From: msweet Date: Wed, 11 Dec 2013 02:23:54 +0000 (+0000) Subject: Drop support for ServerCertificate and ServerKey directives; now we just support X-Git-Tag: v2.2b1~798 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=097488cff0e1cd333738c6a063faee43bb9a2d3a;p=thirdparty%2Fcups.git Drop support for ServerCertificate and ServerKey directives; now we just support ServerKeychain on all platforms. git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@11457 a1ca3aef-8c08-0410-bb20-df032aa958be --- diff --git a/scheduler/client.c b/scheduler/client.c index 55ebe514d0..8a36a08621 100644 --- a/scheduler/client.c +++ b/scheduler/client.c @@ -2878,7 +2878,6 @@ static int /* O - 0 on success, -1 on error */ cupsd_start_tls(cupsd_client_t *con, /* I - Client connection */ http_encryption_t e) /* I - Encryption mode */ { - /* TODO: Lookup/load cert + key and set */ if (httpEncryption(con->http, e)) { cupsdLogClient(con, CUPSD_LOG_ERROR, "Unable to encrypt connection: %s", diff --git a/scheduler/conf.c b/scheduler/conf.c index e86eff6067..8f91179fe8 100644 --- a/scheduler/conf.c +++ b/scheduler/conf.c @@ -143,10 +143,6 @@ static const cupsd_var_t cupsfiles_vars[] = { "RequestRoot", &RequestRoot, CUPSD_VARTYPE_STRING }, { "ServerBin", &ServerBin, CUPSD_VARTYPE_PATHNAME }, #ifdef HAVE_SSL -# ifdef HAVE_GNUTLS - { "ServerCertificate", &ServerCertificate, CUPSD_VARTYPE_PATHNAME }, - { "ServerKey", &ServerKey, CUPSD_VARTYPE_PATHNAME }, -# endif /* HAVE_GNUTLS */ { "ServerKeychain", &ServerKeychain, CUPSD_VARTYPE_PATHNAME }, #endif /* HAVE_SSL */ { "ServerRoot", &ServerRoot, CUPSD_VARTYPE_PATHNAME }, @@ -592,9 +588,7 @@ cupsdReadConfiguration(void) #ifdef HAVE_SSL # ifdef HAVE_GNUTLS - cupsdClearString(&ServerKeychain); - cupsdSetString(&ServerCertificate, "ssl/server.crt"); - cupsdSetString(&ServerKey, "ssl/server.key"); + cupsdSetString(&ServerKeychain, "ssl"); # else cupsdSetString(&ServerKeychain, "/Library/Keychains/System.keychain"); # endif /* HAVE_GNUTLS */ @@ -1061,27 +1055,10 @@ cupsdReadConfiguration(void) cupsdSetStringf(&CacheDir, "%s/%s", ServerRoot, CacheDir); #ifdef HAVE_SSL -# ifdef HAVE_GNUTLS - if (ServerCertificate[0] != '/') - cupsdSetStringf(&ServerCertificate, "%s/%s", ServerRoot, ServerCertificate); - - if (!strncmp(ServerRoot, ServerCertificate, strlen(ServerRoot)) && - cupsdCheckPermissions(ServerCertificate, NULL, 0600, RunUser, Group, - 0, 0) < 0 && - (FatalErrors & CUPSD_FATAL_PERMISSIONS)) - return (0); - - if (ServerKey[0] != '/') - cupsdSetStringf(&ServerKey, "%s/%s", ServerRoot, ServerKey); - - if (!strncmp(ServerRoot, ServerKey, strlen(ServerRoot)) && - cupsdCheckPermissions(ServerKey, NULL, 0600, RunUser, Group, 0, 0) < 0 && - (FatalErrors & CUPSD_FATAL_PERMISSIONS)) - return (0); -# endif /* HAVE_GNUTLS */ - if (ServerKeychain[0] != '/') cupsdSetStringf(&ServerKeychain, "%s/%s", ServerRoot, ServerKeychain); + + cupsSetServerCredentials(ServerKeychain, ServerName, 1); #endif /* HAVE_SSL */ /* @@ -3310,6 +3287,7 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */ !_cups_strcasecmp(line, "ServerBin") || !_cups_strcasecmp(line, "ServerCertificate") || !_cups_strcasecmp(line, "ServerKey") || + !_cups_strcasecmp(line, "ServerKeychain") || !_cups_strcasecmp(line, "ServerRoot") || !_cups_strcasecmp(line, "SMBConfigFile") || !_cups_strcasecmp(line, "StateDir") || @@ -3472,6 +3450,15 @@ read_cups_files_conf(cups_file_t *fp) /* I - File to read from */ } } } + else if (!_cups_strcasecmp(line, "ServerCertificate") || + !_cups_strcasecmp(line, "ServerKey")) + { + cupsdLogMessage(CUPSD_LOG_INFO, + "The \"%s\" directive on line %d of %s is no longer " + "supported; this will become an error in a future " + "release.", + line, linenum, CupsFilesFile); + } else if (!parse_variable(CupsFilesFile, linenum, line, value, sizeof(cupsfiles_vars) / sizeof(cupsfiles_vars[0]), cupsfiles_vars) && diff --git a/scheduler/conf.h b/scheduler/conf.h index 650acca145..000fb8f926 100644 --- a/scheduler/conf.h +++ b/scheduler/conf.h @@ -228,12 +228,6 @@ VAR const char **MimeTypes VALUE(NULL); /* Array of MIME types */ #ifdef HAVE_SSL -# ifdef HAVE_GNUTLS -VAR char *ServerCertificate VALUE(NULL), - /* Server certificate file */ - *ServerKey VALUE(NULL); - /* Server key file */ -# endif /* HAVE_GNUTLS */ VAR char *ServerKeychain VALUE(NULL); /* Keychain holding cert + key */ #endif /* HAVE_SSL */