Skip to content

Commit

Permalink
fixup: remove the obsolete term 'ssl'
Browse files Browse the repository at this point in the history 
Replace with 'tls' where appropriate. Only use the term 'ssl' when
referring to an sslProfile record.
  • Loading branch information
@kgiusti
kgiusti committed Aug 15, 2024
1 parent 401c025 commit f17693a
Show file tree
Hide file tree
Showing 12 changed files with 174 additions and 174 deletions.
22 changes: 11 additions & 11 deletions include/qpid/dispatch/tls.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,18 +44,18 @@ typedef enum {

typedef enum {
QD_TLS_DOMAIN_MODE_NONE = 0, // unset
QD_TLS_DOMAIN_SERVER_MODE, // Operate as an SSL server (i.e. listener socket)
QD_TLS_DOMAIN_CLIENT_MODE, // Operate as an SSL client (i.e. outgoing connections)
QD_TLS_DOMAIN_SERVER_MODE, // Operate as a TLS server (i.e. listener socket)
QD_TLS_DOMAIN_CLIENT_MODE, // Operate as an TLS client (i.e. outgoing connections)
} qd_tls_domain_mode_t;

// sslProfile configuration record
struct qd_ssl2_profile_t {
char *ssl_ciphers;
char *ssl_protocols;
char *ssl_trusted_certificate_db;
char *ssl_certificate_file;
char *ssl_private_key_file;
char *ssl_password;
char *ciphers;
char *protocols;
char *trusted_certificate_db;
char *certificate_file;
char *private_key_file;
char *password;

/**
* Holds the list of component fields of the client certificate from which a unique identifier is constructed. For
Expand All @@ -76,7 +76,7 @@ struct qd_ssl2_profile_t {
* '2'(sha256 certificate fingerprint)
* '5'(sha512 certificate fingerprint)
*/
char *ssl_uid_format;
char *uid_format;

/**
* Full path to the file that contains the uid to display name mapping.
Expand Down Expand Up @@ -121,10 +121,10 @@ void qd_tls2_session_free(qd_tls2_session_t *session);


/**
* Get the version of TLS/SSL in use by the session.
* Get the version of TLS in use by the session.
*
* @param session to be queried.
* @return Null terminated string containing the TLS/SSL version description. Returned string buffer must be free()d by
* @return Null terminated string containing the TLS version description. Returned string buffer must be free()d by
* caller. Return 0 if version not known.
*/
char *qd_tls2_session_get_protocol_version(const qd_tls2_session_t *session);
Expand Down
42 changes: 21 additions & 21 deletions src/adaptors/legacy_tls.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -259,36 +259,36 @@ static qd_tls_domain_t *_tls_domain_init(qd_tls_domain_t *tls_domain)
break;
}

if (config_ssl_profile->ssl_trusted_certificate_db) {
if (config_ssl_profile->trusted_certificate_db) {
res = pn_tls_config_set_trusted_certs(tls_domain->pn_tls_config,
config_ssl_profile->ssl_trusted_certificate_db);
config_ssl_profile->trusted_certificate_db);
if (res != 0) {
qd_log(tls_domain->log_module,
QD_LOG_ERROR,
"Adaptor %s %s sslProfile %s: failed to set TLS caCertFile %s: (%d)",
role,
tls_domain->name,
tls_domain->ssl_profile_name,
config_ssl_profile->ssl_trusted_certificate_db,
config_ssl_profile->trusted_certificate_db,
res);
break;
}
}

// Call pn_tls_config_set_credentials only if "certFile" is provided.
if (config_ssl_profile->ssl_certificate_file) {
if (config_ssl_profile->certificate_file) {
res = pn_tls_config_set_credentials(tls_domain->pn_tls_config,
config_ssl_profile->ssl_certificate_file,
config_ssl_profile->ssl_private_key_file,
config_ssl_profile->ssl_password);
config_ssl_profile->certificate_file,
config_ssl_profile->private_key_file,
config_ssl_profile->password);
if (res != 0) {
qd_log(tls_domain->log_module,
QD_LOG_ERROR,
"Adaptor %s %s sslProfile %s: failed to set TLS certificate configuration (certFile) %s: (%d)",
role,
tls_domain->name,
tls_domain->ssl_profile_name,
config_ssl_profile->ssl_certificate_file,
config_ssl_profile->certificate_file,
res);
break;
}
Expand All @@ -301,16 +301,16 @@ static qd_tls_domain_t *_tls_domain_init(qd_tls_domain_t *tls_domain)
tls_domain->ssl_profile_name);
}

