diff options
Diffstat (limited to 'parse.y')
-rw-r--r-- | parse.y | 40 |
1 files changed, 35 insertions, 5 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.61 2015/02/07 01:23:12 reyk Exp $ */ +/* $OpenBSD: parse.y,v 1.64 2015/02/08 04:50:32 reyk Exp $ */ /* * Copyright (c) 2007 - 2015 Reyk Floeter <reyk@openbsd.org> @@ -130,9 +130,9 @@ typedef struct { %} %token ACCESS ALIAS AUTO BACKLOG BODY BUFFER CERTIFICATE CHROOT CIPHERS COMMON -%token COMBINED CONNECTION DIRECTORY ERR FCGI INDEX IP KEY LISTEN LOCATION -%token LOG LOGDIR MAXIMUM NO NODELAY ON PORT PREFORK REQUEST REQUESTS ROOT -%token SACK SERVER SOCKET STRIP STYLE SYSLOG TCP TIMEOUT TLS TYPES +%token COMBINED CONNECTION DHE DIRECTORY ECDHE ERR FCGI INDEX IP KEY LISTEN +%token LOCATION LOG LOGDIR MAXIMUM NO NODELAY ON PORT PREFORK REQUEST REQUESTS +%token ROOT SACK SERVER SOCKET STRIP STYLE SYSLOG TCP TIMEOUT TLS TYPES %token ERROR INCLUDE AUTHENTICATE WITH BLOCK DROP RETURN PASS %token <v.string> STRING %token <v.number> NUMBER @@ -242,8 +242,15 @@ server : SERVER STRING { if ((s->srv_conf.tls_key_file = strdup(HTTPD_TLS_KEY)) == NULL) fatal("out of memory"); - strlcpy(s->srv_conf.tls_ciphers, HTTPD_TLS_CIPHERS, + strlcpy(s->srv_conf.tls_ciphers, + HTTPD_TLS_CIPHERS, sizeof(s->srv_conf.tls_ciphers)); + strlcpy(s->srv_conf.tls_dhe_params, + HTTPD_TLS_DHE_PARAMS, + sizeof(s->srv_conf.tls_dhe_params)); + strlcpy(s->srv_conf.tls_ecdhe_curve, + HTTPD_TLS_ECDHE_CURVE, + sizeof(s->srv_conf.tls_ecdhe_curve)); if (last_server_id == INT_MAX) { yyerror("too many servers defined"); @@ -616,6 +623,26 @@ tlsopts : CERTIFICATE STRING { } free($2); } + | DHE STRING { + if (strlcpy(srv_conf->tls_dhe_params, $2, + sizeof(srv_conf->tls_dhe_params)) >= + sizeof(srv_conf->tls_dhe_params)) { + yyerror("dhe too long"); + free($2); + YYERROR; + } + free($2); + } + | ECDHE STRING { + if (strlcpy(srv_conf->tls_ecdhe_curve, $2, + sizeof(srv_conf->tls_ecdhe_curve)) >= + sizeof(srv_conf->tls_ecdhe_curve)) { + yyerror("ecdhe too long"); + free($2); + YYERROR; + } + free($2); + } ; root : ROOT rootflags @@ -1049,8 +1076,10 @@ lookup(char *s) { "combined", COMBINED }, { "common", COMMON }, { "connection", CONNECTION }, + { "dhe", DHE }, { "directory", DIRECTORY }, { "drop", DROP }, + { "ecdhe", ECDHE }, { "error", ERR }, { "fastcgi", FCGI }, { "include", INCLUDE }, @@ -1665,6 +1694,7 @@ host_dns(const char *s, struct addresslist *al, int max, memset(&hints, 0, sizeof(hints)); hints.ai_family = PF_UNSPEC; hints.ai_socktype = SOCK_DGRAM; /* DUMMY */ + hints.ai_flags = AI_ADDRCONFIG; error = getaddrinfo(s, NULL, &hints, &res0); if (error == EAI_AGAIN || error == EAI_NODATA || error == EAI_NONAME) return (0); |