From: Michael R Sweet Date: Sat, 6 Mar 2021 16:46:25 +0000 (-0500) Subject: Transition from the --enable-foo configure options to --with-tls=foo. X-Git-Tag: v2.4b1~228 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=009a45556209be98a8e6238a607830a65b085484;p=thirdparty%2Fcups.git Transition from the --enable-foo configure options to --with-tls=foo. Also rename HAVE_SSL, SSLFLAGS, and SSLLIBS to HAVE_TLS, TLSFLAGS, and TLSLIBS. --- diff --git a/Makedefs.in b/Makedefs.in index 477ef37fc9..b4ceff0572 100644 --- a/Makedefs.in +++ b/Makedefs.in @@ -148,10 +148,10 @@ CODE_SIGN_IDENTITY = - # ALL_CFLAGS = -I.. -D_CUPS_SOURCE $(CFLAGS) \ - $(SSLFLAGS) @LARGEFILE@ @PTHREAD_FLAGS@ \ + $(TLSFLAGS) @LARGEFILE@ @PTHREAD_FLAGS@ \ $(ONDEMANDFLAGS) $(OPTIONS) ALL_CXXFLAGS = -I.. -D_CUPS_SOURCE $(CXXFLAGS) \ - $(SSLFLAGS) @LARGEFILE@ @PTHREAD_FLAGS@ \ + $(TLSFLAGS) @LARGEFILE@ @PTHREAD_FLAGS@ \ $(ONDEMANDFLAGS) $(OPTIONS) ALL_DSOFLAGS = -L../cups @ARCHFLAGS@ @RELROFLAGS@ $(DSOFLAGS) $(OPTIM) ALL_LDFLAGS = -L../cups @LDARCHFLAGS@ @RELROFLAGS@ $(LDFLAGS) \ @@ -176,15 +176,15 @@ SNAPDGLIBLIBS = @SNAPDGLIBLIBS@ LDFLAGS = @LDFLAGS@ LINKCUPS = @LINKCUPS@ LINKCUPSSTATIC = ../cups/$(LIBCUPSSTATIC) $(LIBS) -LIBS = $(LIBGSSAPI) $(DNSSDLIBS) $(SSLLIBS) $(LIBZ) $(COMMONLIBS) +LIBS = $(LIBGSSAPI) $(DNSSDLIBS) $(TLSLIBS) $(LIBZ) $(COMMONLIBS) ONDEMANDFLAGS = @ONDEMANDFLAGS@ ONDEMANDLIBS = @ONDEMANDLIBS@ OPTIM = @OPTIM@ OPTIONS = @WARNING_OPTIONS@ PAMLIBS = @PAMLIBS@ SERVERLIBS = @SERVERLIBS@ -SSLFLAGS = @SSLFLAGS@ -SSLLIBS = @SSLLIBS@ +TLSFLAGS = @TLSFLAGS@ +TLSLIBS = @TLSLIBS@ UNITTESTS = @UNITTESTS@ diff --git a/berkeley/lpq.c b/berkeley/lpq.c index 9c4aa116d6..8e3410da78 100644 --- a/berkeley/lpq.c +++ b/berkeley/lpq.c @@ -1,6 +1,7 @@ /* * "lpq" command for CUPS. * + * Copyright © 2021 by OpenPrinting. * Copyright © 2007-2018 by Apple Inc. * Copyright © 1997-2006 by Easy Software Products. * @@ -77,14 +78,14 @@ main(int argc, /* I - Number of command-line arguments */ switch (*opt) { case 'E' : /* Encrypt */ -#ifdef HAVE_SSL +#ifdef HAVE_TLS cupsSetEncryption(HTTP_ENCRYPT_REQUIRED); if (http) httpEncryption(http, HTTP_ENCRYPT_REQUIRED); #else _cupsLangPrintf(stderr, _("%s: Sorry, no encryption support."), argv[0]); -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ break; case 'U' : /* Username */ diff --git a/berkeley/lpr.c b/berkeley/lpr.c index 12c40a1db4..b4b64e6ac5 100644 --- a/berkeley/lpr.c +++ b/berkeley/lpr.c @@ -1,6 +1,7 @@ /* * "lpr" command for CUPS. * + * Copyright © 2021 by OpenPrinting. * Copyright © 2007-2019 by Apple Inc. * Copyright © 1997-2007 by Easy Software Products. * @@ -68,11 +69,11 @@ main(int argc, /* I - Number of command-line arguments */ switch (ch = *opt) { case 'E' : /* Encrypt */ -#ifdef HAVE_SSL +#ifdef HAVE_TLS cupsSetEncryption(HTTP_ENCRYPT_REQUIRED); #else _cupsLangPrintf(stderr, _("%s: Sorry, no encryption support."), argv[0]); -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ break; case 'U' : /* Username */ diff --git a/berkeley/lprm.c b/berkeley/lprm.c index eefcad50b7..cd6460431a 100644 --- a/berkeley/lprm.c +++ b/berkeley/lprm.c @@ -1,6 +1,7 @@ /* * "lprm" command for CUPS. * + * Copyright © 2021 by OpenPrinting. * Copyright © 2007-2018 by Apple Inc. * Copyright © 1997-2006 by Easy Software Products. * @@ -65,11 +66,11 @@ main(int argc, /* I - Number of command-line arguments */ switch (*opt) { case 'E' : /* Encrypt */ -#ifdef HAVE_SSL +#ifdef HAVE_TLS cupsSetEncryption(HTTP_ENCRYPT_REQUIRED); #else _cupsLangPrintf(stderr, _("%s: Sorry, no encryption support."), argv[0]); -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ break; case 'P' : /* Cancel jobs on a printer */ diff --git a/config-scripts/cups-dnssd.m4 b/config-scripts/cups-dnssd.m4 index b5b0fd6f50..09cc13b096 100644 --- a/config-scripts/cups-dnssd.m4 +++ b/config-scripts/cups-dnssd.m4 @@ -33,6 +33,7 @@ AS_IF([test $with_dnssd = yes -o $with_dnssd = mdnsresponder], [ AC_CHECK_HEADER([dns_sd.h], [ AS_CASE(["$host_os_name"], [darwin*], [ # Darwin and macOS... + with_dnssd="mdnsresponder" AC_DEFINE([HAVE_DNSSD], [1], [Have DNS-SD support?]) AC_DEFINE([HAVE_MDNSRESPONDER], [1], [Have mDNSResponder library?]) DNSSD_BACKEND="dnssd" @@ -52,6 +53,7 @@ AS_IF([test $with_dnssd = yes -o $with_dnssd = mdnsresponder], [ ]]) ], [ AC_MSG_RESULT([yes]) + with_dnssd="mdnsresponder" AC_DEFINE([HAVE_DNSSD], [1], [Have DNS-SD support?]) AC_DEFINE([HAVE_MDNSRESPONDER], [1], [Have mDNSResponder library?]) DNSSDLIBS="-ldns_sd" @@ -70,28 +72,26 @@ AS_IF([test $with_dnssd = yes -o $with_dnssd = mdnsresponder], [ ]) dnl Then try Avahi... -AS_IF([test "x$DNSSD_BACKEND" = x], [ - AS_IF([test $with_dnssd = avahi -o $with_dnssd = yes], [ - AS_IF([test "x$PKGCONFIG" = x], [ - AS_IF([test $with_dnssd = avahi], [ - AC_MSG_ERROR([Avahi requires pkg-config.]) - ]) - ], [ - AC_MSG_CHECKING([for Avahi client]) - AS_IF([$PKGCONFIG --exists avahi-client], [ - AC_MSG_RESULT([yes]) - CFLAGS="$CFLAGS `$PKGCONFIG --cflags avahi-client`" - DNSSDLIBS="`$PKGCONFIG --libs avahi-client`" - DNSSD_BACKEND="dnssd" - IPPFIND_BIN="ippfind" - IPPFIND_MAN="ippfind.1" - AC_DEFINE([HAVE_AVAHI], [1], [Have Avahi client library?]) - AC_DEFINE([HAVE_DNSSD], [1], [Have DNS-SD support?]) - ], [ - AC_MSG_RESULT([no]) - AS_IF([test $with_dnssd = avahi], [ - AC_MSG_ERROR([--with-dnssd=avahi specified but Avahi client not present.]) - ]) +AS_IF([test $with_dnssd = avahi -o $with_dnssd = yes], [ + AS_IF([test "x$PKGCONFIG" = x], [ + AS_IF([test $with_dnssd = avahi], [ + AC_MSG_ERROR([Avahi requires pkg-config.]) + ]) + ], [ + AC_MSG_CHECKING([for Avahi client]) + AS_IF([$PKGCONFIG --exists avahi-client], [ + AC_MSG_RESULT([yes]) + CFLAGS="$CFLAGS `$PKGCONFIG --cflags avahi-client`" + DNSSDLIBS="`$PKGCONFIG --libs avahi-client`" + DNSSD_BACKEND="dnssd" + IPPFIND_BIN="ippfind" + IPPFIND_MAN="ippfind.1" + AC_DEFINE([HAVE_AVAHI], [1], [Have Avahi client library?]) + AC_DEFINE([HAVE_DNSSD], [1], [Have DNS-SD support?]) + ], [ + AC_MSG_RESULT([no]) + AS_IF([test $with_dnssd = avahi], [ + AC_MSG_ERROR([--with-dnssd=avahi specified but Avahi client not present.]) ]) ]) ]) diff --git a/config-scripts/cups-tls.m4 b/config-scripts/cups-tls.m4 index c1648b1c10..853433f98d 100644 --- a/config-scripts/cups-tls.m4 +++ b/config-scripts/cups-tls.m4 @@ -1,83 +1,105 @@ dnl dnl TLS stuff for CUPS. dnl -dnl Copyright 2007-2019 by Apple Inc. -dnl Copyright 1997-2007 by Easy Software Products, all rights reserved. +dnl Copyright © 2021 by OpenPrinting. +dnl Copyright © 2007-2019 by Apple Inc. +dnl Copyright © 1997-2007 by Easy Software Products, all rights reserved. dnl -dnl Licensed under Apache License v2.0. See the file "LICENSE" for more information. +dnl Licensed under Apache License v2.0. See the file "LICENSE" for more +dnl information. dnl -AC_ARG_ENABLE(ssl, [ --disable-ssl disable SSL/TLS support]) -AC_ARG_ENABLE(cdsassl, [ --enable-cdsassl use CDSA for SSL/TLS support, default=first]) -AC_ARG_ENABLE(gnutls, [ --enable-gnutls use GNU TLS for SSL/TLS support, default=second]) +AC_ARG_WITH([tls], AS_HELP_STRING([--with-tls=...], [use cdsa (macOS) or gnutls for TLS support])) +AS_IF([test "x$with_tls" = x], [ + with_tls="yes" +], [test "$with_tls" != cdsa -a "$with_tls" != gnutls -a "$with_tls" != no -a "$with_tls" != yes], [ + AC_MSG_ERROR([Unsupported --with-tls value "$with_tls" specified.]) +]) -SSLFLAGS="" -SSLLIBS="" -have_ssl=0 +TLSFLAGS="" +TLSLIBS="" +have_tls="0" CUPS_SERVERKEYCHAIN="" -if test x$enable_ssl != xno; then +dnl First try using CSDA SSL (macOS)... +AS_IF([test $with_tls = yes -o $with_tls = cdsa], [ dnl Look for CDSA... - if test $have_ssl = 0 -a "x$enable_cdsassl" != "xno"; then - if test $host_os_name = darwin; then - AC_CHECK_HEADER(Security/SecureTransport.h, [ - have_ssl=1 - AC_DEFINE(HAVE_SSL) - AC_DEFINE(HAVE_CDSASSL) - CUPS_SERVERKEYCHAIN="/Library/Keychains/System.keychain" + AS_IF([test $host_os_name = darwin], [ + AC_CHECK_HEADER([Security/SecureTransport.h], [ + have_tls="1" + with_tls="cdsa" + AC_DEFINE([HAVE_TLS], [1], [Do we support TLS?]) + AC_DEFINE([HAVE_CDSASSL], [1], [Do we have the macOS SecureTransport API?]) + CUPS_SERVERKEYCHAIN="/Library/Keychains/System.keychain" - dnl Check for the various security headers... - AC_CHECK_HEADER(Security/SecCertificate.h, - AC_DEFINE(HAVE_SECCERTIFICATE_H)) - AC_CHECK_HEADER(Security/SecItem.h, - AC_DEFINE(HAVE_SECITEM_H)) - AC_CHECK_HEADER(Security/SecPolicy.h, - AC_DEFINE(HAVE_SECPOLICY_H))]) - fi - fi + dnl Check for the various security headers... + AC_CHECK_HEADER([Security/SecCertificate.h], [ + AC_DEFINE([HAVE_SECCERTIFICATE_H], [1], [Have the header?]) + ]) + AC_CHECK_HEADER([Security/SecItem.h], [ + AC_DEFINE([HAVE_SECITEM_H], [1], [Have the header?]) + ]) + AC_CHECK_HEADER([Security/SecPolicy.h], [ + AC_DEFINE([HAVE_SECPOLICY_H], [1], [Have the >confdefs.h + have_tls="1" + with_tls="cdsa" + +printf "%s\n" "#define HAVE_TLS 1" >>confdefs.h + - printf "%s\n" "#define HAVE_CDSASSL 1" >>confdefs.h +printf "%s\n" "#define HAVE_CDSASSL 1" >>confdefs.h - CUPS_SERVERKEYCHAIN="/Library/Keychains/System.keychain" + CUPS_SERVERKEYCHAIN="/Library/Keychains/System.keychain" - ac_fn_c_check_header_compile "$LINENO" "Security/SecCertificate.h" "ac_cv_header_Security_SecCertificate_h" "$ac_includes_default" + ac_fn_c_check_header_compile "$LINENO" "Security/SecCertificate.h" "ac_cv_header_Security_SecCertificate_h" "$ac_includes_default" if test "x$ac_cv_header_Security_SecCertificate_h" = xyes then : - printf "%s\n" "#define HAVE_SECCERTIFICATE_H 1" >>confdefs.h + + +printf "%s\n" "#define HAVE_SECCERTIFICATE_H 1" >>confdefs.h + fi - ac_fn_c_check_header_compile "$LINENO" "Security/SecItem.h" "ac_cv_header_Security_SecItem_h" "$ac_includes_default" + ac_fn_c_check_header_compile "$LINENO" "Security/SecItem.h" "ac_cv_header_Security_SecItem_h" "$ac_includes_default" if test "x$ac_cv_header_Security_SecItem_h" = xyes then : - printf "%s\n" "#define HAVE_SECITEM_H 1" >>confdefs.h + + +printf "%s\n" "#define HAVE_SECITEM_H 1" >>confdefs.h + fi - ac_fn_c_check_header_compile "$LINENO" "Security/SecPolicy.h" "ac_cv_header_Security_SecPolicy_h" "$ac_includes_default" + ac_fn_c_check_header_compile "$LINENO" "Security/SecPolicy.h" "ac_cv_header_Security_SecPolicy_h" "$ac_includes_default" if test "x$ac_cv_header_Security_SecPolicy_h" = xyes then : - printf "%s\n" "#define HAVE_SECPOLICY_H 1" >>confdefs.h + + +printf "%s\n" "#define HAVE_SECPOLICY_H 1" >>confdefs.h + fi + fi - fi - fi - if test $have_ssl = 0 -a "x$enable_gnutls" != "xno" -a "x$PKGCONFIG" != x; then - if test -n "$ac_tool_prefix"; then +elif test $with_tls = cdsa +then : + + as_fn_error $? "--with-tls=cdsa is not compatible with your host operating system." "$LINENO" 5 + +fi + +fi + +if test $with_tls = yes -o $with_tls = gnutls +then : + + if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}libgnutls-config", so it can be a program name with args. set dummy ${ac_tool_prefix}libgnutls-config; ac_word=$2 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 @@ -9593,57 +9614,95 @@ else LIBGNUTLSCONFIG="$ac_cv_path_LIBGNUTLSCONFIG" fi - if $PKGCONFIG --exists gnutls; then - have_ssl=1 - SSLLIBS=`$PKGCONFIG --libs gnutls` - SSLFLAGS=`$PKGCONFIG --cflags gnutls` - printf "%s\n" "#define HAVE_SSL 1" >>confdefs.h + if test "x$PKGCONFIG" != x +then : - printf "%s\n" "#define HAVE_GNUTLS 1" >>confdefs.h + if $PKGCONFIG --exists gnutls +then : - elif test "x$LIBGNUTLSCONFIG" != x; then - have_ssl=1 - SSLLIBS=`$LIBGNUTLSCONFIG --libs` - SSLFLAGS=`$LIBGNUTLSCONFIG --cflags` - printf "%s\n" "#define HAVE_SSL 1" >>confdefs.h + have_tls="1" + with_tls="gnutls" + TLSLIBS="$($PKGCONFIG --libs gnutls)" + TLSFLAGS="$($PKGCONFIG --cflags gnutls)" - printf "%s\n" "#define HAVE_GNUTLS 1" >>confdefs.h +printf "%s\n" "#define HAVE_TLS 1" >>confdefs.h - fi - if test $have_ssl = 1; then - CUPS_SERVERKEYCHAIN="ssl" +printf "%s\n" "#define HAVE_GNUTLS 1" >>confdefs.h - SAVELIBS="$LIBS" - LIBS="$LIBS $SSLLIBS" - ac_fn_c_check_func "$LINENO" "gnutls_transport_set_pull_timeout_function" "ac_cv_func_gnutls_transport_set_pull_timeout_function" + +fi + +fi + if test $have_tls = 0 -a "x$LIBGNUTLSCONFIG" != x +then : + + have_tls="1" + with_tls="gnutls" + TLSLIBS="$($LIBGNUTLSCONFIG --libs)" + TLSFLAGS="$($LIBGNUTLSCONFIG --cflags)" + +printf "%s\n" "#define HAVE_TLS 1" >>confdefs.h + + +printf "%s\n" "#define HAVE_GNUTLS 1" >>confdefs.h + + +fi + + if test $have_tls = 1 +then : + + CUPS_SERVERKEYCHAIN="ssl" + + SAVELIBS="$LIBS" + LIBS="$LIBS $TLSLIBS" + ac_fn_c_check_func "$LINENO" "gnutls_transport_set_pull_timeout_function" "ac_cv_func_gnutls_transport_set_pull_timeout_function" if test "x$ac_cv_func_gnutls_transport_set_pull_timeout_function" = xyes then : - printf "%s\n" "#define HAVE_GNUTLS_TRANSPORT_SET_PULL_TIMEOUT_FUNCTION 1" >>confdefs.h + + +printf "%s\n" "#define HAVE_GNUTLS_TRANSPORT_SET_PULL_TIMEOUT_FUNCTION 1" >>confdefs.h + fi - ac_fn_c_check_func "$LINENO" "gnutls_priority_set_direct" "ac_cv_func_gnutls_priority_set_direct" + ac_fn_c_check_func "$LINENO" "gnutls_priority_set_direct" "ac_cv_func_gnutls_priority_set_direct" if test "x$ac_cv_func_gnutls_priority_set_direct" = xyes then : - printf "%s\n" "#define HAVE_GNUTLS_PRIORITY_SET_DIRECT 1" >>confdefs.h + + +printf "%s\n" "#define HAVE_GNUTLS_PRIORITY_SET_DIRECT 1" >>confdefs.h + + +fi + + LIBS="$SAVELIBS" + +elif test $with_tls = gnutls +then : + + as_fn_error $? "--with-tls=gnutls was specified but the GNU TLS library was not found." "$LINENO" 5 fi - LIBS="$SAVELIBS" - fi - fi fi IPPALIASES="http" -if test $have_ssl = 1; then - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: Using SSLLIBS=\"$SSLLIBS\"" >&5 -printf "%s\n" " Using SSLLIBS=\"$SSLLIBS\"" >&6; } - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: Using SSLFLAGS=\"$SSLFLAGS\"" >&5 -printf "%s\n" " Using SSLFLAGS=\"$SSLFLAGS\"" >&6; } +if test $have_tls = 1 +then : + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: Using TLSLIBS=\"$TLSLIBS\"" >&5 +printf "%s\n" "$as_me: Using TLSLIBS=\"$TLSLIBS\"" >&6;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: Using TLSFLAGS=\"$TLSFLAGS\"" >&5 +printf "%s\n" "$as_me: Using TLSFLAGS=\"$TLSFLAGS\"" >&6;} IPPALIASES="http https ipps" -elif test x$enable_cdsa = xyes -o x$enable_gnutls = xyes; then - as_fn_error $? "Unable to enable SSL support." "$LINENO" 5 + +elif test $with_tls = yes +then : + + as_fn_error $? "--with-tls=yes was specified but no compatible TLS libraries could be found." "$LINENO" 5 + fi @@ -9651,7 +9710,7 @@ fi -EXPORT_SSLLIBS="$SSLLIBS" +EXPORT_TLSLIBS="$TLSLIBS" @@ -10281,6 +10340,7 @@ then : darwin*) : # Darwin and macOS... + with_dnssd="mdnsresponder" printf "%s\n" "#define HAVE_DNSSD 1" >>confdefs.h @@ -10321,6 +10381,7 @@ then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 printf "%s\n" "yes" >&6; } + with_dnssd="mdnsresponder" printf "%s\n" "#define HAVE_DNSSD 1" >>confdefs.h @@ -10356,36 +10417,33 @@ fi fi -if test "x$DNSSD_BACKEND" = x +if test $with_dnssd = avahi -o $with_dnssd = yes then : - if test $with_dnssd = avahi -o $with_dnssd = yes + if test "x$PKGCONFIG" = x then : - if test "x$PKGCONFIG" = x + if test $with_dnssd = avahi then : - if test $with_dnssd = avahi -then : - - as_fn_error $? "Avahi requires pkg-config." "$LINENO" 5 + as_fn_error $? "Avahi requires pkg-config." "$LINENO" 5 fi else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for Avahi client" >&5 + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for Avahi client" >&5 printf %s "checking for Avahi client... " >&6; } - if $PKGCONFIG --exists avahi-client + if $PKGCONFIG --exists avahi-client then : - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 printf "%s\n" "yes" >&6; } - CFLAGS="$CFLAGS `$PKGCONFIG --cflags avahi-client`" - DNSSDLIBS="`$PKGCONFIG --libs avahi-client`" - DNSSD_BACKEND="dnssd" - IPPFIND_BIN="ippfind" - IPPFIND_MAN="ippfind.1" + CFLAGS="$CFLAGS `$PKGCONFIG --cflags avahi-client`" + DNSSDLIBS="`$PKGCONFIG --libs avahi-client`" + DNSSD_BACKEND="dnssd" + IPPFIND_BIN="ippfind" + IPPFIND_MAN="ippfind.1" printf "%s\n" "#define HAVE_AVAHI 1" >>confdefs.h @@ -10395,14 +10453,12 @@ printf "%s\n" "#define HAVE_DNSSD 1" >>confdefs.h else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } - if test $with_dnssd = avahi + if test $with_dnssd = avahi then : - as_fn_error $? "--with-dnssd=avahi specified but Avahi client not present." "$LINENO" 5 - -fi + as_fn_error $? "--with-dnssd=avahi specified but Avahi client not present." "$LINENO" 5 fi diff --git a/cups/dest.c b/cups/dest.c index 3f17843a98..d32e376efc 100644 --- a/cups/dest.c +++ b/cups/dest.c @@ -3395,9 +3395,9 @@ cups_enum_dests( int nfds, /* Number of files responded */ main_fd; /* File descriptor for lookups */ DNSServiceRef ipp_ref = NULL; /* IPP browser */ -# ifdef HAVE_SSL +# ifdef HAVE_TLS DNSServiceRef ipps_ref = NULL; /* IPPS browser */ -# endif /* HAVE_SSL */ +# endif /* HAVE_TLS */ # ifdef HAVE_POLL struct pollfd pfd; /* Polling data */ # else @@ -3407,9 +3407,9 @@ cups_enum_dests( # else /* HAVE_AVAHI */ int error; /* Error value */ AvahiServiceBrowser *ipp_ref = NULL; /* IPP browser */ -# ifdef HAVE_SSL +# ifdef HAVE_TLS AvahiServiceBrowser *ipps_ref = NULL; /* IPPS browser */ -# endif /* HAVE_SSL */ +# endif /* HAVE_TLS */ # endif /* HAVE_MDNSRESPONDER */ #else _cups_getdata_t data; /* Data for callback */ @@ -3614,7 +3614,7 @@ cups_enum_dests( return (0); } -# ifdef HAVE_SSL +# ifdef HAVE_TLS ipps_ref = data.main_ref; if (DNSServiceBrowse(&ipps_ref, kDNSServiceFlagsShareConnection, 0, "_ipps._tcp", NULL, (DNSServiceBrowseReply)cups_dnssd_browse_cb, &data) != kDNSServiceErr_NoError) { @@ -3625,7 +3625,7 @@ cups_enum_dests( return (0); } -# endif /* HAVE_SSL */ +# endif /* HAVE_TLS */ # else /* HAVE_AVAHI */ if ((data.simple_poll = avahi_simple_poll_new()) == NULL) @@ -3665,7 +3665,7 @@ cups_enum_dests( return (0); } -# ifdef HAVE_SSL +# ifdef HAVE_TLS data.browsers ++; if ((ipps_ref = avahi_service_browser_new(data.client, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, "_ipps._tcp", NULL, 0, cups_dnssd_browse_cb, &data)) == NULL) { @@ -3679,7 +3679,7 @@ cups_enum_dests( return (0); } -# endif /* HAVE_SSL */ +# endif /* HAVE_TLS */ # endif /* HAVE_MDNSRESPONDER */ if (msec < 0) @@ -3850,10 +3850,10 @@ cups_enum_dests( if (ipp_ref) DNSServiceRefDeallocate(ipp_ref); -# ifdef HAVE_SSL +# ifdef HAVE_TLS if (ipps_ref) DNSServiceRefDeallocate(ipps_ref); -# endif /* HAVE_SSL */ +# endif /* HAVE_TLS */ if (data.main_ref) DNSServiceRefDeallocate(data.main_ref); @@ -3861,10 +3861,10 @@ cups_enum_dests( # else /* HAVE_AVAHI */ if (ipp_ref) avahi_service_browser_free(ipp_ref); -# ifdef HAVE_SSL +# ifdef HAVE_TLS if (ipps_ref) avahi_service_browser_free(ipps_ref); -# endif /* HAVE_SSL */ +# endif /* HAVE_TLS */ if (data.client) avahi_client_free(data.client); diff --git a/cups/getdevices.c b/cups/getdevices.c index de2186f5fa..77ee7e492c 100644 --- a/cups/getdevices.c +++ b/cups/getdevices.c @@ -1,9 +1,11 @@ /* * cupsGetDevices implementation for CUPS. * - * Copyright 2008-2016 by Apple Inc. + * Copyright © 2021 by OpenPrinting. + * Copyright © 2008-2016 by Apple Inc. * - * Licensed under Apache License v2.0. See the file "LICENSE" for more information. + * Licensed under Apache License v2.0. See the file "LICENSE" for more + * information. */ /* @@ -129,7 +131,7 @@ cupsGetDevices( } } -#ifdef HAVE_SSL +#ifdef HAVE_TLS else if (status == HTTP_STATUS_UPGRADE_REQUIRED) { /* @@ -141,7 +143,7 @@ cupsGetDevices( if (!httpReconnect2(http, 30000, NULL)) httpEncryption(http, HTTP_ENCRYPTION_REQUIRED); } -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ } } while (status == HTTP_STATUS_UNAUTHORIZED || diff --git a/cups/getputfile.c b/cups/getputfile.c index 818d5e9f61..527e6b09d1 100644 --- a/cups/getputfile.c +++ b/cups/getputfile.c @@ -1,8 +1,9 @@ /* * Get/put file functions for CUPS. * - * Copyright 2007-2018 by Apple Inc. - * Copyright 1997-2006 by Easy Software Products. + * Copyright © 2021 by OpenPrinting. + * Copyright © 2007-2018 by Apple Inc. + * Copyright © 1997-2006 by Easy Software Products. * * Licensed under Apache License v2.0. See the file "LICENSE" for more * information. @@ -156,7 +157,7 @@ cupsGetFd(http_t *http, /* I - Connection to server or @code CUPS_HTTP_DEFA continue; } -#ifdef HAVE_SSL +#ifdef HAVE_TLS else if (status == HTTP_STATUS_UPGRADE_REQUIRED) { /* Flush any error message... */ @@ -175,7 +176,7 @@ cupsGetFd(http_t *http, /* I - Connection to server or @code CUPS_HTTP_DEFA /* Try again, this time with encryption enabled... */ continue; } -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ } while (status == HTTP_STATUS_UNAUTHORIZED || status == HTTP_STATUS_UPGRADE_REQUIRED); @@ -465,7 +466,7 @@ cupsPutFd(http_t *http, /* I - Connection to server or @code CUPS_HTTP_DEFA continue; } -#ifdef HAVE_SSL +#ifdef HAVE_TLS else if (status == HTTP_STATUS_UPGRADE_REQUIRED) { /* Flush any error message... */ @@ -484,7 +485,7 @@ cupsPutFd(http_t *http, /* I - Connection to server or @code CUPS_HTTP_DEFA /* Try again, this time with encryption enabled... */ continue; } -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ } while (status == HTTP_STATUS_UNAUTHORIZED || status == HTTP_STATUS_UPGRADE_REQUIRED || (status == HTTP_STATUS_ERROR && retries < 2)); diff --git a/cups/globals.c b/cups/globals.c index fd41baefe5..67f442bd40 100644 --- a/cups/globals.c +++ b/cups/globals.c @@ -1,6 +1,7 @@ /* * Global variable access routines for CUPS. * + * Copyright © 2021 by OpenPrinting. * Copyright © 2007-2019 by Apple Inc. * Copyright © 1997-2007 by Easy Software Products, all rights reserved. * @@ -362,9 +363,9 @@ cups_globals_free(_cups_globals_t *cg) /* I - Pointer to global data */ httpClose(cg->http); -#ifdef HAVE_SSL +#ifdef HAVE_TLS _httpFreeCredentials(cg->tls_credentials); -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ cupsFileClose(cg->stdio_files[0]); cupsFileClose(cg->stdio_files[1]); diff --git a/cups/http.c b/cups/http.c index 8d69ce31f8..371b0cab11 100644 --- a/cups/http.c +++ b/cups/http.c @@ -1,6 +1,7 @@ /* * HTTP routines for CUPS. * + * Copyright © 2021 by OpenPrinting. * Copyright © 2007-2019 by Apple Inc. * Copyright © 1997-2007 by Easy Software Products, all rights reserved. * @@ -65,9 +66,9 @@ static off_t http_set_length(http_t *http); static void http_set_timeout(int fd, double timeout); static void http_set_wait(http_t *http); -#ifdef HAVE_SSL +#ifdef HAVE_TLS static int http_tls_upgrade(http_t *http); -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ /* @@ -506,10 +507,10 @@ httpDelete(http_t *http, /* I - HTTP connection */ void _httpDisconnect(http_t *http) /* I - HTTP connection */ { -#ifdef HAVE_SSL +#ifdef HAVE_TLS if (http->tls) _httpTLSStop(http); -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ httpAddrClose(NULL, http->fd); @@ -527,7 +528,7 @@ httpEncryption(http_t *http, /* I - HTTP connection */ { DEBUG_printf(("httpEncryption(http=%p, e=%d)", (void *)http, e)); -#ifdef HAVE_SSL +#ifdef HAVE_TLS if (!http) return (0); @@ -559,7 +560,7 @@ httpEncryption(http_t *http, /* I - HTTP connection */ return (-1); else return (0); -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ } @@ -654,10 +655,10 @@ httpFlush(http_t *http) /* I - HTTP connection */ http->state = HTTP_STATE_WAITING; -#ifdef HAVE_SSL +#ifdef HAVE_TLS if (http->tls) _httpTLSStop(http); -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ httpAddrClose(NULL, http->fd); @@ -1086,10 +1087,10 @@ httpGetReady(http_t *http) /* I - HTTP connection */ return (0); else if (http->used > 0) return ((size_t)http->used); -#ifdef HAVE_SSL +#ifdef HAVE_TLS else if (http->tls) return (_httpTLSPending(http)); -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ return (0); } @@ -1528,9 +1529,9 @@ httpInitialize(void) # endif /* !SO_NOSIGPIPE */ #endif /* _WIN32 */ -# ifdef HAVE_SSL +# ifdef HAVE_TLS _httpTLSInitialize(); -# endif /* HAVE_SSL */ +# endif /* HAVE_TLS */ initialized = 1; _cupsGlobalUnlock(); @@ -2337,13 +2338,13 @@ httpReconnect2(http_t *http, /* I - HTTP connection */ return (-1); } -#ifdef HAVE_SSL +#ifdef HAVE_TLS if (http->tls) { DEBUG_puts("2httpReconnect2: Shutting down SSL/TLS..."); _httpTLSStop(http); } -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ /* * Close any previously open socket... @@ -2411,7 +2412,7 @@ httpReconnect2(http_t *http, /* I - HTTP connection */ http->hostaddr = &(addr->addr); http->error = 0; -#ifdef HAVE_SSL +#ifdef HAVE_TLS if (http->encryption == HTTP_ENCRYPTION_ALWAYS) { /* @@ -2427,7 +2428,7 @@ httpReconnect2(http_t *http, /* I - HTTP connection */ } else if (http->encryption == HTTP_ENCRYPTION_REQUIRED && !http->tls_upgrade) return (http_tls_upgrade(http)); -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ DEBUG_printf(("1httpReconnect2: Connected to %s:%d...", httpAddrString(http->hostaddr, temp, sizeof(temp)), @@ -2513,11 +2514,11 @@ httpSetCredentials(http_t *http, /* I - HTTP connection */ if (!http || cupsArrayCount(credentials) < 1) return (-1); -#ifdef HAVE_SSL +#ifdef HAVE_TLS _httpFreeCredentials(http->tls_credentials); http->tls_credentials = _httpCreateCredentials(credentials); -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ return (http->tls_credentials ? 0 : -1); } @@ -2702,10 +2703,10 @@ httpShutdown(http_t *http) /* I - HTTP connection */ if (!http || http->fd < 0) return; -#ifdef HAVE_SSL +#ifdef HAVE_TLS if (http->tls) _httpTLSStop(http); -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ #ifdef _WIN32 shutdown(http->fd, SD_RECEIVE); /* Microsoft-ism... */ @@ -2780,7 +2781,7 @@ _httpUpdate(http_t *http, /* I - HTTP connection */ if (http->status < HTTP_STATUS_BAD_REQUEST) http->digest_tries = 0; -#ifdef HAVE_SSL +#ifdef HAVE_TLS if (http->status == HTTP_STATUS_SWITCHING_PROTOCOLS && !http->tls) { if (_httpTLSStart(http) != 0) @@ -2794,7 +2795,7 @@ _httpUpdate(http_t *http, /* I - HTTP connection */ *status = HTTP_STATUS_CONTINUE; return (0); } -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ if (http_set_length(http) < 0) { @@ -3003,13 +3004,13 @@ _httpWait(http_t *http, /* I - HTTP connection */ * Check the SSL/TLS buffers for data first... */ -#ifdef HAVE_SSL +#ifdef HAVE_TLS if (http->tls && _httpTLSPending(http)) { DEBUG_puts("5_httpWait: Return 1 since there is pending TLS data."); return (1); } -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ /* * Then try doing a select() or poll() to poll the socket... @@ -3375,7 +3376,7 @@ httpWriteResponse(http_t *http, /* I - HTTP connection */ httpSetField(http, HTTP_FIELD_KEEP_ALIVE, "timeout=10"); } -#ifdef HAVE_SSL +#ifdef