Also rename HAVE_SSL, SSLFLAGS, and SSLLIBS to HAVE_TLS, TLSFLAGS, and TLSLIBS.
#
ALL_CFLAGS = -I.. -D_CUPS_SOURCE $(CFLAGS) \
- $(SSLFLAGS) @LARGEFILE@ @PTHREAD_FLAGS@ \
+ $(TLSFLAGS) @LARGEFILE@ @PTHREAD_FLAGS@ \
$(ONDEMANDFLAGS) $(OPTIONS)
ALL_CXXFLAGS = -I.. -D_CUPS_SOURCE $(CXXFLAGS) \
- $(SSLFLAGS) @LARGEFILE@ @PTHREAD_FLAGS@ \
+ $(TLSFLAGS) @LARGEFILE@ @PTHREAD_FLAGS@ \
$(ONDEMANDFLAGS) $(OPTIONS)
ALL_DSOFLAGS = -L../cups @ARCHFLAGS@ @RELROFLAGS@ $(DSOFLAGS) $(OPTIM)
ALL_LDFLAGS = -L../cups @LDARCHFLAGS@ @RELROFLAGS@ $(LDFLAGS) \
LDFLAGS = @LDFLAGS@
LINKCUPS = @LINKCUPS@
LINKCUPSSTATIC = ../cups/$(LIBCUPSSTATIC) $(LIBS)
-LIBS = $(LIBGSSAPI) $(DNSSDLIBS) $(SSLLIBS) $(LIBZ) $(COMMONLIBS)
+LIBS = $(LIBGSSAPI) $(DNSSDLIBS) $(TLSLIBS) $(LIBZ) $(COMMONLIBS)
ONDEMANDFLAGS = @ONDEMANDFLAGS@
ONDEMANDLIBS = @ONDEMANDLIBS@
OPTIM = @OPTIM@
OPTIONS = @WARNING_OPTIONS@
PAMLIBS = @PAMLIBS@
SERVERLIBS = @SERVERLIBS@
-SSLFLAGS = @SSLFLAGS@
-SSLLIBS = @SSLLIBS@
+TLSFLAGS = @TLSFLAGS@
+TLSLIBS = @TLSLIBS@
UNITTESTS = @UNITTESTS@
/*
* "lpq" command for CUPS.
*
+ * Copyright © 2021 by OpenPrinting.
* Copyright © 2007-2018 by Apple Inc.
* Copyright © 1997-2006 by Easy Software Products.
*
switch (*opt)
{
case 'E' : /* Encrypt */
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
cupsSetEncryption(HTTP_ENCRYPT_REQUIRED);
if (http)
httpEncryption(http, HTTP_ENCRYPT_REQUIRED);
#else
_cupsLangPrintf(stderr, _("%s: Sorry, no encryption support."), argv[0]);
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
break;
case 'U' : /* Username */
/*
* "lpr" command for CUPS.
*
+ * Copyright © 2021 by OpenPrinting.
* Copyright © 2007-2019 by Apple Inc.
* Copyright © 1997-2007 by Easy Software Products.
*
switch (ch = *opt)
{
case 'E' : /* Encrypt */
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
cupsSetEncryption(HTTP_ENCRYPT_REQUIRED);
#else
_cupsLangPrintf(stderr, _("%s: Sorry, no encryption support."), argv[0]);
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
break;
case 'U' : /* Username */
/*
* "lprm" command for CUPS.
*
+ * Copyright © 2021 by OpenPrinting.
* Copyright © 2007-2018 by Apple Inc.
* Copyright © 1997-2006 by Easy Software Products.
*
switch (*opt)
{
case 'E' : /* Encrypt */
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
cupsSetEncryption(HTTP_ENCRYPT_REQUIRED);
#else
_cupsLangPrintf(stderr, _("%s: Sorry, no encryption support."), argv[0]);
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
break;
case 'P' : /* Cancel jobs on a printer */
AC_CHECK_HEADER([dns_sd.h], [
AS_CASE(["$host_os_name"], [darwin*], [
# Darwin and macOS...
+ with_dnssd="mdnsresponder"
AC_DEFINE([HAVE_DNSSD], [1], [Have DNS-SD support?])
AC_DEFINE([HAVE_MDNSRESPONDER], [1], [Have mDNSResponder library?])
DNSSD_BACKEND="dnssd"
]])
], [
AC_MSG_RESULT([yes])
+ with_dnssd="mdnsresponder"
AC_DEFINE([HAVE_DNSSD], [1], [Have DNS-SD support?])
AC_DEFINE([HAVE_MDNSRESPONDER], [1], [Have mDNSResponder library?])
DNSSDLIBS="-ldns_sd"
])
dnl Then try Avahi...
-AS_IF([test "x$DNSSD_BACKEND" = x], [
- AS_IF([test $with_dnssd = avahi -o $with_dnssd = yes], [
- AS_IF([test "x$PKGCONFIG" = x], [
- AS_IF([test $with_dnssd = avahi], [
- AC_MSG_ERROR([Avahi requires pkg-config.])
- ])
- ], [
- AC_MSG_CHECKING([for Avahi client])
- AS_IF([$PKGCONFIG --exists avahi-client], [
- AC_MSG_RESULT([yes])
- CFLAGS="$CFLAGS `$PKGCONFIG --cflags avahi-client`"
- DNSSDLIBS="`$PKGCONFIG --libs avahi-client`"
- DNSSD_BACKEND="dnssd"
- IPPFIND_BIN="ippfind"
- IPPFIND_MAN="ippfind.1"
- AC_DEFINE([HAVE_AVAHI], [1], [Have Avahi client library?])
- AC_DEFINE([HAVE_DNSSD], [1], [Have DNS-SD support?])
- ], [
- AC_MSG_RESULT([no])
- AS_IF([test $with_dnssd = avahi], [
- AC_MSG_ERROR([--with-dnssd=avahi specified but Avahi client not present.])
- ])
+AS_IF([test $with_dnssd = avahi -o $with_dnssd = yes], [
+ AS_IF([test "x$PKGCONFIG" = x], [
+ AS_IF([test $with_dnssd = avahi], [
+ AC_MSG_ERROR([Avahi requires pkg-config.])
+ ])
+ ], [
+ AC_MSG_CHECKING([for Avahi client])
+ AS_IF([$PKGCONFIG --exists avahi-client], [
+ AC_MSG_RESULT([yes])
+ CFLAGS="$CFLAGS `$PKGCONFIG --cflags avahi-client`"
+ DNSSDLIBS="`$PKGCONFIG --libs avahi-client`"
+ DNSSD_BACKEND="dnssd"
+ IPPFIND_BIN="ippfind"
+ IPPFIND_MAN="ippfind.1"
+ AC_DEFINE([HAVE_AVAHI], [1], [Have Avahi client library?])
+ AC_DEFINE([HAVE_DNSSD], [1], [Have DNS-SD support?])
+ ], [
+ AC_MSG_RESULT([no])
+ AS_IF([test $with_dnssd = avahi], [
+ AC_MSG_ERROR([--with-dnssd=avahi specified but Avahi client not present.])
])
])
])
dnl
dnl TLS stuff for CUPS.
dnl
-dnl Copyright 2007-2019 by Apple Inc.
-dnl Copyright 1997-2007 by Easy Software Products, all rights reserved.
+dnl Copyright © 2021 by OpenPrinting.
+dnl Copyright © 2007-2019 by Apple Inc.
+dnl Copyright © 1997-2007 by Easy Software Products, all rights reserved.
dnl
-dnl Licensed under Apache License v2.0. See the file "LICENSE" for more information.
+dnl Licensed under Apache License v2.0. See the file "LICENSE" for more
+dnl information.
dnl
-AC_ARG_ENABLE(ssl, [ --disable-ssl disable SSL/TLS support])
-AC_ARG_ENABLE(cdsassl, [ --enable-cdsassl use CDSA for SSL/TLS support, default=first])
-AC_ARG_ENABLE(gnutls, [ --enable-gnutls use GNU TLS for SSL/TLS support, default=second])
+AC_ARG_WITH([tls], AS_HELP_STRING([--with-tls=...], [use cdsa (macOS) or gnutls for TLS support]))
+AS_IF([test "x$with_tls" = x], [
+ with_tls="yes"
+], [test "$with_tls" != cdsa -a "$with_tls" != gnutls -a "$with_tls" != no -a "$with_tls" != yes], [
+ AC_MSG_ERROR([Unsupported --with-tls value "$with_tls" specified.])
+])
-SSLFLAGS=""
-SSLLIBS=""
-have_ssl=0
+TLSFLAGS=""
+TLSLIBS=""
+have_tls="0"
CUPS_SERVERKEYCHAIN=""
-if test x$enable_ssl != xno; then
+dnl First try using CSDA SSL (macOS)...
+AS_IF([test $with_tls = yes -o $with_tls = cdsa], [
dnl Look for CDSA...
- if test $have_ssl = 0 -a "x$enable_cdsassl" != "xno"; then
- if test $host_os_name = darwin; then
- AC_CHECK_HEADER(Security/SecureTransport.h, [
- have_ssl=1
- AC_DEFINE(HAVE_SSL)
- AC_DEFINE(HAVE_CDSASSL)
- CUPS_SERVERKEYCHAIN="/Library/Keychains/System.keychain"
+ AS_IF([test $host_os_name = darwin], [
+ AC_CHECK_HEADER([Security/SecureTransport.h], [
+ have_tls="1"
+ with_tls="cdsa"
+ AC_DEFINE([HAVE_TLS], [1], [Do we support TLS?])
