From: eric <eric@openbsd.org>
Date: Wed, 12 Jun 2019 17:42:53 +0000 (+0000)
Subject: change "ssl" to "tls" in various identifiers.
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=9ac7cdfd29175e909d5e6e79fc21d823a762e9c4;p=openbsd

change "ssl" to "tls" in various identifiers.
no functional change.

ok gilles@
---

diff --git a/usr.sbin/smtpd/iobuf.c b/usr.sbin/smtpd/iobuf.c
index 27c404a0b7a..a72243587a1 100644
--- a/usr.sbin/smtpd/iobuf.c
+++ b/usr.sbin/smtpd/iobuf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: iobuf.c,v 1.10 2017/03/17 20:56:04 eric Exp $	*/
+/*	$OpenBSD: iobuf.c,v 1.11 2019/06/12 17:42:53 eric Exp $	*/
 /*
  * Copyright (c) 2012 Eric Faurot <eric@openbsd.org>
  *
@@ -26,7 +26,7 @@
 #include <string.h>
 #include <unistd.h>
 
-#ifdef IO_SSL
+#ifdef IO_TLS
 #include <openssl/err.h>
 #include <openssl/ssl.h>
 #endif
@@ -386,31 +386,31 @@ iobuf_flush(struct iobuf *io, int fd)
 	return (0);
 }
 
-#ifdef IO_SSL
+#ifdef IO_TLS
 
 int
-iobuf_flush_ssl(struct iobuf *io, void *ssl)
+iobuf_flush_tls(struct iobuf *io, void *tls)
 {
 	ssize_t	s;
 
 	while (io->queued)
-		if ((s = iobuf_write_ssl(io, ssl)) < 0)
+		if ((s = iobuf_write_tls(io, tls)) < 0)
 			return (s);
 
 	return (0);
 }
 
 ssize_t
-iobuf_write_ssl(struct iobuf *io, void *ssl)
+iobuf_write_tls(struct iobuf *io, void *tls)
 {
 	struct ioqbuf	*q;
 	int		 r;
 	ssize_t		 n;
 
 	q = io->outq;
-	n = SSL_write(ssl, q->buf + q->rpos, q->wpos - q->rpos);
+	n = SSL_write(tls, q->buf + q->rpos, q->wpos - q->rpos);
 	if (n <= 0) {
-		switch ((r = SSL_get_error(ssl, n))) {
+		switch ((r = SSL_get_error(tls, n))) {
 		case SSL_ERROR_WANT_READ:
 			return (IOBUF_WANT_READ);
 		case SSL_ERROR_WANT_WRITE:
@@ -419,12 +419,12 @@ iobuf_write_ssl(struct iobuf *io, void *ssl)
 			return (IOBUF_CLOSED);
 		case SSL_ERROR_SYSCALL:
 			if (ERR_peek_last_error())
-				return (IOBUF_SSLERROR);
+				return (IOBUF_TLSERROR);
 			if (r == 0)
 				errno = EPIPE;
 			return (IOBUF_ERROR);
 		default:
-			return (IOBUF_SSLERROR);
+			return (IOBUF_TLSERROR);
 		}
 	}
 	iobuf_drain(io, n);
@@ -433,26 +433,26 @@ iobuf_write_ssl(struct iobuf *io, void *ssl)
 }
 
 ssize_t
-iobuf_read_ssl(struct iobuf *io, void *ssl)
+iobuf_read_tls(struct iobuf *io, void *tls)
 {
 	ssize_t	n;
 	int	r;
 
