIES =
imdtls_la_SOURCES = imdtls.c
imdtls_la_CPPFLAGS = -I$(top_srcdir) $(PTHREADS_CFLAGS) $(RSRT_CFLAGS) $(OPENSSL_CFLAGS)
imdtls_la_LDFLAGS = -module -avoid-version
-imdtls_la_LIBADD = $(OPENSSL_LIBS) ../../runtime/lmnsd_ossl.la
+imdtls_la_LIBADD = $(OPENSSL_LIBS)
all: all-am
.SUFFIXES:
diff --git a/plugins/imdtls/imdtls.c b/plugins/imdtls/imdtls.c
index 6501d9c..3751bbe 100644
--- a/plugins/imdtls/imdtls.c
+++ b/plugins/imdtls/imdtls.c
@@ -314,24 +314,24 @@ imdtls_verify_callback(int status, SSL* ssl)
switch(inst->pNetOssl->authMode) {
case OSSL_AUTH_CERTNAME:
/* if we check the name, we must ensure the cert is valid */
- certpeer = net_ossl_getpeercert(inst->pNetOssl, ssl, NULL);
+ certpeer = net_ossl.osslGetpeercert(inst->pNetOssl, ssl, NULL);
dbgprintf("imdtls_verify_callback: Check peer certname[%p]=%s\n",
(void *)ssl, (certpeer != NULL ? "VALID" : "NULL"));
- CHKiRet(net_ossl_chkpeercertvalidity(inst->pNetOssl, ssl, NULL));
- CHKiRet(net_ossl_chkpeername(inst->pNetOssl, certpeer, NULL));
+ CHKiRet(net_ossl.osslChkpeercertvalidity(inst->pNetOssl, ssl, NULL));
+ CHKiRet(net_ossl.osslChkpeername(inst->pNetOssl, certpeer, NULL));
break;
case OSSL_AUTH_CERTFINGERPRINT:
- certpeer = net_ossl_getpeercert(inst->pNetOssl, ssl, NULL);
+ certpeer = net_ossl.osslGetpeercert(inst->pNetOssl, ssl, NULL);
dbgprintf("imdtls_verify_callback: Check peer fingerprint[%p]=%s\n",
(void *)ssl, (certpeer != NULL ? "VALID" : "NULL"));
- CHKiRet(net_ossl_chkpeercertvalidity(inst->pNetOssl, ssl, NULL));
- CHKiRet(net_ossl_peerfingerprint(inst->pNetOssl, certpeer, NULL));
+ CHKiRet(net_ossl.osslChkpeercertvalidity(inst->pNetOssl, ssl, NULL));
+ CHKiRet(net_ossl.osslPeerfingerprint(inst->pNetOssl, certpeer, NULL));
break;
case OSSL_AUTH_CERTVALID:
- certpeer = net_ossl_getpeercert(inst->pNetOssl, ssl, NULL);
+ certpeer = net_ossl.osslGetpeercert(inst->pNetOssl, ssl, NULL);
dbgprintf("imdtls_verify_callback: Check peer valid[%p]=%s\n",
(void *)ssl, (certpeer != NULL ? "VALID" : "NULL"));
- CHKiRet(net_ossl_chkpeercertvalidity(inst->pNetOssl, ssl, NULL));
+ CHKiRet(net_ossl.osslChkpeercertvalidity(inst->pNetOssl, ssl, NULL));
break;
case OSSL_AUTH_CERTANON:
dbgprintf("imdtls_verify_callback: ANON[%p]\n", (void *)ssl);
@@ -401,7 +401,7 @@ addListner(modConfData_t __attribute__((unused)) *modConf, instanceConf_t *inst)
CHKiRet(net_ossl.osslCtxInitCookie(inst->pNetOssl));
# endif
// Run openssl config commands in Context
- CHKiRet(net_ossl_apply_tlscgfcmd(inst->pNetOssl, inst->tlscfgcmd));
+ CHKiRet(net_ossl.osslApplyTlscgfcmd(inst->pNetOssl, inst->tlscfgcmd));
// Init Socket
CHKiRet(DTLSCreateSocket(inst));
@@ -499,13 +499,13 @@ DTLSAcceptSession(instanceConf_t *inst, int idx) {
} else if(err == SSL_ERROR_SYSCALL) {