+ AC_DEFINE([HAVE_CDSASSL], [1], [Do we have the macOS SecureTransport API?])
+ CUPS_SERVERKEYCHAIN="/Library/Keychains/System.keychain"
- dnl Check for the various security headers...
- AC_CHECK_HEADER(Security/SecCertificate.h,
- AC_DEFINE(HAVE_SECCERTIFICATE_H))
- AC_CHECK_HEADER(Security/SecItem.h,
- AC_DEFINE(HAVE_SECITEM_H))
- AC_CHECK_HEADER(Security/SecPolicy.h,
- AC_DEFINE(HAVE_SECPOLICY_H))])
- fi
- fi
+ dnl Check for the various security headers...
+ AC_CHECK_HEADER([Security/SecCertificate.h], [
+ AC_DEFINE([HAVE_SECCERTIFICATE_H], [1], [Have the <Security/SecCertificate.h> header?])
+ ])
+ AC_CHECK_HEADER([Security/SecItem.h], [
+ AC_DEFINE([HAVE_SECITEM_H], [1], [Have the <Security/SecItem.h> header?])
+ ])
+ AC_CHECK_HEADER([Security/SecPolicy.h], [
+ AC_DEFINE([HAVE_SECPOLICY_H], [1], [Have the <Security/SecPolicy.h header?])
+ ])
+ ])
+ ], [test $with_tls = cdsa], [
+ AC_MSG_ERROR([--with-tls=cdsa is not compatible with your host operating system.])
+ ])
+])
- dnl Then look for GNU TLS...
- if test $have_ssl = 0 -a "x$enable_gnutls" != "xno" -a "x$PKGCONFIG" != x; then
- AC_PATH_TOOL(LIBGNUTLSCONFIG,libgnutls-config)
- if $PKGCONFIG --exists gnutls; then
- have_ssl=1
- SSLLIBS=`$PKGCONFIG --libs gnutls`
- SSLFLAGS=`$PKGCONFIG --cflags gnutls`
- AC_DEFINE(HAVE_SSL)
- AC_DEFINE(HAVE_GNUTLS)
- elif test "x$LIBGNUTLSCONFIG" != x; then
- have_ssl=1
- SSLLIBS=`$LIBGNUTLSCONFIG --libs`
- SSLFLAGS=`$LIBGNUTLSCONFIG --cflags`
- AC_DEFINE(HAVE_SSL)
- AC_DEFINE(HAVE_GNUTLS)
- fi
+dnl Then look for GNU TLS...
+AS_IF([test $with_tls = yes -o $with_tls = gnutls], [
+ AC_PATH_TOOL([LIBGNUTLSCONFIG], [libgnutls-config])
+ AS_IF([test "x$PKGCONFIG" != x], [
+ AS_IF([$PKGCONFIG --exists gnutls], [
+ have_tls="1"
+ with_tls="gnutls"
+ TLSLIBS="$($PKGCONFIG --libs gnutls)"
+ TLSFLAGS="$($PKGCONFIG --cflags gnutls)"
+ AC_DEFINE([HAVE_TLS], [1], [Do we support TLS?])
+ AC_DEFINE([HAVE_GNUTLS], [1], [Do we have the GNU TLS library?])
+ ])
+ ])
+ AS_IF([test $have_tls = 0 -a "x$LIBGNUTLSCONFIG" != x], [
+ have_tls="1"
+ with_tls="gnutls"
+ TLSLIBS="$($LIBGNUTLSCONFIG --libs)"
+ TLSFLAGS="$($LIBGNUTLSCONFIG --cflags)"
+ AC_DEFINE([HAVE_TLS], [1], [Do we support TLS?])
+ AC_DEFINE([HAVE_GNUTLS], [1], [Do we have the GNU TLS library?])
+ ])
- if test $have_ssl = 1; then
- CUPS_SERVERKEYCHAIN="ssl"
+ AS_IF([test $have_tls = 1], [
+ CUPS_SERVERKEYCHAIN="ssl"
- SAVELIBS="$LIBS"
- LIBS="$LIBS $SSLLIBS"
- AC_CHECK_FUNC(gnutls_transport_set_pull_timeout_function, AC_DEFINE(HAVE_GNUTLS_TRANSPORT_SET_PULL_TIMEOUT_FUNCTION))
- AC_CHECK_FUNC(gnutls_priority_set_direct, AC_DEFINE(HAVE_GNUTLS_PRIORITY_SET_DIRECT))
- LIBS="$SAVELIBS"
- fi
- fi
-fi
+ SAVELIBS="$LIBS"
+ LIBS="$LIBS $TLSLIBS"
+ AC_CHECK_FUNC([gnutls_transport_set_pull_timeout_function], [
+ AC_DEFINE([HAVE_GNUTLS_TRANSPORT_SET_PULL_TIMEOUT_FUNCTION], [1], [Do we have the gnutls_transport_set_pull_timeout_function function?])
+ ])
+ AC_CHECK_FUNC([gnutls_priority_set_direct], [
+ AC_DEFINE([HAVE_GNUTLS_PRIORITY_SET_DIRECT], [1], [Do we have the gnutls_priority_set_direct function?])
+ ])
+ LIBS="$SAVELIBS"
+ ], [test $with_tls = gnutls], [
+ AC_MSG_ERROR([--with-tls=gnutls was specified but the GNU TLS library was not found.])
+ ])
+])
IPPALIASES="http"
-if test $have_ssl = 1; then
- AC_MSG_RESULT([ Using SSLLIBS="$SSLLIBS"])
- AC_MSG_RESULT([ Using SSLFLAGS="$SSLFLAGS"])
+AS_IF([test $have_tls = 1], [
+ AC_MSG_NOTICE([ Using TLSLIBS="$TLSLIBS"])
+ AC_MSG_NOTICE([ Using TLSFLAGS="$TLSFLAGS"])
IPPALIASES="http https ipps"
-elif test x$enable_cdsa = xyes -o x$enable_gnutls = xyes; then
- AC_MSG_ERROR([Unable to enable SSL support.])
-fi
+], [test $with_tls = yes], [
+ AC_MSG_ERROR([--with-tls=yes was specified but no compatible TLS libraries could be found.])
+])
-AC_SUBST(CUPS_SERVERKEYCHAIN)
-AC_SUBST(IPPALIASES)
-AC_SUBST(SSLFLAGS)
-AC_SUBST(SSLLIBS)
+AC_SUBST([CUPS_SERVERKEYCHAIN])
+AC_SUBST([IPPALIASES])
+AC_SUBST([TLSFLAGS])
+AC_SUBST([TLSLIBS])
-EXPORT_SSLLIBS="$SSLLIBS"
-AC_SUBST(EXPORT_SSLLIBS)
+EXPORT_TLSLIBS="$TLSLIBS"
+AC_SUBST([EXPORT_TLSLIBS])
* Which encryption libraries do we have?
*/
+#undef HAVE_TLS
#undef HAVE_CDSASSL
#undef HAVE_GNUTLS
#undef HAVE_SSPISSL
-#undef HAVE_SSL
/*
PAMLIBS
PAMFILE
PAMDIR
-EXPORT_SSLLIBS
-SSLLIBS
-SSLFLAGS
+EXPORT_TLSLIBS
+TLSLIBS
+TLSFLAGS
IPPALIASES
CUPS_SERVERKEYCHAIN
LIBGNUTLSCONFIG
enable_gssapi
with_gssservicename
enable_threads
-enable_ssl
-enable_cdsassl
-enable_gnutls
+with_tls
enable_pam
with_pam_module
enable_largefile
--enable-sanitizer build with AddressSanitizer
--enable-gssapi enable (deprecated) GSSAPI/Kerberos support
--disable-threads disable multi-threading support
- --disable-ssl disable SSL/TLS support
- --enable-cdsassl use CDSA for SSL/TLS support, default=first
- --enable-gnutls use GNU TLS for SSL/TLS support, default=second
--disable-pam disable PAM support
--disable-largefile omit support for large files
--enable-snapped-cupsd enable support for packaging CUPS in a Snap
--with-ldarchflags set program architecture flags
--with-domainsocket set unix domain socket name
--with-gssservicename set default gss service name
+ --with-tls=... use cdsa (macOS) or gnutls for TLS support
--with-pam-module set the PAM module to use
--with-dnssd=... enable DNS Service Discovery support (avahi,
mdnsresponder, no, yes)
-# Check whether --enable-ssl was given.
-if test ${enable_ssl+y}
+
+# Check whether --with-tls was given.
+if test ${with_tls+y}
then :
- enableval=$enable_ssl;
+ withval=$with_tls;
fi
-# Check whether --enable-cdsassl was given.
-if test ${enable_cdsassl+y}
+if test "x$with_tls" = x
then :
- enableval=$enable_cdsassl;
-fi
-# Check whether --enable-gnutls was given.