-	n = SSL_read(ssl, io->buf + io->wpos, iobuf_left(io));
+	n = SSL_read(tls, io->buf + io->wpos, iobuf_left(io));
 	if (n < 0) {
-		switch ((r = SSL_get_error(ssl, n))) {
+		switch ((r = SSL_get_error(tls, n))) {
 		case SSL_ERROR_WANT_READ:
 			return (IOBUF_WANT_READ);
 		case SSL_ERROR_WANT_WRITE:
 			return (IOBUF_WANT_WRITE);
 		case SSL_ERROR_SYSCALL:
 			if (ERR_peek_last_error())
-				return (IOBUF_SSLERROR);
+				return (IOBUF_TLSERROR);
 			if (r == 0)
 				errno = EPIPE;
 			return (IOBUF_ERROR);
 		default:
-			return (IOBUF_SSLERROR);
+			return (IOBUF_TLSERROR);
 		}
 	} else if (n == 0)
 		return (IOBUF_CLOSED);
@@ -462,4 +462,4 @@ iobuf_read_ssl(struct iobuf *io, void *ssl)
 	return (n);
 }
 
-#endif /* IO_SSL */
+#endif /* IO_TLS */
diff --git a/usr.sbin/smtpd/iobuf.h b/usr.sbin/smtpd/iobuf.h
index e1f2745427a..c454d0a1407 100644
--- a/usr.sbin/smtpd/iobuf.h
+++ b/usr.sbin/smtpd/iobuf.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: iobuf.h,v 1.4 2015/01/20 17:37:54 deraadt Exp $	*/
+/*	$OpenBSD: iobuf.h,v 1.5 2019/06/12 17:42:53 eric Exp $	*/
 /*
  * Copyright (c) 2012 Eric Faurot <eric@openbsd.org>
  *
@@ -39,7 +39,7 @@ struct iobuf {
 #define IOBUF_WANT_WRITE	-2
 #define IOBUF_CLOSED		-3
 #define IOBUF_ERROR		-4
-#define IOBUF_SSLERROR		-5
+#define IOBUF_TLSERROR		-5
 
 int	iobuf_init(struct iobuf *, size_t, size_t);
 void	iobuf_clear(struct iobuf *);
@@ -53,7 +53,7 @@ size_t	iobuf_left(struct iobuf *);
 char   *iobuf_data(struct iobuf *);
 char   *iobuf_getline(struct iobuf *, size_t *);
 ssize_t	iobuf_read(struct iobuf *, int);
-ssize_t	iobuf_read_ssl(struct iobuf *, void *);
+ssize_t	iobuf_read_tls(struct iobuf *, void *);
 
 size_t  iobuf_queued(struct iobuf *);
 void*   iobuf_reserve(struct iobuf *, size_t);
@@ -62,6 +62,6 @@ int	iobuf_queuev(struct iobuf *, const struct iovec *, int);
 int	iobuf_fqueue(struct iobuf *, const char *, ...);
 int	iobuf_vfqueue(struct iobuf *, const char *, va_list);
 int	iobuf_flush(struct iobuf *, int);
-int	iobuf_flush_ssl(struct iobuf *, void *);
+int	iobuf_flush_tls(struct iobuf *, void *);
 ssize_t	iobuf_write(struct iobuf *, int);
-ssize_t	iobuf_write_ssl(struct iobuf *, void *);
+ssize_t	iobuf_write_tls(struct iobuf *, void *);
diff --git a/usr.sbin/smtpd/ioev.c b/usr.sbin/smtpd/ioev.c
index 44690766388..d36210fd7dd 100644
--- a/usr.sbin/smtpd/ioev.c
+++ b/usr.sbin/smtpd/ioev.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ioev.c,v 1.41 2017/05/17 14:00:06 deraadt Exp $	*/
+/*	$OpenBSD: ioev.c,v 1.42 2019/06/12 17:42:53 eric Exp $	*/
 /*
  * Copyright (c) 2012 Eric Faurot <eric@openbsd.org>
  *
@@ -32,7 +32,7 @@
 #include "ioev.h"
 #include "iobuf.h"
 
-#ifdef IO_SSL
+#ifdef IO_TLS
 #include <openssl/err.h>
 #include <openssl/ssl.h>
 #endif
@@ -40,8 +40,8 @@
 enum {
 	IO_STATE_NONE,
 	IO_STATE_CONNECT,
-	IO_STATE_CONNECT_SSL,
-	IO_STATE_ACCEPT_SSL,
+	IO_STATE_CONNECT_TLS,
+	IO_STATE_ACCEPT_TLS,
 	IO_STATE_UP,
 
