walkero
/
nghttp2
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

nghttpx: Show warning if PSK options are used but not supported

This commit is contained in:
Tatsuhiro Tsujikawa 2017-01-26 20:34:58 +09:00
parent 16be89f9cc
commit 1cc08c0a51
2 changed files with 14 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/shrpx.cc
View File

@ -2119,7 +2119,6 @@ SSL/TLS:
argument <CERT>, or certificate option in configuration argument <CERT>, or certificate option in configuration
file. For additional certificates, use --subcert file. For additional certificates, use --subcert
option. This option requires OpenSSL >= 1.0.2. option. This option requires OpenSSL >= 1.0.2.
#if !LIBRESSL_IN_USE
--psk-secrets=<PATH> --psk-secrets=<PATH>
Read list of PSK identity and secrets from <PATH>. This Read list of PSK identity and secrets from <PATH>. This
is used for frontend connection. The each line of input is used for frontend connection. The each line of input
@ -2147,7 +2146,6 @@ SSL/TLS:
HTTP/2. To use those cipher suites with HTTP/2, HTTP/2. To use those cipher suites with HTTP/2,
consider to use --client-no-http2-cipher-black-list consider to use --client-no-http2-cipher-black-list
option. But be aware its implications. option. But be aware its implications.
#endif // !LIBRESSL_IN_USE
HTTP/2 and SPDY: HTTP/2 and SPDY:
-c, --frontend-http2-max-concurrent-streams=<N> -c, --frontend-http2-max-concurrent-streams=<N>
@ -3127,10 +3125,8 @@ int main(int argc, char **argv) {
{SHRPX_OPT_DNS_MAX_TRY.c_str(), required_argument, &flag, 145}, {SHRPX_OPT_DNS_MAX_TRY.c_str(), required_argument, &flag, 145},
{SHRPX_OPT_FRONTEND_KEEP_ALIVE_TIMEOUT.c_str(), required_argument, {SHRPX_OPT_FRONTEND_KEEP_ALIVE_TIMEOUT.c_str(), required_argument,
&flag, 146}, &flag, 146},
#if !LIBRESSL_IN_USE
{SHRPX_OPT_PSK_SECRETS.c_str(), required_argument, &flag, 147}, {SHRPX_OPT_PSK_SECRETS.c_str(), required_argument, &flag, 147},
{SHRPX_OPT_CLIENT_PSK_SECRETS.c_str(), required_argument, &flag, 148}, {SHRPX_OPT_CLIENT_PSK_SECRETS.c_str(), required_argument, &flag, 148},
#endif
{SHRPX_OPT_CLIENT_NO_HTTP2_CIPHER_BLACK_LIST.c_str(), no_argument, {SHRPX_OPT_CLIENT_NO_HTTP2_CIPHER_BLACK_LIST.c_str(), no_argument,
&flag, 149}, &flag, 149},
{SHRPX_OPT_CLIENT_CIPHERS.c_str(), required_argument, &flag, 150}, {SHRPX_OPT_CLIENT_CIPHERS.c_str(), required_argument, &flag, 150},
@ -3825,7 +3821,6 @@ int main(int argc, char **argv) {
cmdcfgs.emplace_back(SHRPX_OPT_FRONTEND_KEEP_ALIVE_TIMEOUT, cmdcfgs.emplace_back(SHRPX_OPT_FRONTEND_KEEP_ALIVE_TIMEOUT,
StringRef{optarg}); StringRef{optarg});
break; break;
#if !LIBRESSL_IN_USE
case 147: case 147:
// --psk-secrets // --psk-secrets
cmdcfgs.emplace_back(SHRPX_OPT_PSK_SECRETS, StringRef{optarg}); cmdcfgs.emplace_back(SHRPX_OPT_PSK_SECRETS, StringRef{optarg});
@ -3834,7 +3829,6 @@ int main(int argc, char **argv) {
// --client-psk-secrets // --client-psk-secrets
cmdcfgs.emplace_back(SHRPX_OPT_CLIENT_PSK_SECRETS, StringRef{optarg}); cmdcfgs.emplace_back(SHRPX_OPT_CLIENT_PSK_SECRETS, StringRef{optarg});
break; break;
#endif // !LIBRESSL_IN_USE
case 149: case 149:
// --client-no-http2-cipher-black-list // --client-no-http2-cipher-black-list
cmdcfgs.emplace_back(SHRPX_OPT_CLIENT_NO_HTTP2_CIPHER_BLACK_LIST, cmdcfgs.emplace_back(SHRPX_OPT_CLIENT_NO_HTTP2_CIPHER_BLACK_LIST,

20
src/shrpx_config.cc
View File

@ -1494,12 +1494,10 @@ int option_lookup_token(const char *name, size_t namelen) {
if (util::strieq_l("ecdh-curve", name, 10)) { if (util::strieq_l("ecdh-curve", name, 10)) {
return SHRPX_OPTID_ECDH_CURVES; return SHRPX_OPTID_ECDH_CURVES;
} }
#if !LIBRESSL_IN_USE
if (util::strieq_l("psk-secret", name, 10)) { if (util::strieq_l("psk-secret", name, 10)) {
return SHRPX_OPTID_PSK_SECRETS; return SHRPX_OPTID_PSK_SECRETS;
} }
break; break;
#endif
case 't': case 't':
if (util::strieq_l("write-burs", name, 10)) { if (util::strieq_l("write-burs", name, 10)) {
return SHRPX_OPTID_WRITE_BURST; return SHRPX_OPTID_WRITE_BURST;
@ -1689,13 +1687,11 @@ int option_lookup_token(const char *name, size_t namelen) {
return SHRPX_OPTID_ADD_REQUEST_HEADER; return SHRPX_OPTID_ADD_REQUEST_HEADER;
} }
break; break;
#if !LIBRESSL_IN_USE
case 's': case 's':
if (util::strieq_l("client-psk-secret", name, 17)) { if (util::strieq_l("client-psk-secret", name, 17)) {
return SHRPX_OPTID_CLIENT_PSK_SECRETS; return SHRPX_OPTID_CLIENT_PSK_SECRETS;
} }
break; break;
#endif // !LIBRESSL_IN_USE
case 't': case 't':
if (util::strieq_l("dns-lookup-timeou", name, 17)) { if (util::strieq_l("dns-lookup-timeou", name, 17)) {
return SHRPX_OPTID_DNS_LOOKUP_TIMEOUT; return SHRPX_OPTID_DNS_LOOKUP_TIMEOUT;
@ -3291,12 +3287,24 @@ int parse_config(Config *config, int optid, const StringRef &opt,
case SHRPX_OPTID_FRONTEND_KEEP_ALIVE_TIMEOUT: case SHRPX_OPTID_FRONTEND_KEEP_ALIVE_TIMEOUT:
return parse_duration(&config->conn.upstream.timeout.idle_read, opt, return parse_duration(&config->conn.upstream.timeout.idle_read, opt,
optarg); optarg);
#if !LIBRESSL_IN_USE
case SHRPX_OPTID_PSK_SECRETS: case SHRPX_OPTID_PSK_SECRETS:
#if !LIBRESSL_IN_USE
return parse_psk_secrets(config, optarg); return parse_psk_secrets(config, optarg);
#else // LIBRESSL_IN_USE
LOG(WARN)
<< opt
<< ": ignored because underlying TLS library does not support PSK";
return 0;
#endif // LIBRESSL_IN_USE
case SHRPX_OPTID_CLIENT_PSK_SECRETS: case SHRPX_OPTID_CLIENT_PSK_SECRETS:
#if !LIBRESSL_IN_USE
return parse_client_psk_secrets(config, optarg); return parse_client_psk_secrets(config, optarg);
#endif // !LIBRESSL_IN_USE #else // LIBRESSL_IN_USE
LOG(WARN)
<< opt
<< ": ignored because underlying TLS library does not support PSK";
return 0;
#endif // LIBRESSL_IN_USE
case SHRPX_OPTID_CLIENT_NO_HTTP2_CIPHER_BLACK_LIST: case SHRPX_OPTID_CLIENT_NO_HTTP2_CIPHER_BLACK_LIST:
config->tls.client.no_http2_cipher_black_list = config->tls.client.no_http2_cipher_black_list =
util::strieq_l("yes", optarg); util::strieq_l("yes", optarg);