-if test ${enable_gnutls+y}
+ with_tls="yes"
+
+elif test "$with_tls" != cdsa -a "$with_tls" != gnutls -a "$with_tls" != no -a "$with_tls" != yes
then :
- enableval=$enable_gnutls;
-fi
+ as_fn_error $? "Unsupported --with-tls value \"$with_tls\" specified." "$LINENO" 5
+
+fi
-SSLFLAGS=""
-SSLLIBS=""
-have_ssl=0
+TLSFLAGS=""
+TLSLIBS=""
+have_tls="0"
CUPS_SERVERKEYCHAIN=""
-if test x$enable_ssl != xno; then
- if test $have_ssl = 0 -a "x$enable_cdsassl" != "xno"; then
- if test $host_os_name = darwin; then
- ac_fn_c_check_header_compile "$LINENO" "Security/SecureTransport.h" "ac_cv_header_Security_SecureTransport_h" "$ac_includes_default"
+if test $with_tls = yes -o $with_tls = cdsa
+then :
+
+ if test $host_os_name = darwin
+then :
+
+ ac_fn_c_check_header_compile "$LINENO" "Security/SecureTransport.h" "ac_cv_header_Security_SecureTransport_h" "$ac_includes_default"
if test "x$ac_cv_header_Security_SecureTransport_h" = xyes
then :
- have_ssl=1
- printf "%s\n" "#define HAVE_SSL 1" >>confdefs.h
+ have_tls="1"
+ with_tls="cdsa"
+
+printf "%s\n" "#define HAVE_TLS 1" >>confdefs.h
+
- printf "%s\n" "#define HAVE_CDSASSL 1" >>confdefs.h
+printf "%s\n" "#define HAVE_CDSASSL 1" >>confdefs.h
- CUPS_SERVERKEYCHAIN="/Library/Keychains/System.keychain"
+ CUPS_SERVERKEYCHAIN="/Library/Keychains/System.keychain"
- ac_fn_c_check_header_compile "$LINENO" "Security/SecCertificate.h" "ac_cv_header_Security_SecCertificate_h" "$ac_includes_default"
+ ac_fn_c_check_header_compile "$LINENO" "Security/SecCertificate.h" "ac_cv_header_Security_SecCertificate_h" "$ac_includes_default"
if test "x$ac_cv_header_Security_SecCertificate_h" = xyes
then :
- printf "%s\n" "#define HAVE_SECCERTIFICATE_H 1" >>confdefs.h
+
+
+printf "%s\n" "#define HAVE_SECCERTIFICATE_H 1" >>confdefs.h
+
fi
- ac_fn_c_check_header_compile "$LINENO" "Security/SecItem.h" "ac_cv_header_Security_SecItem_h" "$ac_includes_default"
+ ac_fn_c_check_header_compile "$LINENO" "Security/SecItem.h" "ac_cv_header_Security_SecItem_h" "$ac_includes_default"
if test "x$ac_cv_header_Security_SecItem_h" = xyes
then :
- printf "%s\n" "#define HAVE_SECITEM_H 1" >>confdefs.h
+
+
+printf "%s\n" "#define HAVE_SECITEM_H 1" >>confdefs.h
+
fi
- ac_fn_c_check_header_compile "$LINENO" "Security/SecPolicy.h" "ac_cv_header_Security_SecPolicy_h" "$ac_includes_default"
+ ac_fn_c_check_header_compile "$LINENO" "Security/SecPolicy.h" "ac_cv_header_Security_SecPolicy_h" "$ac_includes_default"
if test "x$ac_cv_header_Security_SecPolicy_h" = xyes
then :
- printf "%s\n" "#define HAVE_SECPOLICY_H 1" >>confdefs.h
+
+
+printf "%s\n" "#define HAVE_SECPOLICY_H 1" >>confdefs.h
+
fi
+
fi
- fi
- fi
- if test $have_ssl = 0 -a "x$enable_gnutls" != "xno" -a "x$PKGCONFIG" != x; then
- if test -n "$ac_tool_prefix"; then
+elif test $with_tls = cdsa
+then :
+
+ as_fn_error $? "--with-tls=cdsa is not compatible with your host operating system." "$LINENO" 5
+
+fi
+
+fi
+
+if test $with_tls = yes -o $with_tls = gnutls
+then :
+
+ if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}libgnutls-config", so it can be a program name with args.
set dummy ${ac_tool_prefix}libgnutls-config; ac_word=$2
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
LIBGNUTLSCONFIG="$ac_cv_path_LIBGNUTLSCONFIG"
fi
- if $PKGCONFIG --exists gnutls; then
- have_ssl=1
- SSLLIBS=`$PKGCONFIG --libs gnutls`
- SSLFLAGS=`$PKGCONFIG --cflags gnutls`
- printf "%s\n" "#define HAVE_SSL 1" >>confdefs.h
+ if test "x$PKGCONFIG" != x
+then :
- printf "%s\n" "#define HAVE_GNUTLS 1" >>confdefs.h
+ if $PKGCONFIG --exists gnutls
+then :
- elif test "x$LIBGNUTLSCONFIG" != x; then
- have_ssl=1
- SSLLIBS=`$LIBGNUTLSCONFIG --libs`
- SSLFLAGS=`$LIBGNUTLSCONFIG --cflags`
- printf "%s\n" "#define HAVE_SSL 1" >>confdefs.h
+ have_tls="1"
+ with_tls="gnutls"
+ TLSLIBS="$($PKGCONFIG --libs gnutls)"
+ TLSFLAGS="$($PKGCONFIG --cflags gnutls)"
- printf "%s\n" "#define HAVE_GNUTLS 1" >>confdefs.h
+printf "%s\n" "#define HAVE_TLS 1" >>confdefs.h
- fi
- if test $have_ssl = 1; then
- CUPS_SERVERKEYCHAIN="ssl"
+printf "%s\n" "#define HAVE_GNUTLS 1" >>confdefs.h
- SAVELIBS="$LIBS"
- LIBS="$LIBS $SSLLIBS"
- ac_fn_c_check_func "$LINENO" "gnutls_transport_set_pull_timeout_function" "ac_cv_func_gnutls_transport_set_pull_timeout_function"
+
+fi
+
+fi
+ if test $have_tls = 0 -a "x$LIBGNUTLSCONFIG" != x
+then :
+
+ have_tls="1"
+ with_tls="gnutls"
+ TLSLIBS="$($LIBGNUTLSCONFIG --libs)"
+ TLSFLAGS="$($LIBGNUTLSCONFIG --cflags)"
+
+printf "%s\n" "#define HAVE_TLS 1" >>confdefs.h
+
+
+printf "%s\n" "#define HAVE_GNUTLS 1" >>confdefs.h
+
+
+fi
+
+ if test $have_tls = 1
+then :
+
+ CUPS_SERVERKEYCHAIN="ssl"
+
+ SAVELIBS="$LIBS"
+ LIBS="$LIBS $TLSLIBS"
+ ac_fn_c_check_func "$LINENO" "gnutls_transport_set_pull_timeout_function" "ac_cv_func_gnutls_transport_set_pull_timeout_function"
if test "x$ac_cv_func_gnutls_transport_set_pull_timeout_function" = xyes
then :
- printf "%s\n" "#define HAVE_GNUTLS_TRANSPORT_SET_PULL_TIMEOUT_FUNCTION 1" >>confdefs.h
+
+
+printf "%s\n" "#define HAVE_GNUTLS_TRANSPORT_SET_PULL_TIMEOUT_FUNCTION 1" >>confdefs.h
+
fi
- ac_fn_c_check_func "$LINENO" "gnutls_priority_set_direct" "ac_cv_func_gnutls_priority_set_direct"
+ ac_fn_c_check_func "$LINENO" "gnutls_priority_set_direct" "ac_cv_func_gnutls_priority_set_direct"
if test "x$ac_cv_func_gnutls_priority_set_direct" = xyes
then :
- printf "%s\n" "#define HAVE_GNUTLS_PRIORITY_SET_DIRECT 1" >>confdefs.h
+
+
+printf "%s\n" "#define HAVE_GNUTLS_PRIORITY_SET_DIRECT 1" >>confdefs.h
+
+
+fi
+
+ LIBS="$SAVELIBS"
+
+elif test $with_tls = gnutls
+then :
+
+ as_fn_error $? "--with-tls=gnutls was specified but the GNU TLS library was not found." "$LINENO" 5
fi
- LIBS="$SAVELIBS"
- fi
- fi
fi
IPPALIASES="http"
-if test $have_ssl = 1; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: Using SSLLIBS=\"$SSLLIBS\"" >&5
-printf "%s\n" " Using SSLLIBS=\"$SSLLIBS\"" >&6; }
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: Using SSLFLAGS=\"$SSLFLAGS\"" >&5
-printf "%s\n" " Using SSLFLAGS=\"$SSLFLAGS\"" >&6; }
+if test $have_tls = 1
+then :
+
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: Using TLSLIBS=\"$TLSLIBS\"" >&5
+printf "%s\n" "$as_me: Using TLSLIBS=\"$TLSLIBS\"" >&6;}
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: Using TLSFLAGS=\"$TLSFLAGS\"" >&5
+printf "%s\n" "$as_me: Using TLSFLAGS=\"$TLSFLAGS\"" >&6;}
IPPALIASES="http https ipps"
-elif test x$enable_cdsa = xyes -o x$enable_gnutls = xyes; then
- as_fn_error $? "Unable to enable SSL support." "$LINENO" 5
+
+elif test $with_tls = yes
+then :
+
+ as_fn_error $? "--with-tls=yes was specified but no compatible TLS libraries could be found." "$LINENO" 5
+
fi
-EXPORT_SSLLIBS="$SSLLIBS"
+EXPORT_TLSLIBS="$TLSLIBS"
darwin*) :
