typedef SSL *http_tls_t;
typedef void *http_tls_credentials_t;
-extern BIO_METHOD *_httpBIOMethods(void);
+//extern BIO_METHOD *_httpBIOMethods(void);
# elif defined HAVE_GNUTLS
/*
typedef gnutls_session http_tls_t;
typedef void *http_tls_credentials_t;
-extern ssize_t _httpReadGNUTLS(gnutls_transport_ptr ptr, void *data,
- size_t length);
-extern ssize_t _httpWriteGNUTLS(gnutls_transport_ptr ptr, const void *data,
- size_t length);
+//extern ssize_t _httpReadGNUTLS(gnutls_transport_ptr ptr, void *data,
+// size_t length);
+//extern ssize_t _httpWriteGNUTLS(gnutls_transport_ptr ptr, const void *data,
+// size_t length);
# elif defined(HAVE_CDSASSL)
/*
* Prototypes...
*/
-extern int _httpAddrPort(http_addr_t *addr)
+/* XXX */extern int _httpAddrPort(http_addr_t *addr)
_CUPS_INTERNAL_MSG("Use httpAddrPort instead.");
extern void _httpAddrSetPort(http_addr_t *addr, int port);
-extern char *_httpAssembleUUID(const char *server, int port,
+/* XXX */extern char *_httpAssembleUUID(const char *server, int port,
const char *name, int number,
char *buffer, size_t bufsize)
_CUPS_INTERNAL_MSG("Use httpAssembleUUID instead.");
-extern http_t *_httpCreate(const char *host, int port,
+/* XXX */extern http_t *_httpCreate(const char *host, int port,
http_addrlist_t *addrlist,
http_encryption_t encryption,
int family)
extern char *_httpEncodeURI(char *dst, const char *src,
size_t dstsize);
extern void _httpFreeCredentials(http_tls_credentials_t credentials);
-extern ssize_t _httpPeek(http_t *http, char *buffer, size_t length)
+/* XXX */extern ssize_t _httpPeek(http_t *http, char *buffer, size_t length)
_CUPS_INTERNAL_MSG("Use httpPeek instead.");
extern const char *_httpResolveURI(const char *uri, char *resolved_uri,
size_t resolved_size, int options,
if (!http)
return (0);
- http->encryption = e;
+ if (http->mode == _HTTP_MODE_CLIENT)
+ {
+ http->encryption = e;
- if ((http->encryption == HTTP_ENCRYPTION_ALWAYS && !http->tls) ||
- (http->encryption == HTTP_ENCRYPTION_NEVER && http->tls))
- return (httpReconnect2(http, 30000, NULL));
- else if (http->encryption == HTTP_ENCRYPTION_REQUIRED && !http->tls)
- return (http_tls_upgrade(http));
+ if ((http->encryption == HTTP_ENCRYPTION_ALWAYS && !http->tls) ||
+ (http->encryption == HTTP_ENCRYPTION_NEVER && http->tls))
+ return (httpReconnect2(http, 30000, NULL));
+ else if (http->encryption == HTTP_ENCRYPTION_REQUIRED && !http->tls)
+ return (http_tls_upgrade(http));
+ else
+ return (0);
+ }
else
- return (0);
+ {
+ if (e == HTTP_ENCRYPTION_NEVER && http->tls)
+ return (-1);
+
+ http->encryption = e;
+ if (e != HTTP_ENCRYPTION_IF_REQUESTED && !http->tls)
+ return (http_tls_start(http));
+ else
+ return (0);
+ }
#else
if (e == HTTP_ENCRYPTION_ALWAYS || e == HTTP_ENCRYPTION_REQUIRED)
return (-1);
return;
if (http->tls)
- http_shutdown_ssl(http);
+ http_tls_stop(http);
shutdown(http->fd, SHUT_RD);
}
}
else
{
- error = http_set_credentials(http);
- DEBUG_printf(("4http_tls_start: http_set_credentials, error=%d",
+ error = http_tls_set_credentials(http);
+ DEBUG_printf(("4http_tls_start: http_tls_set_credentials, error=%d",
(int)error));
}
}
}
+#if 0
/*
* 'cupsdEndTLS()' - Shutdown a secure session with the client.
*/
return (!status);
# endif /* HAVE_SECGENERATESELFSIGNEDCERTIFICATE */
}
+#endif /* 0 */
/*
server.o \
statbuf.o \
subscriptions.o \
- sysman.o \
- tls.o
+ sysman.o
LIBOBJS = \
filter.o \
mime.o \
$(LIBMALLOC) $(SERVERLIBS) $(DNSSDLIBS) $(LIBGSSAPI) \
$(LIBWRAP)
-tls.o: tls-darwin.c tls-gnutls.c tls-openssl.c
-
#
# Make the cupsfilter utility.
struct stat *filestats);
static int compare_clients(cupsd_client_t *a, cupsd_client_t *b,
void *data);
+#ifdef HAVE_SSL
+static int cupsd_start_tls(cupsd_client_t *con, http_encryption_t e);
+#endif /* HAVE_SSL */
static char *get_file(cupsd_client_t *con, struct stat *filestats,
char *filename, int len);
static http_status_t install_cupsd_conf(cupsd_client_t *con);
* https connection; go secure...