DBGPRINTF("imdtls: SSL_accept failed SSL_ERROR_SYSCALL idx (%d), removing client.\n",
idx);
- net_ossl_lastOpenSSLErrorMsg(NULL, err, ssl, LOG_WARNING,
+ net_ossl.osslLastOpenSSLErrorMsg(NULL, err, ssl, LOG_WARNING,
"DTLSHandleSessions", "SSL_accept");
DTLScleanupSession(inst, idx);
} else {
// An actual error occurred
DBGPRINTF("imdtls: SSL_accept failed (%d) idx (%d), removing client.\n", err, idx);
- net_ossl_lastOpenSSLErrorMsg(NULL, err, ssl, LOG_ERR,
+ net_ossl.osslLastOpenSSLErrorMsg(NULL, err, ssl, LOG_ERR,
"DTLSHandleSessions", "SSL_accept");
DTLScleanupSession(inst, idx);
}
@@ -570,7 +570,7 @@ DTLSReadClient(instanceConf_t *inst, int idx, short revents) {
break;
} else if (err == SSL_ERROR_SYSCALL) {
DBGPRINTF("imdtls: SSL_ERROR_SYSCALL on index %d ERRNO %d\n", idx, errno);
- net_ossl_lastOpenSSLErrorMsg(NULL, err, ssl, LOG_ERR,
+ net_ossl.osslLastOpenSSLErrorMsg(NULL, err, ssl, LOG_ERR,
"DTLSReadClient", "SSL_read");
DTLScleanupSession(inst, idx);
break;
@@ -655,7 +655,7 @@ DTLSHandleSessions(instanceConf_t *inst) {
if (inst->pNetOssl->authMode != OSSL_AUTH_CERTANON) {
dbgprintf("imdtls: enable certificate checking (Mode=%d, VerifyDepth=%d)\n",
inst->pNetOssl->authMode, inst->CertVerifyDepth);
- net_ossl_set_ssl_verify_callback(ssl,
+ net_ossl.osslSetSslVerifyCallback(ssl,
SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT);
if (inst->CertVerifyDepth != 0) {
SSL_set_verify_depth(ssl, inst->CertVerifyDepth);
@@ -668,7 +668,7 @@ DTLSHandleSessions(instanceConf_t *inst) {
SSL_set_ex_data(ssl, 2, inst); /* Used in imdtls */
// Debug Callback for conn sbio!
- net_ossl_set_bio_callback(sbio);
+ net_ossl.osslSetBioCallback(sbio);
// Connect the new Client
BIO_ADDR *client_addr = BIO_ADDR_new();
@@ -711,7 +711,7 @@ DTLSHandleSessions(instanceConf_t *inst) {
if (ret == 0) {
err = SSL_get_error(ssl, ret);
DBGPRINTF("imdtls: DTLSHandleSessions BIO_connect ERROR %d\n", err);
- net_ossl_lastOpenSSLErrorMsg(NULL, err, ssl, LOG_WARNING,
+ net_ossl.osslLastOpenSSLErrorMsg(NULL, err, ssl, LOG_WARNING,
"DTLSHandleSessions", "BIO_connect");
LogMsg(0, RS_RET_NO_ERRCODE, LOG_WARNING,
"imdtls: BIO_connect failed for DTLS client");
@@ -744,7 +744,7 @@ DTLSHandleSessions(instanceConf_t *inst) {
} else {
DBGPRINTF("imdtls: DTLSv1_listen RET %d (ERR %d / ERRNO %d), abort\n",
ret, err, errno);
- net_ossl_lastOpenSSLErrorMsg(NULL, err, ssl, LOG_WARNING,
+ net_ossl.osslLastOpenSSLErrorMsg(NULL, err, ssl, LOG_WARNING,
"DTLSHandleSessions", "DTLSv1_listen");
LogMsg(0, RS_RET_NO_ERRCODE, LOG_WARNING,
"imdtls: DTLSv1_listen failed for DTLS client");
diff --git a/plugins/mmdblookup/mmdblookup.c b/plugins/mmdblookup/mmdblookup.c
index f9f3c73..d6a26f7 100644
--- a/plugins/mmdblookup/mmdblookup.c