# Darwin and macOS...
+ with_dnssd="mdnsresponder"
printf "%s\n" "#define HAVE_DNSSD 1" >>confdefs.h
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
printf "%s\n" "yes" >&6; }
+ with_dnssd="mdnsresponder"
printf "%s\n" "#define HAVE_DNSSD 1" >>confdefs.h
fi
-if test "x$DNSSD_BACKEND" = x
+if test $with_dnssd = avahi -o $with_dnssd = yes
then :
- if test $with_dnssd = avahi -o $with_dnssd = yes
+ if test "x$PKGCONFIG" = x
then :
- if test "x$PKGCONFIG" = x
+ if test $with_dnssd = avahi
then :
- if test $with_dnssd = avahi
-then :
-
- as_fn_error $? "Avahi requires pkg-config." "$LINENO" 5
+ as_fn_error $? "Avahi requires pkg-config." "$LINENO" 5
fi
else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for Avahi client" >&5
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for Avahi client" >&5
printf %s "checking for Avahi client... " >&6; }
- if $PKGCONFIG --exists avahi-client
+ if $PKGCONFIG --exists avahi-client
then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
printf "%s\n" "yes" >&6; }
- CFLAGS="$CFLAGS `$PKGCONFIG --cflags avahi-client`"
- DNSSDLIBS="`$PKGCONFIG --libs avahi-client`"
- DNSSD_BACKEND="dnssd"
- IPPFIND_BIN="ippfind"
- IPPFIND_MAN="ippfind.1"
+ CFLAGS="$CFLAGS `$PKGCONFIG --cflags avahi-client`"
+ DNSSDLIBS="`$PKGCONFIG --libs avahi-client`"
+ DNSSD_BACKEND="dnssd"
+ IPPFIND_BIN="ippfind"
+ IPPFIND_MAN="ippfind.1"
printf "%s\n" "#define HAVE_AVAHI 1" >>confdefs.h
else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
printf "%s\n" "no" >&6; }
- if test $with_dnssd = avahi
+ if test $with_dnssd = avahi
then :
- as_fn_error $? "--with-dnssd=avahi specified but Avahi client not present." "$LINENO" 5
-
-fi
+ as_fn_error $? "--with-dnssd=avahi specified but Avahi client not present." "$LINENO" 5
fi
int nfds, /* Number of files responded */
main_fd; /* File descriptor for lookups */
DNSServiceRef ipp_ref = NULL; /* IPP browser */
-# ifdef HAVE_SSL
+# ifdef HAVE_TLS
DNSServiceRef ipps_ref = NULL; /* IPPS browser */
-# endif /* HAVE_SSL */
+# endif /* HAVE_TLS */
# ifdef HAVE_POLL
struct pollfd pfd; /* Polling data */
# else
# else /* HAVE_AVAHI */
int error; /* Error value */
AvahiServiceBrowser *ipp_ref = NULL; /* IPP browser */
-# ifdef HAVE_SSL
+# ifdef HAVE_TLS
AvahiServiceBrowser *ipps_ref = NULL; /* IPPS browser */
-# endif /* HAVE_SSL */
+# endif /* HAVE_TLS */
# endif /* HAVE_MDNSRESPONDER */
#else
_cups_getdata_t data; /* Data for callback */
return (0);
}
-# ifdef HAVE_SSL
+# ifdef HAVE_TLS
ipps_ref = data.main_ref;
if (DNSServiceBrowse(&ipps_ref, kDNSServiceFlagsShareConnection, 0, "_ipps._tcp", NULL, (DNSServiceBrowseReply)cups_dnssd_browse_cb, &data) != kDNSServiceErr_NoError)
{
return (0);
}
-# endif /* HAVE_SSL */
+# endif /* HAVE_TLS */
# else /* HAVE_AVAHI */
if ((data.simple_poll = avahi_simple_poll_new()) == NULL)
return (0);
}
-# ifdef HAVE_SSL
+# ifdef HAVE_TLS
data.browsers ++;
if ((ipps_ref = avahi_service_browser_new(data.client, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, "_ipps._tcp", NULL, 0, cups_dnssd_browse_cb, &data)) == NULL)
{
return (0);
}
-# endif /* HAVE_SSL */
+# endif /* HAVE_TLS */
# endif /* HAVE_MDNSRESPONDER */
if (msec < 0)
if (ipp_ref)
DNSServiceRefDeallocate(ipp_ref);
-# ifdef HAVE_SSL
+# ifdef HAVE_TLS
if (ipps_ref)
DNSServiceRefDeallocate(ipps_ref);
-# endif /* HAVE_SSL */
+# endif /* HAVE_TLS */
if (data.main_ref)
DNSServiceRefDeallocate(data.main_ref);
# else /* HAVE_AVAHI */
if (ipp_ref)
avahi_service_browser_free(ipp_ref);
-# ifdef HAVE_SSL
+# ifdef HAVE_TLS
if (ipps_ref)
avahi_service_browser_free(ipps_ref);
-# endif /* HAVE_SSL */
+# endif /* HAVE_TLS */
if (data.client)
avahi_client_free(data.client);
/*
* cupsGetDevices implementation for CUPS.
*
- * Copyright 2008-2016 by Apple Inc.
+ * Copyright © 2021 by OpenPrinting.
+ * Copyright © 2008-2016 by Apple Inc.
*
- * Licensed under Apache License v2.0. See the file "LICENSE" for more information.
+ * Licensed under Apache License v2.0. See the file "LICENSE" for more
+ * information.
*/
/*
}
}
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
else if (status == HTTP_STATUS_UPGRADE_REQUIRED)
{
/*
if (!httpReconnect2(http, 30000, NULL))
httpEncryption(http, HTTP_ENCRYPTION_REQUIRED);
}
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
}
}
while (status == HTTP_STATUS_UNAUTHORIZED ||
/*
* Get/put file functions for CUPS.
*
- * Copyright 2007-2018 by Apple Inc.
- * Copyright 1997-2006 by Easy Software Products.
+ * Copyright © 2021 by OpenPrinting.
+ * Copyright © 2007-2018 by Apple Inc.
+ * Copyright © 1997-2006 by Easy Software Products.
*
* Licensed under Apache License v2.0. See the file "LICENSE" for more
* information.
continue;
}
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
else if (status == HTTP_STATUS_UPGRADE_REQUIRED)
{
/* Flush any error message... */
/* Try again, this time with encryption enabled... */
continue;
}
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
}
while (status == HTTP_STATUS_UNAUTHORIZED || status == HTTP_STATUS_UPGRADE_REQUIRED);
continue;
}
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
else if (status == HTTP_STATUS_UPGRADE_REQUIRED)
{
/* Flush any error message... */
/* Try again, this time with encryption enabled... */
continue;
}
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
}
while (status == HTTP_STATUS_UNAUTHORIZED || status == HTTP_STATUS_UPGRADE_REQUIRED ||
(status == HTTP_STATUS_ERROR && retries < 2));
/*
* Global variable access routines for CUPS.
*
+ * Copyright © 2021 by OpenPrinting.
* Copyright © 2007-2019 by Apple Inc.
* Copyright © 1997-2007 by Easy Software Products, all rights reserved.
*
httpClose(cg->http);
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
_httpFreeCredentials(cg->tls_credentials);
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
cupsFileClose(cg->stdio_files[0]);
cupsFileClose(cg->stdio_files[1]);
/*
* HTTP routines for CUPS.
*
+ * Copyright © 2021 by OpenPrinting.
* Copyright © 2007-2019 by Apple Inc.
* Copyright © 1997-2007 by Easy Software Products, all rights reserved.
*
static void http_set_timeout(int fd, double timeout);
static void http_set_wait(http_t *http);
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
static int http_tls_upgrade(http_t *http);
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
/*
void
_httpDisconnect(http_t *http) /* I - HTTP connection */
{
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
if (http->tls)
_httpTLSStop(http);
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
httpAddrClose(NULL, http->fd);
{
DEBUG_printf(("httpEncryption(http=%p, e=%d)", (void *)http, e));
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
if (!http)
return (0);
return (-1);
else
return (0);
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
}
http->state = HTTP_STATE_WAITING;
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
if (http->tls)
_httpTLSStop(http);
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
httpAddrClose(NULL, http->fd);
return (0);
else if (http->used > 0)
return ((size_t)http->used);
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
else if (http->tls)
return (_httpTLSPending(http));
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
return (0);
}
# endif /* !SO_NOSIGPIPE */
#endif /* _WIN32 */
-# ifdef HAVE_SSL
+# ifdef HAVE_TLS
_httpTLSInitialize();
-# endif /* HAVE_SSL */
+# endif /* HAVE_TLS */
initialized = 1;
_cupsGlobalUnlock();
return (-1);
}
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
if (http->tls)
{
DEBUG_puts("2httpReconnect2: Shutting down SSL/TLS...");
_httpTLSStop(http);
}
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
/*
* Close any previously open socket...
http->hostaddr = &(addr->addr);
http->error = 0;
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
if (http->encryption == HTTP_ENCRYPTION_ALWAYS)
{
/*
}
else if (http->encryption == HTTP_ENCRYPTION_REQUIRED && !http->tls_upgrade)
return (http_tls_upgrade(http));
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
DEBUG_printf(("1httpReconnect2: Connected to %s:%d...",
httpAddrString(http->hostaddr, temp, sizeof(temp)),
if (!http || cupsArrayCount(credentials) < 1)
return (-1);
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
_httpFreeCredentials(http->tls_credentials);
http->tls_credentials = _httpCreateCredentials(credentials);
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
return (http->tls_credentials ? 0 : -1);
}
if (!http || http->fd < 0)
return;
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
if (http->tls)
_httpTLSStop(http);
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
#ifdef _WIN32
shutdown(http->fd, SD_RECEIVE); /* Microsoft-ism... */
if (http->status < HTTP_STATUS_BAD_REQUEST)
http->digest_tries = 0;
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
if (http->status == HTTP_STATUS_SWITCHING_PROTOCOLS && !http->tls)
{
if (_httpTLSStart(http) != 0)
*status = HTTP_STATUS_CONTINUE;
return (0);
}
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
if (http_set_length(http) < 0)
{
* Check the SSL/TLS buffers for data first...