 	IO_STATE_MAX,
@@ -65,7 +65,7 @@ struct io {
 	int		 flags;
 	int		 state;
 	struct event	 ev;
-	void		*ssl;
+	void		*tls;
 	const char	*error; /* only valid immediately on callback */
 };
 
@@ -84,15 +84,15 @@ void	io_reset(struct io *, short, void (*)(int, short, void*));
 void	io_frame_enter(const char *, struct io *, int);
 void	io_frame_leave(struct io *);
 
-#ifdef IO_SSL
+#ifdef IO_TLS
 void	ssl_error(const char *); /* XXX external */
 
-static const char* io_ssl_error(void);
-void	io_dispatch_accept_ssl(int, short, void *);
-void	io_dispatch_connect_ssl(int, short, void *);
-void	io_dispatch_read_ssl(int, short, void *);
-void	io_dispatch_write_ssl(int, short, void *);
-void	io_reload_ssl(struct io *io);
+static const char* io_tls_error(void);
+void	io_dispatch_accept_tls(int, short, void *);
+void	io_dispatch_connect_tls(int, short, void *);
+void	io_dispatch_read_tls(int, short, void *);
+void	io_dispatch_write_tls(int, short, void *);
+void	io_reload_tls(struct io *io);
 #endif
 
 static struct io	*current = NULL;
@@ -109,12 +109,12 @@ io_strio(struct io *io)
 	char		ssl[128];
 
 	ssl[0] = '\0';
-#ifdef IO_SSL
-	if (io->ssl) {
-		(void)snprintf(ssl, sizeof ssl, " ssl=%s:%s:%d",
-		    SSL_get_version(io->ssl),
-		    SSL_get_cipher_name(io->ssl),
-		    SSL_get_cipher_bits(io->ssl, NULL));
+#ifdef IO_TLS
+	if (io->tls) {
+		(void)snprintf(ssl, sizeof ssl, " tls=%s:%s:%d",
+		    SSL_get_version(io->tls),
+		    SSL_get_cipher_name(io->tls),
+		    SSL_get_cipher_bits(io->tls, NULL));
 	}
 #endif
 
@@ -271,9 +271,9 @@ io_free(struct io *io)
 	if (io == current)
 		current = NULL;
 
-#ifdef IO_SSL
-	SSL_free(io->ssl);
-	io->ssl = NULL;
+#ifdef IO_TLS
+	SSL_free(io->tls);
+	io->tls = NULL;
 #endif
 
 	if (event_initialized(&io->ev))
@@ -398,9 +398,9 @@ io_error(struct io *io)
 }
 
 void *
-io_ssl(struct io *io)
+io_tls(struct io *io)
 {
-	return io->ssl;
+	return io->tls;
 }
 
 int
@@ -531,9 +531,9 @@ io_reload(struct io *io)
 
 	iobuf_normalize(&io->iobuf);
 
-#ifdef IO_SSL
-	if (io->ssl) {
-		io_reload_ssl(io);
+#ifdef IO_TLS
+	if (io->tls) {
+		io_reload_tls(io);
 		return;
 	}
 #endif
@@ -806,10 +806,10 @@ io_dispatch_connect(int fd, short ev, void *humppa)
 	io_frame_leave(io);
 }
 
-#ifdef IO_SSL
+#ifdef IO_TLS
 
 static const char*
-io_ssl_error(void)
+io_tls_error(void)
 {
 	static char	buf[128];
 	unsigned long	e;
@@ -820,11 +820,11 @@ io_ssl_error(void)
 		return (buf);
 	}
 
-	return ("No SSL error");
+	return ("No TLS error");
 }
 
 int
-io_start_tls(struct io *io, void *ssl)
+io_start_tls(struct io *io, void *tls)
 {
 	int	mode;
 
@@ -832,57 +832,57 @@ io_start_tls(struct io *io, void *ssl)
 	if (mode == 0 || mode == IO_RW)
 		errx(1, "io_start_tls(): full-duplex or unset");
 
