Lines 78-84
Link Here
|
78 |
static regex_t Err414, Err500, Err501, Err503, MaxRequest, HeadRemove, RewriteLocation, RewriteDestination; |
78 |
static regex_t Err414, Err500, Err501, Err503, MaxRequest, HeadRemove, RewriteLocation, RewriteDestination; |
79 |
static regex_t Service, ServiceName, URL, HeadRequire, HeadDeny, BackEnd, Emergency, Priority, HAport, HAportAddr; |
79 |
static regex_t Service, ServiceName, URL, HeadRequire, HeadDeny, BackEnd, Emergency, Priority, HAport, HAportAddr; |
80 |
static regex_t Redirect, RedirectN, TimeOut, Session, Type, TTL, ID, DynScale; |
80 |
static regex_t Redirect, RedirectN, TimeOut, Session, Type, TTL, ID, DynScale; |
81 |
static regex_t ClientCert, AddHeader, DisableSSLv2, SSLAllowClientRenegotiation, SSLHonorCipherOrder, Ciphers; |
81 |
static regex_t ClientCert, AddHeader, DisableSSLv2, DisableSSLv3, DisableTLSv1, SSLAllowClientRenegotiation, SSLHonorCipherOrder, Ciphers; |
82 |
static regex_t CAlist, VerifyList, CRLlist, NoHTTPS11, Grace, Include, ConnTO, IgnoreCase, HTTPS, HTTPSCert; |
82 |
static regex_t CAlist, VerifyList, CRLlist, NoHTTPS11, Grace, Include, ConnTO, IgnoreCase, HTTPS, HTTPSCert; |
83 |
static regex_t Disabled, Threads, CNName, Anonymise; |
83 |
static regex_t Disabled, Threads, CNName, Anonymise; |
84 |
|
84 |
|
Lines 928-933
Link Here
|
928 |
res->err503 = "The service is not available. Please try again later."; |
928 |
res->err503 = "The service is not available. Please try again later."; |
929 |
res->allow_client_reneg = 0; |
929 |
res->allow_client_reneg = 0; |
930 |
res->disable_ssl_v2 = 0; |
930 |
res->disable_ssl_v2 = 0; |
|
|
931 |
res->disable_ssl_v3 = 0; |
932 |
res->disable_tls_v1 = 0; |
931 |
res->log_level = log_level; |
933 |
res->log_level = log_level; |
932 |
if(regcomp(&res->verb, xhttp[0], REG_ICASE | REG_NEWLINE | REG_EXTENDED)) |
934 |
if(regcomp(&res->verb, xhttp[0], REG_ICASE | REG_NEWLINE | REG_EXTENDED)) |
933 |
conf_err("xHTTP bad default pattern - aborted"); |
935 |
conf_err("xHTTP bad default pattern - aborted"); |
Lines 1118-1123
Link Here
|
1118 |
} |
1120 |
} |
1119 |
} else if(!regexec(&DisableSSLv2, lin, 4, matches, 0)) { |
1121 |
} else if(!regexec(&DisableSSLv2, lin, 4, matches, 0)) { |
1120 |
res->disable_ssl_v2 = 1; |
1122 |
res->disable_ssl_v2 = 1; |
|
|
1123 |
} else if(!regexec(&DisableSSLv3, lin, 4, matches, 0)) { |
1124 |
res->disable_ssl_v3 = 1; |
1125 |
} else if(!regexec(&DisableTLSv1, lin, 4, matches, 0)) { |
1126 |
res->disable_tls_v1 = 1; |
1121 |
} else if(!regexec(&SSLAllowClientRenegotiation, lin, 4, matches, 0)) { |
1127 |
} else if(!regexec(&SSLAllowClientRenegotiation, lin, 4, matches, 0)) { |
1122 |
res->allow_client_reneg = atoi(lin + matches[1].rm_so); |
1128 |
res->allow_client_reneg = atoi(lin + matches[1].rm_so); |
1123 |
if (res->allow_client_reneg == 2) { |
1129 |
if (res->allow_client_reneg == 2) { |
Lines 1218-1223
Link Here
|
1218 |
SSL_CTX_clear_options(pc->ctx, ssl_op_disable); |
1224 |
SSL_CTX_clear_options(pc->ctx, ssl_op_disable); |
1219 |