*/
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
if (http->tls && _httpTLSPending(http))
{
DEBUG_puts("5_httpWait: Return 1 since there is pending TLS data.");
return (1);
}
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
/*
* Then try doing a select() or poll() to poll the socket...
httpSetField(http, HTTP_FIELD_KEEP_ALIVE, "timeout=10");
}
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
if (status == HTTP_STATUS_UPGRADE_REQUIRED ||
status == HTTP_STATUS_SWITCHING_PROTOCOLS)
{
if (!http->fields[HTTP_FIELD_CONTENT_LENGTH])
httpSetField(http, HTTP_FIELD_CONTENT_LENGTH, "0");
}
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
if (!http->fields[HTTP_FIELD_SERVER])
httpSetField(http, HTTP_FIELD_SERVER, http->default_fields[HTTP_FIELD_SERVER] ? http->default_fields[HTTP_FIELD_SERVER] : CUPS_MINIMAL);
do
{
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
if (http->tls)
bytes = _httpTLSRead(http, buffer, (int)length);
else
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
bytes = recv(http->fd, buffer, length, 0);
if (bytes < 0)
http->status = HTTP_STATUS_CONTINUE;
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
if (http->encryption == HTTP_ENCRYPTION_REQUIRED && !http->tls)
{
httpSetField(http, HTTP_FIELD_CONNECTION, "Upgrade");
httpSetField(http, HTTP_FIELD_UPGRADE, "TLS/1.2,TLS/1.1,TLS/1.0");
}
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
if (httpPrintf(http, "%s %s HTTP/1.1\r\n", codes[request], buf) < 1)
{
}
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
/*
* 'http_tls_upgrade()' - Force upgrade to TLS encryption.
*/
else
return (ret);
}
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
/*
while (nfds <= 0);
}
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
if (http->tls)
bytes = _httpTLSWrite(http, buffer, (int)length);
else
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
bytes = send(http->fd, buffer, length, 0);
DEBUG_printf(("3http_write: Write of " CUPS_LLFMT " bytes returned "
/*
* IPP utilities for CUPS.
*
+ * Copyright © 2021 by OpenPrinting.
* Copyright © 2007-2018 by Apple Inc.
* Copyright © 1997-2007 by Easy Software Products.
*
- * Licensed under Apache License v2.0. See the file "LICENSE" for more information.
+ * Licensed under Apache License v2.0. See the file "LICENSE" for more
+ * information.
*/
/*
http->status = HTTP_STATUS_CUPS_AUTHORIZATION_CANCELED;
}
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
else if (status == HTTP_STATUS_UPGRADE_REQUIRED)
{
/*
if (!httpReconnect2(http, 30000, NULL))
httpEncryption(http, HTTP_ENCRYPTION_REQUIRED);
}
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
}
if (response)
return (HTTP_STATUS_ERROR);
}
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
/*
* See if we have an auth-info attribute and are communicating over
* a non-local link. If so, encrypt the link so that we can pass
DEBUG_puts("1cupsSendRequest: Unable to encrypt connection.");
return (HTTP_STATUS_SERVICE_UNAVAILABLE);
}
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
/*
* Reconnect if the last response had a "Connection: close"...
}
break;
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
case HTTP_STATUS_UPGRADE_REQUIRED :
/*
* Flush any error message, reconnect, and then upgrade with
return (HTTP_STATUS_SERVICE_UNAVAILABLE);
}
break;
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
case HTTP_STATUS_EXPECTATION_FAILED :
/*
/*
* HTTP test program for CUPS.
*
+ * Copyright © 2021 by OpenPrinting.
* Copyright © 2007-2018 by Apple Inc.
* Copyright © 1997-2006 by Easy Software Products.
*
continue;
}
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
else if (status == HTTP_STATUS_UPGRADE_REQUIRED)
{
/* Flush any error message... */
/* Try again, this time with encryption enabled... */
continue;
}
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
}
while (status == HTTP_STATUS_UNAUTHORIZED ||
status == HTTP_STATUS_UPGRADE_REQUIRED);
continue;
}
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
else if (status == HTTP_STATUS_UPGRADE_REQUIRED)
{
/* Flush any error message... */
/* Try again, this time with encryption enabled... */
continue;
}
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
}
while (status == HTTP_STATUS_UNAUTHORIZED || status == HTTP_STATUS_UPGRADE_REQUIRED);
/*
* TLS routines for CUPS.
*
- * Copyright 2007-2014 by Apple Inc.
- * Copyright 1997-2007 by Easy Software Products, all rights reserved.
+ * Copyright © 2021 by OpenPrinting.
+ * Copyright @2007-2014 by Apple Inc.
+ * Copyright @ 1997-2007 by Easy Software Products, all rights reserved.
*
* This file contains Kerberos support code, copyright 2006 by
* Jelmer Vernooij.
*
- * Licensed under Apache License v2.0. See the file "LICENSE" for more information.
+ * Licensed under Apache License v2.0. See the file "LICENSE" for more
+ * information.
*/
/*
* Include platform-specific TLS code...
*/
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
# ifdef HAVE_GNUTLS
# include "tls-gnutls.c"
# elif defined(HAVE_CDSASSL)
(void)common_name;
return (-1);
}
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
/*
* TLS check program for CUPS.
*
- * Copyright 2007-2017 by Apple Inc.
- * Copyright 1997-2006 by Easy Software Products.
+ * Copyright © 2021 by OpenPrinting.
+ * Copyright © 2007-2017 by Apple Inc.
+ * Copyright © 1997-2006 by Easy Software Products.
*
- * Licensed under Apache License v2.0. See the file "LICENSE" for more information.
+ * Licensed under Apache License v2.0. See the file "LICENSE" for more
+ * information.
*/
/*
#include "cups-private.h"
-#ifndef HAVE_SSL
+#ifndef HAVE_TLS
int main(void) { puts("Sorry, no TLS support compiled in."); return (1); }
#else
exit(1);
}
-#endif /* !HAVE_SSL */
+#endif /* !HAVE_TLS */
/*
* User, system, and password routines for CUPS.
*
- * Copyright 2007-2019 by Apple Inc.
- * Copyright 1997-2006 by Easy Software Products.
+ * Copyright © 2021 by OpenPrinting.
+ * Copyright © 2007-2019 by Apple Inc.
+ * Copyright © 1997-2006 by Easy Software Products.
*
* Licensed under Apache License v2.0. See the file "LICENSE" for more
* information.
{
_cups_digestoptions_t digestoptions; /* DigestOptions values */
_cups_uatokens_t uatokens; /* UserAgentTokens values */
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
int ssl_options, /* SSLOptions values */
ssl_min_version,/* Minimum SSL/TLS version */
ssl_max_version;/* Maximum SSL/TLS version */
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
int trust_first, /* Trust on first use? */
any_root, /* Allow any (e.g., self-signed) root */
expired_certs, /* Allow expired certs */
static void cups_set_gss_service_name(_cups_client_conf_t *cc, const char *value);
#endif /* HAVE_GSSAPI */
static void cups_set_server_name(_cups_client_conf_t *cc, const char *value);
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
static void cups_set_ssl_options(_cups_client_conf_t *cc, const char *value);
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
static void cups_set_uatokens(_cups_client_conf_t *cc, const char *value);
static void cups_set_user(_cups_client_conf_t *cc, const char *value);
if (cupsArrayCount(credentials) < 1)
return (-1);
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
_httpFreeCredentials(cg->tls_credentials);
cg->tls_credentials = _httpCreateCredentials(credentials);
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
return (cg->tls_credentials ? 0 : -1);
}
if (cg->validate_certs < 0)
cg->validate_certs = cc.validate_certs;
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
_httpTLSSetOptions(cc.ssl_options | _HTTP_TLS_SET_DEFAULT, cc.ssl_min_version, cc.ssl_max_version);
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
}
cups_set_user(cc, "mobile");
#endif /* __APPLE__ && !TARGET_OS_OSX */
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
cc->ssl_min_version = _HTTP_TLS_1_0;
cc->ssl_max_version = _HTTP_TLS_MAX;
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
cc->encryption = (http_encryption_t)-1;
cc->trust_first = -1;
cc->any_root = -1;
#if defined(__APPLE__)
char sval[1024]; /* String value */
-# ifdef HAVE_SSL
+# ifdef HAVE_TLS
int bval; /* Boolean value */
if (cups_apple_get_boolean(kAllowAnyRootKey, &bval))
if (cups_apple_get_boolean(kValidateCertsKey, &bval))
cc->validate_certs = bval;
-# endif /* HAVE_SSL */
+# endif /* HAVE_TLS */
if (cups_apple_get_string(kDigestOptionsKey, sval, sizeof(sval)))
cups_set_digestoptions(cc, sval);
else if (!_cups_strcasecmp(line, "GSSServiceName") && value)
cups_set_gss_service_name(cc, value);
#endif /* HAVE_GSSAPI */
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
else if (!_cups_strcasecmp(line, "SSLOptions") && value)
cups_set_ssl_options(cc, value);
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
}
}
* 'cups_set_ssl_options()' - Set the SSLOptions value.