-	if (io->ssl)
-		errx(1, "io_start_tls(): SSL already started");
-	io->ssl = ssl;
+	if (io->tls)
+		errx(1, "io_start_tls(): TLS already started");
+	io->tls = tls;
 
-	if (SSL_set_fd(io->ssl, io->sock) == 0) {
-		ssl_error("io_start_ssl:SSL_set_fd");
+	if (SSL_set_fd(io->tls, io->sock) == 0) {
+		ssl_error("io_start_tls:SSL_set_fd");
 		return (-1);
 	}
 
 	if (mode == IO_WRITE) {
-		io->state = IO_STATE_CONNECT_SSL;
-		SSL_set_connect_state(io->ssl);
-		io_reset(io, EV_WRITE, io_dispatch_connect_ssl);
+		io->state = IO_STATE_CONNECT_TLS;
+		SSL_set_connect_state(io->tls);
+		io_reset(io, EV_WRITE, io_dispatch_connect_tls);
 	} else {
-		io->state = IO_STATE_ACCEPT_SSL;
-		SSL_set_accept_state(io->ssl);
-		io_reset(io, EV_READ, io_dispatch_accept_ssl);
+		io->state = IO_STATE_ACCEPT_TLS;
+		SSL_set_accept_state(io->tls);
+		io_reset(io, EV_READ, io_dispatch_accept_tls);
 	}
 
 	return (0);
 }
 
 void
-io_dispatch_accept_ssl(int fd, short event, void *humppa)
+io_dispatch_accept_tls(int fd, short event, void *humppa)
 {
 	struct io	*io = humppa;
 	int		 e, ret;
 
-	io_frame_enter("io_dispatch_accept_ssl", io, event);
+	io_frame_enter("io_dispatch_accept_tls", io, event);
 
 	if (event == EV_TIMEOUT) {
 		io_callback(io, IO_TIMEOUT);
 		goto leave;
 	}
 
-	if ((ret = SSL_accept(io->ssl)) > 0) {
+	if ((ret = SSL_accept(io->tls)) > 0) {
 		io->state = IO_STATE_UP;
 		io_callback(io, IO_TLSREADY);
 		goto leave;
 	}
 
-	switch ((e = SSL_get_error(io->ssl, ret))) {
+	switch ((e = SSL_get_error(io->tls, ret))) {
 	case SSL_ERROR_WANT_READ:
-		io_reset(io, EV_READ, io_dispatch_accept_ssl);
+		io_reset(io, EV_READ, io_dispatch_accept_tls);
 		break;
 	case SSL_ERROR_WANT_WRITE:
-		io_reset(io, EV_WRITE, io_dispatch_accept_ssl);
+		io_reset(io, EV_WRITE, io_dispatch_accept_tls);
 		break;
 	default:
-		io->error = io_ssl_error();
-		ssl_error("io_dispatch_accept_ssl:SSL_accept");
+		io->error = io_tls_error();
+		ssl_error("io_dispatch_accept_tls:SSL_accept");
 		io_callback(io, IO_ERROR);
 		break;
 	}
@@ -892,33 +892,33 @@ io_dispatch_accept_ssl(int fd, short event, void *humppa)
 }
 
 void
-io_dispatch_connect_ssl(int fd, short event, void *humppa)
+io_dispatch_connect_tls(int fd, short event, void *humppa)
 {
 	struct io	*io = humppa;
 	int		 e, ret;
 
-	io_frame_enter("io_dispatch_connect_ssl", io, event);
+	io_frame_enter("io_dispatch_connect_tls", io, event);
 
 	if (event == EV_TIMEOUT) {
 		io_callback(io, IO_TIMEOUT);
 		goto leave;
 	}
 
-	if ((ret = SSL_connect(io->ssl)) > 0) {
+	if ((ret = SSL_connect(io->tls)) > 0) {
 		io->state = IO_STATE_UP;
 		io_callback(io, IO_TLSREADY);
 		goto leave;
 	}
 
