mirror of
https://github.com/matrix-construct/construct
synced 2024-11-29 02:02:38 +01:00
ircd::net: Add parent ssl_cipher conf items; add curve items.
This commit is contained in:
Jason Volk
parent
28f0660a9d
commit
92cdccf956
3 changed files with 43 additions and 4 deletions
|
|
@ -28,6 +28,7 @@ struct ircd::net::acceptor
|
|||
|
||||
static log::log log;
|
||||
static conf::item<milliseconds> timeout;
|
||||
static conf::item<std::string> ssl_curve_list;
|
||||
static conf::item<std::string> ssl_cipher_list;
|
||||
static conf::item<std::string> ssl_cipher_blacklist;
|
||||
|
||||
|
|
|
|||
|
|
@ -18,6 +18,9 @@
|
|||
|
||||
namespace ircd::net
|
||||
{
|
||||
extern conf::item<std::string> ssl_curve_list;
|
||||
extern conf::item<std::string> ssl_cipher_list;
|
||||
extern conf::item<std::string> ssl_cipher_blacklist;
|
||||
extern asio::ssl::context sslv23_client;
|
||||
}
|
||||
|
||||
|
|
|
|||
43
ircd/net.cc
43
ircd/net.cc
|
|
@ -1299,18 +1299,25 @@ ircd::net::acceptor::timeout
|
|||
{ "default", 12000L },
|
||||
};
|
||||
|
||||
decltype(ircd::net::acceptor::ssl_curve_list)
|
||||
ircd::net::acceptor::ssl_curve_list
|
||||
{
|
||||
{ "name", "ircd.net.acceptor.ssl.curve.list" },
|
||||
{ "default", string_view{ircd::net::ssl_curve_list} },
|
||||
};
|
||||
|
||||
decltype(ircd::net::acceptor::ssl_cipher_list)
|
||||
ircd::net::acceptor::ssl_cipher_list
|
||||
{
|
||||
{ "name", "ircd.net.acceptor.ssl.cipher.list" },
|
||||
{ "default", string_view{} },
|
||||
{ "name", "ircd.net.acceptor.ssl.cipher.list" },
|
||||
{ "default", string_view{ircd::net::ssl_cipher_list} },
|
||||
};
|
||||
|
||||
decltype(ircd::net::acceptor::ssl_cipher_blacklist)
|
||||
ircd::net::acceptor::ssl_cipher_blacklist
|
||||
{
|
||||
{ "name", "ircd.net.acceptor.ssl.cipher.blacklist" },
|
||||
{ "default", string_view{} },
|
||||
{ "name", "ircd.net.acceptor.ssl.cipher.blacklist" },
|
||||
{ "default", string_view{ircd::net::ssl_cipher_blacklist} },
|
||||
};
|
||||
|
||||
bool
|
||||
|
|
@ -1989,6 +1996,7 @@ ircd::net::acceptor::configure(const json::object &opts)
|
|||
ircd::tokens(ciphers, ':', [&res, &blacklist]
|
||||
(const string_view &cipher)
|
||||
{
|
||||
assert(cipher);
|
||||
if(!has(blacklist, cipher))
|
||||
res << cipher << ':';
|
||||
});
|
||||
|
|
@ -2009,6 +2017,12 @@ ircd::net::acceptor::configure(const json::object &opts)
|
|||
assert(ssl.native_handle());
|
||||
openssl::set_curves(*ssl.native_handle(), list);
|
||||
}
|
||||
else if(!empty(string_view(ssl_curve_list)))
|
||||
{
|
||||
const string_view &list(ssl_curve_list);
|
||||
assert(ssl.native_handle());
|
||||
openssl::set_curves(*ssl.native_handle(), list);
|
||||
}
|
||||
|
||||
if(!empty(unquote(opts["certificate_chain_path"])))
|
||||
{
|
||||
|
|
@ -2409,6 +2423,27 @@ ircd::net::scope_timeout::release()
|
|||
// net/socket.h
|
||||
//
|
||||
|
||||
decltype(ircd::net::ssl_curve_list)
|
||||
ircd::net::ssl_curve_list
|
||||
{
|
||||
{ "name", "ircd.net.ssl.curve.list" },
|
||||
{ "default", string_view{} },
|
||||
};
|
||||
|
||||
decltype(ircd::net::ssl_cipher_list)
|
||||
ircd::net::ssl_cipher_list
|
||||
{
|
||||
{ "name", "ircd.net.ssl.cipher.list" },
|
||||
{ "default", string_view{} },
|
||||
};
|
||||
|
||||
decltype(ircd::net::ssl_cipher_blacklist)
|
||||
ircd::net::ssl_cipher_blacklist
|
||||
{
|
||||
{ "name", "ircd.net.ssl.cipher.blacklist" },
|
||||
{ "default", string_view{} },
|
||||
};
|
||||
|
||||
boost::asio::ssl::context
|
||||
ircd::net::sslv23_client
|
||||
{
|
||||
|
|
|
|||
Loading…
Reference in a new issue