*/
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
static void
cups_set_ssl_options(
_cups_client_conf_t *cc, /* I - client.conf values */
DEBUG_printf(("4cups_set_ssl_options(cc=%p, value=\"%s\") options=%x, min_version=%d, max_version=%d", (void *)cc, value, options, min_version, max_version));
}
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
/*
/*
* Authorization routines for the CUPS scheduler.
*
+ * Copyright © 2021 by OpenPrinting.
* Copyright © 2007-2019 by Apple Inc.
* Copyright © 1997-2007 by Easy Software Products, all rights reserved.
*
if (auth == CUPSD_AUTH_DENY && best->satisfy == CUPSD_AUTH_SATISFY_ALL)
return (HTTP_FORBIDDEN);
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
/*
* See if encryption is required...
*/
"cupsdIsAuthorized: Need upgrade to TLS...");
return (HTTP_UPGRADE_REQUIRED);
}
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
/*
* Now see what access level is required...
/*
* Authorization definitions for the CUPS scheduler.
*
+ * Copyright © 2021 by OpenPrinting.
* Copyright 2007-2014 by Apple Inc.
* Copyright 1997-2006 by Easy Software Products, all rights reserved.
*
- * Licensed under Apache License v2.0. See the file "LICENSE" for more information.
+ * Licensed under Apache License v2.0. See the file "LICENSE" for more
+ * information.
*/
/*
VAR cups_array_t *Locations VALUE(NULL);
/* Authorization locations */
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
VAR http_encryption_t DefaultEncryption VALUE(HTTP_ENCRYPT_REQUIRED);
/* Default encryption for authentication */
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
/*
struct stat *filestats);
static int compare_clients(cupsd_client_t *a, cupsd_client_t *b,
void *data);
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
static int cupsd_start_tls(cupsd_client_t *con, http_encryption_t e);
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
static char *get_file(cupsd_client_t *con, struct stat *filestats,
char *filename, size_t len);
static http_status_t install_cupsd_conf(cupsd_client_t *con);
if (cupsArrayCount(Clients) == MaxClients)
cupsdPauseListening();
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
/*
* See if we are connecting on a secure port...
*/
}
else
con->auto_ssl = 1;
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
}
cupsArrayRemove(ActiveClients, con);
cupsdSetBusyState(0);
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
/*
* Shutdown encryption as needed...
*/
if (httpIsEncrypted(con->http))
partial = 1;
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
if (partial)
{
return;
}
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
if (con->auto_ssl)
{
/*
return;
}
}
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
switch (httpGetState(con->http))
{
if (!_cups_strcasecmp(httpGetField(con->http, HTTP_FIELD_CONNECTION), "Upgrade") && strstr(httpGetField(con->http, HTTP_FIELD_UPGRADE), "TLS/") != NULL && !httpIsEncrypted(con->http))
{
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
/*
* Do encryption stuff...
*/
cupsdCloseClient(con);
return;
}
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
}
httpClearFields(con->http);
if (!_cups_strcasecmp(httpGetField(con->http, HTTP_FIELD_CONNECTION),
"Upgrade") && !httpIsEncrypted(con->http))
{
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
/*
* Do encryption stuff...
*/
cupsdCloseClient(con);
return;
}
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
}
if ((status = cupsdIsAuthorized(con, NULL)) != HTTP_STATUS_OK)
cupsdLogClient(con, CUPSD_LOG_DEBUG2, "cupsdSendError code=%d, auth_type=%d", code, auth_type);
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
/*
* Force client to upgrade for authentication if that is how the
* server is configured...
{
code = HTTP_STATUS_UPGRADE_REQUIRED;
}
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
/*
* Put the request in the access_log file...
}
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
/*
* 'cupsd_start_tls()' - Start encryption on a connection.
*/
cupsdLogClient(con, CUPSD_LOG_DEBUG, "Connection now encrypted.");
return (0);
}
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
/*
/*
* Client definitions for the CUPS scheduler.
*
+ * Copyright © 2021 by OpenPrinting.
* Copyright © 2007-2018 by Apple Inc.
* Copyright © 1997-2007 by Easy Software Products, all rights reserved.
*
header_used; /* Number of header bytes used */
char header[2048]; /* Header from CGI program */
cups_lang_t *language; /* Language to use */
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
int auto_ssl; /* Automatic test for SSL/TLS */
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
http_addr_t clientaddr; /* Client's server address */
char clientname[256];/* Client's server name for connection */
int clientport; /* Client's server port for connection */
extern void cupsdUpdateCGI(void);
extern void cupsdWriteClient(cupsd_client_t *con);
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
extern int cupsdEndTLS(cupsd_client_t *con);
extern int cupsdStartTLS(cupsd_client_t *con);
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
{ "AccessLog", &AccessLog, CUPSD_VARTYPE_STRING },
{ "CacheDir", &CacheDir, CUPSD_VARTYPE_STRING },
{ "ConfigFilePerm", &ConfigFilePerm, CUPSD_VARTYPE_PERM },
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
{ "CreateSelfSignedCerts", &CreateSelfSignedCerts, CUPSD_VARTYPE_BOOLEAN },
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
{ "DataDir", &DataDir, CUPSD_VARTYPE_STRING },
{ "DocumentRoot", &DocumentRoot, CUPSD_VARTYPE_STRING },
{ "ErrorLog", &ErrorLog, CUPSD_VARTYPE_STRING },
{ "RemoteRoot", &RemoteRoot, CUPSD_VARTYPE_STRING },
{ "RequestRoot", &RequestRoot, CUPSD_VARTYPE_STRING },
{ "ServerBin", &ServerBin, CUPSD_VARTYPE_PATHNAME },
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
{ "ServerKeychain", &ServerKeychain, CUPSD_VARTYPE_PATHNAME },
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
{ "ServerRoot", &ServerRoot, CUPSD_VARTYPE_PATHNAME },
{ "StateDir", &StateDir, CUPSD_VARTYPE_STRING },
{ "SyncOnClose", &SyncOnClose, CUPSD_VARTYPE_BOOLEAN },
cupsdClearString(&Classification);
ClassifyOverride = 0;
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
# ifdef HAVE_GNUTLS
cupsdSetString(&ServerKeychain, "ssl");
# else
# endif /* HAVE_GNUTLS */
_httpTLSSetOptions(_HTTP_TLS_NONE, _HTTP_TLS_1_0, _HTTP_TLS_MAX);
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
language = cupsLangDefault();
ConfigFilePerm = CUPS_DEFAULT_CONFIG_FILE_PERM;
FatalErrors = parse_fatal_errors(CUPS_DEFAULT_FATAL_ERRORS);
default_auth_type = CUPSD_AUTH_BASIC;
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
CreateSelfSignedCerts = TRUE;
DefaultEncryption = HTTP_ENCRYPT_REQUIRED;
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
DirtyCleanInterval = DEFAULT_KEEPALIVE;
JobKillDelay = DEFAULT_TIMEOUT;
JobRetryLimit = 5;
if (CacheDir[0] != '/')
cupsdSetStringf(&CacheDir, "%s/%s", ServerRoot, CacheDir);
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
if (!_cups_strcasecmp(ServerKeychain, "internal"))
cupsdClearString(&ServerKeychain);
else if (ServerKeychain[0] != '/')
if (!CreateSelfSignedCerts)
cupsdLogMessage(CUPSD_LOG_DEBUG, "Self-signed TLS certificate generation is disabled.");
cupsSetServerCredentials(ServerKeychain, ServerName, CreateSelfSignedCerts);
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
/*
* Make sure that directories and config files are owned and
"FaxRetryLimit is deprecated; use "
"JobRetryLimit on line %d of %s.", linenum, ConfigurationFile);
}
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
else if (!_cups_strcasecmp(line, "SSLOptions"))
{
/*
_httpTLSSetOptions(options, min_version, max_version);
}
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
else if ((!_cups_strcasecmp(line, "Port") || !_cups_strcasecmp(line, "Listen")
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
|| !_cups_strcasecmp(line, "SSLPort") || !_cups_strcasecmp(line, "SSLListen")
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
) && value)
{
/*
memcpy(&(lis->address), &(addr->addr), sizeof(lis->address));
lis->fd = -1;
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
if (!_cups_strcasecmp(line, "SSLPort") || !_cups_strcasecmp(line, "SSLListen"))
lis->encryption = HTTP_ENCRYPT_ALWAYS;
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
httpAddrString(&lis->address, temp, sizeof(temp));
return (0);
}
}
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
else if (!_cups_strcasecmp(line, "DefaultEncryption"))
{
/*
return (0);
}
}
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
else if (!_cups_strcasecmp(line, "HostNameLookups") && value)
{
/*
VAR const char **MimeTypes VALUE(NULL);
/* Array of MIME types */
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
VAR int CreateSelfSignedCerts VALUE(TRUE);
/* Automatically create self-signed certs? */
VAR char *ServerKeychain VALUE(NULL);
/* Keychain holding cert + key */
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
#ifdef HAVE_ONDEMAND
VAR int IdleExitTimeout VALUE(60);
* Get the URL scheme for the admin page...
