From 45ad4018b02601517de8a758850804a677e226b1 Mon Sep 17 00:00:00 2001 From: Gerhard Rieger Date: Sun, 3 Jan 2021 16:56:50 +0100 Subject: [PATCH] More corrections to recent changes and from systematic tests --- config.h.in | 4 +-- configure.ac | 37 ++++++++++++++++++------- doc/socat.yo | 4 +-- fdname.c | 2 +- socat.c | 12 ++++++-- sslcls.h | 2 ++ sycls.c | 2 +- test.sh | 77 ++++++++++++++++++++++++++++++++++----------------- xio-ip.c | 14 +++++----- xio-listen.c | 2 +- xio-openssl.c | 10 +++++-- xio-socket.c | 18 ++++++++++++ xioopts.c | 6 ++-- 13 files changed, 134 insertions(+), 56 deletions(-) diff --git a/config.h.in b/config.h.in index 446ae9e..7292c01 100644 --- a/config.h.in +++ b/config.h.in @@ -448,10 +448,10 @@ #endif /* Define if you have the OPENSSL_init_ssl function */ -#undef HAVE_OPENSSL_init_ssl +#undef HAVE_OPENSSL_INIT_SSL /* Define if you have the SSL_library_init function */ -#undef HAVE_SSL_library_init +#undef HAVE_SSL_LIBRARY_INIT /* Define if you have the SSLv2 client and server method functions. not in new openssl */ #undef HAVE_SSLv2_client_method diff --git a/configure.ac b/configure.ac index 9b0dfe8..53cebbd 100644 --- a/configure.ac +++ b/configure.ac @@ -542,6 +542,11 @@ if test -n "$WITH_OPENSSL"; then fi fi # end checking for openssl/ssl.h # + +#if test -n "$WITH_OPENSSL"; then +# AC_CHECK_FUNCS(OPENSSL_init_ssl, SSL_library_init) +#fi + if test -n "$WITH_OPENSSL" -a "$sc_cv_have_openssl_ssl_h" = 'yes'; then # next, we search for the openssl library (libssl.*) # interesting: Linux only requires -lssl, FreeBSD requires -lssl -lcrypto @@ -555,11 +560,12 @@ if test -n "$WITH_OPENSSL" -a "$sc_cv_have_openssl_ssl_h" = 'yes'; then LIBS="$LIBS -lssl -lcrypto" fi AC_TRY_LINK([#include ], - [OPENSSL_init_ssl(0,NULL)], - [sc_cv_have_libssl='yes'; sc_cv_have_OPENSSL_init_ssl='yes'; AC_DEFINE(HAVE_OPENSSL_init_ssl)], - [AC_TRY_LINK([#include ], - [SSL_library_init()], - [sc_cv_have_libssl='yes'; sc_cv_have_SSL_library_init='yes'; AC_DEFINE(HAVE_SSL_library_init)], + [SSL_library_init();ERR_error_string()], + [sc_cv_have_libssl='yes'], + [ LIBS="$LIBS -lcrypto" + AC_TRY_LINK([#include ], + [SSL_library_init()], + [sc_cv_have_libssl='yes'], [sc_cv_have_libssl='no']) ]) if test "$sc_cv_have_libssl" != 'yes'; then @@ -602,6 +608,18 @@ if test -n "$WITH_OPENSSL"; then fi fi +AC_CHECK_FUNCS(OPENSSL_init_ssl SSL_library_init) + +#; sc_cv_have_SSL_library_init='yes'; AC_DEFINE(HAVE_SSL_library_init) +#if test -n "$WITH_OPENSSL"; then +# AC_CHECK_LIB(crypto, CRYPTO_new_ex_data, [], [AC_MSG_ERROR([library 'crypto' is required for OpenSSL])]) +# FOUND_SSL_LIB="no" +# AC_CHECK_LIB(ssl, OPENSSL_init_ssl, [FOUND_SSL_LIB="yes"]) +# AC_CHECK_LIB(ssl, SSL_library_init, [FOUND_SSL_LIB="yes"]) +# AS_IF([test "x$FOUND_SSL_LIB" = xno], [AC_MSG_ERROR([library 'ssl' is required for OpenSSL; WITH_OPENSSL=])]) +# AS_IF([test "x$FOUND_SSL_LIB" = xyes], [LIBS="$LIBS -L$L -lssl -lcrypto"]) +#fi + if test -n "$WITH_OPENSSL"; then AC_MSG_CHECKING(whether to include OpenSSL method option) AC_ARG_ENABLE(openssl-method, [ --enable-openssl-method enable OpenSSL method option], @@ -795,7 +813,6 @@ AC_CHECK_FUNCS(putenv select pselect poll socket strtod strtol) AC_CHECK_FUNCS(strtoul uname getpgid getsid gethostbyname getaddrinfo) AC_CHECK_FUNCS(getprotobynumber getprotobynumber_r) AC_CHECK_FUNCS(setgroups inet_aton) -AC_CHECK_FUNCS() AC_CHECK_FUNCS(grantpt unlockpt) @@ -1151,7 +1168,8 @@ AC_MSG_RESULT($sc_cv_struct_linger) # struct ip (for IPv4 header info) AC_MSG_CHECKING(for struct ip) AC_CACHE_VAL(sc_cv_struct_ip, -[AC_TRY_COMPILE([#include ],[struct ip s;], +[AC_TRY_COMPILE([#include +#include ],[struct ip s;], [sc_cv_struct_ip=yes], [sc_cv_struct_ip=no])]) if test $sc_cv_struct_ip = yes; then @@ -1177,6 +1195,7 @@ AC_MSG_CHECKING(for struct ip_mreqn) AC_CACHE_VAL(sc_cv_struct_ip_mreqn, [AC_TRY_COMPILE([#include #include +#include #include ],[struct ip_mreqn s;], [sc_cv_struct_ip_mreqn=yes], [sc_cv_struct_ip_mreqn=no])]) @@ -1203,6 +1222,7 @@ AC_MSG_CHECKING(for struct ip_mreq_source) AC_CACHE_VAL(sc_cv_struct_ip_mreq_source, [AC_TRY_COMPILE([#include #include +#include #include ],[struct ip_mreq_source s;], [sc_cv_struct_ip_mreq_source=yes], [sc_cv_struct_ip_mreq_source=no])]) @@ -1486,8 +1506,6 @@ AC_CHECK_FUNC(setenv, AC_DEFINE(HAVE_SETENV), dnl Search for unsetenv() AC_CHECK_FUNC(unsetenv, AC_DEFINE(HAVE_UNSETENV)) -AC_CHECK_FUNC(SSL_CTX_set_min_proto_version, AC_DEFINE(HAVE_SSL_CTX_set_min_proto_version)) -AC_CHECK_FUNC(SSL_CTX_set_max_proto_version, AC_DEFINE(HAVE_SSL_CTX_set_max_proto_version)) AC_CHECK_FUNC(TLS_client_method, AC_DEFINE(HAVE_TLS_client_method) ac_cv_have_tls_client_method=yes, AC_CHECK_LIB(crypt, TLS_client_method, [LIBS=-lcrypt $LIBS])) AC_CHECK_FUNC(TLS_server_method, AC_DEFINE(HAVE_TLS_server_method) ac_cv_have_tls_server_method=yes, AC_CHECK_LIB(crypt, TLS_server_method, [LIBS=-lcrypt $LIBS])) AC_CHECK_FUNC(DTLS_client_method, AC_DEFINE(HAVE_DTLS_client_method), AC_CHECK_LIB(crypt, DTLS_client_method, [LIBS=-lcrypt $LIBS])) @@ -1911,7 +1929,6 @@ struct rlimit, rlim_max, HAVE_TYPEOF_RLIM_MAX, sc_cv_type_rlimit_rlimmax_basic) AC_TYPEOF_COMPONENT([#include "sysincludes.h"], struct cmsghdr, cmsg_len, HAVE_TYPEOF_STRUCT_CMSGHDR_CMSG_LEN, sc_cv_typeof_struct_cmsghdr_cmsg_len) ### snprintf, vsnprintf - AC_MSG_CHECKING(for /dev/ptmx) if test -c /dev/ptmx; then AC_DEFINE(HAVE_DEV_PTMX, 1) diff --git a/doc/socat.yo b/doc/socat.yo index 33cfe74..233fca7 100644 --- a/doc/socat.yo +++ b/doc/socat.yo @@ -982,7 +982,7 @@ label(ADDRESS_TCP_CONNECT)dit(bf(tt(TCP::))) link(tos)(OPTION_TOS), link(mtudiscover)(OPTION_MTUDISCOVER), link(mss)(OPTION_MSS), - link(nodelay)(OPTION_NODELAY), + link(nodelay)(OPTION_TCP_NODELAY), link(nonblock)(OPTION_NONBLOCK), link(sourceport)(OPTION_SOURCEPORT), link(retry)(OPTION_RETRY), @@ -3766,7 +3766,7 @@ standard specifications available on the Internet for free. label(VERSION) manpagesection(VERSION) -This man page describes version 1.7.3 of socat(). +This man page describes version 1.7.4 of socat(). label(BUGS) diff --git a/fdname.c b/fdname.c index 8cd3cca..3f2c449 100644 --- a/fdname.c +++ b/fdname.c @@ -319,10 +319,10 @@ int sockname(int fd, FILE *outfile, char style) { optacceptconn?"(listening)": #endif ""); -#endif /* WITH_UNIX */ break; } break; +#endif /* WITH_UNIX */ #if WITH_IP4 case AF_INET: switch (style) { diff --git a/socat.c b/socat.c index b1a70aa..b619a3d 100644 --- a/socat.c +++ b/socat.c @@ -187,7 +187,11 @@ int main(int argc, const char *argv[]) { break; } } - if ((socat_opts.sniffleft = Open(a, O_CREAT|O_WRONLY|O_APPEND|O_LARGEFILE|O_NONBLOCK, 0664)) < 0) + if ((socat_opts.sniffleft = Open(a, O_CREAT|O_WRONLY|O_APPEND| +#ifdef O_LARGEFILE + O_LARGEFILE| +#endif + O_NONBLOCK, 0664)) < 0) Error2("option -r \"%s\": %s", a, strerror(errno)); break; case 'R': if (arg1[0][2]) { @@ -199,7 +203,11 @@ int main(int argc, const char *argv[]) { break; } } - if ((socat_opts.sniffright = Open(a, O_CREAT|O_WRONLY|O_APPEND|O_LARGEFILE|O_NONBLOCK, 0664)) < 0) + if ((socat_opts.sniffright = Open(a, O_CREAT|O_WRONLY|O_APPEND| +#ifdef O_LARGEFILE + O_LARGEFILE| +#endif + O_NONBLOCK, 0664)) < 0) Error2("option -r \"%s\": %s", a, strerror(errno)); break; case 'b': if (arg1[0][2]) { diff --git a/sslcls.h b/sslcls.h index a62237e..df1c368 100644 --- a/sslcls.h +++ b/sslcls.h @@ -8,7 +8,9 @@ #if WITH_SYCLS #if WITH_OPENSSL +#if HAVE_OPENSSL_init_ssl int sycOPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); +#endif void sycSSL_load_error_strings(void); int sycSSL_library_init(void); const SSL_METHOD *sycTLS_client_method(void); diff --git a/sycls.c b/sycls.c index 3eb1378..76008a1 100644 --- a/sycls.c +++ b/sycls.c @@ -26,7 +26,7 @@ #if HAVE_PROTOTYPE_LIB_posix_memalign int Posix_memalign(void **memptr, size_t alignment, size_t size) { int result; - Debug3("posix_memalign(%p, "F_Zu", F_Zu)", memptr, alignment, size); + Debug3("posix_memalign(%p, "F_Zu", "F_Zu")", memptr, alignment, size); result = posix_memalign(memptr, alignment, size); Debug1("posix_memalign(...) -> %d", result); return result; diff --git a/test.sh b/test.sh index fbb6c10..b9e659d 100755 --- a/test.sh +++ b/test.sh @@ -429,7 +429,7 @@ ECHO="echo $E" PRINTF="printf" case "$TERM" in -vt100|vt320|linux|xterm|cons25|dtterm|aixterm|sun-color|xterm-color|xterm-256color) +vt100|vt320|linux|xterm|cons25|dtterm|aixterm|sun-color|xterm-color|xterm-256color|screen) # there are different behaviours of printf (and echo) # on some systems, echo behaves different than printf... if [ $($PRINTF "\0101") = "A" ]; then @@ -461,12 +461,48 @@ vt100|vt320|linux|xterm|cons25|dtterm|aixterm|sun-color|xterm-color|xterm-256col ;; esac - if [ -x /usr/xpg4/bin/id ]; then # SunOS has rather useless tools in its default path PATH="/usr/xpg4/bin:$PATH" fi +OPENSSL_S_CLIENT_4= +OPENSSL_S_CLIENT_DTLS= +init_openssl_s_client () { + if openssl s_client -help 2>&1 |grep -q ' -4 '; then + OPENSSL_S_CLIENT_4="-4" + else + OPENSSL_S_CLIENT_4=" " + fi + if openssl s_client -help 2>&1 | grep -q ' -dtls '; then + OPENSSL_S_CLIENT_DTLS=-dtls + else + OPENSSL_S_CLIENT_DTLS=-dtls1 + fi +} + +OPENSSL_S_SERVER_4= +OPENSSL_S_SERVER_DTLS= +OPENSSL_S_SERVER_NO_IGN_EOF= +init_openssl_s_server () { + if openssl s_server -help 2>&1 |grep -q ' -4 '; then + OPENSSL_S_SERVER_4="-4" + else + OPENSSL_S_SERVER_4=" " + fi + if openssl s_server -help 2>&1 | grep -q ' -dtls '; then + OPENSSL_S_SERVER_DTLS="-dtls" + else + OPENSSL_S_SERVER_DTLS="-dtls1" + fi + if openssl s_server -help 2>&1 | grep -q ' -no-ign_eof '; then + OPENSSL_S_SERVER_NO_IGN_EOF="-no-ign_eof" + else + OPENSSL_S_SERVER_NO_IGN_EOF=" " + fi +} + + [ -z "$TESTS" ] && TESTS="consistency functions filan" # use '%' as separation char TESTS="%$(echo "$TESTS" |tr ' ' '%')%" @@ -4265,7 +4301,8 @@ tf="$td/test$N.stdout" te="$td/test$N.stderr" tdiff="$td/test$N.diff" da="test$N $(date) $RANDOM" -CMD2="$TRACE $SOCAT $opts exec:'openssl s_server -accept "$PORT" -quiet -cert testsrv.pem' pipe" +init_openssl_s_server +CMD2="$TRACE $SOCAT $opts exec:'openssl s_server $OPENSSL_S_SERVER_4 -accept "$PORT" -quiet -cert testsrv.pem' pipe" CMD="$TRACE $SOCAT $opts - openssl:$LOCALHOST:$PORT,pf=ip4,verify=0,$SOCAT_EGD" printf "test $F_n $TEST... " $N eval "$CMD2 2>\"${te}1\" &" @@ -7172,6 +7209,8 @@ TEST="$NAME: TCP4 mapped into TCP6 address space" if ! eval $NUMCOND; then :; elif true; then $PRINTF "test $F_n $TEST... ${YELLOW}Feature removed${NORMAL}\n" $N + numCANT=$((numCANT+1)) + listCANT="$listCANT $N" elif ! testfeats tcp ip6 >/dev/null || ! runsip6 >/dev/null; then $PRINTF "test $F_n $TEST... ${YELLOW}TCP6 not available${NORMAL}\n" $N numCANT=$((numCANT+1)) @@ -11493,9 +11532,10 @@ tf="$td/test$N.stdout" te="$td/test$N.stderr" tdiff="$td/test$N.diff" da="test$N $(date) $RANDOM" +init_openssl_s_client CMD0="$TRACE $SOCAT $opts OPENSSL-LISTEN:$PORT,$REUSEADDR,cert=testsrv.crt,key=testsrv.key,verify=0 PIPE" #CMD1="openssl s_client -port $PORT -verify 0" # not with openssl 1.1.0g -CMD1="openssl s_client $OPENSSL_METHOD -port $PORT" +CMD1="openssl s_client $OPENSSL_S_CLIENT_4 $OPENSSL_METHOD -port $PORT" printf "test $F_n $TEST... " $N $CMD0 >/dev/null 2>"${te}0" & pid0=$! @@ -11553,9 +11593,10 @@ tf="$td/test$N.stdout" te="$td/test$N.stderr" tdiff="$td/test$N.diff" da="test$N $(date) $RANDOM" +init_openssl_s_client CMD0="$TRACE $SOCAT $opts OPENSSL-LISTEN:$PORT,$REUSEADDR,cert=testsrv.crt,key=testsrv.key,verify=0 SYSTEM:\"sleep 1; echo \\\\\\\"\\\"$da\\\"\\\\\\\"; sleep 1\"!!STDIO" #CMD1="openssl s_client -port $PORT -verify 0" # not with openssl 1.1.0g -CMD1="openssl s_client $OPENSSL_METHOD -port $PORT" +CMD1="openssl s_client $OPENSSL_S_CLIENT_4 $OPENSSL_METHOD -port $PORT" printf "test $F_n $TEST... " $N eval "$CMD0 >/dev/null 2>\"${te}0\" &" pid0=$! @@ -14018,21 +14059,8 @@ te="$td/test$N.stderr" tdiff="$td/test$N.diff" #set -vx da="test$N $(date) $RANDOM" -S_SERVER_4= -if openssl s_server -help 2>&1 | grep -q ' -4 '; then - S_SERVER_4="-4" -fi -if openssl s_server -help 2>&1 | grep -q ' -dtls '; then - S_SERVER_DTLS=-dtls -else - S_SERVER_DTLS=-dtls1 -fi -if openssl s_server -help 2>&1 | grep -q ' -no-ign_eof '; then - S_SERVER_NO_IGN_EOF=-no-ign_eof -else - S_SERVER_NO_IGN_EOF= -fi -CMD1="$TRACE openssl s_server $S_SERVER_4 $S_SERVER_DTLS -accept $PORT -quiet $S_SERVER_NO_IGN_EOF -cert testsrv.pem" +init_openssl_s_server +CMD1="$TRACE openssl s_server $OPENSSL_S_SERVER_4 $OPENSSL_S_SERVER_DTLS -accept $PORT -quiet $S_SERVER_NO_IGN_EOF -cert testsrv.pem" CMD="$TRACE $SOCAT $opts -T 1 - OPENSSL-DTLS-CLIENT:$LOCALHOST:$PORT,pf=ip4,verify=0,$SOCAT_EGD" printf "test $F_n $TEST... " $N ( sleep 2; echo "$da"; sleep 1 ) |$CMD1 2>"${te}1" & @@ -14094,13 +14122,9 @@ tf="$td/test$N.stdout" te="$td/test$N.stderr" tdiff="$td/test$N.diff" da="test$N $(date) $RANDOM" -if openssl s_server -help 2>&1 | grep -q ' -dtls '; then - S_SERVER_DTLS=-dtls -else - S_SERVER_DTLS=-dtls1 -fi +init_openssl_s_client CMD1="$TRACE $SOCAT $opts OPENSSL-DTLS-SERVER:$PORT,$REUSEADDR,cert=testsrv.crt,key=testsrv.key,verify=0 PIPE" -CMD="openssl s_client -host $LOCALHOST -port $PORT $S_SERVER_DTLS" +CMD="openssl s_client $OPENSSL_S_CLIENT_4 -host $LOCALHOST -port $PORT $OPENSSL_S_CLIENT_DTLS" printf "test $F_n $TEST... " $N $CMD1 >/dev/null 2>"${te}1" & pid1=$! @@ -14503,6 +14527,7 @@ pid0=$! waitudp4port $PORT 1 echo "$da" |$CMD1 >"${tf}1" 2>"${te}1" rc1=$? +sleep 0.1 kill $pid0 2>/dev/null; wait if [ -f ${tf}0 ] && echo "$da" |diff - ${tf}0 >$tdiff; then $PRINTF "$OK\n" diff --git a/xio-ip.c b/xio-ip.c index 9ad642c..d1e8bec 100644 --- a/xio-ip.c +++ b/xio-ip.c @@ -667,11 +667,11 @@ int xiotype_ip_add_source_membership(char *token, const struct optname *ent, str *buffp++ = '\0'; opt->value.u_ip_mreq_source.srcaddr = strdup(buff); /*!!! NULL */ - Info4("setting option \"%s\" to {0x%08x,0x%08x,0x08x}", + Info4("setting option \"%s\" to {0x%08x,0x%08x,0x%08x}", ent->desc->defname, - opt->value.u_ip_mreq_source.mcaddr, - opt->value.u_ip_mreq_source.ifaddr, - opt->value.u_ip_mreq_source.srcaddr); + ntohl(*(unsigned int *)opt->value.u_ip_mreq_source.mcaddr), + ntohl(*(unsigned int *)opt->value.u_ip_mreq_source.ifaddr), + ntohl(*(unsigned int *)opt->value.u_ip_mreq_source.srcaddr)); return 0; } @@ -708,9 +708,9 @@ int xioapply_ip_add_source_membership(struct single *xfd, struct opt *opt) { &ip4_mreq_src, sizeof(ip4_mreq_src)) < 0) { Error8("setsockopt(%d, %d, %d, {0x%08x,0x%08x,0x%08x}, "F_Zu"): %s", xfd->fd, opt->desc->major, opt->desc->minor, - ip4_mreq_src.imr_multiaddr, - ip4_mreq_src.imr_interface, - ip4_mreq_src.imr_sourceaddr, + htonl((uint32_t)ip4_mreq_src.imr_multiaddr.s_addr), + ip4_mreq_src.imr_interface.s_addr, + ip4_mreq_src.imr_sourceaddr.s_addr, sizeof(struct ip_mreq_source), strerror(errno)); opt->desc = ODESC_ERROR; diff --git a/xio-listen.c b/xio-listen.c index 73f4041..58e054d 100644 --- a/xio-listen.c +++ b/xio-listen.c @@ -255,7 +255,7 @@ int _xioopen_listen(struct single *xfd, int xioflags, struct sockaddr *us, sockl while (1) { if (Select(xfd->fd+1, &rfd, NULL, NULL, &tmo) < 0) { if (errno != EINTR) { - Error5("Select(%d, &0x%lx, NULL, NULL, {%ld.%ld}): %s", xfd->fd+1, 1<<(xfd->fd+1), + Error5("Select(%d, &0x%lx, NULL, NULL, {%ld.%06ld}): %s", xfd->fd+1, 1L<<(xfd->fd+1), xfd->para.socket.accept_timeout.tv_sec, xfd->para.socket.accept_timeout.tv_usec, strerror(errno)); } diff --git a/xio-openssl.c b/xio-openssl.c index 473cedc..aec1bd1 100644 --- a/xio-openssl.c +++ b/xio-openssl.c @@ -103,7 +103,9 @@ const struct addrdesc xioaddr_openssl_listen = { #endif /* WITH_LISTEN */ const struct addrdesc xioaddr_openssl_dtls_client = { "openssl-dtls-client", 3, xioopen_openssl_connect, GROUP_FD|GROUP_SOCKET|GROUP_SOCK_IP4|GROUP_SOCK_IP6|GROUP_IP_UDP|GROUP_CHILD|GROUP_OPENSSL|GROUP_RETRY, 1, 0, 0 HELP("::") } ; +#if WITH_LISTEN const struct addrdesc xioaddr_openssl_dtls_server = { "openssl-dtls-server", 3, xioopen_openssl_listen, GROUP_FD|GROUP_SOCKET|GROUP_SOCK_IP4|GROUP_SOCK_IP6|GROUP_IP_UDP|GROUP_LISTEN|GROUP_CHILD|GROUP_RANGE|GROUP_OPENSSL|GROUP_RETRY, 1, 0, 0 HELP(":") } ; +#endif /* both client and server */ const struct optdesc opt_openssl_cipherlist = { "openssl-cipherlist", "ciphers", OPT_OPENSSL_CIPHERLIST, GROUP_OPENSSL, PH_SPEC, TYPE_STRING, OFUNC_SPEC }; @@ -582,9 +584,11 @@ static int E_ERROR #endif /* WITH_RETRY */ ); +#if WITH_UDP } else { result = _xioopen_ipdgram_listen(xfd, xioflags, us, uslen, opts, pf, socktype, ipproto); +#endif /* WITH_UDP */ } /*! not sure if we should