*/
- if (!cupsdStartTLS(con))
+ if (cupsd_start_tls(con, HTTP_ENCRYPTION_ALWAYS))
cupsdCloseClient(con);
}
else
"Saw first byte %02X, auto-negotiating "
"SSL/TLS session.", buf[0] & 255);
- if (!cupsdStartTLS(con))
+ if (cupsd_start_tls(con, HTTP_ENCRYPTION_ALWAYS))
cupsdCloseClient(con);
return;
return;
}
- if (!cupsdStartTLS(con))
+ if (cupsd_start_tls(con, HTTP_ENCRYPTION_REQUIRED))
{
cupsdCloseClient(con);
return;
return;
}
- if (!cupsdStartTLS(con))
+ if (cupsd_start_tls(con, HTTP_ENCRYPTION_REQUIRED))
{
cupsdCloseClient(con);
return;
}
+#ifdef HAVE_SSL
+/*
+ * 'cupsd_start_tls()' - Start encryption on a connection.
+ */
+
+static int /* O - 0 on success, -1 on error */
+cupsd_start_tls(cupsd_client_t *con, /* I - Client connection */
+ http_encryption_t e) /* I - Encryption mode */
+{
+ /* TODO: Lookup/load cert + key and set */
+ if (httpEncryption(con->http, e))
+ {
+ cupsdLogClient(con, CUPSD_LOG_ERROR, "Unable to encrypt connection: %s",
+ cupsLastErrorString());
+ return (-1);
+ }
+
+ cupsdLogClient(con, CUPSD_LOG_INFO, "Connection now encrypted.");
+ return (0);
+}
+#endif /* HAVE_SSL */
+
+
/*
* 'get_file()' - Get a filename and state info.
*/
+++ /dev/null
-/*
- * "$Id$"
- *
- * TLS support code for the CUPS scheduler.
- *
- * Copyright 2012 by Apple Inc.
- *
- * These coded instructions, statements, and computer programs are the
- * property of Apple Inc. and are protected by Federal copyright
- * law. Distribution and use rights are outlined in the file "LICENSE.txt"
- * which should have been included with this file. If this file is
- * file is missing or damaged, see the license at "http://www.cups.org/".
- */
-
-#include "cupsd.h"
-
-#ifdef HAVE_SSL
-# ifdef HAVE_CDSASSL
-# include "tls-darwin.c"
-# elif defined(HAVE_GNUTLS)
-# include "tls-gnutls.c"
-# elif defined(HAVE_LIBSSL)
-# include "tls-openssl.c"
-# endif /* HAVE_CDSASSL */
-#endif /* HAVE_SSL */
-
-
-/*
- * End of "$Id$".
- */
7258EAF513459B6D009286F1 /* libcupsimage.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 72F75A611336F9A3004BB496 /* libcupsimage.dylib */; };
726AD702135E8A90002C930D /* ippserver.c in Sources */ = {isa = PBXBuildFile; fileRef = 726AD701135E8A90002C930D /* ippserver.c */; };
7271883D1374AB14001A2036 /* mime-private.h in Headers */ = {isa = PBXBuildFile; fileRef = 7271883C1374AB14001A2036 /* mime-private.h */; };
- 728FB7E8153600FA005426E1 /* tls.c in Sources */ = {isa = PBXBuildFile; fileRef = 728FB7E3153600FA005426E1 /* tls.c */; };
728FB7E91536161C005426E1 /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 278C58E5136B64AF00836530 /* CoreFoundation.framework */; };
728FB7EA1536161C005426E1 /* Kerberos.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 278C58E6136B64B000836530 /* Kerberos.framework */; };
728FB7EB1536161C005426E1 /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 278C58E7136B64B000836530 /* Security.framework */; };
728FB7E0153600FA005426E1 /* tls-darwin.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "tls-darwin.c"; path = "../scheduler/tls-darwin.c"; sourceTree = "<group>"; };
728FB7E1153600FA005426E1 /* tls-gnutls.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "tls-gnutls.c"; path = "../scheduler/tls-gnutls.c"; sourceTree = "<group>"; };
728FB7E2153600FA005426E1 /* tls-openssl.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "tls-openssl.c"; path = "../scheduler/tls-openssl.c"; sourceTree = "<group>"; };
- 728FB7E3153600FA005426E1 /* tls.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = tls.c; path = ../scheduler/tls.c; sourceTree = "<group>"; };
728FB7EC1536161C005426E1 /* libz.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libz.dylib; path = /usr/lib/libz.dylib; sourceTree = "<absolute>"; };
728FB7EF1536167A005426E1 /* libiconv.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libiconv.dylib; path = /usr/lib/libiconv.dylib; sourceTree = "<absolute>"; };
728FB7F01536167A005426E1 /* libresolv.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libresolv.dylib; path = /usr/lib/libresolv.dylib; sourceTree = "<absolute>"; };
72220F8D13330B0C00FCA411 /* subscriptions.h */,
72220F8E13330B0C00FCA411 /* sysman.c */,
72220F8F13330B0C00FCA411 /* sysman.h */,
- 728FB7E3153600FA005426E1 /* tls.c */,
728FB7E0153600FA005426E1 /* tls-darwin.c */,
728FB7E1153600FA005426E1 /* tls-gnutls.c */,
728FB7E2153600FA005426E1 /* tls-openssl.c */,
72220FA613330B0C00FCA411 /* subscriptions.c in Sources */,
72220FA713330B0C00FCA411 /* sysman.c in Sources */,
72C16CB9137B195D007E4BF4 /* file.c in Sources */,
- 728FB7E8153600FA005426E1 /* tls.c in Sources */,
72D53A3815B4929D003F877F /* colorman.c in Sources */,
);
runOnlyForDeploymentPostprocessing = 0;