*/
-# ifdef HAVE_SSL
+# ifdef HAVE_TLS
for (lis = (cupsd_listener_t *)cupsArrayFirst(Listeners); lis; lis = (cupsd_listener_t *)cupsArrayNext(Listeners))
{
if (lis->encryption != HTTP_ENCRYPTION_NEVER)
break;
}
}
-# endif /* HAVE_SSL */
+# endif /* HAVE_TLS */
httpAssembleURIf(HTTP_URI_CODING_ALL, adminurl_str, sizeof(adminurl_str), admin_scheme, NULL, admin_hostname, DNSSDPort, "/%s/%s", (p->type & CUPS_PRINTER_CLASS) ? "classes" : "printers", p->name);
keyvalue[count ][0] = "adminurl";
keyvalue[count ][0] = "UUID";
keyvalue[count++][1] = p->uuid + 9;
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
keyvalue[count ][0] = "TLS";
keyvalue[count++][1] = "1.2";
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
if (p->type & CUPS_PRINTER_FAX)
{
dnssdDeregisterInstance(&p->ipp_srv, from_callback);
# ifdef HAVE_MDNSRESPONDER
-# ifdef HAVE_SSL
+# ifdef HAVE_TLS
dnssdDeregisterInstance(&p->ipps_srv, from_callback);
-# endif /* HAVE_SSL */
+# endif /* HAVE_TLS */
dnssdDeregisterInstance(&p->printer_srv, from_callback);
# endif /* HAVE_MDNSRESPONDER */
}
# ifdef HAVE_MDNSRESPONDER
if (!strcmp(type, "_printer._tcp"))
srv = &p->printer_srv; /* Target LPD service */
-# ifdef HAVE_SSL
+# ifdef HAVE_TLS
else if (!strcmp(type, "_ipps._tcp"))
srv = &p->ipps_srv; /* Target IPPS service */
-# endif /* HAVE_SSL */
+# endif /* HAVE_TLS */
else
srv = &p->ipp_srv; /* Target IPP service */
status = dnssdRegisterInstance(NULL, p, name, "_printer._tcp", NULL, 0, NULL, 0, from_callback);
-# ifdef HAVE_SSL
+# ifdef HAVE_TLS
if (status)
dnssdRegisterInstance(NULL, p, name, "_ipps._tcp", DNSSDSubTypes, DNSSDPort, &ipp_txt, 0, from_callback);
-# endif /* HAVE_SSL */
+# endif /* HAVE_TLS */
if (status)
{
dnssdDeregisterInstance(&p->ipp_srv, from_callback);
# ifdef HAVE_MDNSRESPONDER
-# ifdef HAVE_SSL
+# ifdef HAVE_TLS
dnssdDeregisterInstance(&p->ipps_srv, from_callback);
-# endif /* HAVE_SSL */
+# endif /* HAVE_TLS */
dnssdDeregisterInstance(&p->printer_srv, from_callback);
# endif /* HAVE_MDNSRESPONDER */
}
send_http_error(con, HTTP_UNAUTHORIZED, printer);
return (NULL);
}
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
else if (auth_info && !con->http->tls &&
!httpAddrLocalhost(con->http->hostaddr))
{
send_http_error(con, HTTP_UPGRADE_REQUIRED, printer);
return (NULL);
}
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
/*
* See if the printer is accepting jobs...
{
http_status_t status; /* Policy status */
ipp_attribute_t *attr; /* Current attribute */
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
ipp_attribute_t *auth_info; /* auth-info attribute */
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
ipp_attribute_t *format, /* Document-format attribute */
*name; /* Job-name attribute */
cups_ptype_t dtype; /* Destination type (printer/class) */
* Check policy...
*/
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
auth_info = ippFindAttribute(con->request, "auth-info", IPP_TAG_TEXT);
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
if ((status = cupsdCheckPolicy(printer->op_policy_ptr, con, NULL)) != HTTP_OK)
{
send_http_error(con, HTTP_UNAUTHORIZED, printer);
return;
}
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
else if (auth_info && !con->http->tls &&
!httpAddrLocalhost(con->http->hostaddr))
{
send_http_error(con, HTTP_UPGRADE_REQUIRED, printer);
return;
}
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
/*
* Everything was ok, so return OK status...
lis->fd = fd;
lis->on_demand = 1;
-# ifdef HAVE_SSL
+# ifdef HAVE_TLS
if (httpAddrPort(&(lis->address)) == 443)
lis->encryption = HTTP_ENCRYPT_ALWAYS;
-# endif /* HAVE_SSL */
+# endif /* HAVE_TLS */
}
#endif /* HAVE_ONDEMAND */
*pdl; /* pdl value for TXT record */
cupsd_srv_t ipp_srv; /* IPP service(s) */
# ifdef HAVE_MDNSRESPONDER
-# ifdef HAVE_SSL
+# ifdef HAVE_TLS
cupsd_srv_t ipps_srv; /* IPPS service(s) */
-# endif /* HAVE_SSL */
+# endif /* HAVE_TLS */
cupsd_srv_t printer_srv; /* LPD service */
# endif /* HAVE_MDNSRESPONDER */
#endif /* HAVE_DNSSD */
/*
* "cancel" command for CUPS.
*
+ * Copyright © 2021 by OpenPrinting.
* Copyright © 2007-2018 by Apple Inc.
* Copyright © 1997-2006 by Easy Software Products.
*
switch (*opt)
{
case 'E' : /* Encrypt */
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
cupsSetEncryption(HTTP_ENCRYPT_REQUIRED);
if (http)
httpEncryption(http, HTTP_ENCRYPT_REQUIRED);
#else
_cupsLangPrintf(stderr, _("%s: Sorry, no encryption support."), argv[0]);
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
break;
case 'U' : /* Username */
* "cupsaccept", "cupsdisable", "cupsenable", and "cupsreject" commands for
* CUPS.
*
+ * Copyright © 2021 by OpenPrinting.
* Copyright © 2007-2018 by Apple Inc.
* Copyright © 1997-2006 by Easy Software Products.
*
switch (*opt)
{
case 'E' : /* Encrypt */
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
cupsSetEncryption(HTTP_ENCRYPT_REQUIRED);
#else
_cupsLangPrintf(stderr, _("%s: Sorry, no encryption support."), command);
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
break;
case 'U' : /* Username */
/*
* "lp" command for CUPS.
*
+ * Copyright © 2021 by OpenPrinting.
* Copyright © 2007-2019 by Apple Inc.
* Copyright © 1997-2007 by Easy Software Products.
*
switch (*opt)
{
case 'E' : /* Encrypt */
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
cupsSetEncryption(HTTP_ENCRYPT_REQUIRED);
#else
_cupsLangPrintf(stderr, _("%s: Sorry, no encryption support."), argv[0]);
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
break;
case 'U' : /* Username */
/*
* "lpadmin" command for CUPS.
*
+ * Copyright © 2021 by OpenPrinting.
* Copyright © 2007-2019 by Apple Inc.
* Copyright © 1997-2006 by Easy Software Products.
*
case 'E' : /* Enable the printer/enable encryption */
if (printer == NULL)
{
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
cupsSetEncryption(HTTP_ENCRYPTION_REQUIRED);
if (http)
httpEncryption(http, HTTP_ENCRYPTION_REQUIRED);
#else
_cupsLangPrintf(stderr, _("%s: Sorry, no encryption support."), argv[0]);
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
break;
}
/*
* "lpinfo" command for CUPS.
*
+ * Copyright © 2021 by OpenPrinting.
* Copyright © 2007-2018 by Apple Inc.
* Copyright © 1997-2006 by Easy Software Products.
*
switch (*opt)
{
case 'E' : /* Encrypt */
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
cupsSetEncryption(HTTP_ENCRYPT_REQUIRED);
#else
_cupsLangPrintf(stderr, _("%s: Sorry, no encryption support."), argv[0]);
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
break;
case 'h' : /* Connect to host */
/*
* "lpmove" command for CUPS.
*
+ * Copyright © 2021 by OpenPrinting.
* Copyright © 2007-2018 by Apple Inc.
* Copyright © 1997-2006 by Easy Software Products.
*
switch (*opt)
{
case 'E' : /* Encrypt */
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
cupsSetEncryption(HTTP_ENCRYPT_REQUIRED);
#else
_cupsLangPrintf(stderr, _("%s: Sorry, no encryption support."), argv[0]);
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
break;
case 'h' : /* Connect to host */
/*
* "lpstat" command for CUPS.
*
+ * Copyright © 2021 by OpenPrinting.
* Copyright © 2007-2018 by Apple Inc.
* Copyright © 1997-2006 by Easy Software Products.
*
break;
case 'E' : /* Encrypt */
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
cupsSetEncryption(HTTP_ENCRYPT_REQUIRED);
#else
_cupsLangPrintf(stderr,
_("%s: Sorry, no encryption support."),
argv[0]);
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
break;
case 'H' : /* Show server and port */
* URL scheme for web resources...
*/
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
# define WEB_SCHEME "https"
#else
# define WEB_SCHEME "http"
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
/*
*device_uri = NULL, /* Device URI */
*output_format = NULL, /* Output format */
*icon = NULL, /* Icon file */
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
*keypath = NULL, /* Keychain path */
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
*location = "", /* Location of printer */
*make = "Example", /* Manufacturer */
*model = "Printer", /* Model */
output_format = argv[i];
break;
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
case 'K' : /* -K keypath */
i ++;
if (i >= argc)
keypath = argv[i];
break;
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
case 'M' : /* -M manufacturer */
i ++;
printer->ppdfile = strdup(ppdfile);
#endif /* !CUPS_LITE */
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
cupsSetServerCredentials(keypath, printer->hostname, 1);
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
/*
* Run the print service...
"file",
"ftp",
"http"
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
, "https"
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
};
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
static const char * const uri_authentication_supported[] =
{ /* uri-authentication-supported values */
"none",
"none",
"tls"
};
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
static const char * const which_jobs[] =
{ /* which-jobs-supported values */
"completed",
if (Verbosity)
{
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
fprintf(stderr, "printer-uri-supported=\"ipp://%s:%d/ipp/print\",\"ipps://%s:%d/ipp/print\"\n", printer->hostname, printer->port, printer->hostname, printer->port);
#else
fprintf(stderr, "printer-uri-supported=\"ipp://%s:%d/ipp/print\"\n", printer->hostname, printer->port);
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
fprintf(stderr, "printer-uuid=\"%s\"\n", uuid);
}
ippAddStrings(printer->attrs, IPP_TAG_PRINTER, IPP_CONST_TAG(IPP_TAG_URISCHEME), "reference-uri-schemes-supported", (int)(sizeof(reference_uri_schemes_supported) / sizeof(reference_uri_schemes_supported[0])), NULL, reference_uri_schemes_supported);
/* uri-authentication-supported */
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
if (PAMService)
ippAddStrings(printer->attrs, IPP_TAG_PRINTER, IPP_CONST_TAG(IPP_TAG_KEYWORD), "uri-authentication-supported", 2, NULL, uri_authentication_basic);
else
ippAddString(printer->attrs, IPP_TAG_PRINTER, IPP_CONST_TAG(IPP_TAG_KEYWORD), "uri-authentication-supported", NULL, "basic");
else
ippAddString(printer->attrs, IPP_TAG_PRINTER, IPP_CONST_TAG(IPP_TAG_KEYWORD), "uri-authentication-supported", NULL, "none");
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
/* uri-security-supported */
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
ippAddStrings(printer->attrs, IPP_TAG_PRINTER, IPP_CONST_TAG(IPP_TAG_KEYWORD), "uri-security-supported", 2, NULL, uri_security_supported);
#else
ippAddString(printer->attrs, IPP_TAG_PRINTER, IPP_CONST_TAG(IPP_TAG_KEYWORD), "uri-security-supported", NULL, "none");
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
/* which-jobs-supported */
ippAddStrings(printer->attrs, IPP_TAG_PRINTER, IPP_CONST_TAG(IPP_TAG_KEYWORD), "which-jobs-supported", sizeof(which_jobs) / sizeof(which_jobs[0]), NULL, which_jobs);
}
if (strcmp(scheme, "file") &&
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
strcmp(scheme, "https") &&
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
strcmp(scheme, "http"))
{
respond_ipp(client, IPP_STATUS_ERROR_URI_SCHEME, "URI scheme \"%s\" not supported.", scheme);
}
else
{
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
if (port == 443 || !strcmp(scheme, "https"))
encryption = HTTP_ENCRYPTION_ALWAYS;
else
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
encryption = HTTP_ENCRYPTION_IF_REQUESTED;
if ((http = httpConnect2(hostname, port, NULL, AF_UNSPEC, encryption, 1, 30000, NULL)) == NULL)
httpAssembleURI(HTTP_URI_CODING_ALL, uris[0], sizeof(uris[0]), "ipp", NULL, client->host_field, client->host_port, "/ipp/print");
values[num_values ++] = uris[0];
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
httpAssembleURI(HTTP_URI_CODING_ALL, uris[1], sizeof(uris[1]), "ipps", NULL, client->host_field, client->host_port, "/ipp/print");
values[num_values ++] = uris[1];
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
ippAddStrings(client->response, IPP_TAG_PRINTER, IPP_TAG_URI, "printer-uri-supported", num_values, NULL, values);
}
* Loop until we are out of requests or timeout (30 seconds)...
*/
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
int first_time = 1; /* First time request? */
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
while (httpWait(client->http, 30000))
{
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
if (first_time)
{
/*
first_time = 0;
}
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
if (!process_http(client))
break;
if (!strcasecmp(httpGetField(client->http, HTTP_FIELD_CONNECTION), "Upgrade"))
{
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
if (strstr(httpGetField(client->http, HTTP_FIELD_UPGRADE), "TLS/") != NULL && !httpIsEncrypted(client->http))
{
if (!respond_http(client, HTTP_STATUS_SWITCHING_PROTOCOLS, NULL, NULL, 0))
fprintf(stderr, "%s Connection now encrypted.\n", client->hostname);
}
else
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
if (!respond_http(client, HTTP_STATUS_NOT_IMPLEMENTED, NULL, NULL, 0))
return (0);
TXTRecordSetValue(&ipp_txt, "Duplex", 1, ippGetCount(sides_supported) > 1 ? "T" : "F");
if ((value = ippGetString(printer_uuid, 0, NULL)) != NULL)
TXTRecordSetValue(&ipp_txt, "UUID", (uint8_t)strlen(value) - 9, value + 9);
-# ifdef HAVE_SSL
+# ifdef HAVE_TLS
TXTRecordSetValue(&ipp_txt, "TLS", 3, "1.2");
-# endif /* HAVE_SSL */
+# endif /* HAVE_TLS */
if (urf[0])
TXTRecordSetValue(&ipp_txt, "URF", (uint8_t)strlen(urf), urf);
TXTRecordSetValue(&ipp_txt, "txtvers", 1, "1");
return (0);
}
-# ifdef HAVE_SSL
+# ifdef HAVE_TLS
/*
* Then register the _ipps._tcp (IPP) service type with the real port number to
* advertise our IPPS printer...
_cupsLangPrintf(stderr, _("Unable to register \"%s.%s\": %d"), printer->dnssd_name, regtype, error);
return (0);
}
-# endif /* HAVE_SSL */
+# endif /* HAVE_TLS */
/*
* Similarly, register the _http._tcp,_printer (HTTP) service type with the
ipp_txt = avahi_string_list_add_printf(ipp_txt, "Duplex=%s", ippGetCount(sides_supported) > 1 ? "T" : "F");
if ((value = ippGetString(printer_uuid, 0, NULL)) != NULL)
ipp_txt = avahi_string_list_add_printf(ipp_txt, "UUID=%s", value + 9);
-# ifdef HAVE_SSL
+# ifdef HAVE_TLS
ipp_txt = avahi_string_list_add_printf(ipp_txt, "TLS=1.2");
-# endif /* HAVE_SSL */
+# endif /* HAVE_TLS */
if (urf[0])
ipp_txt = avahi_string_list_add_printf(ipp_txt, "URF=%s", urf);
ipp_txt = avahi_string_list_add_printf(ipp_txt, "txtvers=1");
free(temptypes);
}
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
/*
* _ipps._tcp (IPPS) for secure printing...
*/
free(temptypes);
}
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
/*
* Finally _http.tcp (HTTP) for the web interface...
_cupsLangPuts(stdout, _("-A Enable authentication"));
_cupsLangPuts(stdout, _("-D device-uri Set the device URI for the printer"));
_cupsLangPuts(stdout, _("-F output-type/subtype Set the output format for the printer"));
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
_cupsLangPuts(stdout, _("-K keypath Set location of server X.509 certificates and keys."));
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
_cupsLangPuts(stdout, _("-M manufacturer Set manufacturer name (default=Test)"));
#if !CUPS_LITE
_cupsLangPuts(stdout, _("-P filename.ppd Load printer attributes from PPD file"));
/*
* ipptool command for CUPS.
*
+ * Copyright © 2021 by OpenPrinting.
* Copyright @ 2020 by The Printer Working Group.
* Copyright © 2007-2019 by Apple Inc.
* Copyright © 1997-2007 by Easy Software Products.
break;
case 'E' : /* Encrypt with TLS */
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
data.encryption = HTTP_ENCRYPT_REQUIRED;
#else
_cupsLangPrintf(stderr, _("%s: Sorry, no encryption support."),
argv[0]);
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
break;
case 'I' : /* Ignore errors */
break;
case 'S' : /* Encrypt with SSL */
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
data.encryption = HTTP_ENCRYPT_ALWAYS;
#else
_cupsLangPrintf(stderr, _("%s: Sorry, no encryption support."),
argv[0]);
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
break;
case 'T' : /* Set timeout */
}
}
else if (!strncmp(argv[i], "ipp://", 6) || !strncmp(argv[i], "http://", 7)
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
|| !strncmp(argv[i], "ipps://", 7) || !strncmp(argv[i], "https://", 8)
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
)
{
/*
usage();
}
-#ifdef HAVE_SSL
+#ifdef HAVE_TLS
if (!strncmp(argv[i], "ipps://", 7) || !strncmp(argv[i], "https://", 8))
data.encryption = HTTP_ENCRYPT_ALWAYS;
-#endif /* HAVE_SSL */
+#endif /* HAVE_TLS */
if (!_ippVarsSet(&vars, "uri", argv[i]))
{
* Which encryption libraries do we have?
*/
+#define HAVE_TLS 1
/* #undef HAVE_CDSASSL */
/* #undef HAVE_GNUTLS */
#define HAVE_SSPISSL 1
-#define HAVE_SSL 1
/*
* Which encryption libraries do we have?
*/
+#define HAVE_TLS 1
#define HAVE_CDSASSL 1
/* #undef HAVE_GNUTLS */
/* #undef HAVE_SSPISSL */
-#define HAVE_SSL 1
/*
projects / thirdparty / cups.git / commitdiff
