Commit Diff
Commit:
c7c8ef448bc8832998606ec217907c7dc66fec6c
Date:
Sat Jan 1 19:04:50 2022
UTC
Message:
add `protocols' option to `proxy' rule
--- gmid.h
+++ gmid.h
@@ -100,6 +100,7 @@ struct proxy {
struct proxy {
char *host;
const char *port;
+ uint32_t protocols;
int noverifyname;
uint8_t *cert;
size_t certlen;
--- parse.y
+++ parse.y
@@ -308,6 +308,12 @@ proxy_opt : CERT string {
p->key = tls_load_file($2, &p->keylen, NULL);
if (p->key == NULL)
yyerror("can't load key %s", $2);
+ }
+ | PROTOCOLS string {
+ struct proxy *p = &host->proxy;
+
+ if (tls_config_parse_protocols(&p->protocols, $2) == -1)
+ yyerror("invalid protocols string \"%s\"", $2);
}
| RELAY_TO string {
char *at;
@@ -961,7 +967,11 @@ new_vhost(void)
struct vhost *
new_vhost(void)
{
- return xcalloc(1, sizeof(struct vhost));
+ struct vhost *v;
+
+ v = xcalloc(1, sizeof(*v));
+ v->proxy.protocols = TLS_PROTOCOLS_DEFAULT;
+ return v;
}
struct location *
--- proxy.c
+++ proxy.c
@@ -295,8 +295,8 @@ proxy_init(struct client *c)
if (p->noverifyname)
tls_config_insecure_noverifyname(conf);
- /* TODO: tls_config_set_protocols here */
tls_config_insecure_noverifycert(conf);
+ tls_config_set_protocols(conf, p->protocols);
if (p->cert != NULL) {
int r;
Omar Polo