version 1.186, 2017/06/11 14:38:52 |
version 1.187, 2017/07/15 17:27:39 |
|
|
#define TLS_NONAME (1 << 3) |
#define TLS_NONAME (1 << 3) |
#define TLS_CCERT (1 << 4) |
#define TLS_CCERT (1 << 4) |
#define TLS_MUSTSTAPLE (1 << 5) |
#define TLS_MUSTSTAPLE (1 << 5) |
|
#define TLS_COMPAT (1 << 6) |
|
|
/* Command Line Options */ |
/* Command Line Options */ |
int dflag; /* detached, no stdin */ |
int dflag; /* detached, no stdin */ |
|
|
errx(1, "cannot use -c and -F"); |
errx(1, "cannot use -c and -F"); |
if (TLSopt && !usetls) |
if (TLSopt && !usetls) |
errx(1, "you must specify -c to use TLS options"); |
errx(1, "you must specify -c to use TLS options"); |
|
if ((TLSopt & (TLS_ALL|TLS_COMPAT)) == (TLS_ALL|TLS_COMPAT)) |
|
errx(1, "cannot use -T tlsall and -T tlscompat"); |
if (Cflag && !usetls) |
if (Cflag && !usetls) |
errx(1, "you must specify -c to use -C"); |
errx(1, "you must specify -c to use -C"); |
if (Kflag && !usetls) |
if (Kflag && !usetls) |
|
|
errx(1, "%s", tls_config_error(tls_cfg)); |
errx(1, "%s", tls_config_error(tls_cfg)); |
if (oflag && tls_config_set_ocsp_staple_file(tls_cfg, oflag) == -1) |
if (oflag && tls_config_set_ocsp_staple_file(tls_cfg, oflag) == -1) |
errx(1, "%s", tls_config_error(tls_cfg)); |
errx(1, "%s", tls_config_error(tls_cfg)); |
if (TLSopt & TLS_ALL) { |
if (TLSopt & (TLS_ALL|TLS_COMPAT)) { |
if (tls_config_set_protocols(tls_cfg, |
if (tls_config_set_protocols(tls_cfg, |
TLS_PROTOCOLS_ALL) != 0) |
TLS_PROTOCOLS_ALL) != 0) |
errx(1, "%s", tls_config_error(tls_cfg)); |
errx(1, "%s", tls_config_error(tls_cfg)); |
if (tls_config_set_ciphers(tls_cfg, "all") != 0) |
if (tls_config_set_ciphers(tls_cfg, |
|
(TLSopt & TLS_ALL) ? "all" : "compat") != 0) |
errx(1, "%s", tls_config_error(tls_cfg)); |
errx(1, "%s", tls_config_error(tls_cfg)); |
} |
} |
if (!lflag && (TLSopt & TLS_CCERT)) |
if (!lflag && (TLSopt & TLS_CCERT)) |
|
|
{ "noname", TLS_NONAME }, |
{ "noname", TLS_NONAME }, |
{ "clientcert", TLS_CCERT}, |
{ "clientcert", TLS_CCERT}, |
{ "muststaple", TLS_MUSTSTAPLE}, |
{ "muststaple", TLS_MUSTSTAPLE}, |
|
{ "tlscompat", TLS_COMPAT }, |
{ NULL, -1 }, |
{ NULL, -1 }, |
}; |
}; |
|
|