-	switch ((e = SSL_get_error(io->ssl, ret))) {
+	switch ((e = SSL_get_error(io->tls, ret))) {
 	case SSL_ERROR_WANT_READ:
-		io_reset(io, EV_READ, io_dispatch_connect_ssl);
+		io_reset(io, EV_READ, io_dispatch_connect_tls);
 		break;
 	case SSL_ERROR_WANT_WRITE:
-		io_reset(io, EV_WRITE, io_dispatch_connect_ssl);
+		io_reset(io, EV_WRITE, io_dispatch_connect_tls);
 		break;
 	default:
-		io->error = io_ssl_error();
+		io->error = io_tls_error();
 		ssl_error("io_dispatch_connect_ssl:SSL_connect");
 		io_callback(io, IO_TLSERROR);
 		break;
@@ -929,12 +929,12 @@ io_dispatch_connect_ssl(int fd, short event, void *humppa)
 }
 
 void
-io_dispatch_read_ssl(int fd, short event, void *humppa)
+io_dispatch_read_tls(int fd, short event, void *humppa)
 {
 	struct io	*io = humppa;
 	int		 n, saved_errno;
 
-	io_frame_enter("io_dispatch_read_ssl", io, event);
+	io_frame_enter("io_dispatch_read_tls", io, event);
 
 	if (event == EV_TIMEOUT) {
 		io_callback(io, IO_TIMEOUT);
@@ -943,12 +943,12 @@ io_dispatch_read_ssl(int fd, short event, void *humppa)
 
 again:
 	iobuf_normalize(&io->iobuf);
-	switch ((n = iobuf_read_ssl(&io->iobuf, (SSL*)io->ssl))) {
+	switch ((n = iobuf_read_tls(&io->iobuf, (SSL*)io->tls))) {
 	case IOBUF_WANT_READ:
-		io_reset(io, EV_READ, io_dispatch_read_ssl);
+		io_reset(io, EV_READ, io_dispatch_read_tls);
 		break;
 	case IOBUF_WANT_WRITE:
-		io_reset(io, EV_WRITE, io_dispatch_read_ssl);
+		io_reset(io, EV_WRITE, io_dispatch_read_tls);
 		break;
 	case IOBUF_CLOSED:
 		io_callback(io, IO_DISCONNECTED);
@@ -959,15 +959,15 @@ again:
 		errno = saved_errno;
 		io_callback(io, IO_ERROR);
 		break;
-	case IOBUF_SSLERROR:
-		io->error = io_ssl_error();
-		ssl_error("io_dispatch_read_ssl:SSL_read");
+	case IOBUF_TLSERROR:
+		io->error = io_tls_error();
+		ssl_error("io_dispatch_read_tls:SSL_read");
 		io_callback(io, IO_ERROR);
 		break;
 	default:
-		io_debug("io_dispatch_read_ssl(...) -> r=%d\n", n);
+		io_debug("io_dispatch_read_tls(...) -> r=%d\n", n);
 		io_callback(io, IO_DATAIN);
-		if (current == io && IO_READING(io) && SSL_pending(io->ssl))
+		if (current == io && IO_READING(io) && SSL_pending(io->tls))
 			goto again;
 	}
 
@@ -976,13 +976,13 @@ again:
 }
 
 void
-io_dispatch_write_ssl(int fd, short event, void *humppa)
+io_dispatch_write_tls(int fd, short event, void *humppa)
 {
 	struct io	*io = humppa;
 	int		 n, saved_errno;
 	size_t		 w2, w;
 
-	io_frame_enter("io_dispatch_write_ssl", io, event);
+	io_frame_enter("io_dispatch_write_tls", io, event);
 
 	if (event == EV_TIMEOUT) {
 		io_callback(io, IO_TIMEOUT);
@@ -990,12 +990,12 @@ io_dispatch_write_ssl(int fd, short event, void *humppa)
 	}
 
 	w = io_queued(io);
-	switch ((n = iobuf_write_ssl(&io->iobuf, (SSL*)io->ssl))) {
+	switch ((n = iobuf_write_tls(&io->iobuf, (SSL*)io->tls))) {
 	case IOBUF_WANT_READ:
-		io_reset(io, EV_READ, io_dispatch_write_ssl);
+		io_reset(io, EV_READ, io_dispatch_write_tls);
 		break;
 	case IOBUF_WANT_WRITE:
-		io_reset(io, EV_WRITE, io_dispatch_write_ssl);
+		io_reset(io, EV_WRITE, io_dispatch_write_tls);
 		break;
 	case IOBUF_CLOSED:
 		io_callback(io, IO_DISCONNECTED);
@@ -1006,13 +1006,13 @@ io_dispatch_write_ssl(int fd, short event, void *humppa)
 		errno = saved_errno;
 		io_callback(io, IO_ERROR);
 		break;
-	case IOBUF_SSLERROR:
-		io->error = io_ssl_error();
-		ssl_error("io_dispatch_write_ssl:SSL_write");
+	case IOBUF_TLSERROR:
+		io->error = io_tls_error();
+		ssl_error("io_dispatch_write_tls:SSL_write");
 		io_callback(io, IO_ERROR);
 		break;
 	default:
-		io_debug("io_dispatch_write_ssl(...) -> w=%d\n", n);
+		io_debug("io_dispatch_write_tls(...) -> w=%d\n", n);
 		w2 = io_queued(io);
 		if (w > io->lowat && w2 <= io->lowat)
 			io_callback(io, IO_LOWAT);
@@ -1024,39 +1024,39 @@ io_dispatch_write_ssl(int fd, short event, void *humppa)
 }
 
 void
-io_reload_ssl(struct io *io)
+io_reload_tls(struct io *io)
 {
 	short	ev = 0;
 	void	(*dispatch)(int, short, void*) = NULL;
 
 	switch (io->state) {
-	case IO_STATE_CONNECT_SSL:
+	case IO_STATE_CONNECT_TLS:
 		ev = EV_WRITE;
-		dispatch = io_dispatch_connect_ssl;
+		dispatch = io_dispatch_connect_tls;
 		break;
-	case IO_STATE_ACCEPT_SSL:
+	case IO_STATE_ACCEPT_TLS:
 		ev = EV_READ;
-		dispatch = io_dispatch_accept_ssl;
+		dispatch = io_dispatch_accept_tls;
 		break;
 	case IO_STATE_UP:
 		ev = 0;
 		if (IO_READING(io) && !(io->flags & IO_PAUSE_IN)) {
 			ev = EV_READ;
-			dispatch = io_dispatch_read_ssl;
+			dispatch = io_dispatch_read_tls;
 		}
 		else if (IO_WRITING(io) && !(io->flags & IO_PAUSE_OUT) &&
 		    io_queued(io)) {
 			ev = EV_WRITE;
-			dispatch = io_dispatch_write_ssl;
+			dispatch = io_dispatch_write_tls;
 		}
 		if (!ev)
 			return; /* paused */
 		break;
 	default:
-		errx(1, "io_reload_ssl(): bad state");
+		errx(1, "io_reload_tls(): bad state");
 	}
 
 	io_reset(io, ev, dispatch);
 }
 
-#endif /* IO_SSL */
+#endif /* IO_TLS */
diff --git a/usr.sbin/smtpd/ioev.h b/usr.sbin/smtpd/ioev.h
index f1c398482cf..015340c2b16 100644
--- a/usr.sbin/smtpd/ioev.h
+++ b/usr.sbin/smtpd/ioev.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ioev.h,v 1.16 2016/11/30 17:43:32 eric Exp $	*/
+/*	$OpenBSD: ioev.h,v 1.17 2019/06/12 17:42:53 eric Exp $	*/
 /*
  * Copyright (c) 2012 Eric Faurot <eric@openbsd.org>
  *
@@ -50,7 +50,7 @@ int io_start_tls(struct io *, void *);
 const char* io_strio(struct io *);
 const char* io_strevent(int);
 const char* io_error(struct io *);
-void* io_ssl(struct io *);
+void* io_tls(struct io *);
 int io_fileno(struct io *);
 int io_paused(struct io *, int);
 
diff --git a/usr.sbin/smtpd/mta_session.c b/usr.sbin/smtpd/mta_session.c
index 959b45e8b68..266c45e5674 100644
--- a/usr.sbin/smtpd/mta_session.c
+++ b/usr.sbin/smtpd/mta_session.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: mta_session.c,v 1.115 2018/12/23 16:37:53 eric Exp $	*/
+/*	$OpenBSD: mta_session.c,v 1.116 2019/06/12 17:42:53 eric Exp $	*/
 
