Git-Mirrors/monero
1
0
Fork 0
mirror of https://github.com/monero-project/monero.git synced 2025-08-09 20:12:26 -04:00
Code Issues Projects Releases Packages Wiki Activity

update unbound from upstream

Browse source
This commit is contained in:
Riccardo Spagni 2015-04-02 11:16:18 +02:00
parent b0151de601
commit 1f49833d4f
No known key found for this signature in database
GPG key ID: 55432DF31CCD4FCD
155 changed files with 5482 additions and 3440 deletions
Download patch file Download diff file Expand all files Collapse all files

85
external/unbound/smallapp/unbound-control.c vendored
View file

@ -59,6 +59,10 @@
#include "util/locks.h"
#include "util/net_help.h"
#ifdef HAVE_SYS_UN_H
#include <sys/un.h>
#endif
/** Give unbound-control usage, and exit (1). */
static void
usage()
@ -136,32 +140,40 @@ static void ssl_err(const char* s)
static SSL_CTX*
setup_ctx(struct config_file* cfg)
{
char* s_cert, *c_key, *c_cert;
char* s_cert=NULL, *c_key=NULL, *c_cert=NULL;
SSL_CTX* ctx;
s_cert = fname_after_chroot(cfg->server_cert_file, cfg, 1);
c_key = fname_after_chroot(cfg->control_key_file, cfg, 1);
c_cert = fname_after_chroot(cfg->control_cert_file, cfg, 1);
if(!s_cert || !c_key || !c_cert)
fatal_exit("out of memory");
if(cfg->remote_control_use_cert) {
s_cert = fname_after_chroot(cfg->server_cert_file, cfg, 1);
c_key = fname_after_chroot(cfg->control_key_file, cfg, 1);
c_cert = fname_after_chroot(cfg->control_cert_file, cfg, 1);
if(!s_cert || !c_key || !c_cert)
fatal_exit("out of memory");
}
ctx = SSL_CTX_new(SSLv23_client_method());
if(!ctx)
ssl_err("could not allocate SSL_CTX pointer");
if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2))
ssl_err("could not set SSL_OP_NO_SSLv2");
if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3))
ssl_err("could not set SSL_OP_NO_SSLv3");
if(!SSL_CTX_use_certificate_file(ctx,c_cert,SSL_FILETYPE_PEM) ||
!SSL_CTX_use_PrivateKey_file(ctx,c_key,SSL_FILETYPE_PEM)
|| !SSL_CTX_check_private_key(ctx))
ssl_err("Error setting up SSL_CTX client key and cert");
if (SSL_CTX_load_verify_locations(ctx, s_cert, NULL) != 1)
ssl_err("Error setting up SSL_CTX verify, server cert");
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
if(cfg->remote_control_use_cert) {
if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3))
ssl_err("could not set SSL_OP_NO_SSLv3");
if(!SSL_CTX_use_certificate_file(ctx,c_cert,SSL_FILETYPE_PEM) ||
!SSL_CTX_use_PrivateKey_file(ctx,c_key,SSL_FILETYPE_PEM)
|| !SSL_CTX_check_private_key(ctx))
ssl_err("Error setting up SSL_CTX client key and cert");
if (SSL_CTX_load_verify_locations(ctx, s_cert, NULL) != 1)
ssl_err("Error setting up SSL_CTX verify, server cert");
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
free(s_cert);
free(c_key);
free(c_cert);
free(s_cert);
free(c_key);
free(c_cert);
} else {
/* Use ciphers that don't require authentication */
if(!SSL_CTX_set_cipher_list(ctx, "aNULL"))
ssl_err("Error setting NULL cipher!");
}
return ctx;
}
@ -171,6 +183,7 @@ contact_server(const char* svr, struct config_file* cfg, int statuscmd)
{
struct sockaddr_storage addr;
socklen_t addrlen;
int addrfamily = 0;
int fd;
/* use svr or the first config entry */
if(!svr) {
@ -189,12 +202,25 @@ contact_server(const char* svr, struct config_file* cfg, int statuscmd)
if(strchr(svr, '@')) {
if(!extstrtoaddr(svr, &addr, &addrlen))
fatal_exit("could not parse IP@port: %s", svr);
#ifdef HAVE_SYS_UN_H
} else if(svr[0] == '/') {
struct sockaddr_un* usock = (struct sockaddr_un *) &addr;
usock->sun_family = AF_LOCAL;
#ifdef HAVE_STRUCT_SOCKADDR_UN_SUN_LEN
usock->sun_len = (socklen_t)sizeof(usock);
#endif
(void)strlcpy(usock->sun_path, svr, sizeof(usock->sun_path));
addrlen = (socklen_t)sizeof(struct sockaddr_un);
addrfamily = AF_LOCAL;
#endif
} else {
if(!ipstrtoaddr(svr, cfg->control_port, &addr, &addrlen))
fatal_exit("could not parse IP: %s", svr);
}
fd = socket(addr_is_ip6(&addr, addrlen)?AF_INET6:AF_INET,
SOCK_STREAM, 0);
if(addrfamily == 0)
addrfamily = addr_is_ip6(&addr, addrlen)?AF_INET6:AF_INET;
fd = socket(addrfamily, SOCK_STREAM, 0);
if(fd == -1) {
#ifndef USE_WINSOCK
fatal_exit("socket: %s", strerror(errno));
@ -223,7 +249,7 @@ contact_server(const char* svr, struct config_file* cfg, int statuscmd)
/** setup SSL on the connection */
static SSL*
setup_ssl(SSL_CTX* ctx, int fd)
setup_ssl(SSL_CTX* ctx, int fd, struct config_file* cfg)
{
SSL* ssl;
X509* x;
@ -249,10 +275,13 @@ setup_ssl(SSL_CTX* ctx, int fd)
/* check authenticity of server */
if(SSL_get_verify_result(ssl) != X509_V_OK)
ssl_err("SSL verification failed");
x = SSL_get_peer_certificate(ssl);
if(!x)
ssl_err("Server presented no peer certificate");
X509_free(x);
if(cfg->remote_control_use_cert) {
x = SSL_get_peer_certificate(ssl);
if(!x)
ssl_err("Server presented no peer certificate");
X509_free(x);
}
return ssl;
}
@ -330,11 +359,11 @@ go(const char* cfgfile, char* svr, int quiet, int argc, char* argv[])
if(!cfg->remote_control_enable)
log_warn("control-enable is 'no' in the config file.");
ctx = setup_ctx(cfg);
/* contact server */
fd = contact_server(svr, cfg, argc>0&&strcmp(argv[0],"status")==0);
ssl = setup_ssl(ctx, fd);
ssl = setup_ssl(ctx, fd, cfg);
/* send command */
ret = go_cmd(ssl, quiet, argc, argv);