HAVE_TLS if (status == HTTP_STATUS_UPGRADE_REQUIRED || status == HTTP_STATUS_SWITCHING_PROTOCOLS) { @@ -3388,7 +3389,7 @@ httpWriteResponse(http_t *http, /* I - HTTP connection */ if (!http->fields[HTTP_FIELD_CONTENT_LENGTH]) httpSetField(http, HTTP_FIELD_CONTENT_LENGTH, "0"); } -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ if (!http->fields[HTTP_FIELD_SERVER]) httpSetField(http, HTTP_FIELD_SERVER, http->default_fields[HTTP_FIELD_SERVER] ? http->default_fields[HTTP_FIELD_SERVER] : CUPS_MINIMAL); @@ -4097,11 +4098,11 @@ http_read(http_t *http, /* I - HTTP connection */ do { -#ifdef HAVE_SSL +#ifdef HAVE_TLS if (http->tls) bytes = _httpTLSRead(http, buffer, (int)length); else -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ bytes = recv(http->fd, buffer, length, 0); if (bytes < 0) @@ -4384,13 +4385,13 @@ http_send(http_t *http, /* I - HTTP connection */ http->status = HTTP_STATUS_CONTINUE; -#ifdef HAVE_SSL +#ifdef HAVE_TLS if (http->encryption == HTTP_ENCRYPTION_REQUIRED && !http->tls) { httpSetField(http, HTTP_FIELD_CONNECTION, "Upgrade"); httpSetField(http, HTTP_FIELD_UPGRADE, "TLS/1.2,TLS/1.1,TLS/1.0"); } -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ if (httpPrintf(http, "%s %s HTTP/1.1\r\n", codes[request], buf) < 1) { @@ -4566,7 +4567,7 @@ http_set_wait(http_t *http) /* I - HTTP connection */ } -#ifdef HAVE_SSL +#ifdef HAVE_TLS /* * 'http_tls_upgrade()' - Force upgrade to TLS encryption. */ @@ -4656,7 +4657,7 @@ http_tls_upgrade(http_t *http) /* I - HTTP connection */ else return (ret); } -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ /* @@ -4737,11 +4738,11 @@ http_write(http_t *http, /* I - HTTP connection */ while (nfds <= 0); } -#ifdef HAVE_SSL +#ifdef HAVE_TLS if (http->tls) bytes = _httpTLSWrite(http, buffer, (int)length); else -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ bytes = send(http->fd, buffer, length, 0); DEBUG_printf(("3http_write: Write of " CUPS_LLFMT " bytes returned " diff --git a/cups/request.c b/cups/request.c index ff967f05ad..2af2af8e39 100644 --- a/cups/request.c +++ b/cups/request.c @@ -1,10 +1,12 @@ /* * IPP utilities for CUPS. * + * Copyright © 2021 by OpenPrinting. * Copyright © 2007-2018 by Apple Inc. * Copyright © 1997-2007 by Easy Software Products. * - * Licensed under Apache License v2.0. See the file "LICENSE" for more information. + * Licensed under Apache License v2.0. See the file "LICENSE" for more + * information. */ /* @@ -425,7 +427,7 @@ cupsGetResponse(http_t *http, /* I - Connection to server or @code CUPS_HTTP http->status = HTTP_STATUS_CUPS_AUTHORIZATION_CANCELED; } -#ifdef HAVE_SSL +#ifdef HAVE_TLS else if (status == HTTP_STATUS_UPGRADE_REQUIRED) { /* @@ -437,7 +439,7 @@ cupsGetResponse(http_t *http, /* I - Connection to server or @code CUPS_HTTP if (!httpReconnect2(http, 30000, NULL)) httpEncryption(http, HTTP_ENCRYPTION_REQUIRED); } -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ } if (response) @@ -628,7 +630,7 @@ cupsSendRequest(http_t *http, /* I - Connection to server or @code CUPS_HTTP return (HTTP_STATUS_ERROR); } -#ifdef HAVE_SSL +#ifdef HAVE_TLS /* * See if we have an auth-info attribute and are communicating over * a non-local link. If so, encrypt the link so that we can pass @@ -642,7 +644,7 @@ cupsSendRequest(http_t *http, /* I - Connection to server or @code CUPS_HTTP DEBUG_puts("1cupsSendRequest: Unable to encrypt connection."); return (HTTP_STATUS_SERVICE_UNAVAILABLE); } -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ /* * Reconnect if the last response had a "Connection: close"... @@ -833,7 +835,7 @@ cupsSendRequest(http_t *http, /* I - Connection to server or @code CUPS_HTTP } break; -#ifdef HAVE_SSL +#ifdef HAVE_TLS case HTTP_STATUS_UPGRADE_REQUIRED : /* * Flush any error message, reconnect, and then upgrade with @@ -856,7 +858,7 @@ cupsSendRequest(http_t *http, /* I - Connection to server or @code CUPS_HTTP return (HTTP_STATUS_SERVICE_UNAVAILABLE); } break; -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ case HTTP_STATUS_EXPECTATION_FAILED : /* diff --git a/cups/testhttp.c b/cups/testhttp.c index dfb767c89e..313e4bb19f 100644 --- a/cups/testhttp.c +++ b/cups/testhttp.c @@ -1,6 +1,7 @@ /* * HTTP test program for CUPS. * + * Copyright © 2021 by OpenPrinting. * Copyright © 2007-2018 by Apple Inc. * Copyright © 1997-2006 by Easy Software Products. * @@ -780,7 +781,7 @@ main(int argc, /* I - Number of command-line arguments */ continue; } -#ifdef HAVE_SSL +#ifdef HAVE_TLS else if (status == HTTP_STATUS_UPGRADE_REQUIRED) { /* Flush any error message... */ @@ -799,7 +800,7 @@ main(int argc, /* I - Number of command-line arguments */ /* Try again, this time with encryption enabled... */ continue; } -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ } while (status == HTTP_STATUS_UNAUTHORIZED || status == HTTP_STATUS_UPGRADE_REQUIRED); @@ -882,7 +883,7 @@ main(int argc, /* I - Number of command-line arguments */ continue; } -#ifdef HAVE_SSL +#ifdef HAVE_TLS else if (status == HTTP_STATUS_UPGRADE_REQUIRED) { /* Flush any error message... */ @@ -901,7 +902,7 @@ main(int argc, /* I - Number of command-line arguments */ /* Try again, this time with encryption enabled... */ continue; } -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ } while (status == HTTP_STATUS_UNAUTHORIZED || status == HTTP_STATUS_UPGRADE_REQUIRED); diff --git a/cups/tls.c b/cups/tls.c index 5caa84d806..5ebbd51be5 100644 --- a/cups/tls.c +++ b/cups/tls.c @@ -1,13 +1,15 @@ /* * TLS routines for CUPS. * - * Copyright 2007-2014 by Apple Inc. - * Copyright 1997-2007 by Easy Software Products, all rights reserved. + * Copyright © 2021 by OpenPrinting. + * Copyright @2007-2014 by Apple Inc. + * Copyright @ 1997-2007 by Easy Software Products, all rights reserved. * * This file contains Kerberos support code, copyright 2006 by * Jelmer Vernooij. * - * Licensed under Apache License v2.0. See the file "LICENSE" for more information. + * Licensed under Apache License v2.0. See the file "LICENSE" for more + * information. */ /* @@ -34,7 +36,7 @@ * Include platform-specific TLS code... */ -#ifdef HAVE_SSL +#ifdef HAVE_TLS # ifdef HAVE_GNUTLS # include "tls-gnutls.c" # elif defined(HAVE_CDSASSL) @@ -97,4 +99,4 @@ httpSaveCredentials(const char *path, cups_array_t *credentials, const char *com (void)common_name; return (-1); } -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ diff --git a/cups/tlscheck.c b/cups/tlscheck.c index c88e7d0915..2b82ae1bbc 100644 --- a/cups/tlscheck.c +++ b/cups/tlscheck.c @@ -1,10 +1,12 @@ /* * TLS check program for CUPS. * - * Copyright 2007-2017 by Apple Inc. - * Copyright 1997-2006 by Easy Software Products. + * Copyright © 2021 by OpenPrinting. + * Copyright © 2007-2017 by Apple Inc. + * Copyright © 1997-2006 by Easy Software Products. * - * Licensed under Apache License v2.0. See the file "LICENSE" for more information. + * Licensed under Apache License v2.0. See the file "LICENSE" for more + * information. */ /* @@ -14,7 +16,7 @@ #include "cups-private.h" -#ifndef HAVE_SSL +#ifndef HAVE_TLS int main(void) { puts("Sorry, no TLS support compiled in."); return (1); } #else @@ -780,4 +782,4 @@ usage(void) exit(1); } -#endif /* !HAVE_SSL */ +#endif /* !HAVE_TLS */ diff --git a/cups/usersys.c b/cups/usersys.c index d74c951cfa..2e1a80b580 100644 --- a/cups/usersys.c +++ b/cups/usersys.c @@ -1,8 +1,9 @@ /* * User, system, and password routines for CUPS. * - * Copyright 2007-2019 by Apple Inc. - * Copyright 1997-2006 by Easy Software Products. + * Copyright © 2021 by OpenPrinting. + * Copyright © 2007-2019 by Apple Inc. + * Copyright © 1997-2006 by Easy Software Products. * * Licensed under Apache License v2.0. See the file "LICENSE" for more * information. @@ -67,11 +68,11 @@ typedef struct _cups_client_conf_s /**** client.conf config data ****/ { _cups_digestoptions_t digestoptions; /* DigestOptions values */ _cups_uatokens_t uatokens; /* UserAgentTokens values */ -#ifdef HAVE_SSL +#ifdef HAVE_TLS int ssl_options, /* SSLOptions values */ ssl_min_version,/* Minimum SSL/TLS version */ ssl_max_version;/* Maximum SSL/TLS version */ -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ int trust_first, /* Trust on first use? */ any_root, /* Allow any (e.g., self-signed) root */ expired_certs, /* Allow expired certs */ @@ -106,9 +107,9 @@ static void cups_set_encryption(_cups_client_conf_t *cc, const char *value); static void cups_set_gss_service_name(_cups_client_conf_t *cc, const char *value); #endif /* HAVE_GSSAPI */ static void cups_set_server_name(_cups_client_conf_t *cc, const char *value); -#ifdef HAVE_SSL +#ifdef HAVE_TLS static void cups_set_ssl_options(_cups_client_conf_t *cc, const char *value); -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ static void cups_set_uatokens(_cups_client_conf_t *cc, const char *value); static void cups_set_user(_cups_client_conf_t *cc, const char *value); @@ -271,10 +272,10 @@ cupsSetCredentials( if (cupsArrayCount(credentials) < 1) return (-1); -#ifdef HAVE_SSL +#ifdef HAVE_TLS _httpFreeCredentials(cg->tls_credentials); cg->tls_credentials = _httpCreateCredentials(credentials); -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ return (cg->tls_credentials ? 