Compare commits
2 Commits
972e81629d
...
161bc525bb
Author | SHA1 | Date |
---|---|---|
Peter Hutterer | 161bc525bb | |
Yu Watanabe | df70539f9f |
|
@ -5,19 +5,21 @@ KERNEL!="event*", GOTO="evdev_end"
|
|||
|
||||
# skip later rules when we find something for this input device
|
||||
IMPORT{builtin}="hwdb --subsystem=input --lookup-prefix=evdev:", \
|
||||
RUN{builtin}+="keyboard", GOTO="evdev_end"
|
||||
IMPORT{builtin}="keyboard", GOTO="evdev_end"
|
||||
|
||||
# AT keyboard matching by the machine's DMI data
|
||||
DRIVERS=="atkbd", \
|
||||
IMPORT{builtin}="hwdb 'evdev:atkbd:$attr{[dmi/id]modalias}'", \
|
||||
RUN{builtin}+="keyboard", GOTO="evdev_end"
|
||||
IMPORT{builtin}="keyboard", GOTO="evdev_end"
|
||||
|
||||
# device matching the input device name + properties + the machine's DMI data
|
||||
KERNELS=="input*", IMPORT{builtin}="hwdb 'evdev:name:$attr{name}:phys:$attr{phys}:ev:$attr{capabilities/ev}:$attr{[dmi/id]modalias}'", \
|
||||
RUN{builtin}+="keyboard", GOTO="evdev_end"
|
||||
KERNELS=="input*", \
|
||||
IMPORT{builtin}="hwdb 'evdev:name:$attr{name}:phys:$attr{phys}:ev:$attr{capabilities/ev}:$attr{[dmi/id]modalias}'", \
|
||||
IMPORT{builtin}="keyboard", GOTO="evdev_end"
|
||||
|
||||
# device matching the input device name and the machine's DMI data
|
||||
KERNELS=="input*", IMPORT{builtin}="hwdb 'evdev:name:$attr{name}:$attr{[dmi/id]modalias}'", \
|
||||
RUN{builtin}+="keyboard", GOTO="evdev_end"
|
||||
KERNELS=="input*", \
|
||||
IMPORT{builtin}="hwdb 'evdev:name:$attr{name}:$attr{[dmi/id]modalias}'", \
|
||||
IMPORT{builtin}="keyboard", GOTO="evdev_end"
|
||||
|
||||
LABEL="evdev_end"
|
||||
|
|
|
@ -73,7 +73,9 @@ int dnstls_stream_connect_tls(DnsStream *stream, DnsServer *server) {
|
|||
return -ENOMEM;
|
||||
|
||||
SSL_set_connect_state(s);
|
||||
SSL_set_session(s, server->dnstls_data.session);
|
||||
r = SSL_set_session(s, server->dnstls_data.session);
|
||||
if (r == 0)
|
||||
return -EIO;
|
||||
SSL_set_bio(s, TAKE_PTR(rb), TAKE_PTR(wb));
|
||||
|
||||
if (server->manager->dns_over_tls_mode == DNS_OVER_TLS_YES) {
|
||||
|
@ -83,7 +85,7 @@ int dnstls_stream_connect_tls(DnsStream *stream, DnsServer *server) {
|
|||
SSL_set_verify(s, SSL_VERIFY_PEER, NULL);
|
||||
v = SSL_get0_param(s);
|
||||
ip = server->family == AF_INET ? (const unsigned char*) &server->address.in.s_addr : server->address.in6.s6_addr;
|
||||
if (!X509_VERIFY_PARAM_set1_ip(v, ip, FAMILY_ADDRESS_SIZE(server->family)))
|
||||
if (X509_VERIFY_PARAM_set1_ip(v, ip, FAMILY_ADDRESS_SIZE(server->family)) == 0)
|
||||
return -ECONNREFUSED;
|
||||
}
|
||||
|
||||
|
@ -106,8 +108,8 @@ int dnstls_stream_connect_tls(DnsStream *stream, DnsServer *server) {
|
|||
char errbuf[256];
|
||||
|
||||
ERR_error_string_n(error, errbuf, sizeof(errbuf));
|
||||
log_debug("Failed to invoke SSL_do_handshake: %s", errbuf);
|
||||
return -ECONNREFUSED;
|
||||
return log_debug_errno(SYNTHETIC_ERRNO(ECONNREFUSED),
|
||||
"Failed to invoke SSL_do_handshake: %s", errbuf);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -368,20 +370,27 @@ void dnstls_server_free(DnsServer *server) {
|
|||
|
||||
int dnstls_manager_init(Manager *manager) {
|
||||
int r;
|
||||
|
||||
assert(manager);
|
||||
|
||||
ERR_load_crypto_strings();
|
||||
SSL_load_error_strings();
|
||||
manager->dnstls_data.ctx = SSL_CTX_new(TLS_client_method());
|
||||
|
||||
manager->dnstls_data.ctx = SSL_CTX_new(TLS_client_method());
|
||||
if (!manager->dnstls_data.ctx)
|
||||
return -ENOMEM;
|
||||
|
||||
SSL_CTX_set_min_proto_version(manager->dnstls_data.ctx, TLS1_2_VERSION);
|
||||
SSL_CTX_set_options(manager->dnstls_data.ctx, SSL_OP_NO_COMPRESSION);
|
||||
r = SSL_CTX_set_min_proto_version(manager->dnstls_data.ctx, TLS1_2_VERSION);
|
||||
if (r == 0)
|
||||
return -EIO;
|
||||
|
||||
(void) SSL_CTX_set_options(manager->dnstls_data.ctx, SSL_OP_NO_COMPRESSION);
|
||||
|
||||
r = SSL_CTX_set_default_verify_paths(manager->dnstls_data.ctx);
|
||||
if (r < 0)
|
||||
log_warning("Failed to load system trust store: %s", ERR_error_string(ERR_get_error(), NULL));
|
||||
if (r == 0)
|
||||
return log_warning_errno(SYNTHETIC_ERRNO(EIO),
|
||||
"Failed to load system trust store: %s",
|
||||
ERR_error_string(ERR_get_error(), NULL));
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue