Do not compare TLS config params for non-TLS servers. This allows to

mix 'listen * port 80' and 'listen * tls port 443' in one server block.
Also the last argument of server_tls_cmp - match_keypair - is always 0
so remove this code.
OK florian@ tb@ some long time ago

diff --git a/usr.sbin/httpd/httpd.h b/usr.sbin/httpd/httpd.h
index 67c3851..39b1089 100644 (file)
--- a/usr.sbin/httpd/httpd.h
+++ b/usr.sbin/httpd/httpd.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: httpd.h,v 1.154 2021/01/27 07:21:52 deraadt Exp $     */
+/*     $OpenBSD: httpd.h,v 1.155 2021/04/10 10:10:07 claudio Exp $     */
 
 /*
  * Copyright (c) 2006 - 2015 Reyk Floeter <reyk@openbsd.org>
@@ -622,7 +622,7 @@ int  cmdline_symset(char *);
 
 /* server.c */
 void    server(struct privsep *, struct privsep_proc *);
-int     server_tls_cmp(struct server *, struct server *, int);
+int     server_tls_cmp(struct server *, struct server *);
 int     server_tls_load_ca(struct server *);
 int     server_tls_load_crl(struct server *);
 int     server_tls_load_keypair(struct server *);

diff --git a/usr.sbin/httpd/parse.y b/usr.sbin/httpd/parse.y
index b207dca..0edec5a 100644 (file)
--- a/usr.sbin/httpd/parse.y
+++ b/usr.sbin/httpd/parse.y
@@ -1,4 +1,4 @@
-/*     $OpenBSD: parse.y,v 1.124 2021/01/22 13:07:17 benno Exp $       */
+/*     $OpenBSD: parse.y,v 1.125 2021/04/10 10:10:07 claudio Exp $     */
 
 /*
  * Copyright (c) 2020 Matthias Pressfreund <mpfr@fn.de>
@@ -333,7 +333,8 @@ server              : SERVER optmatch STRING        {
                                        free(srv);
                                        YYERROR;
                                }
-                               if (server_tls_cmp(s, srv, 0) != 0) {
+                               if (srv->srv_conf.flags & SRVFLAG_TLS &&
+                                   server_tls_cmp(s, srv) != 0) {
                                        yyerror("server \"%s\": tls "
                                            "configuration mismatch on same "
                                            "address/port",

diff --git a/usr.sbin/httpd/server.c b/usr.sbin/httpd/server.c
index 1cd8c15..5ec3fac 100644 (file)
--- a/usr.sbin/httpd/server.c
+++ b/usr.sbin/httpd/server.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: server.c,v 1.124 2021/01/02 18:35:07 tb Exp $ */
+/*     $OpenBSD: server.c,v 1.125 2021/04/10 10:10:07 claudio Exp $    */
 
 /*
  * Copyright (c) 2006 - 2015 Reyk Floeter <reyk@openbsd.org>
@@ -127,7 +127,7 @@ server_privinit(struct server *srv)
 }
 
 int
-server_tls_cmp(struct server *s1, struct server *s2, int match_keypair)
+server_tls_cmp(struct server *s1, struct server *s2)
 {
        struct server_config    *sc1, *sc2;
 
@@ -147,13 +147,6 @@ server_tls_cmp(struct server *s1, struct server *s2, int match_keypair)
        if (strcmp(sc1->tls_ecdhe_curves, sc2->tls_ecdhe_curves) != 0)
                return (-1);
 
-       if (match_keypair) {
-               if (strcmp(sc1->tls_cert_file, sc2->tls_cert_file) != 0)
-                       return (-1);
-               if (strcmp(sc1->tls_key_file, sc2->tls_key_file) != 0)
-                       return (-1);
-       }
-
        return (0);
 }