From: Eric Wong Date: Fri, 14 Mar 2025 09:22:04 +0000 (+0000) Subject: daemon: define %TLS_ONLY hash X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4ec0efaa77748d3e62eea2f0b64ff6811055e55a;p=thirdparty%2Fpublic-inbox.git daemon: define %TLS_ONLY hash Defining TLS-only protocols only once makes it easier to support new protocols in the future since we can rely on only updating this new hash instead of having to update regexps in other places. --- diff --git a/lib/PublicInbox/Daemon.pm b/lib/PublicInbox/Daemon.pm index 8fe93acde..17abf01d4 100644 --- a/lib/PublicInbox/Daemon.pm +++ b/lib/PublicInbox/Daemon.pm @@ -37,7 +37,8 @@ my ($uid, $gid); my ($default_cert, $default_key); my %KNOWN_TLS = (443 => 'https', 563 => 'nntps', 993 => 'imaps', 995 =>'pop3s'); my %KNOWN_STARTTLS = (110 => 'pop3', 119 => 'nntp', 143 => 'imap'); -my %SCHEME2PORT = map { $KNOWN_TLS{$_} => $_ + 0 } keys %KNOWN_TLS; +my %TLS_ONLY = map { $KNOWN_TLS{$_} => $_ + 0 } keys %KNOWN_TLS; +my %SCHEME2PORT = %TLS_ONLY; for (keys %KNOWN_STARTTLS) { $SCHEME2PORT{$KNOWN_STARTTLS{$_}} = $_ + 0 } $SCHEME2PORT{http} = 80; @@ -233,7 +234,7 @@ EOF $tls_opt{"$scheme://$l"} = accept_tls_opt($opt); } elsif (defined($default_cert)) { $tls_opt{"$scheme://$l"} = accept_tls_opt(''); - } elsif ($scheme =~ /\A(?:https|imaps|nntps|pop3s)\z/) { + } elsif (defined($TLS_ONLY{$scheme})) { die "$orig specified w/o cert=\n"; } if ($listener_names->{$l}) { # already inherited @@ -689,7 +690,7 @@ sub daemon_loop () { my ($scheme, $l) = split(m!://!, $k, 2); my $xn = $XNETD{$l} // die "BUG: no xnetd for $k"; $xn->{tlsd}->{ssl_ctx_opt} //= $ctx_opt; - $scheme =~ m!\A(?:https|imaps|nntps|pop3s)! and + defined($TLS_ONLY{$scheme}) and $POST_ACCEPT{$l} = tls_cb(@$xn{qw(post_accept tlsd)}); } undef %tls_opt;