Commit Diff
Diff:
5128c0b0e3b51737783c4c68c9e34a76ec8c8b0e
c7c8ef448bc8832998606ec217907c7dc66fec6c
Commit:
c7c8ef448bc8832998606ec217907c7dc66fec6c
Tree:
2d935588f4ba9c3a4dac7a8cc0f028ea1c6351ee
Author:
Omar Polo <op@omarpolo.com>
Date:
Sat Jan 1 19:04:50 2022 UTC
Message:
add `protocols' option to `proxy' rule
commit - 5128c0b0e3b51737783c4c68c9e34a76ec8c8b0e
commit + c7c8ef448bc8832998606ec217907c7dc66fec6c
blob - 5f6b000d448e4bd597c4e0704733418c6c1a3e4a
blob + d02811520afc65b1f7e15aecd289f6608fd2daed
--- gmid.h
+++ gmid.h
@@ -100,6 +100,7 @@ struct proxy {
struct proxy {
char *host;
const char *port;
+ uint32_t protocols;
int noverifyname;
uint8_t *cert;
size_t certlen;
blob - d21500672c4d2f4947b4c517dce81d052c0e3820
blob + 6359227df8680bb34dbb84cb46eab049ebf2b502
--- parse.y
+++ parse.y
@@ -308,6 +308,12 @@ proxy_opt : CERT string {
p->key = tls_load_file($2, &p->keylen, NULL);
if (p->key == NULL)
yyerror("can't load key %s", $2);
+ }
+ | PROTOCOLS string {
+ struct proxy *p = &host->proxy;
+
+ if (tls_config_parse_protocols(&p->protocols, $2) == -1)
+ yyerror("invalid protocols string \"%s\"", $2);
}
| RELAY_TO string {
char *at;
@@ -961,7 +967,11 @@ new_vhost(void)
struct vhost *
new_vhost(void)
{
- return xcalloc(1, sizeof(struct vhost));
+ struct vhost *v;
+
+ v = xcalloc(1, sizeof(*v));
+ v->proxy.protocols = TLS_PROTOCOLS_DEFAULT;
+ return v;
}
struct location *
blob - 87791deac3d9c75cb89b0928b32b794dba64725e
blob + 7face977e4f7d69f0ea49079d7f6c56fe28fa017
--- proxy.c
+++ proxy.c
@@ -295,8 +295,8 @@ proxy_init(struct client *c)
if (p->noverifyname)
tls_config_insecure_noverifyname(conf);
- /* TODO: tls_config_set_protocols here */
tls_config_insecure_noverifycert(conf);
+ tls_config_set_protocols(conf, p->protocols);
if (p->cert != NULL) {
int r;
Omar Polo