if (!!config_ssl_profile->ssl_ciphers) {
res = pn_tls_config_set_impl_ciphers(tls_domain->pn_tls_config, config_ssl_profile->ssl_ciphers);
if (!!config_ssl_profile->ciphers) {
res = pn_tls_config_set_impl_ciphers(tls_domain->pn_tls_config, config_ssl_profile->ciphers);
if (res != 0) {
qd_log(tls_domain->log_module,
QD_LOG_ERROR,
"Adaptor %s %s sslProfile %s: failed to configure ciphers %s (%d)",
role,
tls_domain->name,
tls_domain->ssl_profile_name,
config_ssl_profile->ssl_ciphers,
config_ssl_profile->ciphers,
res);
break;
}
Expand All @@ -319,18 +319,18 @@ static qd_tls_domain_t *_tls_domain_init(qd_tls_domain_t *tls_domain)
if (tls_domain->is_listener) {
if (tls_domain->authenticate_peer) {
res = pn_tls_config_set_peer_authentication(
tls_domain->pn_tls_config, PN_TLS_VERIFY_PEER, config_ssl_profile->ssl_trusted_certificate_db);
tls_domain->pn_tls_config, PN_TLS_VERIFY_PEER, config_ssl_profile->trusted_certificate_db);
} else {
res = pn_tls_config_set_peer_authentication(tls_domain->pn_tls_config, PN_TLS_ANONYMOUS_PEER, 0);
}
} else {
// Connector.
if (tls_domain->verify_host_name) {
res = pn_tls_config_set_peer_authentication(
tls_domain->pn_tls_config, PN_TLS_VERIFY_PEER_NAME, config_ssl_profile->ssl_trusted_certificate_db);
tls_domain->pn_tls_config, PN_TLS_VERIFY_PEER_NAME, config_ssl_profile->trusted_certificate_db);
} else {
res = pn_tls_config_set_peer_authentication(
tls_domain->pn_tls_config, PN_TLS_VERIFY_PEER, config_ssl_profile->ssl_trusted_certificate_db);
tls_domain->pn_tls_config, PN_TLS_VERIFY_PEER, config_ssl_profile->trusted_certificate_db);
}
}

Expand Down Expand Up @@ -427,17 +427,17 @@ void qd_tls_update_connection_info(qd_tls_t *tls, qdr_connection_info_t *conn_in
// connection_info. This same lock is being used in the agent_connection.c's qdr_connection_insert_column_CT
//
sys_mutex_lock(&conn_info->connection_info_lock);
free(conn_info->ssl_cipher);
conn_info->ssl_cipher = 0;
free(conn_info->ssl_proto);
conn_info->ssl_proto = 0;
conn_info->ssl = true;
free(conn_info->tls_cipher);
conn_info->tls_cipher = 0;
free(conn_info->tls_proto);
conn_info->tls_proto = 0;
conn_info->tls = true;
conn_info->is_encrypted = true;
if (protocol_cipher) {
conn_info->ssl_cipher = protocol_cipher;
conn_info->tls_cipher = protocol_cipher;
}
if (protocol_ver) {
conn_info->ssl_proto = protocol_ver;
conn_info->tls_proto = protocol_ver;
}

sys_mutex_unlock(&conn_info->connection_info_lock);
Expand Down
10 changes: 5 additions & 5 deletions src/http-libwebsockets.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -397,11 +397,11 @@ static void listener_start(qd_lws_listener_t *hl, qd_http_server_t *hs) {
info.options |= LWS_SERVER_OPTION_DISABLE_IPV6;
}
if (config->ssl_profile_name) {
info.ssl_cert_filepath = hl->ssl_config.ssl_certificate_file;
info.ssl_private_key_filepath = hl->ssl_config.ssl_private_key_file;
info.ssl_private_key_password = hl->ssl_config.ssl_password;
info.ssl_ca_filepath = hl->ssl_config.ssl_trusted_certificate_db;
info.ssl_cipher_list = hl->ssl_config.ssl_ciphers;
info.ssl_cert_filepath = hl->ssl_config.certificate_file;
info.ssl_private_key_filepath = hl->ssl_config.private_key_file;
info.ssl_private_key_password = hl->ssl_config.password;
info.ssl_ca_filepath = hl->ssl_config.trusted_certificate_db;
info.ssl_cipher_list = hl->ssl_config.ciphers;
info.options |=
LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT |
(config->ssl_required ? 0 : LWS_SERVER_OPTION_ALLOW_NON_SSL_ON_SSL_PORT | LWS_SERVER_OPTION_ALLOW_HTTP_ON_HTTPS_LISTENER) |
Expand Down
28 changes: 14 additions & 14 deletions src/router_core/agent_connection.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,12 +35,12 @@
#define QDR_CONNECTION_IS_AUTHENTICATED 8
#define QDR_CONNECTION_USER 9
#define QDR_CONNECTION_IS_ENCRYPTED 10
#define QDR_CONNECTION_SSLPROTO 11
#define QDR_CONNECTION_SSLCIPHER 12
#define QDR_CONNECTION_TLSPROTO 11
#define QDR_CONNECTION_TLSCIPHER 12
#define QDR_CONNECTION_PROPERTIES 13
#define QDR_CONNECTION_SSLSSF 14
#define QDR_CONNECTION_TLSSSF 14
#define QDR_CONNECTION_TYPE 15
#define QDR_CONNECTION_SSL 16
#define QDR_CONNECTION_TLS 16
#define QDR_CONNECTION_OPENED 17
#define QDR_CONNECTION_ACTIVE 18
#define QDR_CONNECTION_ADMIN_STATUS 19
Expand Down Expand Up @@ -195,30 +195,30 @@ static void qdr_connection_insert_column_CT(qdr_core_t *core, qdr_connection_t *
qd_compose_insert_bool(body, conn->connection_info->is_encrypted);
break;

case QDR_CONNECTION_SSLPROTO:
if (conn->connection_info->ssl_proto && conn->connection_info->ssl_proto[0] != '\0')
qd_compose_insert_string(body, conn->connection_info->ssl_proto);
case QDR_CONNECTION_TLSPROTO:
if (conn->connection_info->tls_proto && conn->connection_info->tls_proto[0] != '\0')
qd_compose_insert_string(body, conn->connection_info->tls_proto);
else
qd_compose_insert_null(body);
break;

case QDR_CONNECTION_SSLCIPHER:
if (conn->connection_info->ssl_cipher && conn->connection_info->ssl_cipher[0] != '\0')
qd_compose_insert_string(body, conn->connection_info->ssl_cipher);
case QDR_CONNECTION_TLSCIPHER:
if (conn->connection_info->tls_cipher && conn->connection_info->tls_cipher[0] != '\0')
qd_compose_insert_string(body, conn->connection_info->tls_cipher);
else
qd_compose_insert_null(body);
break;

case QDR_CONNECTION_SSLSSF:
qd_compose_insert_long(body, conn->connection_info->ssl_ssf);
case QDR_CONNECTION_TLSSSF:
qd_compose_insert_long(body, conn->connection_info->tls_ssf);
break;

case QDR_CONNECTION_TYPE:
qd_compose_insert_string(body, CONNECTION_TYPE);
break;

case QDR_CONNECTION_SSL:
qd_compose_insert_bool(body, conn->connection_info->ssl);
case QDR_CONNECTION_TLS:
qd_compose_insert_bool(body, conn->connection_info->tls);
break;

case QDR_CONNECTION_OPENED:
Expand Down
44 changes: 22 additions & 22 deletions src/router_core/connections.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -145,7 +145,7 @@ qdr_connection_t *qdr_connection_opened(qdr_core_t *core,
"] Connection Opened: dir=%s host=%s encrypted=%s"
" auth=%s user=%s container_id=%s props=%s",
management_id, incoming ? "in" : "out", connection_info->host,
connection_info->is_encrypted ? connection_info->ssl_proto : "no",
connection_info->is_encrypted ? connection_info->tls_proto : "no",
connection_info->is_authenticated ? connection_info->sasl_mechanisms : "no", connection_info->user,
connection_info->container, props_str);

