Compare commits
No commits in common. "161bc525bbd7e3707cc71f0258f663bed9a354dd" and "972e81629d405b2a9fe0781c483feb3775546609" have entirely different histories.
161bc525bb
...
972e81629d
|
@ -5,21 +5,19 @@ KERNEL!="event*", GOTO="evdev_end"
|
||||||
|
|
||||||
# skip later rules when we find something for this input device
|
# skip later rules when we find something for this input device
|
||||||
IMPORT{builtin}="hwdb --subsystem=input --lookup-prefix=evdev:", \
|
IMPORT{builtin}="hwdb --subsystem=input --lookup-prefix=evdev:", \
|
||||||
IMPORT{builtin}="keyboard", GOTO="evdev_end"
|
RUN{builtin}+="keyboard", GOTO="evdev_end"
|
||||||
|
|
||||||
# AT keyboard matching by the machine's DMI data
|
# AT keyboard matching by the machine's DMI data
|
||||||
DRIVERS=="atkbd", \
|
DRIVERS=="atkbd", \
|
||||||
IMPORT{builtin}="hwdb 'evdev:atkbd:$attr{[dmi/id]modalias}'", \
|
IMPORT{builtin}="hwdb 'evdev:atkbd:$attr{[dmi/id]modalias}'", \
|
||||||
IMPORT{builtin}="keyboard", GOTO="evdev_end"
|
RUN{builtin}+="keyboard", GOTO="evdev_end"
|
||||||
|
|
||||||
# device matching the input device name + properties + the machine's DMI data
|
# device matching the input device name + properties + the machine's DMI data
|
||||||
KERNELS=="input*", \
|
KERNELS=="input*", IMPORT{builtin}="hwdb 'evdev:name:$attr{name}:phys:$attr{phys}:ev:$attr{capabilities/ev}:$attr{[dmi/id]modalias}'", \
|
||||||
IMPORT{builtin}="hwdb 'evdev:name:$attr{name}:phys:$attr{phys}:ev:$attr{capabilities/ev}:$attr{[dmi/id]modalias}'", \
|
RUN{builtin}+="keyboard", GOTO="evdev_end"
|
||||||
IMPORT{builtin}="keyboard", GOTO="evdev_end"
|
|
||||||
|
|
||||||
# device matching the input device name and the machine's DMI data
|
# device matching the input device name and the machine's DMI data
|
||||||
KERNELS=="input*", \
|
KERNELS=="input*", IMPORT{builtin}="hwdb 'evdev:name:$attr{name}:$attr{[dmi/id]modalias}'", \
|
||||||
IMPORT{builtin}="hwdb 'evdev:name:$attr{name}:$attr{[dmi/id]modalias}'", \
|
RUN{builtin}+="keyboard", GOTO="evdev_end"
|
||||||
IMPORT{builtin}="keyboard", GOTO="evdev_end"
|
|
||||||
|
|
||||||
LABEL="evdev_end"
|
LABEL="evdev_end"
|
||||||
|
|
|
@ -73,9 +73,7 @@ int dnstls_stream_connect_tls(DnsStream *stream, DnsServer *server) {
|
||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
|
|
||||||
SSL_set_connect_state(s);
|
SSL_set_connect_state(s);
|
||||||
r = SSL_set_session(s, server->dnstls_data.session);
|
SSL_set_session(s, server->dnstls_data.session);
|
||||||
if (r == 0)
|
|
||||||
return -EIO;
|
|
||||||
SSL_set_bio(s, TAKE_PTR(rb), TAKE_PTR(wb));
|
SSL_set_bio(s, TAKE_PTR(rb), TAKE_PTR(wb));
|
||||||
|
|
||||||
if (server->manager->dns_over_tls_mode == DNS_OVER_TLS_YES) {
|
if (server->manager->dns_over_tls_mode == DNS_OVER_TLS_YES) {
|
||||||
|
@ -85,7 +83,7 @@ int dnstls_stream_connect_tls(DnsStream *stream, DnsServer *server) {
|
||||||
SSL_set_verify(s, SSL_VERIFY_PEER, NULL);
|
SSL_set_verify(s, SSL_VERIFY_PEER, NULL);
|
||||||
v = SSL_get0_param(s);
|
v = SSL_get0_param(s);
|
||||||
ip = server->family == AF_INET ? (const unsigned char*) &server->address.in.s_addr : server->address.in6.s6_addr;
|
ip = server->family == AF_INET ? (const unsigned char*) &server->address.in.s_addr : server->address.in6.s6_addr;
|
||||||
if (X509_VERIFY_PARAM_set1_ip(v, ip, FAMILY_ADDRESS_SIZE(server->family)) == 0)
|
if (!X509_VERIFY_PARAM_set1_ip(v, ip, FAMILY_ADDRESS_SIZE(server->family)))
|
||||||
return -ECONNREFUSED;
|
return -ECONNREFUSED;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -108,8 +106,8 @@ int dnstls_stream_connect_tls(DnsStream *stream, DnsServer *server) {
|
||||||
char errbuf[256];
|
char errbuf[256];
|
||||||
|
|
||||||
ERR_error_string_n(error, errbuf, sizeof(errbuf));
|
ERR_error_string_n(error, errbuf, sizeof(errbuf));
|
||||||
return log_debug_errno(SYNTHETIC_ERRNO(ECONNREFUSED),
|
log_debug("Failed to invoke SSL_do_handshake: %s", errbuf);
|
||||||
"Failed to invoke SSL_do_handshake: %s", errbuf);
|
return -ECONNREFUSED;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -370,27 +368,20 @@ void dnstls_server_free(DnsServer *server) {
|
||||||
|
|
||||||
int dnstls_manager_init(Manager *manager) {
|
int dnstls_manager_init(Manager *manager) {
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
assert(manager);
|
assert(manager);
|
||||||
|
|
||||||
ERR_load_crypto_strings();
|
ERR_load_crypto_strings();
|
||||||
SSL_load_error_strings();
|
SSL_load_error_strings();
|
||||||
|
|
||||||
manager->dnstls_data.ctx = SSL_CTX_new(TLS_client_method());
|
manager->dnstls_data.ctx = SSL_CTX_new(TLS_client_method());
|
||||||
|
|
||||||
if (!manager->dnstls_data.ctx)
|
if (!manager->dnstls_data.ctx)
|
||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
|
|
||||||
r = SSL_CTX_set_min_proto_version(manager->dnstls_data.ctx, TLS1_2_VERSION);
|
SSL_CTX_set_min_proto_version(manager->dnstls_data.ctx, TLS1_2_VERSION);
|
||||||
if (r == 0)
|
SSL_CTX_set_options(manager->dnstls_data.ctx, SSL_OP_NO_COMPRESSION);
|
||||||
return -EIO;
|
|
||||||
|
|
||||||
(void) SSL_CTX_set_options(manager->dnstls_data.ctx, SSL_OP_NO_COMPRESSION);
|
|
||||||
|
|
||||||
r = SSL_CTX_set_default_verify_paths(manager->dnstls_data.ctx);
|
r = SSL_CTX_set_default_verify_paths(manager->dnstls_data.ctx);
|
||||||
if (r == 0)
|
if (r < 0)
|
||||||
return log_warning_errno(SYNTHETIC_ERRNO(EIO),
|
log_warning("Failed to load system trust store: %s", ERR_error_string(ERR_get_error(), NULL));
|
||||||
"Failed to load system trust store: %s",
|
|
||||||
ERR_error_string(ERR_get_error(), NULL));
|
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue