aboutsummaryrefslogtreecommitdiff
path: root/parse.y
diff options
context:
space:
mode:
Diffstat (limited to 'parse.y')
-rw-r--r--parse.y40
1 files changed, 35 insertions, 5 deletions
diff --git a/parse.y b/parse.y
index daf61c2..51f7d98 100644
--- a/parse.y
+++ b/parse.y
@@ -1,4 +1,4 @@
-/* $OpenBSD: parse.y,v 1.61 2015/02/07 01:23:12 reyk Exp $ */
+/* $OpenBSD: parse.y,v 1.64 2015/02/08 04:50:32 reyk Exp $ */
/*
* Copyright (c) 2007 - 2015 Reyk Floeter <reyk@openbsd.org>
@@ -130,9 +130,9 @@ typedef struct {
%}
%token ACCESS ALIAS AUTO BACKLOG BODY BUFFER CERTIFICATE CHROOT CIPHERS COMMON
-%token COMBINED CONNECTION DIRECTORY ERR FCGI INDEX IP KEY LISTEN LOCATION
-%token LOG LOGDIR MAXIMUM NO NODELAY ON PORT PREFORK REQUEST REQUESTS ROOT
-%token SACK SERVER SOCKET STRIP STYLE SYSLOG TCP TIMEOUT TLS TYPES
+%token COMBINED CONNECTION DHE DIRECTORY ECDHE ERR FCGI INDEX IP KEY LISTEN
+%token LOCATION LOG LOGDIR MAXIMUM NO NODELAY ON PORT PREFORK REQUEST REQUESTS
+%token ROOT SACK SERVER SOCKET STRIP STYLE SYSLOG TCP TIMEOUT TLS TYPES
%token ERROR INCLUDE AUTHENTICATE WITH BLOCK DROP RETURN PASS
%token <v.string> STRING
%token <v.number> NUMBER
@@ -242,8 +242,15 @@ server : SERVER STRING {
if ((s->srv_conf.tls_key_file =
strdup(HTTPD_TLS_KEY)) == NULL)
fatal("out of memory");
- strlcpy(s->srv_conf.tls_ciphers, HTTPD_TLS_CIPHERS,
+ strlcpy(s->srv_conf.tls_ciphers,
+ HTTPD_TLS_CIPHERS,
sizeof(s->srv_conf.tls_ciphers));
+ strlcpy(s->srv_conf.tls_dhe_params,
+ HTTPD_TLS_DHE_PARAMS,
+ sizeof(s->srv_conf.tls_dhe_params));
+ strlcpy(s->srv_conf.tls_ecdhe_curve,
+ HTTPD_TLS_ECDHE_CURVE,
+ sizeof(s->srv_conf.tls_ecdhe_curve));
if (last_server_id == INT_MAX) {
yyerror("too many servers defined");
@@ -616,6 +623,26 @@ tlsopts : CERTIFICATE STRING {
}
free($2);
}
+ | DHE STRING {
+ if (strlcpy(srv_conf->tls_dhe_params, $2,
+ sizeof(srv_conf->tls_dhe_params)) >=
+ sizeof(srv_conf->tls_dhe_params)) {
+ yyerror("dhe too long");
+ free($2);
+ YYERROR;
+ }
+ free($2);
+ }
+ | ECDHE STRING {
+ if (strlcpy(srv_conf->tls_ecdhe_curve, $2,
+ sizeof(srv_conf->tls_ecdhe_curve)) >=
+ sizeof(srv_conf->tls_ecdhe_curve)) {
+ yyerror("ecdhe too long");
+ free($2);
+ YYERROR;
+ }
+ free($2);
+ }
;
root : ROOT rootflags
@@ -1049,8 +1076,10 @@ lookup(char *s)
{ "combined", COMBINED },
{ "common", COMMON },
{ "connection", CONNECTION },
+ { "dhe", DHE },
{ "directory", DIRECTORY },
{ "drop", DROP },
+ { "ecdhe", ECDHE },
{ "error", ERR },
{ "fastcgi", FCGI },
{ "include", INCLUDE },
@@ -1665,6 +1694,7 @@ host_dns(const char *s, struct addresslist *al, int max,
memset(&hints, 0, sizeof(hints));
hints.ai_family = PF_UNSPEC;
hints.ai_socktype = SOCK_DGRAM; /* DUMMY */
+ hints.ai_flags = AI_ADDRCONFIG;
error = getaddrinfo(s, NULL, &hints, &res0);
if (error == EAI_AGAIN || error == EAI_NODATA || error == EAI_NONAME)
return (0);
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion