diff options
author | Reyk Floeter <reyk@esdenera.com> | 2015-02-24 08:57:19 +0100 |
---|---|---|
committer | Reyk Floeter <reyk@esdenera.com> | 2015-02-24 08:57:19 +0100 |
commit | be1b7213b8e8d0de98b5a6445504a583e8c9a064 (patch) | |
tree | b7360e53b785340929ce2e4722703fd97c121f26 /parse.y | |
parent | 8a2934048ba934e50ecc1736d554036fc39f6752 (diff) | |
download | httpd-be1b7213b8e8d0de98b5a6445504a583e8c9a064.tar.gz httpd-be1b7213b8e8d0de98b5a6445504a583e8c9a064.zip |
Allow to specify CGI variables as macros in redirection strings, eg.OPENBSD_5_7_BASE
block return 301 "http://www.example.com/$REQUEST_URI"
OK tedu@ florian@
Add return_uri to serverconfig_reset() to avoid using garbage from the
imsg buffer.
Debugging & OK halex@
Change TLS_PROTOCOLS_DEFAULT to be TLSv1.2 only. Add a TLS_PROTOCOLS_ALL
that includes all currently supported protocols (TLSv1.0, TLSv1.1 and
TLSv1.2). Change all users of libtls to use TLS_PROTOCOLS_ALL so that they
maintain existing behaviour.
Discussed with tedu@ and reyk@.
Diffstat (limited to 'parse.y')
-rw-r--r-- | parse.y | 25 |
1 files changed, 22 insertions, 3 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.64 2015/02/08 04:50:32 reyk Exp $ */ +/* $OpenBSD: parse.y,v 1.65 2015/02/12 04:40:23 jsing Exp $ */ /* * Copyright (c) 2007 - 2015 Reyk Floeter <reyk@openbsd.org> @@ -131,8 +131,9 @@ typedef struct { %token ACCESS ALIAS AUTO BACKLOG BODY BUFFER CERTIFICATE CHROOT CIPHERS COMMON %token COMBINED CONNECTION DHE DIRECTORY ECDHE ERR FCGI INDEX IP KEY LISTEN -%token LOCATION LOG LOGDIR MAXIMUM NO NODELAY ON PORT PREFORK REQUEST REQUESTS -%token ROOT SACK SERVER SOCKET STRIP STYLE SYSLOG TCP TIMEOUT TLS TYPES +%token LOCATION LOG LOGDIR MAXIMUM NO NODELAY ON PORT PREFORK PROTOCOLS +%token REQUEST REQUESTS ROOT SACK SERVER SOCKET STRIP STYLE SYSLOG TCP TIMEOUT +%token TLS TYPES %token ERROR INCLUDE AUTHENTICATE WITH BLOCK DROP RETURN PASS %token <v.string> STRING %token <v.number> NUMBER @@ -236,6 +237,7 @@ server : SERVER STRING { s->srv_conf.maxrequestbody = SERVER_MAXREQUESTBODY; s->srv_conf.flags |= SRVFLAG_LOG; s->srv_conf.logformat = LOG_FORMAT_COMMON; + s->srv_conf.tls_protocols = TLS_PROTOCOLS_ALL; if ((s->srv_conf.tls_cert_file = strdup(HTTPD_TLS_CERT)) == NULL) fatal("out of memory"); @@ -297,6 +299,13 @@ server : SERVER STRING { YYERROR; } + if ((srv->srv_conf.flags & SRVFLAG_TLS) && + srv->srv_conf.tls_protocols == 0) { + yyerror("no TLS protocols"); + free(srv); + YYERROR; + } + if (server_tls_load_keypair(srv) == -1) { yyerror("failed to load public/private keys " "for server %s", srv->srv_conf.name); @@ -643,6 +652,15 @@ tlsopts : CERTIFICATE STRING { } free($2); } + | PROTOCOLS STRING { + if (tls_config_parse_protocols( + &srv_conf->tls_protocols, $2) != 0) { + yyerror("invalid TLS protocols"); + free($2); + YYERROR; + } + free($2); + } ; root : ROOT rootflags @@ -1097,6 +1115,7 @@ lookup(char *s) { "pass", PASS }, { "port", PORT }, { "prefork", PREFORK }, + { "protocols", PROTOCOLS }, { "request", REQUEST }, { "requests", REQUESTS }, { "return", RETURN }, |