# to this bind section.
type="clients"
- # ssl: If you want the port(s) in this bind tag to use TLS (SSL), set this
+ # sslprofile: If you want the port(s) in this bind tag to use TLS (SSL), set this
# to the name of a custom <sslprofile> tag that you have defined. See the
# docs page for the TLS (SSL) module you are using for more details:
#
#
# You will need to load the ssl_openssl module for OpenSSL, ssl_gnutls
# for GnuTLS and ssl_mbedtls for mbedTLS.
- ssl="Clients"
+ sslprofile="Clients"
# defer: When this is non-zero, connections will not be handed over to
# the daemon from the operating system before data is ready.
<bind address="1.2.3.4"
port="7005"
type="servers"
- ssl="Servers">
+ sslprofile="Servers">
# Plaintext listener that binds on a TCP/IP endpoint:
<bind address=""
port="7000"
allowmask="203.0.113.0/24 127.0.0.0/8 2001:db8::/32"
timeout="5m"
- ssl="Servers"
+ sslprofile="Servers"
bind="1.2.3.4"
statshidden="no"
hidden="no"
# a <bind> tag with type "httpd", and load at least one of the other
# httpd_* modules to provide pages to display.
# <bind address="127.0.0.1" port="8067" type="httpd">
-# <bind address="127.0.0.1" port="8097" type="httpd" ssl="gnutls">
+# <bind address="127.0.0.1" port="8097" type="httpd" sslprofile="Clients">
#
# You can adjust the timeout for HTTP connections below. All HTTP
# connections will be closed after (roughly) this time period.
if (!hook.empty())
portentry << ", hook: " << hook;
- const std::string sslprofile = ls->bind_tag->getString("ssl");
+ const std::string sslprofile = ls->bind_tag->getString("sslprofile", ls->bind_tag->getString("ssl"));
if (!sslprofile.empty())
portentry << ", ssl profile: " << sslprofile;
}
// Default defer to on for TLS listeners because in TLS the client always speaks first
- int timeout = tag->getDuration("defer", (tag->getString("ssl").empty() ? 0 : 3));
+ unsigned int timeoutdef = tag->getString("sslprofile", tag->getString("ssl")).empty() ? 0 : 3;
+ int timeout = tag->getDuration("defer", timeoutdef, 0, 60);
if (timeout && !rv)
{
#if defined TCP_DEFER_ACCEPT
curr.SetProvider(std::string());
}
- std::string provname = bind_tag->getString("ssl");
+ std::string provname = bind_tag->getString("sslprofile", bind_tag->getString("ssl"));
if (!provname.empty())
provname.insert(0, "ssl/");
if (!stdalgo::string::equalsci(ls->bind_tag->getString("type", "clients", 1), "clients"))
continue;
- if (!ls->bind_tag->getString("ssl").empty())
+ if (!ls->bind_tag->getString("sslprofile", ls->bind_tag->getString("ssl")).empty())
continue;
to_ports.append(ConvToStr(ls->bind_sa.port())).push_back(',');
continue;
// Is this listener using TLS (SSL)?
- if (ls->bind_tag->getString("ssl").empty())
+ if (ls->bind_tag->getString("sslprofile", ls->bind_tag->getString("ssl")).empty())
continue;
// TODO: Add a way to check if a listener's TLS cert is CA-verified.
{
ServerInstance->Logs->Log("USERS", LOG_DEBUG, "Non-existent I/O hook '%s' in <bind:%s> tag at %s",
iohookprovref.GetProvider().c_str(),
- i == via->iohookprovs.begin() ? "hook" : "ssl",
+ i == via->iohookprovs.begin() ? "hook" : "sslprofile",
via->bind_tag->getTagLocation().c_str());
this->QuitUser(New, "Internal error handling connection");
return;