 /*
  * Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org>
@@ -1103,7 +1103,7 @@ mta_io(struct io *io, int evt, void *arg)
 
 	case IO_TLSREADY:
 		log_info("%016"PRIx64" mta tls ciphers=%s",
-		    s->id, ssl_to_text(io_ssl(s->io)));
+		    s->id, ssl_to_text(io_tls(s->io)));
 		s->flags |= MTA_TLS;
 
 		mta_cert_verify(s);
@@ -1512,7 +1512,7 @@ mta_cert_verify(struct mta_session *s)
 		fallback = 1;
 	}
 
-	if (cert_verify(io_ssl(s->io), name, fallback, mta_cert_verify_cb, s)) {
+	if (cert_verify(io_tls(s->io), name, fallback, mta_cert_verify_cb, s)) {
 		tree_xset(&wait_ssl_verify, s->id, s);
 		io_pause(s->io, IO_IN);
 		s->flags |= MTA_WAIT;
@@ -1549,7 +1549,7 @@ mta_tls_verified(struct mta_session *s)
 {
 	X509 *x;
 
-	x = SSL_get_peer_certificate(io_ssl(s->io));
+	x = SSL_get_peer_certificate(io_tls(s->io));
 	if (x) {
 		log_info("smtp-out: Server certificate verification %s "
 		    "on session %016"PRIx64,
diff --git a/usr.sbin/smtpd/smtp/Makefile b/usr.sbin/smtpd/smtp/Makefile
index 24515db9ba6..6708ab6e20d 100644
--- a/usr.sbin/smtpd/smtp/Makefile
+++ b/usr.sbin/smtpd/smtp/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.1 2018/04/26 13:57:13 eric Exp $
+#	$OpenBSD: Makefile,v 1.2 2019/06/12 17:42:53 eric Exp $
 
 .PATH:	${.CURDIR}/..
 
@@ -15,7 +15,7 @@ SRCS+=	smtpc.c
 SRCS+=	ssl.c
 SRCS+=	ssl_smtpd.c
 
-CPPFLAGS+= -DIO_SSL
+CPPFLAGS+= -DIO_TLS
 
 LDADD+=	-levent -lutil -lssl -lcrypto -lm -lz
 DPADD+=	${LIBEVENT} ${LIBUTIL} ${LIBSSL} ${LIBCRYPTO} ${LIBM} ${LIBZ}
diff --git a/usr.sbin/smtpd/smtp_client.c b/usr.sbin/smtpd/smtp_client.c
index a6e70de5334..ac707a1210f 100644
--- a/usr.sbin/smtpd/smtp_client.c
+++ b/usr.sbin/smtpd/smtp_client.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: smtp_client.c,v 1.9 2019/05/14 12:08:54 eric Exp $	*/
+/*	$OpenBSD: smtp_client.c,v 1.10 2019/06/12 17:42:53 eric Exp $	*/
 
 /*
  * Copyright (c) 2018 Eric Faurot <eric@openbsd.org>
@@ -619,7 +619,7 @@ smtp_client_io(struct io *io, int evt, void *arg)
 	case IO_TLSREADY:
 		proto->flags |= FLAG_TLS;
 		io_pause(proto->io, IO_IN);
-		smtp_verify_server_cert(proto->tag, proto, io_ssl(proto->io));
+		smtp_verify_server_cert(proto->tag, proto, io_tls(proto->io));
 		break;
 
 	case IO_DATAIN:
diff --git a/usr.sbin/smtpd/smtp_session.c b/usr.sbin/smtpd/smtp_session.c
index db86abdb0e0..96a6e00ba50 100644
--- a/usr.sbin/smtpd/smtp_session.c
+++ b/usr.sbin/smtpd/smtp_session.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: smtp_session.c,v 1.390 2019/05/15 11:56:19 eric Exp $	*/
+/*	$OpenBSD: smtp_session.c,v 1.391 2019/06/12 17:42:53 eric Exp $	*/
 