Expand Down Expand Up @@ -186,13 +186,13 @@ qdr_connection_info_t *qdr_connection_info(bool is_encrypted,
char *sasl_mechanisms,
qd_direction_t dir,
const char *host,
const char *ssl_proto,
const char *ssl_cipher,
const char *tls_proto,
const char *tls_cipher,
const char *user,
const char *container,
pn_data_t *connection_properties,
int ssl_ssf,
bool ssl,
int tls_ssf,
bool tls,
const char *version,
bool streaming_links,
bool connection_trunking)
Expand All @@ -210,10 +210,10 @@ qdr_connection_info_t *qdr_connection_info(bool is_encrypted,
connection_info->dir = dir;
if (host)
connection_info->host = strdup(host);
if (ssl_proto)
connection_info->ssl_proto = strdup(ssl_proto);
if (ssl_cipher)
connection_info->ssl_cipher = strdup(ssl_cipher);
if (tls_proto)
connection_info->tls_proto = strdup(tls_proto);
if (tls_cipher)
connection_info->tls_cipher = strdup(tls_cipher);
if (user)
connection_info->user = strdup(user);
if (version)
Expand All @@ -224,8 +224,8 @@ qdr_connection_info_t *qdr_connection_info(bool is_encrypted,
pn_data_copy(qdr_conn_properties, connection_properties);

connection_info->connection_properties = qdr_conn_properties;
connection_info->ssl_ssf = ssl_ssf;
connection_info->ssl = ssl;
connection_info->tls_ssf = tls_ssf;
connection_info->tls = tls;
connection_info->streaming_links = streaming_links;
connection_info->connection_trunking = connection_trunking;
sys_mutex_init(&connection_info->connection_info_lock);
Expand All @@ -246,19 +246,19 @@ void qdr_connection_info_set_tls(qdr_connection_info_t *conn_info, bool enabled,
// connection_info. This same lock is being used in the agent_connection.c's qdr_connection_insert_column_CT
//
sys_mutex_lock(&conn_info->connection_info_lock);
free(conn_info->ssl_cipher);
free(conn_info->ssl_proto);
conn_info->ssl = enabled;
free(conn_info->tls_cipher);
free(conn_info->tls_proto);
conn_info->tls = enabled;
conn_info->is_encrypted = enabled;
if (enabled) {
conn_info->ssl_proto = version;
conn_info->ssl_cipher = ciphers;
conn_info->ssl_ssf = ssf;
conn_info->tls_proto = version;
conn_info->tls_cipher = ciphers;
conn_info->tls_ssf = ssf;
} else {
assert(!version && !ciphers);
conn_info->ssl_cipher = 0;
conn_info->ssl_proto = 0;
conn_info->ssl_ssf = 0;
conn_info->tls_cipher = 0;
conn_info->tls_proto = 0;
conn_info->tls_ssf = 0;
}
sys_mutex_unlock(&conn_info->connection_info_lock);
}
Expand All @@ -269,8 +269,8 @@ static void qdr_connection_info_free(qdr_connection_info_t *ci)
free(ci->container);
free(ci->sasl_mechanisms);
free(ci->host);
free(ci->ssl_proto);
free(ci->ssl_cipher);
free(ci->tls_proto);
free(ci->tls_cipher);
free(ci->user);
free(ci->version);
sys_mutex_free(&ci->connection_info_lock);
Expand Down
8 changes: 4 additions & 4 deletions src/router_core/router_core_private.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -639,8 +639,8 @@ struct qdr_connection_info_t {
char *container;
char *sasl_mechanisms;
char *host;
char *ssl_proto;
char *ssl_cipher;
char *tls_proto;
char *tls_cipher;
char *user;
bool is_authenticated;
bool is_encrypted;
Expand All @@ -650,8 +650,8 @@ struct qdr_connection_info_t {
qd_direction_t dir;
qdr_connection_role_t role;
pn_data_t *connection_properties;
bool ssl;
int ssl_ssf; //ssl strength factor
bool tls;
int tls_ssf; // TLS strength factor
char *version; // if role is router or edge
sys_mutex_t connection_info_lock;
char group_correlator[QD_DISCRIMINATOR_SIZE]; // Used to associate inter-router-data connections to their inter-router connection
Expand Down
Loading

0 comments on commit f17693a

Please sign in to comment.