From b8adcac17d4af4e9ad44f8750889518014d3407c Mon Sep 17 00:00:00 2001 From: Chuck Lever Date: Mon, 4 Aug 2025 15:58:31 -0400 Subject: [PATCH] tlshd: Relocate /etc/tlshd.conf To support TLS session tags, additional configuration files outside of /etc/tlshd.conf will be needed. So create a tlshd configuration directory: /etc/tlshd/ And move /etc/tlshd.conf into that directory as: /etc/tlshd/config For now, tlshd will look for /etc/tlshd.conf first, and warn that the new file name should be used instead. The man page tlshd.conf.5 is retained. Another option is to call it tlshd_config.5. Signed-off-by: Chuck Lever --- Makefile.am | 2 +- configure.ac | 2 ++ etc/Makefile.am | 21 +++++++++++++++++ etc/tlshd/Makefile.am | 29 ++++++++++++++++++++++++ src/tlshd/tlshd.conf => etc/tlshd/config | 0 man/man5/tlshd.conf.5 | 5 +++- man/man8/tlshd.8 | 7 ++++++ src/tlshd/Makefile.am | 2 -- src/tlshd/config.c | 6 +++-- src/tlshd/main.c | 21 +++++++++++++---- src/tlshd/tlshd.h | 2 +- 11 files changed, 85 insertions(+), 12 deletions(-) create mode 100644 etc/Makefile.am create mode 100644 etc/tlshd/Makefile.am rename src/tlshd/tlshd.conf => etc/tlshd/config (100%) diff --git a/Makefile.am b/Makefile.am index 898d704..1e54d28 100644 --- a/Makefile.am +++ b/Makefile.am @@ -20,5 +20,5 @@ AUTOMAKE_OPTIONS = foreign EXTRA_DIST = autogen.sh CONTRIBUTING.md LICENSE.txt \ README.md SECURITY.md -SUBDIRS = man src systemd +SUBDIRS = etc man src systemd MAINTAINERCLEANFILES = Makefile.in cscope.* ktls-utils*.tar.gz diff --git a/configure.ac b/configure.ac index d2d0e7e..f59bead 100644 --- a/configure.ac +++ b/configure.ac @@ -95,6 +95,8 @@ fi AC_SUBST([AM_CPPFLAGS]) AC_CONFIG_FILES([Makefile \ + etc/Makefile \ + etc/tlshd/Makefile \ man/Makefile \ man/man5/Makefile \ man/man8/Makefile \ diff --git a/etc/Makefile.am b/etc/Makefile.am new file mode 100644 index 0000000..1004d8e --- /dev/null +++ b/etc/Makefile.am @@ -0,0 +1,21 @@ +# +# Copyright (c) 2025 Oracle and/or its affiliates. +# +# ktls-utils is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation; version 2. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +# 02110-1301, USA. +# + +SUBDIRS = tlshd + +MAINTAINERCLEANFILES = Makefile.in diff --git a/etc/tlshd/Makefile.am b/etc/tlshd/Makefile.am new file mode 100644 index 0000000..608eb34 --- /dev/null +++ b/etc/tlshd/Makefile.am @@ -0,0 +1,29 @@ +# +# Copyright (c) 2025 Oracle and/or its affiliates. +# +# ktls-utils is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation; version 2. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +# 02110-1301, USA. +# + +tlshdconfigdir = $(sysconfdir)/tlshd + +dist_tlshdconfig_DATA = config + +MAINTAINERCLEANFILES = Makefile.in + +install-exec-hook: + mkdir -p $(DESTDIR)$(tlshdconfigdir) + +uninstall-hook: + rm -rf $(DESTDIR)$(tlshdconfigdir) diff --git a/src/tlshd/tlshd.conf b/etc/tlshd/config similarity index 100% rename from src/tlshd/tlshd.conf rename to etc/tlshd/config diff --git a/man/man5/tlshd.conf.5 b/man/man5/tlshd.conf.5 index 5333edf..94981b4 100644 --- a/man/man5/tlshd.conf.5 +++ b/man/man5/tlshd.conf.5 @@ -18,11 +18,14 @@ .\" tlshd.conf(5) .\" .