try again on retry/forever */ switch (result) { @@ -1165,12 +1169,12 @@ int if (sslver < 0) return STAT_NORETRY; if ((rc = SSL_CTX_set_min_proto_version(ctx, sslver)) <= 0) { - Debug1("version: %d", SSL_CTX_get_min_proto_version(ctx)); + Debug1("version: %ld", SSL_CTX_get_min_proto_version(ctx)); Error3("_xioopen_openssl_prepare(): SSL_CTX_set_min_proto_version(\"%s\"->%d): failed (%d)", xfd->para.openssl.min_proto_version, sslver, rc); return STAT_NORETRY; } - Debug1("version: %d", SSL_CTX_get_min_proto_version(ctx)); + Debug1("version: %ld", SSL_CTX_get_min_proto_version(ctx)); } #endif /* HAVE_SSL_set_min_proto_version || defined(SSL_set_min_proto_version) */ #if HAVE_SSL_CTX_set_max_proto_version || defined(SSL_CTX_set_max_proto_version) @@ -1770,6 +1774,7 @@ static int openssl_handle_peer_certificate(struct single *xfd, ok = 1; } break; +#if WITH_IP6 case 16: /* IPv6 */ inet_ntop(AF_INET6, data, aBuffer, sizeof(aBuffer)); xioip6_pton(peername, &ip6bin); @@ -1782,6 +1787,7 @@ static int openssl_handle_peer_certificate(struct single *xfd, aBuffer, peername); } break; +#endif } xiosetenv("OPENSSL_X509V3_SUBJECTALTNAME_IPADD", (char *)aBuffer, 2, " // "); } diff --git a/xio-socket.c b/xio-socket.c index 7f4e461..6e5103a 100644 --- a/xio-socket.c +++ b/xio-socket.c @@ -715,9 +715,11 @@ int _xioopen_connect(struct single *xfd, union sockaddr_union *us, size_t uslen, int _errno; int result; +#if WITH_UNIX if (pf == PF_UNIX && us != NULL) { applyopts_named(us->un.sun_path, opts, PH_EARLY); } +#endif if ((xfd->fd = xiosocket(opts, pf, socktype, protocol, level)) < 0) { return STAT_RETRYLATER; @@ -729,9 +731,11 @@ int _xioopen_connect(struct single *xfd, union sockaddr_union *us, size_t uslen, applyopts_cloexec(xfd->fd, opts); +#if WITH_UNIX if (pf == PF_UNIX && us != NULL) { applyopts_named(us->un.sun_path, opts, PH_PREOPEN); } +#endif applyopts(xfd->fd, opts, PH_PREBIND); applyopts(xfd->fd, opts, PH_BIND); #if WITH_TCP || WITH_UDP @@ -812,9 +816,11 @@ int _xioopen_connect(struct single *xfd, union sockaddr_union *us, size_t uslen, #endif /* WITH_TCP || WITH_UDP */ if (us) { +#if WITH_UNIX if (pf == PF_UNIX && us != NULL) { applyopts_named(us->un.sun_path, opts, PH_PREOPEN); } +#endif if (Bind(xfd->fd, &us->soa, uslen) < 0) { Msg4(level, "bind(%d, {%s}, "F_Zd"): %s", xfd->fd, sockaddr_info(&us->soa, uslen, infobuff, sizeof(infobuff)), @@ -823,9 +829,11 @@ int _xioopen_connect(struct single *xfd, union sockaddr_union *us, size_t uslen, return STAT_RETRYLATER; } } +#if WITH_UNIX if (pf == PF_UNIX && us != NULL) { applyopts_named(us->un.sun_path, opts, PH_PASTOPEN); } +#endif applyopts(xfd->fd, opts, PH_PASTBIND); @@ -924,9 +932,11 @@ int _xioopen_connect(struct single *xfd, union sockaddr_union *us, size_t