Fix implementation of _cupsCondWait with timeout.

[thirdparty/cups.git] / scheduler / conf.c

diff --git a/scheduler/conf.c b/scheduler/conf.c
index c81a40c95549a93cb0deffb223d282badfa6360a..f90bcfae94428aff42624be484c67b96231570ea 100644 (file)
--- a/scheduler/conf.c
+++ b/scheduler/conf.c
@@ -4,11 +4,7 @@
  * Copyright 2007-2017 by Apple Inc.
  * Copyright 1997-2007 by Easy Software Products, all rights reserved.
  *
- * These coded instructions, statements, and computer programs are the
- * property of Apple Inc. and are protected by Federal copyright
- * law.  Distribution and use rights are outlined in the file "LICENSE.txt"
- * which should have been included with this file.  If this file is
- * missing or damaged, see the license at "http://www.cups.org/".
+ * Licensed under Apache License v2.0.  See the file "LICENSE" for more information.
  */
 
 /*
@@ -620,7 +616,7 @@ cupsdReadConfiguration(void)
   cupsdSetString(&ServerKeychain, "/Library/Keychains/System.keychain");
 #  endif /* HAVE_GNUTLS */
 
-  _httpTLSSetOptions(0);
+  _httpTLSSetOptions(_HTTP_TLS_NONE, _HTTP_TLS_1_0, _HTTP_TLS_MAX);
 #endif /* HAVE_SSL */
 
   language = cupsLangDefault();
@@ -3003,7 +2999,9 @@ read_cupsd_conf(cups_file_t *fp)  /* I - File to read from */
       * SSLOptions [AllowRC4] [AllowSSL3] [AllowDH] [DenyCBC] [DenyTLS1.0] [None]
       */
 
-      int      options = 0;            /* SSL/TLS options */
+      int      options = _HTTP_TLS_NONE,/* SSL/TLS options */
+               min_version = _HTTP_TLS_1_0,
+               max_version = _HTTP_TLS_MAX;
 
       if (value)
       {
@@ -3027,24 +3025,40 @@ read_cupsd_conf(cups_file_t *fp)        /* I - File to read from */
          * Compare...
          */
 
-          if (!_cups_strcasecmp(start, "AllowRC4"))
+         if (!_cups_strcasecmp(start, "AllowRC4"))
            options |= _HTTP_TLS_ALLOW_RC4;
-          else if (!_cups_strcasecmp(start, "AllowSSL3"))
-           options |= _HTTP_TLS_ALLOW_SSL3;
+         else if (!_cups_strcasecmp(start, "AllowSSL3"))
+           min_version = _HTTP_TLS_SSL3;
          else if (!_cups_strcasecmp(start, "AllowDH"))
            options |= _HTTP_TLS_ALLOW_DH;
          else if (!_cups_strcasecmp(start, "DenyCBC"))
            options |= _HTTP_TLS_DENY_CBC;
          else if (!_cups_strcasecmp(start, "DenyTLS1.0"))
-           options |= _HTTP_TLS_DENY_TLS10;
-          else if (!_cups_strcasecmp(start, "None"))
-           options = 0;
+           min_version = _HTTP_TLS_1_1;
+         else if (!_cups_strcasecmp(start, "MaxTLS1.0"))
+           max_version = _HTTP_TLS_1_0;
+         else if (!_cups_strcasecmp(start, "MaxTLS1.1"))
+           max_version = _HTTP_TLS_1_1;
+         else if (!_cups_strcasecmp(start, "MaxTLS1.2"))
+           max_version = _HTTP_TLS_1_2;
+         else if (!_cups_strcasecmp(start, "MaxTLS1.3"))
+           max_version = _HTTP_TLS_1_3;
+         else if (!_cups_strcasecmp(start, "MinTLS1.0"))
+           min_version = _HTTP_TLS_1_0;
+         else if (!_cups_strcasecmp(start, "MinTLS1.1"))
+           min_version = _HTTP_TLS_1_1;
+         else if (!_cups_strcasecmp(start, "MinTLS1.2"))
+           min_version = _HTTP_TLS_1_2;
+         else if (!_cups_strcasecmp(start, "MinTLS1.3"))
+           min_version = _HTTP_TLS_1_3;
+         else if (!_cups_strcasecmp(start, "None"))
+           options = _HTTP_TLS_NONE;
          else if (_cups_strcasecmp(start, "NoEmptyFragments"))
            cupsdLogMessage(CUPSD_LOG_WARN, "Unknown SSL option %s at line %d.", start, linenum);
         }
       }
 
-      _httpTLSSetOptions(options);
+      _httpTLSSetOptions(options, min_version, max_version);
     }
 #endif /* HAVE_SSL */
     else if ((!_cups_strcasecmp(line, "Port") || !_cups_strcasecmp(line, "Listen")