 /*
  * Copyright (c) 2008 Gilles Chehade <gilles@poolp.org>
@@ -1031,7 +1031,7 @@ smtp_tls_verified(struct smtp_session *s)
 {
 	X509 *x;
 
-	x = SSL_get_peer_certificate(io_ssl(s->io));
+	x = SSL_get_peer_certificate(io_tls(s->io));
 	if (x) {
 		log_info("%016"PRIx64" smtp "
 		    "client-cert-check result=\"%s\"",
@@ -1066,9 +1066,9 @@ smtp_io(struct io *io, int evt, void *arg)
 
 	case IO_TLSREADY:
 		log_info("%016"PRIx64" smtp tls ciphers=%s",
-		    s->id, ssl_to_text(io_ssl(s->io)));
+		    s->id, ssl_to_text(io_tls(s->io)));
 
-		report_smtp_link_tls("smtp-in", s->id, ssl_to_text(io_ssl(s->io)));
+		report_smtp_link_tls("smtp-in", s->id, ssl_to_text(io_tls(s->io)));
 
 		s->flags |= SF_SECURE;
 		s->helo[0] = '\0';
@@ -2240,7 +2240,7 @@ smtp_cert_verify(struct smtp_session *s)
 		fallback = 1;
 	}
 
-	if (cert_verify(io_ssl(s->io), name, fallback, smtp_cert_verify_cb, s)) {
+	if (cert_verify(io_tls(s->io), name, fallback, smtp_cert_verify_cb, s)) {
 		tree_xset(&wait_ssl_verify, s->id, s);
 		io_pause(s->io, IO_IN);
 	}
@@ -2789,11 +2789,11 @@ smtp_message_begin(struct smtp_tx *tx)
 	    tx->msgid);
 
 	if (s->flags & SF_SECURE) {
-		x = SSL_get_peer_certificate(io_ssl(s->io));
+		x = SSL_get_peer_certificate(io_tls(s->io));
 		m_printf(tx, " (%s:%s:%d:%s)",
-		    SSL_get_version(io_ssl(s->io)),
-		    SSL_get_cipher_name(io_ssl(s->io)),
-		    SSL_get_cipher_bits(io_ssl(s->io), NULL),
+		    SSL_get_version(io_tls(s->io)),
+		    SSL_get_cipher_name(io_tls(s->io)),
+		    SSL_get_cipher_bits(io_tls(s->io), NULL),
 		    (s->flags & SF_VERIFIED) ? "YES" : (x ? "FAIL" : "NO"));
 		X509_free(x);
 
diff --git a/usr.sbin/smtpd/smtpd/Makefile b/usr.sbin/smtpd/smtpd/Makefile
index e361e3f2e4a..5c4128bb594 100644
--- a/usr.sbin/smtpd/smtpd/Makefile
+++ b/usr.sbin/smtpd/smtpd/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.100 2018/12/11 13:29:52 gilles Exp $
+#	$OpenBSD: Makefile,v 1.101 2019/06/12 17:42:53 eric Exp $
 
 .PATH:		${.CURDIR}/..
 
@@ -91,7 +91,7 @@ CFLAGS+=	-Wshadow -Wpointer-arith -Wcast-qual
 CFLAGS+=	-Wsign-compare
 CFLAGS+=	-Werror-implicit-function-declaration
 #CFLAGS+=	-Werror # during development phase (breaks some archs)
-CFLAGS+=	-DIO_SSL
+CFLAGS+=	-DIO_TLS
 CFLAGS+=	-DQUEUE_PROFILING
 YFLAGS=