+++ b/plugins/mmdblookup/mmdblookup.c
@@ -412,6 +412,11 @@ CODESTARTdoAction
dbgprintf("Error from call to getaddrinfo for %s - %s\n", pszValue, gai_strerror(gai_err));
ABORT_FINALIZE(RS_RET_OK);
}
+ if (MMDB_IPV6_LOOKUP_IN_IPV4_DATABASE_ERROR == mmdb_err) {
+ LogMsg(0, NO_ERRCODE, LOG_INFO, "mmdblookup: Tried to search for an IPv6 address in an IPv4-only DB"
+ ", ignoring");
+ ABORT_FINALIZE(RS_RET_OK);
+ }
if (MMDB_SUCCESS != mmdb_err) {
dbgprintf("Got an error from the maxminddb library: %s\n", MMDB_strerror(mmdb_err));
close_mmdb(&pWrkrData->mmdb);
diff --git a/plugins/omdtls/Makefile.am b/plugins/omdtls/Makefile.am
index 8451028..a877419 100644
--- a/plugins/omdtls/Makefile.am
+++ b/plugins/omdtls/Makefile.am
@@ -1,6 +1,6 @@
pkglib_LTLIBRARIES = omdtls.la
-omdtls_la_DEPENDENCIES = ../../runtime/lmnsd_ossl.la
+omdtls_la_DEPENDENCIES =
omdtls_la_SOURCES = omdtls.c
omdtls_la_CPPFLAGS = -I$(top_srcdir) $(PTHREADS_CFLAGS) $(RSRT_CFLAGS) $(OPENSSL_CFLAGS)
omdtls_la_LDFLAGS = -module -avoid-version
-omdtls_la_LIBADD = $(OPENSSL_LIBS) ../../runtime/lmnsd_ossl.la
+omdtls_la_LIBADD = $(OPENSSL_LIBS)
diff --git a/plugins/omdtls/Makefile.in b/plugins/omdtls/Makefile.in
index 6978ece..d06d59c 100644
--- a/plugins/omdtls/Makefile.in
+++ b/plugins/omdtls/Makefile.in
@@ -451,11 +451,11 @@ top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
pkglib_LTLIBRARIES = omdtls.la
-omdtls_la_DEPENDENCIES = ../../runtime/lmnsd_ossl.la
+omdtls_la_DEPENDENCIES =
omdtls_la_SOURCES = omdtls.c
omdtls_la_CPPFLAGS = -I$(top_srcdir) $(PTHREADS_CFLAGS) $(RSRT_CFLAGS) $(OPENSSL_CFLAGS)
omdtls_la_LDFLAGS = -module -avoid-version
-omdtls_la_LIBADD = $(OPENSSL_LIBS) ../../runtime/lmnsd_ossl.la
+omdtls_la_LIBADD = $(OPENSSL_LIBS)
all: all-am
.SUFFIXES:
diff --git a/plugins/omdtls/omdtls.c b/plugins/omdtls/omdtls.c
index c5ba167..dd4c55f 100644
--- a/plugins/omdtls/omdtls.c
+++ b/plugins/omdtls/omdtls.c
@@ -270,7 +270,7 @@ CODESTARTactivateCnfPrePrivDrop
for(inst = runModConf->root ; inst != NULL ; inst = inst->next) {
CHKiRet(net_ossl.osslCtxInit(inst->pNetOssl, DTLS_method()));
// Run openssl config commands in Context
- CHKiRet(net_ossl_apply_tlscgfcmd(inst->pNetOssl, inst->tlscfgcmd));
+ CHKiRet(net_ossl.osslApplyTlscgfcmd(inst->pNetOssl, inst->tlscfgcmd));
}
finalize_it:
ENDactivateCnfPrePrivDrop
@@ -598,13 +598,13 @@ dtls_send(wrkrInstanceData_t *pWrkrData, const actWrkrIParams_t *__restrict__ co
if (sslerr == SSL_ERROR_SYSCALL) {
dbgprintf("dtls_send[%p]: SSL_write failed with SSL_ERROR_SYSCALL(%s)"
" - Aborting Connection.\n", pWrkrData, strerror(errno));
- net_ossl_lastOpenSSLErrorMsg(pData->target, iErr, pWrkrData->sslClient, LOG_WARNING,
+ net_ossl.osslLastOpenSSLErrorMsg(pData->target, iErr, pWrkrData->sslClient, LOG_WARNING,