if (res->disable_ssl_v2 == 1) |
1225 |
if (res->disable_ssl_v2 == 1) |
1220 |
SSL_CTX_set_options(pc->ctx, SSL_OP_NO_SSLv2); |
1226 |
SSL_CTX_set_options(pc->ctx, SSL_OP_NO_SSLv2); |
|
|
1227 |
if (res->disable_ssl_v3 == 1) |
1228 |
SSL_CTX_set_options(pc->ctx, SSL_OP_NO_SSLv3); |
1229 |
if (res->disable_tls_v1 == 1) |
1230 |
SSL_CTX_set_options(pc->ctx, SSL_OP_NO_TLSv1); |
1221 |
sprintf(lin, "%d-Pound-%ld", getpid(), random()); |
1231 |
sprintf(lin, "%d-Pound-%ld", getpid(), random()); |
1222 |
SSL_CTX_set_session_id_context(pc->ctx, (unsigned char *)lin, strlen(lin)); |
1232 |
SSL_CTX_set_session_id_context(pc->ctx, (unsigned char *)lin, strlen(lin)); |
1223 |
SSL_CTX_set_tmp_rsa_callback(pc->ctx, RSA_tmp_callback); |
1233 |
SSL_CTX_set_tmp_rsa_callback(pc->ctx, RSA_tmp_callback); |
Lines 1421-1426
Link Here
|
1421 |
|| regcomp(&AddHeader, "^[ \t]*AddHeader[ \t]+\"(.+)\"[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) |
1431 |
|| regcomp(&AddHeader, "^[ \t]*AddHeader[ \t]+\"(.+)\"[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) |
1422 |
|| regcomp(&SSLAllowClientRenegotiation, "^[ \t]*SSLAllowClientRenegotiation[ \t]+([012])[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) |
1432 |
|| regcomp(&SSLAllowClientRenegotiation, "^[ \t]*SSLAllowClientRenegotiation[ \t]+([012])[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) |
1423 |
|| regcomp(&DisableSSLv2, "^[ \t]*DisableSSLv2[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) |
1433 |
|| regcomp(&DisableSSLv2, "^[ \t]*DisableSSLv2[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) |
|
|
1434 |
|| regcomp(&DisableSSLv3, "^[ \t]*DisableSSLv3[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) |
1435 |
|| regcomp(&DisableTLSv1, "^[ \t]*DisableTLSv1[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) |
1424 |
|| regcomp(&SSLHonorCipherOrder, "^[ \t]*SSLHonorCipherOrder[ \t]+([01])[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) |
1436 |
|| regcomp(&SSLHonorCipherOrder, "^[ \t]*SSLHonorCipherOrder[ \t]+([01])[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) |
1425 |
|| regcomp(&Ciphers, "^[ \t]*Ciphers[ \t]+\"(.+)\"[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) |
1437 |
|| regcomp(&Ciphers, "^[ \t]*Ciphers[ \t]+\"(.+)\"[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) |
1426 |
|| regcomp(&CAlist, "^[ \t]*CAlist[ \t]+\"(.+)\"[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) |
1438 |
|| regcomp(&CAlist, "^[ \t]*CAlist[ \t]+\"(.+)\"[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) |
Lines 1583-1588
Link Here
|
1583 |
regfree(&AddHeader); |
1595 |
regfree(&AddHeader); |
1584 |
regfree(&SSLAllowClientRenegotiation); |
1596 |
regfree(&SSLAllowClientRenegotiation); |
1585 |
regfree(&DisableSSLv2); |
1597 |
regfree(&DisableSSLv2); |
|
|
1598 |
regfree(&DisableSSLv3); |
1599 |
regfree(&DisableTLSv1); |
1586 |
regfree(&SSLHonorCipherOrder); |
1600 |
regfree(&SSLHonorCipherOrder); |
1587 |
regfree(&Ciphers); |
1601 |
regfree(&Ciphers); |
1588 |
regfree(&CAlist); |
1602 |
regfree(&CAlist); |