0 : -1); } @@ -1047,9 +1048,9 @@ _cupsSetDefaults(void) if (cg->validate_certs < 0) cg->validate_certs = cc.validate_certs; -#ifdef HAVE_SSL +#ifdef HAVE_TLS _httpTLSSetOptions(cc.ssl_options | _HTTP_TLS_SET_DEFAULT, cc.ssl_min_version, cc.ssl_max_version); -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ } @@ -1266,10 +1267,10 @@ cups_init_client_conf( cups_set_user(cc, "mobile"); #endif /* __APPLE__ && !TARGET_OS_OSX */ -#ifdef HAVE_SSL +#ifdef HAVE_TLS cc->ssl_min_version = _HTTP_TLS_1_0; cc->ssl_max_version = _HTTP_TLS_MAX; -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ cc->encryption = (http_encryption_t)-1; cc->trust_first = -1; cc->any_root = -1; @@ -1283,7 +1284,7 @@ cups_init_client_conf( #if defined(__APPLE__) char sval[1024]; /* String value */ -# ifdef HAVE_SSL +# ifdef HAVE_TLS int bval; /* Boolean value */ if (cups_apple_get_boolean(kAllowAnyRootKey, &bval)) @@ -1319,7 +1320,7 @@ cups_init_client_conf( if (cups_apple_get_boolean(kValidateCertsKey, &bval)) cc->validate_certs = bval; -# endif /* HAVE_SSL */ +# endif /* HAVE_TLS */ if (cups_apple_get_string(kDigestOptionsKey, sval, sizeof(sval))) cups_set_digestoptions(cc, sval); @@ -1383,10 +1384,10 @@ cups_read_client_conf( else if (!_cups_strcasecmp(line, "GSSServiceName") && value) cups_set_gss_service_name(cc, value); #endif /* HAVE_GSSAPI */ -#ifdef HAVE_SSL +#ifdef HAVE_TLS else if (!_cups_strcasecmp(line, "SSLOptions") && value) cups_set_ssl_options(cc, value); -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ } } @@ -1480,7 +1481,7 @@ cups_set_server_name( * 'cups_set_ssl_options()' - Set the SSLOptions value. */ -#ifdef HAVE_SSL +#ifdef HAVE_TLS static void cups_set_ssl_options( _cups_client_conf_t *cc, /* I - client.conf values */ @@ -1553,7 +1554,7 @@ cups_set_ssl_options( DEBUG_printf(("4cups_set_ssl_options(cc=%p, value=\"%s\") options=%x, min_version=%d, max_version=%d", (void *)cc, value, options, min_version, max_version)); } -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ /* diff --git a/scheduler/auth.c b/scheduler/auth.c index ffd070b012..004dba9c9f 100644 --- a/scheduler/auth.c +++ b/scheduler/auth.c @@ -1,6 +1,7 @@ /* * Authorization routines for the CUPS scheduler. * + * Copyright © 2021 by OpenPrinting. * Copyright © 2007-2019 by Apple Inc. * Copyright © 1997-2007 by Easy Software Products, all rights reserved. * @@ -2106,7 +2107,7 @@ cupsdIsAuthorized(cupsd_client_t *con, /* I - Connection */ if (auth == CUPSD_AUTH_DENY && best->satisfy == CUPSD_AUTH_SATISFY_ALL) return (HTTP_FORBIDDEN); -#ifdef HAVE_SSL +#ifdef HAVE_TLS /* * See if encryption is required... */ @@ -2123,7 +2124,7 @@ cupsdIsAuthorized(cupsd_client_t *con, /* I - Connection */ "cupsdIsAuthorized: Need upgrade to TLS..."); return (HTTP_UPGRADE_REQUIRED); } -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ /* * Now see what access level is required... diff --git a/scheduler/auth.h b/scheduler/auth.h index d7079eb2bf..745aef773a 100644 --- a/scheduler/auth.h +++ b/scheduler/auth.h @@ -1,10 +1,12 @@ /* * Authorization definitions for the CUPS scheduler. * + * Copyright © 2021 by OpenPrinting. * Copyright 2007-2014 by Apple Inc. * Copyright 1997-2006 by Easy Software Products, all rights reserved. * - * Licensed under Apache License v2.0. See the file "LICENSE" for more information. + * Licensed under Apache License v2.0. See the file "LICENSE" for more + * information. */ /* @@ -105,10 +107,10 @@ typedef struct cupsd_client_s cupsd_client_t; VAR cups_array_t *Locations VALUE(NULL); /* Authorization locations */ -#ifdef HAVE_SSL +#ifdef HAVE_TLS VAR http_encryption_t DefaultEncryption VALUE(HTTP_ENCRYPT_REQUIRED); /* Default encryption for authentication */ -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ /* diff --git a/scheduler/client.c b/scheduler/client.c index 313d748491..dab0f9819c 100644 --- a/scheduler/client.c +++ b/scheduler/client.c @@ -36,9 +36,9 @@ static int check_if_modified(cupsd_client_t *con, struct stat *filestats); static int compare_clients(cupsd_client_t *a, cupsd_client_t *b, void *data); -#ifdef HAVE_SSL +#ifdef HAVE_TLS static int cupsd_start_tls(cupsd_client_t *con, http_encryption_t e); -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ static char *get_file(cupsd_client_t *con, struct stat *filestats, char *filename, size_t len); static http_status_t install_cupsd_conf(cupsd_client_t *con); @@ -354,7 +354,7 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */ if (cupsArrayCount(Clients) == MaxClients) cupsdPauseListening(); -#ifdef HAVE_SSL +#ifdef HAVE_TLS /* * See if we are connecting on a secure port... */ @@ -370,7 +370,7 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */ } else con->auto_ssl = 1; -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ } @@ -441,14 +441,14 @@ cupsdCloseClient(cupsd_client_t *con) /* I - Client to close */ cupsArrayRemove(ActiveClients, con); cupsdSetBusyState(0); -#ifdef HAVE_SSL +#ifdef HAVE_TLS /* * Shutdown encryption as needed... */ if (httpIsEncrypted(con->http)) partial = 1; -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ if (partial) { @@ -590,7 +590,7 @@ cupsdReadClient(cupsd_client_t *con) /* I - Client to read from */ return; } -#ifdef HAVE_SSL +#ifdef HAVE_TLS if (con->auto_ssl) { /* @@ -614,7 +614,7 @@ cupsdReadClient(cupsd_client_t *con) /* I - Client to read from */ return; } } -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ switch (httpGetState(con->http)) { @@ -924,7 +924,7 @@ cupsdReadClient(cupsd_client_t *con) /* I - Client to read from */ if (!_cups_strcasecmp(httpGetField(con->http, HTTP_FIELD_CONNECTION), "Upgrade") && strstr(httpGetField(con->http, HTTP_FIELD_UPGRADE), "TLS/") != NULL && !httpIsEncrypted(con->http)) { -#ifdef HAVE_SSL +#ifdef HAVE_TLS /* * Do encryption stuff... */ @@ -948,7 +948,7 @@ cupsdReadClient(cupsd_client_t *con) /* I - Client to read from */ cupsdCloseClient(con); return; } -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ } httpClearFields(con->http); @@ -980,7 +980,7 @@ cupsdReadClient(cupsd_client_t *con) /* I - Client to read from */ if (!_cups_strcasecmp(httpGetField(con->http, HTTP_FIELD_CONNECTION), "Upgrade") && !httpIsEncrypted(con->http)) { -#ifdef HAVE_SSL +#ifdef HAVE_TLS /* * Do encryption stuff... */ @@ -1005,7 +1005,7 @@ cupsdReadClient(cupsd_client_t *con) /* I - Client to read from */ cupsdCloseClient(con); return; } -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ } if ((status = cupsdIsAuthorized(con, NULL)) != HTTP_STATUS_OK) @@ -1919,7 +1919,7 @@ cupsdSendError(cupsd_client_t *con, /* I - Connection */ cupsdLogClient(con, CUPSD_LOG_DEBUG2, "cupsdSendError code=%d, auth_type=%d", code, auth_type); -#ifdef HAVE_SSL +#ifdef HAVE_TLS /* * Force client to upgrade for authentication if that is how the * server is configured... @@ -1932,7 +1932,7 @@ cupsdSendError(cupsd_client_t *con, /* I - Connection */ { code = HTTP_STATUS_UPGRADE_REQUIRED; } -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ /* * Put the request in the access_log file... @@ -2657,7 +2657,7 @@ compare_clients(cupsd_client_t *a, /* I - First client */ } -#ifdef HAVE_SSL +#ifdef HAVE_TLS /* * 'cupsd_start_tls()' - Start encryption on a connection. */ @@ -2676,7 +2676,7 @@ cupsd_start_tls(cupsd_client_t *con, /* I - Client connection */ cupsdLogClient(con, CUPSD_LOG_DEBUG, "Connection now encrypted."); return (0); } -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ /* diff --git a/scheduler/client.h b/scheduler/client.h index fc7af5400d..7092bdfbc1 100644 --- a/scheduler/client.h +++ b/scheduler/client.h @@ -1,6 +1,7 @@ /* * Client definitions for the CUPS scheduler. * + * Copyright © 2021 by OpenPrinting. * Copyright © 2007-2018 by Apple Inc. * Copyright © 1997-2007 by Easy Software Products, all rights reserved. * @@ -48,9 +49,9 @@ struct cupsd_client_s header_used; /* Number of header bytes used */ char header[2048]; /* Header from CGI program */ cups_lang_t *language; /* Language to use */ -#ifdef HAVE_SSL +#ifdef HAVE_TLS int auto_ssl; /* Automatic test for SSL/TLS */ -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ http_addr_t clientaddr; /* Client's server address */ char clientname[256];/* Client's server name for connection */ int clientport; /* Client's server port for connection */ @@ -137,7 +138,7 @@ extern void cupsdStopListening(void); extern void cupsdUpdateCGI(void); extern void cupsdWriteClient(cupsd_client_t *con); -#ifdef HAVE_SSL +#ifdef HAVE_TLS extern int cupsdEndTLS(cupsd_client_t *con); extern int cupsdStartTLS(cupsd_client_t *con); -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ diff --git a/scheduler/conf.c b/scheduler/conf.c index 54c3f7cf5e..1008e2abf1 100644 --- a/scheduler/conf.c +++ b/scheduler/conf.c @@ -138,9 +138,9 @@ static const cupsd_var_t cupsfiles_vars[] = { "AccessLog", &AccessLog, CUPSD_VARTYPE_STRING }, { "CacheDir", &CacheDir, CUPSD_VARTYPE_STRING }, { "ConfigFilePerm", &ConfigFilePerm, CUPSD_VARTYPE_PERM }, -#ifdef HAVE_SSL +#ifdef HAVE_TLS { "CreateSelfSignedCerts", &CreateSelfSignedCerts, CUPSD_VARTYPE_BOOLEAN }, -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ { "DataDir", &DataDir, CUPSD_VARTYPE_STRING }, { "DocumentRoot", &DocumentRoot, CUPSD_VARTYPE_STRING }, { "ErrorLog", &ErrorLog, CUPSD_VARTYPE_STRING }, @@ -151,9 +151,9 @@ static const cupsd_var_t cupsfiles_vars[] = { "RemoteRoot", &RemoteRoot, CUPSD_VARTYPE_STRING }, { "RequestRoot", &RequestRoot, CUPSD_VARTYPE_STRING }, { "ServerBin", &ServerBin, CUPSD_VARTYPE_PATHNAME }, -#ifdef HAVE_SSL +#ifdef HAVE_TLS { "ServerKeychain", &ServerKeychain, CUPSD_VARTYPE_PATHNAME }, -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ { "ServerRoot", &ServerRoot, CUPSD_VARTYPE_PATHNAME }, { "StateDir", &StateDir, CUPSD_VARTYPE_STRING }, { "SyncOnClose", &SyncOnClose, CUPSD_VARTYPE_BOOLEAN }, @@ -606,7 +606,7 @@ cupsdReadConfiguration(void) cupsdClearString(&Classification); ClassifyOverride = 0; -#ifdef HAVE_SSL +#ifdef HAVE_TLS # ifdef HAVE_GNUTLS cupsdSetString(&ServerKeychain, "ssl"); # else @@ -614,7 +614,7 @@ cupsdReadConfiguration(void) # endif /* HAVE_GNUTLS */ _httpTLSSetOptions(_HTTP_TLS_NONE, _HTTP_TLS_1_0, _HTTP_TLS_MAX); -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ language = cupsLangDefault(); @@ -699,10 +699,10 @@ cupsdReadConfiguration(void) ConfigFilePerm = CUPS_DEFAULT_CONFIG_FILE_PERM; FatalErrors = parse_fatal_errors(CUPS_DEFAULT_FATAL_ERRORS); default_auth_type = CUPSD_AUTH_BASIC; -#ifdef HAVE_SSL +#ifdef HAVE_TLS CreateSelfSignedCerts = TRUE; DefaultEncryption = HTTP_ENCRYPT_REQUIRED; -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ DirtyCleanInterval = DEFAULT_KEEPALIVE; JobKillDelay = DEFAULT_TIMEOUT; JobRetryLimit = 5; @@ -1096,7 +1096,7 @@ cupsdReadConfiguration(void) if (CacheDir[0] != '/') cupsdSetStringf(&CacheDir, "%s/%s", ServerRoot, CacheDir); -#ifdef HAVE_SSL +#ifdef HAVE_TLS if (!_cups_strcasecmp(ServerKeychain, "internal")) cupsdClearString(&ServerKeychain); else if (ServerKeychain[0] != '/') @@ -1106,7 +1106,7 @@ cupsdReadConfiguration(void) if (!CreateSelfSignedCerts) cupsdLogMessage(CUPSD_LOG_DEBUG, "Self-signed TLS certificate generation is disabled."); cupsSetServerCredentials(ServerKeychain, ServerName, CreateSelfSignedCerts); -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ /* * Make sure that directories and config files are owned and @@ -2988,7 +2988,7 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */ "FaxRetryLimit is deprecated; use " "JobRetryLimit on line %d of %s.", linenum, ConfigurationFile); } -#ifdef HAVE_SSL +#ifdef HAVE_TLS else if (!_cups_strcasecmp(line, "SSLOptions")) { /* @@ -3056,11 +3056,11 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */ _httpTLSSetOptions(options, min_version, max_version); } -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ else if ((!_cups_strcasecmp(line, "Port") || !_cups_strcasecmp(line, "Listen") -#ifdef HAVE_SSL +#ifdef HAVE_TLS || !_cups_strcasecmp(line, "SSLPort") || !_cups_strcasecmp(line, "SSLListen") -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ ) && value) { /* @@ -3146,10 +3146,10 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */ memcpy(&(lis->address), &(addr->addr), sizeof(lis->address)); lis->fd = -1; -#ifdef HAVE_SSL +#ifdef HAVE_TLS if (!_cups_strcasecmp(line, "SSLPort") || !_cups_strcasecmp(line, "SSLListen")) lis->encryption = HTTP_ENCRYPT_ALWAYS; -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ httpAddrString(&lis->address, temp, sizeof(temp)); @@ -3215,7 +3215,7 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */ return (0); } } -#ifdef HAVE_SSL +#ifdef HAVE_TLS else if (!_cups_strcasecmp(line, "DefaultEncryption")) { /* @@ -3237,7 +3237,7 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */ return (0); } } -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ else if (!_cups_strcasecmp(line, "HostNameLookups") && value) { /* diff --git a/scheduler/conf.h b/scheduler/conf.h index 4013cb5168..5a2f8bdb9a 100644 --- a/scheduler/conf.h +++ b/scheduler/conf.h @@ -235,12 +235,12 @@ VAR int NumMimeTypes VALUE(0); VAR const char **MimeTypes VALUE(NULL); /* Array of MIME types */ -#ifdef HAVE_SSL +#ifdef HAVE_TLS VAR int CreateSelfSignedCerts VALUE(TRUE); /* Automatically create self-signed certs? */ VAR char *ServerKeychain VALUE(NULL); /* Keychain holding cert + key */ -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ #ifdef HAVE_ONDEMAND VAR int IdleExitTimeout VALUE(60); diff --git a/scheduler/dirsvc.c b/scheduler/dirsvc.c index d754ae6185..5fd776c249 100644 --- a/scheduler/dirsvc.c +++ b/scheduler/dirsvc.c @@ -372,7 +372,7 @@ dnssdBuildTxtRecord( * Get the URL scheme for the admin page... */ -# ifdef HAVE_SSL +# ifdef HAVE_TLS for (lis = (cupsd_listener_t *)cupsArrayFirst(Listeners); lis; lis = (cupsd_listener_t *)cupsArrayNext(Listeners)) { if (lis->encryption != HTTP_ENCRYPTION_NEVER) @@ -381,7 +381,7 @@ dnssdBuildTxtRecord( break; } } -# endif /* HAVE_SSL */ +# endif /* HAVE_TLS */ httpAssembleURIf(HTTP_URI_CODING_ALL, adminurl_str, sizeof(adminurl_str), admin_scheme, NULL, admin_hostname, DNSSDPort, "/%s/%s", (p->type & CUPS_PRINTER_CLASS) ? "classes" : "printers", p->name); keyvalue[count ][0] = "adminurl"; @@ -411,10 +411,10 @@ dnssdBuildTxtRecord( keyvalue[count ][0] = "UUID"; keyvalue[count++][1] = p->uuid + 9; -#ifdef HAVE_SSL +#ifdef HAVE_TLS keyvalue[count ][0] = "TLS"; keyvalue[count++][1] = "1.2"; -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ if (p->type & CUPS_PRINTER_FAX) { @@ -694,9 +694,9 @@ dnssdDeregisterPrinter( dnssdDeregisterInstance(&p->ipp_srv, from_callback); # ifdef HAVE_MDNSRESPONDER -# ifdef HAVE_SSL +# ifdef HAVE_TLS dnssdDeregisterInstance(&p->ipps_srv, from_callback); -# endif /* HAVE_SSL */ +# endif /* HAVE_TLS */ dnssdDeregisterInstance(&p->printer_srv, from_callback); # endif /* HAVE_MDNSRESPONDER */ } @@ -972,10 +972,10 @@ dnssdRegisterInstance( # ifdef HAVE_MDNSRESPONDER if (!strcmp(type, "_printer._tcp")) srv = &p->printer_srv; /* Target LPD service */ -# ifdef HAVE_SSL +# ifdef HAVE_TLS else if (!strcmp(type, "_ipps._tcp")) srv = &p->ipps_srv; /* Target IPPS service */ -# endif /* HAVE_SSL */ +# endif /* HAVE_TLS */ else srv = &p->ipp_srv; /* Target IPP service */ @@ -1196,10 +1196,10 @@ dnssdRegisterPrinter( status = dnssdRegisterInstance(NULL, p, name, "_printer._tcp", NULL, 0, NULL, 0, from_callback); -# ifdef HAVE_SSL +# ifdef HAVE_TLS if (status) dnssdRegisterInstance(NULL, p, name, "_ipps._tcp", DNSSDSubTypes, DNSSDPort, &ipp_txt, 0, from_callback); -# endif /* HAVE_SSL */ +# endif /* HAVE_TLS */ if (status) { @@ -1234,9 +1234,9 @@ dnssdRegisterPrinter( dnssdDeregisterInstance(&p->ipp_srv, from_callback); # ifdef HAVE_MDNSRESPONDER -# ifdef HAVE_SSL +# ifdef HAVE_TLS dnssdDeregisterInstance(&p->ipps_srv, from_callback); -# endif /* HAVE_SSL */ +# endif /* HAVE_TLS */ dnssdDeregisterInstance(&p->printer_srv, from_callback); # endif /* HAVE_MDNSRESPONDER */ } diff --git a/scheduler/ipp.c b/scheduler/ipp.c index d289e58487..29ada3e028 100644 --- a/scheduler/ipp.c +++ b/scheduler/ipp.c @@ -1279,7 +1279,7 @@ add_job(cupsd_client_t *con, /* I - Client connection */ send_http_error(con, HTTP_UNAUTHORIZED, printer); return (NULL); } -#ifdef HAVE_SSL +#ifdef HAVE_TLS else if (auth_info && !con->http->tls && !httpAddrLocalhost(con->http->hostaddr)) { @@ -1290,7 +1290,7 @@ add_job(cupsd_client_t *con, /* I - Client connection */ send_http_error(con, HTTP_UPGRADE_REQUIRED, printer); return (NULL); } -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ /* * See if the printer is accepting jobs... @@ -11228,9 +11228,9 @@ validate_job(cupsd_client_t *con, /* I - Client connection */ { http_status_t status; /* Policy status */ ipp_attribute_t *attr; /* Current attribute */ -#ifdef HAVE_SSL +#ifdef HAVE_TLS ipp_attribute_t *auth_info; /* auth-info attribute */ -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ ipp_attribute_t *format, /* Document-format attribute */ *name; /* Job-name attribute */ cups_ptype_t dtype; /* Destination type (printer/class) */ @@ -11350,9 +11350,9 @@ validate_job(cupsd_client_t *con, /* I - Client connection */ * Check policy... */ -#ifdef HAVE_SSL +#ifdef HAVE_TLS auth_info = ippFindAttribute(con->request, "auth-info", IPP_TAG_TEXT); -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ if ((status = cupsdCheckPolicy(printer->op_policy_ptr, con, NULL)) != HTTP_OK) { @@ -11366,7 +11366,7 @@ validate_job(cupsd_client_t *con, /* I - Client connection */ send_http_error(con, HTTP_UNAUTHORIZED, printer); return; } -#ifdef HAVE_SSL +#ifdef HAVE_TLS else if (auth_info && !con->http->tls && !httpAddrLocalhost(con->http->hostaddr)) { @@ -11377,7 +11377,7 @@ validate_job(cupsd_client_t *con, /* I - Client connection */ send_http_error(con, HTTP_UPGRADE_REQUIRED, printer); return; } -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ /* * Everything was ok, so return OK status... diff --git a/scheduler/main.c b/scheduler/main.c index 90ecb349cb..d9f5087e3a 100644 --- a/scheduler/main.c +++ b/scheduler/main.c @@ -1909,10 +1909,10 @@ service_add_listener(int fd, /* I - Socket file descriptor */ lis->fd = fd; lis->on_demand = 1; -# ifdef HAVE_SSL +# ifdef HAVE_TLS if (httpAddrPort(&(lis->address)) == 443) lis->encryption = HTTP_ENCRYPT_ALWAYS; -# endif /* HAVE_SSL */ +# endif /* HAVE_TLS */ } #endif /* HAVE_ONDEMAND */ diff --git a/scheduler/printers.h b/scheduler/printers.h index c0887d64f0..b24f1a5e4d 100644 --- a/scheduler/printers.h +++ b/scheduler/printers.h @@ -119,9 +119,9 @@ struct cupsd_printer_s *pdl; /* pdl value for TXT record */ cupsd_srv_t ipp_srv; /* IPP service(s) */ # ifdef HAVE_MDNSRESPONDER -# ifdef HAVE_SSL +# ifdef HAVE_TLS cupsd_srv_t ipps_srv; /* IPPS service(s) */ -# endif /* HAVE_SSL */ +# endif /* HAVE_TLS */ cupsd_srv_t printer_srv; /* LPD service */ # endif /* HAVE_MDNSRESPONDER */ #endif /* HAVE_DNSSD */ diff --git a/systemv/cancel.c b/systemv/cancel.c index bcd638cc44..4530c04ac7 100644 --- a/systemv/cancel.c +++ b/systemv/cancel.c @@ -1,6 +1,7 @@ /* * "cancel" command for CUPS. * + * Copyright © 2021 by OpenPrinting. * Copyright © 2007-2018 by Apple Inc. * Copyright © 1997-2006 by Easy Software Products. * @@ -76,14 +77,14 @@ main(int argc, /* I - Number of command-line arguments */ switch (*opt) { case 'E' : /* Encrypt */ -#ifdef HAVE_SSL +#ifdef HAVE_TLS cupsSetEncryption(HTTP_ENCRYPT_REQUIRED); if (http) httpEncryption(http, HTTP_ENCRYPT_REQUIRED); #else _cupsLangPrintf(stderr, _("%s: Sorry, no encryption support."), argv[0]); -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ break; case 'U' : /* Username */ diff --git a/systemv/cupsaccept.c b/systemv/cupsaccept.c index 22fb01be19..7da17fdc05 100644 --- a/systemv/cupsaccept.c +++ b/systemv/cupsaccept.c @@ -2,6 +2,7 @@ * "cupsaccept", "cupsdisable", "cupsenable", and "cupsreject" commands for * CUPS. * + * Copyright © 2021 by OpenPrinting. * Copyright © 2007-2018 by Apple Inc. * Copyright © 1997-2006 by Easy Software Products. * @@ -89,11 +90,11 @@ main(int argc, /* I - Number of command-line arguments */ switch (*opt) { case 'E' : /* Encrypt */ -#ifdef HAVE_SSL +#ifdef HAVE_TLS cupsSetEncryption(HTTP_ENCRYPT_REQUIRED); #else _cupsLangPrintf(stderr, _("%s: Sorry, no encryption support."), command); -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ break; case 'U' : /* Username */ diff --git a/systemv/lp.c b/systemv/lp.c index fd818a56d5..bfeb7c2e1e 100644 --- a/systemv/lp.c +++ b/systemv/lp.c @@ -1,6 +1,7 @@ /* * "lp" command for CUPS. * + * Copyright © 2021 by OpenPrinting. * Copyright © 2007-2019 by Apple Inc. * Copyright © 1997-2007 by Easy Software Products. * @@ -92,11 +93,11 @@ main(int argc, /* I - Number of command-line arguments */ switch (*opt) { case 'E' : /* Encrypt */ -#ifdef HAVE_SSL +#ifdef HAVE_TLS cupsSetEncryption(HTTP_ENCRYPT_REQUIRED); #else _cupsLangPrintf(stderr, _("%s: Sorry, no encryption support."), argv[0]); -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ break; case 'U' : /* Username */ diff --git a/systemv/lpadmin.c b/systemv/lpadmin.c index ca6d386b2e..00d0fc7c72 100644 --- a/systemv/lpadmin.c +++ b/systemv/lpadmin.c @@ -1,6 +1,7 @@ /* * "lpadmin" command for CUPS. * + * Copyright © 2021 by OpenPrinting. * Copyright © 2007-2019 by Apple Inc. * Copyright © 1997-2006 by Easy Software Products. * @@ -240,14 +241,14 @@ main(int argc, /* I - Number of command-line arguments */ case 'E' : /* Enable the printer/enable encryption */ if (printer == NULL) { -#ifdef HAVE_SSL +#ifdef HAVE_TLS cupsSetEncryption(HTTP_ENCRYPTION_REQUIRED); if (http) httpEncryption(http, HTTP_ENCRYPTION_REQUIRED); #else _cupsLangPrintf(stderr, _("%s: Sorry, no encryption support."), argv[0]); -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ break; } diff --git a/systemv/lpinfo.c b/systemv/lpinfo.c index bb4db59677..ea525459a7 100644 --- a/systemv/lpinfo.c +++ b/systemv/lpinfo.c @@ -1,6 +1,7 @@ /* * "lpinfo" command for CUPS. * + * Copyright © 2021 by OpenPrinting. * Copyright © 2007-2018 by Apple Inc. * Copyright © 1997-2006 by Easy Software Products. * @@ -186,11 +187,11 @@ main(int argc, /* I - Number of command-line arguments */ switch (*opt) { case 'E' : /* Encrypt */ -#ifdef HAVE_SSL +#ifdef HAVE_TLS cupsSetEncryption(HTTP_ENCRYPT_REQUIRED); #else _cupsLangPrintf(stderr, _("%s: Sorry, no encryption support."), argv[0]); -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ break; case 'h' : /* Connect to host */ diff --git a/systemv/lpmove.c b/systemv/lpmove.c index 126db5fc05..bd045c87b6 100644 --- a/systemv/lpmove.c +++ b/systemv/lpmove.c @@ -1,6 +1,7 @@ /* * "lpmove" command for CUPS. * + * Copyright © 2021 by OpenPrinting. * Copyright © 2007-2018 by Apple Inc. * Copyright © 1997-2006 by Easy Software Products. * @@ -62,12 +63,12 @@ main(int argc, /* I - Number of command-line arguments */ switch (*opt) { case 'E' : /* Encrypt */ -#ifdef HAVE_SSL +#ifdef HAVE_TLS cupsSetEncryption(HTTP_ENCRYPT_REQUIRED); #else _cupsLangPrintf(stderr, _("%s: Sorry, no encryption support."), argv[0]); -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ break; case 'h' : /* Connect to host */ diff --git a/systemv/lpstat.c b/systemv/lpstat.c index 1d14cb8e07..fec52b6810 100644 --- a/systemv/lpstat.c +++ b/systemv/lpstat.c @@ -1,6 +1,7 @@ /* * "lpstat" command for CUPS. * + * Copyright © 2021 by OpenPrinting. * Copyright © 2007-2018 by Apple Inc. * Copyright © 1997-2006 by Easy Software Products. * @@ -84,13 +85,13 @@ main(int argc, /* I - Number of command-line arguments */ break; case 'E' : /* Encrypt */ -#ifdef HAVE_SSL +#ifdef HAVE_TLS cupsSetEncryption(HTTP_ENCRYPT_REQUIRED); #else _cupsLangPrintf(stderr, _("%s: Sorry, no encryption support."), argv[0]); -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ break; case 'H' : /* Show server and port */ diff --git a/tools/ippeveprinter.c b/tools/ippeveprinter.c index 92b2290b3c..f46ad3149f 100644 --- a/tools/ippeveprinter.c +++ b/tools/ippeveprinter.c @@ -140,11 +140,11 @@ static const char * const ippeve_preason_strings[] = * URL scheme for web resources... */ -#ifdef HAVE_SSL +#ifdef HAVE_TLS # define WEB_SCHEME "https" #else # define WEB_SCHEME "http" -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ /* @@ -377,9 +377,9 @@ main(int argc, /* I - Number of command-line args */ *device_uri = NULL, /* Device URI */ *output_format = NULL, /* Output format */ *icon = NULL, /* Icon file */ -#ifdef HAVE_SSL +#ifdef HAVE_TLS *keypath = NULL, /* Keychain path */ -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ *location = "", /* Location of printer */ *make = "Example", /* Manufacturer */ *model = "Printer", /* Model */ @@ -466,7 +466,7 @@ main(int argc, /* I - Number of command-line args */ output_format = argv[i]; break; -#ifdef HAVE_SSL +#ifdef HAVE_TLS case 'K' : /* -K keypath */ i ++; if (i >= argc) @@ -474,7 +474,7 @@ main(int argc, /* I - Number of command-line args */ keypath = argv[i]; break; -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ case 'M' : /* -M manufacturer */ i ++; @@ -737,9 +737,9 @@ main(int argc, /* I - Number of command-line args */ printer->ppdfile = strdup(ppdfile); #endif /* !CUPS_LITE */ -#ifdef HAVE_SSL +#ifdef HAVE_TLS cupsSetServerCredentials(keypath, printer->hostname, 1); -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ /* * Run the print service... @@ -1590,11 +1590,11 @@ create_printer( "file", "ftp", "http" -#ifdef HAVE_SSL +#ifdef HAVE_TLS , "https" -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ }; -#ifdef HAVE_SSL +#ifdef HAVE_TLS static const char * const uri_authentication_supported[] = { /* uri-authentication-supported values */ "none", @@ -1610,7 +1610,7 @@ create_printer( "none", "tls" }; -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ static const char * const which_jobs[] = { /* which-jobs-supported values */ "completed", @@ -1758,11 +1758,11 @@ create_printer( if (Verbosity) { -#ifdef HAVE_SSL +#ifdef HAVE_TLS fprintf(stderr, "printer-uri-supported=\"ipp://%s:%d/ipp/print\",\"ipps://%s:%d/ipp/print\"\n", printer->hostname, printer->port, printer->hostname, printer->port); #else fprintf(stderr, "printer-uri-supported=\"ipp://%s:%d/ipp/print\"\n", printer->hostname, printer->port); -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ fprintf(stderr, "printer-uuid=\"%s\"\n", uuid); } @@ -1949,7 +1949,7 @@ create_printer( ippAddStrings(printer->attrs, IPP_TAG_PRINTER, IPP_CONST_TAG(IPP_TAG_URISCHEME), "reference-uri-schemes-supported", (int)(sizeof(reference_uri_schemes_supported) / sizeof(reference_uri_schemes_supported[0])), NULL, reference_uri_schemes_supported); /* uri-authentication-supported */ -#ifdef HAVE_SSL +#ifdef HAVE_TLS if (PAMService) ippAddStrings(printer->attrs, IPP_TAG_PRINTER, IPP_CONST_TAG(IPP_TAG_KEYWORD), "uri-authentication-supported", 2, NULL, uri_authentication_basic); else @@ -1959,14 +1959,14 @@ create_printer( ippAddString(printer->attrs, IPP_TAG_PRINTER, IPP_CONST_TAG(IPP_TAG_KEYWORD), "uri-authentication-supported", NULL, "basic"); else ippAddString(printer->attrs, IPP_TAG_PRINTER, IPP_CONST_TAG(IPP_TAG_KEYWORD), "uri-authentication-supported", NULL, "none"); -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ /* uri-security-supported */ -#ifdef HAVE_SSL +#ifdef HAVE_TLS ippAddStrings(printer->attrs, IPP_TAG_PRINTER, IPP_CONST_TAG(IPP_TAG_KEYWORD), "uri-security-supported", 2, NULL, uri_security_supported); #else ippAddString(printer->attrs, IPP_TAG_PRINTER, IPP_CONST_TAG(IPP_TAG_KEYWORD), "uri-security-supported", NULL, "none"); -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ /* which-jobs-supported */ ippAddStrings(printer->attrs, IPP_TAG_PRINTER, IPP_CONST_TAG(IPP_TAG_KEYWORD), "which-jobs-supported", sizeof(which_jobs) / sizeof(which_jobs[0]), NULL, which_jobs); @@ -2558,9 +2558,9 @@ finish_document_uri( } if (strcmp(scheme, "file") && -#ifdef HAVE_SSL +#ifdef HAVE_TLS strcmp(scheme, "https") && -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ strcmp(scheme, "http")) { respond_ipp(client, IPP_STATUS_ERROR_URI_SCHEME, "URI scheme \"%s\" not supported.", scheme); @@ -2638,11 +2638,11 @@ finish_document_uri( } else { -#ifdef HAVE_SSL +#ifdef HAVE_TLS if (port == 443 || !strcmp(scheme, "https")) encryption = HTTP_ENCRYPTION_ALWAYS; else -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ encryption = HTTP_ENCRYPTION_IF_REQUESTED; if ((http = httpConnect2(hostname, port, NULL, AF_UNSPEC, encryption, 1, 30000, NULL)) == NULL) @@ -3698,10 +3698,10 @@ ipp_get_printer_attributes( httpAssembleURI(HTTP_URI_CODING_ALL, uris[0], sizeof(uris[0]), "ipp", NULL, client->host_field, client->host_port, "/ipp/print"); values[num_values ++] = uris[0]; -#ifdef HAVE_SSL +#ifdef HAVE_TLS httpAssembleURI(HTTP_URI_CODING_ALL, uris[1], sizeof(uris[1]), "ipps", NULL, client->host_field, client->host_port, "/ipp/print"); values[num_values ++] = uris[1]; -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ ippAddStrings(client->response, IPP_TAG_PRINTER, IPP_TAG_URI, "printer-uri-supported", num_values, NULL, values); } @@ -5788,13 +5788,13 @@ process_client(ippeve_client_t *client) /* I - Client */ * Loop until we are out of requests or timeout (30 seconds)... */ -#ifdef HAVE_SSL +#ifdef HAVE_TLS int first_time = 1; /* First time request? */ -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ while (httpWait(client->http, 30000)) { -#ifdef HAVE_SSL +#ifdef HAVE_TLS if (first_time) { /* @@ -5818,7 +5818,7 @@ process_client(ippeve_client_t *client) /* I - Client */ first_time = 0; } -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ if (!process_http(client)) break; @@ -6009,7 +6009,7 @@ process_http(ippeve_client_t *client) /* I - Client connection */ if (!strcasecmp(httpGetField(client->http, HTTP_FIELD_CONNECTION), "Upgrade")) { -#ifdef HAVE_SSL +#ifdef HAVE_TLS if (strstr(httpGetField(client->http, HTTP_FIELD_UPGRADE), "TLS/") != NULL && !httpIsEncrypted(client->http)) { if (!respond_http(client, HTTP_STATUS_SWITCHING_PROTOCOLS, NULL, NULL, 0)) @@ -6026,7 +6026,7 @@ process_http(ippeve_client_t *client) /* I - Client connection */ fprintf(stderr, "%s Connection now encrypted.\n", client->hostname); } else -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ if (!respond_http(client, HTTP_STATUS_NOT_IMPLEMENTED, NULL, NULL, 0)) return (0); @@ -7244,9 +7244,9 @@ register_printer( TXTRecordSetValue(&ipp_txt, "Duplex", 1, ippGetCount(sides_supported) > 1 ? "T" : "F"); if ((value = ippGetString(printer_uuid, 0, NULL)) != NULL) TXTRecordSetValue(&ipp_txt, "UUID", (uint8_t)strlen(value) - 9, value + 9); -# ifdef HAVE_SSL +# ifdef HAVE_TLS TXTRecordSetValue(&ipp_txt, "TLS", 3, "1.2"); -# endif /* HAVE_SSL */ +# endif /* HAVE_TLS */ if (urf[0]) TXTRecordSetValue(&ipp_txt, "URF", (uint8_t)strlen(urf), urf); TXTRecordSetValue(&ipp_txt, "txtvers", 1, "1"); @@ -7291,7 +7291,7 @@ register_printer( return (0); } -# ifdef HAVE_SSL +# ifdef HAVE_TLS /* * Then register the _ipps._tcp (IPP) service type with the real port number to * advertise our IPPS printer... @@ -7312,7 +7312,7 @@ register_printer( _cupsLangPrintf(stderr, _("Unable to register \"%s.%s\": %d"), printer->dnssd_name, regtype, error); return (0); } -# endif /* HAVE_SSL */ +# endif /* HAVE_TLS */ /* * Similarly, register the _http._tcp,_printer (HTTP) service type with the @@ -7351,9 +7351,9 @@ register_printer( ipp_txt = avahi_string_list_add_printf(ipp_txt, "Duplex=%s", ippGetCount(sides_supported) > 1 ? "T" : "F"); if ((value = ippGetString(printer_uuid, 0, NULL)) != NULL) ipp_txt = avahi_string_list_add_printf(ipp_txt, "UUID=%s", value + 9); -# ifdef HAVE_SSL +# ifdef HAVE_TLS ipp_txt = avahi_string_list_add_printf(ipp_txt, "TLS=1.2"); -# endif /* HAVE_SSL */ +# endif /* HAVE_TLS */ if (urf[0]) ipp_txt = avahi_string_list_add_printf(ipp_txt, "URF=%s", urf); ipp_txt = avahi_string_list_add_printf(ipp_txt, "txtvers=1"); @@ -7395,7 +7395,7 @@ register_printer( free(temptypes); } -#ifdef HAVE_SSL +#ifdef HAVE_TLS /* * _ipps._tcp (IPPS) for secure printing... */ @@ -7418,7 +7418,7 @@ register_printer( free(temptypes); } -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ /* * Finally _http.tcp (HTTP) for the web interface... @@ -8350,9 +8350,9 @@ usage(int status) /* O - Exit status */ _cupsLangPuts(stdout, _("-A Enable authentication")); _cupsLangPuts(stdout, _("-D device-uri Set the device URI for the printer")); _cupsLangPuts(stdout, _("-F output-type/subtype Set the output format for the printer")); -#ifdef HAVE_SSL +#ifdef HAVE_TLS _cupsLangPuts(stdout, _("-K keypath Set location of server X.509 certificates and keys.")); -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ _cupsLangPuts(stdout, _("-M manufacturer Set manufacturer name (default=Test)")); #if !CUPS_LITE _cupsLangPuts(stdout, _("-P filename.ppd Load printer attributes from PPD file")); diff --git a/tools/ipptool.c b/tools/ipptool.c index 47b33f0c6f..e610176fe2 100644 --- a/tools/ipptool.c +++ b/tools/ipptool.c @@ -1,6 +1,7 @@ /* * ipptool command for CUPS. * + * Copyright © 2021 by OpenPrinting. * Copyright @ 2020 by The Printer Working Group. * Copyright © 2007-2019 by Apple Inc. * Copyright © 1997-2007 by Easy Software Products. @@ -312,12 +313,12 @@ main(int argc, /* I - Number of command-line args */ break; case 'E' : /* Encrypt with TLS */ -#ifdef HAVE_SSL +#ifdef HAVE_TLS data.encryption = HTTP_ENCRYPT_REQUIRED; #else _cupsLangPrintf(stderr, _("%s: Sorry, no encryption support."), argv[0]); -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ break; case 'I' : /* Ignore errors */ @@ -356,12 +357,12 @@ main(int argc, /* I - Number of command-line args */ break; case 'S' : /* Encrypt with SSL */ -#ifdef HAVE_SSL +#ifdef HAVE_TLS data.encryption = HTTP_ENCRYPT_ALWAYS; #else _cupsLangPrintf(stderr, _("%s: Sorry, no encryption support."), argv[0]); -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ break; case 'T' : /* Set timeout */ @@ -611,9 +612,9 @@ main(int argc, /* I - Number of command-line args */ } } else if (!strncmp(argv[i], "ipp://", 6) || !strncmp(argv[i], "http://", 7) -#ifdef HAVE_SSL +#ifdef HAVE_TLS || !strncmp(argv[i], "ipps://", 7) || !strncmp(argv[i], "https://", 8) -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ ) { /* @@ -626,10 +627,10 @@ main(int argc, /* I - Number of command-line args */ usage(); } -#ifdef HAVE_SSL +#ifdef HAVE_TLS if (!strncmp(argv[i], "ipps://", 7) || !strncmp(argv[i], "https://", 8)) data.encryption = HTTP_ENCRYPT_ALWAYS; -#endif /* HAVE_SSL */ +#endif /* HAVE_TLS */ if (!_ippVarsSet(&vars, "uri", argv[i])) { diff --git a/vcnet/config.h b/vcnet/config.h index e8268d6b29..b571bd4abb 100644 --- a/vcnet/config.h +++ b/vcnet/config.h @@ -385,10 +385,10 @@ typedef unsigned long useconds_t; * Which encryption libraries do we have? */ +#define HAVE_TLS 1 /* #undef HAVE_CDSASSL */ /* #undef HAVE_GNUTLS */ #define HAVE_SSPISSL 1 -#define HAVE_SSL 1 /* diff --git a/xcode/config.h b/xcode/config.h index b5da930770..bef3b2b2e3 100644 --- a/xcode/config.h +++ b/xcode/config.h @@ -306,10 +306,10 @@ * Which encryption libraries do we have? */ +#define HAVE_TLS 1 #define HAVE_CDSASSL 1 /* #undef HAVE_GNUTLS */ /* #undef HAVE_SSPISSL */ -#define HAVE_SSL 1 /*