"omdtls", "SSL_write");
ABORT_FINALIZE(RS_RET_ERR);
} else {
dbgprintf("dtls_send[%p]: SSL_write failed with ERROR [%d]: %s"
" - Aborting Connection.\n", pWrkrData, sslerr, ERR_error_string(sslerr, NULL));
- net_ossl_lastOpenSSLErrorMsg(pData->target, iErr, pWrkrData->sslClient, LOG_WARNING,
+ net_ossl.osslLastOpenSSLErrorMsg(pData->target, iErr, pWrkrData->sslClient, LOG_WARNING,
"omdtls", "SSL_write");
ABORT_FINALIZE(RS_RET_ERR);
}
@@ -639,7 +639,8 @@ dtls_connect(wrkrInstanceData_t *pWrkrData) {
pWrkrData->sslClient = SSL_new(pData->pNetOssl->ctx);
if(!pWrkrData->sslClient) {
dbgprintf("dtls_connect[%p]: SSL_new failed failed\n", pWrkrData);
- net_ossl_lastOpenSSLErrorMsg(pData->target, 0, pWrkrData->sslClient, LOG_WARNING, "omdtls", "SSL_new");
+ net_ossl.osslLastOpenSSLErrorMsg(pData->target, 0, pWrkrData->sslClient,
+ LOG_WARNING, "omdtls", "SSL_new");
ABORT_FINALIZE(RS_RET_ERR);
}
@@ -648,19 +649,20 @@ dtls_connect(wrkrInstanceData_t *pWrkrData) {
dbgprintf("dtls_connect[%p]: enable certificate checking (Mode=%d, VerifyDepth=%d)\n",
pWrkrData, pData->pNetOssl->authMode, pData->CertVerifyDepth);
/* Enable certificate valid checking */
- net_ossl_set_ssl_verify_callback(pWrkrData->sslClient, SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT);
+ net_ossl.osslSetSslVerifyCallback(pWrkrData->sslClient,
+ SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT);
if (pData->CertVerifyDepth != 0) {
SSL_set_verify_depth(pWrkrData->sslClient, pData->CertVerifyDepth);
}
} else {
dbgprintf("dtls_connect[%p]: disable certificate checking\n", pWrkrData);
- net_ossl_set_ssl_verify_callback(pWrkrData->sslClient, SSL_VERIFY_NONE);
+ net_ossl.osslSetSslVerifyCallback(pWrkrData->sslClient, SSL_VERIFY_NONE);
}
/* Create BIO from socket array! */
bio_client = BIO_new_dgram(pWrkrData->sockout, BIO_NOCLOSE);
if (!bio_client) {
- net_ossl_lastOpenSSLErrorMsg(pData->target, 0, pWrkrData->sslClient, LOG_INFO,
+ net_ossl.osslLastOpenSSLErrorMsg(pData->target, 0, pWrkrData->sslClient, LOG_INFO,
"dtls_connect", "BIO_new_dgram");
ABORT_FINALIZE(RS_RET_ERR);
}
@@ -668,13 +670,13 @@ dtls_connect(wrkrInstanceData_t *pWrkrData) {
SSL_set_bio(pWrkrData->sslClient, bio_client, bio_client);
/* Set debug Callback for conn BIO as well! */
- net_ossl_set_bio_callback(bio_client);
+ net_ossl.osslSetBioCallback(bio_client);
dbgprintf("dtls_connect[%p]: Starting DTLS session ...\n", pWrkrData);
/* Perform handshake */
iErr = SSL_connect(pWrkrData->sslClient);
if (iErr <= 0) {
- net_ossl_lastOpenSSLErrorMsg(pData->target, iErr, pWrkrData->sslClient, LOG_INFO,
+ net_ossl.osslLastOpenSSLErrorMsg(pData->target, iErr, pWrkrData->sslClient, LOG_INFO,
"dtls_connect", "SSL_connect");
ABORT_FINALIZE(RS_RET_ERR);
}