]> git.ipfire.org Git - thirdparty/cups.git/commitdiff
projects / thirdparty / cups.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3af9ac9)
Drop support for ServerCertificate and ServerKey directives; now we just support
authormsweet <msweet@a1ca3aef-8c08-0410-bb20-df032aa958be>
Wed, 11 Dec 2013 02:23:54 +0000 (02:23 +0000)
committermsweet <msweet@a1ca3aef-8c08-0410-bb20-df032aa958be>
Wed, 11 Dec 2013 02:23:54 +0000 (02:23 +0000)
ServerKeychain on all platforms.

git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@11457 a1ca3aef-8c08-0410-bb20-df032aa958be

scheduler/client.c patch | blob | blame | history
scheduler/conf.c patch | blob | blame | history
scheduler/conf.h patch | blob | blame | history

diff --git a/scheduler/client.c b/scheduler/client.c
index 55ebe514d0f8cfe826c95a3a8db1f894aa0d8296..8a36a08621f08e5b8f33b29e7fb23d0797513a7f 100644 (file)
--- a/scheduler/client.c
+++ b/scheduler/client.c
@@ -2878,7 +2878,6 @@ static int                                /* O - 0 on success, -1 on error */
 cupsd_start_tls(cupsd_client_t    *con,        /* I - Client connection */
                 http_encryption_t e)   /* I - Encryption mode */
 {
-  /* TODO: Lookup/load cert + key and set */
   if (httpEncryption(con->http, e))
   {
     cupsdLogClient(con, CUPSD_LOG_ERROR, "Unable to encrypt connection: %s",
diff --git a/scheduler/conf.c b/scheduler/conf.c
index e86eff60677920ec48d2ded7b028b5faaee5cd8e..8f91179fe8ad938f4b462ec3861904af9b32e183 100644 (file)
--- a/scheduler/conf.c
+++ b/scheduler/conf.c
@@ -143,10 +143,6 @@ static const cupsd_var_t   cupsfiles_vars[] =
   { "RequestRoot",             &RequestRoot,           CUPSD_VARTYPE_STRING },
   { "ServerBin",               &ServerBin,             CUPSD_VARTYPE_PATHNAME },
 #ifdef HAVE_SSL
-#  ifdef HAVE_GNUTLS
-  { "ServerCertificate",       &ServerCertificate,     CUPSD_VARTYPE_PATHNAME },
-  { "ServerKey",               &ServerKey,             CUPSD_VARTYPE_PATHNAME },
-#  endif /* HAVE_GNUTLS */
   { "ServerKeychain",          &ServerKeychain,        CUPSD_VARTYPE_PATHNAME },
 #endif /* HAVE_SSL */
   { "ServerRoot",              &ServerRoot,            CUPSD_VARTYPE_PATHNAME },
@@ -592,9 +588,7 @@ cupsdReadConfiguration(void)
 
 #ifdef HAVE_SSL
 #  ifdef HAVE_GNUTLS
-  cupsdClearString(&ServerKeychain);
-  cupsdSetString(&ServerCertificate, "ssl/server.crt");
-  cupsdSetString(&ServerKey, "ssl/server.key");
+  cupsdSetString(&ServerKeychain, "ssl");
 #  else
   cupsdSetString(&ServerKeychain, "/Library/Keychains/System.keychain");
 #  endif /* HAVE_GNUTLS */
@@ -1061,27 +1055,10 @@ cupsdReadConfiguration(void)
     cupsdSetStringf(&CacheDir, "%s/%s", ServerRoot, CacheDir);
 
 #ifdef HAVE_SSL
-#  ifdef HAVE_GNUTLS
-  if (ServerCertificate[0] != '/')
-    cupsdSetStringf(&ServerCertificate, "%s/%s", ServerRoot, ServerCertificate);
-
-  if (!strncmp(ServerRoot, ServerCertificate, strlen(ServerRoot)) &&
-      cupsdCheckPermissions(ServerCertificate, NULL, 0600, RunUser, Group,
-                            0, 0) < 0 &&
-      (FatalErrors & CUPSD_FATAL_PERMISSIONS))
-    return (0);
-
-  if (ServerKey[0] != '/')
-    cupsdSetStringf(&ServerKey, "%s/%s", ServerRoot, ServerKey);
-
-  if (!strncmp(ServerRoot, ServerKey, strlen(ServerRoot)) &&
-      cupsdCheckPermissions(ServerKey, NULL, 0600, RunUser, Group, 0, 0) < 0 &&
-      (FatalErrors & CUPSD_FATAL_PERMISSIONS))
-    return (0);
-#  endif /* HAVE_GNUTLS */
-
   if (ServerKeychain[0] != '/')
     cupsdSetStringf(&ServerKeychain, "%s/%s", ServerRoot, ServerKeychain);
+
+  cupsSetServerCredentials(ServerKeychain, ServerName, 1);
 #endif /* HAVE_SSL */
 
  /*
@@ -3310,6 +3287,7 @@ read_cupsd_conf(cups_file_t *fp)  /* I - File to read from */
              !_cups_strcasecmp(line, "ServerBin") ||
              !_cups_strcasecmp(line, "ServerCertificate") ||
              !_cups_strcasecmp(line, "ServerKey") ||
+             !_cups_strcasecmp(line, "ServerKeychain") ||
              !_cups_strcasecmp(line, "ServerRoot") ||
              !_cups_strcasecmp(line, "SMBConfigFile") ||
              !_cups_strcasecmp(line, "StateDir") ||
@@ -3472,6 +3450,15 @@ read_cups_files_conf(cups_file_t *fp)    /* I - File to read from */
         }
       }
     }
+    else if (!_cups_strcasecmp(line, "ServerCertificate") ||
+             !_cups_strcasecmp(line, "ServerKey"))
+    {
+      cupsdLogMessage(CUPSD_LOG_INFO,
+                     "The \"%s\" directive on line %d of %s is no longer "
+                     "supported; this will become an error in a future "
+                     "release.",
+                     line, linenum, CupsFilesFile);
+    }
     else if (!parse_variable(CupsFilesFile, linenum, line, value,
                             sizeof(cupsfiles_vars) / sizeof(cupsfiles_vars[0]),
                             cupsfiles_vars) &&
diff --git a/scheduler/conf.h b/scheduler/conf.h
index 650acca145ea4d991bb5d5ecca2e22d02e097e23..000fb8f9269d6c6cba6b9c750a07bde13ce498fc 100644 (file)
--- a/scheduler/conf.h
+++ b/scheduler/conf.h
@@ -228,12 +228,6 @@ VAR const char             **MimeTypes             VALUE(NULL);
                                        /* Array of MIME types */
 
 #ifdef HAVE_SSL
-#  ifdef HAVE_GNUTLS
-VAR char               *ServerCertificate      VALUE(NULL),
-                                       /* Server certificate file */
-                       *ServerKey              VALUE(NULL);
-                                       /* Server key file */
-#  endif /* HAVE_GNUTLS */
 VAR char               *ServerKeychain         VALUE(NULL);
                                        /* Keychain holding cert + key */
 #endif /* HAVE_SSL */
Mirror of https://github.com/OpenPrinting/cups.git