static void dtio_reconnect_enable(struct dt_io_thread* dtio);
/** stop from stop_flush event loop */
static void dtio_stop_flush_exit(struct stop_flush_info* info);
+#ifdef HAVE_SSL
/** enable briefly waiting for a read event, for SSL negotiation */
static int dtio_enable_brief_read(struct dt_io_thread* dtio);
+#endif
struct dt_msg_queue*
dt_msg_queue_create(void)
return 1; /* everything okay */
}
+#ifdef HAVE_SSL
/** write to ssl output
* returns number of bytes written, 0 if nothing happened,
* try again later, or -1 if the channel is to be closed. */
}
return r;
}
+#endif /* HAVE_SSL */
/** write buffer to output.
* returns number of bytes written, 0 if nothing happened,
ssize_t ret;
if(dtio->fd == -1)
return -1;
+#ifdef HAVE_SSL
if(dtio->ssl)
return dtio_write_ssl(dtio, buf, len);
+#endif
ret = send(dtio->fd, (void*)buf, len, 0);
if(ret == -1) {
#ifndef USE_WINSOCK
(void)dtio_add_output_event_read(dtio);
}
+#ifdef HAVE_SSL
/** enable the brief read condition */
static int dtio_enable_brief_read(struct dt_io_thread* dtio)
{
}
return dtio_add_output_event_read(dtio);
}
+#endif /* HAVE_SSL */
+#ifdef HAVE_SSL
/** disable the brief read condition */
static int dtio_disable_brief_read(struct dt_io_thread* dtio)
{
}
return dtio_add_output_event_write(dtio);
}
+#endif /* HAVE_SSL */
+#ifdef HAVE_SSL
/** check peer verification after ssl handshake connection, false if closed*/
static int dtio_ssl_check_peer(struct dt_io_thread* dtio)
{
}
return 1;
}
+#endif /* HAVE_SSL */
+#ifdef HAVE_SSL
/** perform ssl handshake, returns 1 if okay, 0 to stop */
static int dtio_ssl_handshake(struct dt_io_thread* dtio,
struct stop_flush_info* info)
}
return 1;
}
+#endif /* HAVE_SSL */
/** callback for the dnstap events, to write to the output */
static void dtio_output_cb(int ATTR_UNUSED(fd), short bits, void* arg)
/* nonblocking connect check passed, continue */
}
+#ifdef HAVE_SSL
if(dtio->ssl &&
(!dtio->ssl_handshake_done || dtio->ssl_brief_read)) {
if(!dtio_ssl_handshake(dtio, NULL))
return;
}
+#endif
if((bits&UB_EV_READ)) {
if(!dtio_check_close(dtio))
}
/* nonblocking connect check passed, continue */
}
+#ifdef HAVE_SSL
if(dtio->ssl &&
(!dtio->ssl_handshake_done || dtio->ssl_brief_read)) {
if(!dtio_ssl_handshake(dtio, info))
return;
}
+#endif
if((bits&UB_EV_READ)) {
if(!dtio_check_close(dtio)) {
static void tap_socket_delete(struct tap_socket* s)
{
if(!s) return;
+#ifdef HAVE_SSL
SSL_CTX_free(s->sslctx);
+#endif
ub_event_free(s->ev);
free(s->socketpath);
free(s->ip);
return ret;
}
+/* define routine for have_ssl only to avoid unused function warning */
+#ifdef HAVE_SSL
/** set to wait briefly for a write event, for one event call */
static void tap_enable_brief_write(struct tap_data* data)
{
log_err("could not ub_event_add in tap_enable_brief_write");
data->ssl_brief_write = 1;
}
+#endif /* HAVE_SSL */
+/* define routine for have_ssl only to avoid unused function warning */
+#ifdef HAVE_SSL
/** stop the brief wait for a write event. back to reading. */
static void tap_disable_brief_write(struct tap_data* data)
{
log_err("could not ub_event_add in tap_disable_brief_write");
data->ssl_brief_write = 0;
}
+#endif /* HAVE_SSL */
+#ifdef HAVE_SSL
/** receive bytes over ssl stream, prints errors if bad,
* returns 0: closed/error, -1: continue, >0 number of bytes */
static ssize_t ssl_read_bytes(struct tap_data* data, void* buf, size_t len)
}
return r;
}
+#endif /* HAVE_SSL */
/** receive bytes on the tap connection, prints errors if bad,
* returns 0: closed/error, -1: continue, >0 number of bytes */
static ssize_t tap_receive(struct tap_data* data, void* buf, size_t len)
{
+#ifdef HAVE_SSL
if(data->ssl)
return ssl_read_bytes(data, buf, len);
+#endif
return receive_bytes(data, data->fd, buf, len);
}
{
ub_event_del(data->ev);
ub_event_free(data->ev);
+#ifdef HAVE_SSL
SSL_free(data->ssl);
+#endif
close(data->fd);
free(data->id);
free(data->frame);
return 1;
}
+#ifdef HAVE_SSL
/** check SSL peer certificate, return 0 on fail */
static int tap_check_peer(struct tap_data* data)
{
}
return 1;
}
+#endif /* HAVE_SSL */
+#ifdef HAVE_SSL
/** perform SSL handshake, return 0 to wait for events, 1 if done */
static int tap_handshake(struct tap_data* data)
{
}
return 1;
}
+#endif /* HAVE_SSL */
/** callback for dnstap listener */
static void tap_callback(int fd, short ATTR_UNUSED(bits), void* arg)
{
struct tap_data* data = (struct tap_data*)arg;
if(verbosity>=3) log_info("tap callback");
+#ifdef HAVE_SSL
if(data->ssl && (!data->ssl_handshake_done ||
data->ssl_brief_write)) {
if(!tap_handshake(data))
return;
}
+#endif
while(data->len_done < 4) {
uint32_t l = (uint32_t)data->len;
ssize_t ret = tap_receive(data,
argv += optind;
if(usessl) {
+#ifdef HAVE_SSL
#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL)
ERR_load_SSL_strings();
#endif
#else
(void)OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
#endif
+#endif /* HAVE_SSL */
}
setup_and_run(&local_list, &tcp_list, &tls_list, server_key,
server_cert, verifypem);
pend->c->ssl_shake_state = comm_ssl_shake_write;
if(!set_auth_name_on_ssl(pend->c->ssl, w->tls_auth_name)) {
pend->c->fd = s;
+#ifdef HAVE_SSL
SSL_free(pend->c->ssl);
+#endif
pend->c->ssl = NULL;
comm_point_close(pend->c);
return 0;
if(!auth_name) return 1;
#ifdef HAVE_SSL
(void)SSL_set_tlsext_host_name(ssl, auth_name);
+#else
+ (void)ssl;
#endif
#ifdef HAVE_SSL_SET1_HOST
SSL_set_verify(ssl, SSL_VERIFY_PEER, NULL);
projects / thirdparty / unbound.git / commitdiff
