From: claudio Date: Sat, 10 Apr 2021 10:10:07 +0000 (+0000) Subject: Do not compare TLS config params for non-TLS servers. This allows to X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=d587572fd9f4593a457bf3a9756e07848875beae;p=openbsd Do not compare TLS config params for non-TLS servers. This allows to mix 'listen * port 80' and 'listen * tls port 443' in one server block. Also the last argument of server_tls_cmp - match_keypair - is always 0 so remove this code. OK florian@ tb@ some long time ago --- diff --git a/usr.sbin/httpd/httpd.h b/usr.sbin/httpd/httpd.h index 67c385157b6..39b10893588 100644 --- a/usr.sbin/httpd/httpd.h +++ b/usr.sbin/httpd/httpd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: httpd.h,v 1.154 2021/01/27 07:21:52 deraadt Exp $ */ +/* $OpenBSD: httpd.h,v 1.155 2021/04/10 10:10:07 claudio Exp $ */ /* * Copyright (c) 2006 - 2015 Reyk Floeter @@ -622,7 +622,7 @@ int cmdline_symset(char *); /* server.c */ void server(struct privsep *, struct privsep_proc *); -int server_tls_cmp(struct server *, struct server *, int); +int server_tls_cmp(struct server *, struct server *); int server_tls_load_ca(struct server *); int server_tls_load_crl(struct server *); int server_tls_load_keypair(struct server *); diff --git a/usr.sbin/httpd/parse.y b/usr.sbin/httpd/parse.y index b207dcab1e9..0edec5acc9f 100644 --- a/usr.sbin/httpd/parse.y +++ b/usr.sbin/httpd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.124 2021/01/22 13:07:17 benno Exp $ */ +/* $OpenBSD: parse.y,v 1.125 2021/04/10 10:10:07 claudio Exp $ */ /* * Copyright (c) 2020 Matthias Pressfreund @@ -333,7 +333,8 @@ server : SERVER optmatch STRING { free(srv); YYERROR; } - if (server_tls_cmp(s, srv, 0) != 0) { + if (srv->srv_conf.flags & SRVFLAG_TLS && + server_tls_cmp(s, srv) != 0) { yyerror("server \"%s\": tls " "configuration mismatch on same " "address/port", diff --git a/usr.sbin/httpd/server.c b/usr.sbin/httpd/server.c index 1cd8c15b77e..5ec3fac6a29 100644 --- a/usr.sbin/httpd/server.c +++ b/usr.sbin/httpd/server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: server.c,v 1.124 2021/01/02 18:35:07 tb Exp $ */ +/* $OpenBSD: server.c,v 1.125 2021/04/10 10:10:07 claudio Exp $ */ /* * Copyright (c) 2006 - 2015 Reyk Floeter @@ -127,7 +127,7 @@ server_privinit(struct server *srv) } int -server_tls_cmp(struct server *s1, struct server *s2, int match_keypair) +server_tls_cmp(struct server *s1, struct server *s2) { struct server_config *sc1, *sc2; @@ -147,13 +147,6 @@ server_tls_cmp(struct server *s1, struct server *s2, int match_keypair) if (strcmp(sc1->tls_ecdhe_curves, sc2->tls_ecdhe_curves) != 0) return (-1); - if (match_keypair) { - if (strcmp(sc1->tls_cert_file, sc2->tls_cert_file) != 0) - return (-1); - if (strcmp(sc1->tls_key_file, sc2->tls_key_file) != 0) - return (-1); - } - return (0); }