uslen, applyopts_fchown(xfd->fd, opts); /* OPT_USER, OPT_GROUP */ applyopts(xfd->fd, opts, PH_CONNECTED); +#if WITH_UNIX if (pf == PF_UNIX && us != NULL) { applyopts_named(us->un.sun_path, opts, PH_LATE); } +#endif applyopts(xfd->fd, opts, PH_LATE); return STAT_OK; @@ -1051,9 +1061,11 @@ int _xioopen_dgram_sendto(/* them is already in xfd->peersa */ union sockaddr_union la; socklen_t lalen = sizeof(la); char infobuff[256]; +#if WITH_UNIX if (pf == PF_UNIX && us != NULL) { applyopts_named(us->un.sun_path, opts, PH_EARLY); } +#endif if ((xfd->fd = xiosocket(opts, pf, socktype, ipproto, level)) < 0) { return STAT_RETRYLATER; @@ -1066,9 +1078,11 @@ int _xioopen_dgram_sendto(/* them is already in xfd->peersa */ applyopts_cloexec(xfd->fd, opts); +#if WITH_UNIX if (pf == PF_UNIX && us != NULL) { applyopts_named(us->un.sun_path, opts, PH_PREOPEN); } +#endif applyopts(xfd->fd, opts, PH_PREBIND); applyopts(xfd->fd, opts, PH_BIND); @@ -1081,9 +1095,11 @@ int _xioopen_dgram_sendto(/* them is already in xfd->peersa */ return STAT_RETRYLATER; } } +#if WITH_UNIX if (pf == PF_UNIX && us != NULL) { applyopts_named(us->un.sun_path, opts, PH_PASTOPEN); } +#endif applyopts(xfd->fd, opts, PH_PASTBIND); @@ -1096,9 +1112,11 @@ int _xioopen_dgram_sendto(/* them is already in xfd->peersa */ applyopts_fchown(xfd->fd, opts); applyopts(xfd->fd, opts, PH_CONNECTED); +#if WITH_UNIX if (pf == PF_UNIX && us != NULL) { applyopts_named(us->un.sun_path, opts, PH_LATE); } +#endif applyopts(xfd->fd, opts, PH_LATE); /* xfd->dtype = DATA_RECVFROM; *//* no, the caller must set this (ev _SKIPIP) */ diff --git a/xioopts.c b/xioopts.c index 6854235..5634cb5 100644 --- a/xioopts.c +++ b/xioopts.c @@ -157,7 +157,7 @@ const struct optname optionnames[] = { #ifdef TCP_ABORT_THRESHOLD /* HP_UX */ IF_TCP ("abort-threshold", &opt_tcp_abort_threshold) #endif - IF_SOCKET ("accept-timeout", &opt_accept_timeout) + IF_LISTEN ("accept-timeout", &opt_accept_timeout) #ifdef SO_ACCEPTCONN /* AIX433 */ IF_SOCKET ("acceptconn", &opt_so_acceptconn) #endif /* SO_ACCEPTCONN */ @@ -889,7 +889,7 @@ const struct optname optionnames[] = { IF_TCP ("linger2", &opt_tcp_linger2) #endif IF_PTY ("link", &opt_symbolic_link) - IF_SOCKET ("listen-timeout", &opt_accept_timeout) + IF_LISTEN ("listen-timeout", &opt_accept_timeout) IF_TERMIOS("lnext", &opt_vlnext) #if defined(F_SETLKW) IF_ANY ("lock", &opt_f_setlkw_wr) /* POSIX, first choice */ @@ -2507,9 +2507,11 @@ int parseopts_table(const char **a, unsigned int groups, struct opt **opts, break; #endif /* defined(HAVE_STRUCT_IP_MREQ) || defined (HAVE_STRUCT_IP_MREQN) */ +#if HAVE_STRUCT_IP_MREQ_SOURCE case TYPE_IP_MREQ_SOURCE: xiotype_ip_add_source_membership(token, ent, opt); break; +#endif #if WITH_IP4 case TYPE_IP4NAME: