From 4ec0efaa77748d3e62eea2f0b64ff6811055e55a Mon Sep 17 00:00:00 2001 From: Eric Wong Date: Fri, 14 Mar 2025 09:22:04 +0000 Subject: [PATCH] daemon: define %TLS_ONLY hash Defining TLS-only protocols only once makes it easier to support new protocols in the future since we can rely on only updating this new hash instead of having to update regexps in other places. --- lib/PublicInbox/Daemon.pm | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/lib/PublicInbox/Daemon.pm b/lib/PublicInbox/Daemon.pm index 8fe93acde..17abf01d4 100644 --- a/lib/PublicInbox/Daemon.pm +++ b/lib/PublicInbox/Daemon.pm @@ -37,7 +37,8 @@ my ($uid, $gid); my ($default_cert, $default_key); my %KNOWN_TLS = (443 => 'https', 563 => 'nntps', 993 => 'imaps', 995 =>'pop3s'); my %KNOWN_STARTTLS = (110 => 'pop3', 119 => 'nntp', 143 => 'imap'); -my %SCHEME2PORT = map { $KNOWN_TLS{$_} => $_ + 0 } keys %KNOWN_TLS; +my %TLS_ONLY = map { $KNOWN_TLS{$_} => $_ + 0 } keys %KNOWN_TLS; +my %SCHEME2PORT = %TLS_ONLY; for (keys %KNOWN_STARTTLS) { $SCHEME2PORT{$KNOWN_STARTTLS{$_}} = $_ + 0 } $SCHEME2PORT{http} = 80; @@ -233,7 +234,7 @@ EOF $tls_opt{"$scheme://$l"} = accept_tls_opt($opt); } elsif (defined($default_cert)) { $tls_opt{"$scheme://$l"} = accept_tls_opt(''); - } elsif ($scheme =~ /\A(?:https|imaps|nntps|pop3s)\z/) { + } elsif (defined($TLS_ONLY{$scheme})) { die "$orig specified w/o cert=\n"; } if ($listener_names->{$l}) { # already inherited @@ -689,7 +690,7 @@ sub daemon_loop () { my ($scheme, $l) = split(m!://!, $k, 2); my $xn = $XNETD{$l} // die "BUG: no xnetd for $k"; $xn->{tlsd}->{ssl_ctx_opt} //= $ctx_opt; - $scheme =~ m!\A(?:https|imaps|nntps|pop3s)! and + defined($TLS_ONLY{$scheme}) and $POST_ACCEPT{$l} = tls_cb(@$xn{qw(post_accept tlsd)}); } undef %tls_opt; -- 2.47.3