\" Copyright (c) 2022 Oracle and/or its affiliates. -.TH tlshd.conf 5 "20 Oct 2022" +.TH tlshd.conf 5 "$(date +'%B %Y')" .SH NAME tlshd.conf \- tlshd configuration file .SH SYNOPSIS +.I /etc/tlshd/config +.br .I /etc/tlshd.conf +(deprecated) .SH DESCRIPTION The .B tlshd diff --git a/man/man8/tlshd.8 b/man/man8/tlshd.8 index 6ccaeaa..f54fbda 100644 --- a/man/man8/tlshd.8 +++ b/man/man8/tlshd.8 @@ -75,6 +75,13 @@ enabling decryption of recorded sessions. .B GNUTLS_FORCE_FIPS_MODE When set to `1', this variable forces the TLS library into FIPS mode if FIPS140-2 support is available. +.SH FILES +.TP +.I /etc/tlshd/config +Primary configuration file +.TP +.I /etc/tlshd.conf +Legacy configuration file (deprecated) .SH SEE ALSO .BR tlshd.conf (5), .BR ssl (7) diff --git a/src/tlshd/Makefile.am b/src/tlshd/Makefile.am index d6c6e51..2f6aeba 100644 --- a/src/tlshd/Makefile.am +++ b/src/tlshd/Makefile.am @@ -16,8 +16,6 @@ # 02110-1301, USA. # -dist_sysconf_DATA = tlshd.conf - sbin_PROGRAMS = tlshd tlshd_CFLAGS = -Werror -Wall -Wextra $(LIBGNUTLS_CFLAGS) \ $(LIBKEYUTILS_CFLAGS) $(GLIB_CFLAGS) $(LIBNL3_CFLAGS) \ diff --git a/src/tlshd/config.c b/src/tlshd/config.c index 9a3b6b2..bf57df1 100644 --- a/src/tlshd/config.c +++ b/src/tlshd/config.c @@ -49,12 +49,13 @@ static GKeyFile *tlshd_configuration; /** * tlshd_config_init - Read tlshd's config file * @pathname: Pathname to config file + * @legacy: Don't generate an error if the config file doesn't exist * * Return values: * %true: Config file read successfully * %false: Unable to read config file */ -bool tlshd_config_init(const gchar *pathname) +bool tlshd_config_init(const gchar *pathname, bool legacy) { gchar **keyrings; gsize i, length; @@ -67,7 +68,8 @@ bool tlshd_config_init(const gchar *pathname) if (!g_key_file_load_from_file(tlshd_configuration, pathname, G_KEY_FILE_KEEP_COMMENTS, &error)) { - tlshd_log_gerror("Failed to load config file", error); + if (!legacy) + tlshd_log_gerror("Failed to load config file", error); g_error_free(error); return false; } diff --git a/src/tlshd/main.c b/src/tlshd/main.c index b570526..00ba990 100644 --- a/src/tlshd/main.c +++ b/src/tlshd/main.c @@ -63,13 +63,14 @@ static void usage(const char *progname) int main(int argc, char **argv) { - static gchar config_file[PATH_MAX + 1] = "/etc/tlshd.conf"; + static gchar config_file[PATH_MAX + 1]; char *progname; int c; size_t len; tlshd_tls_debug = 0; progname = basename(argv[0]); + config_file[0] = '\0'; while ((c = getopt_long(argc, argv, optstring, longopts, NULL)) != -1) { switch (c) { case 'c': @@ -100,10 +101,20 @@ int main(int argc, char **argv) tlshd_log_init(progname); - if (!tlshd_config_init(config_file)) { - tlshd_log_shutdown(); - tlshd_log_close(); - return EXIT_FAILURE; + if (config_file[0] != '\0') { + if (!tlshd_config_init(config_file, false)) { + tlshd_log_shutdown(); + tlshd_log_close(); + return EXIT_FAILURE; + } + } else { + if (tlshd_config_init("/etc/tlshd.conf", true)) { + tlshd_log_notice("Please relocate /etc/tlshd.conf to /etc/tlshd/config"); + } else if (!tlshd_config_init("/etc/tlshd/config", false)) { + tlshd_log_shutdown(); + tlshd_log_close(); + return EXIT_FAILURE; + } } if (tlshd_gnutls_priority_init()) { diff --git a/src/tlshd/tlshd.h b/src/tlshd/tlshd.h index 655d0dc..6ee950d 100644 --- a/src/tlshd/tlshd.h +++ b/src/tlshd/tlshd.h @@ -54,7 +54,7 @@ extern void tlshd_tls13_clienthello_handshake(struct tlshd_handshake_parms *parm extern void tlshd_quic_clienthello_handshake(struct tlshd_handshake_parms *parms); /* config.c */ -bool tlshd_config_init(const gchar *pathname); +bool tlshd_config_init(const gchar *pathname, bool legacy); void tlshd_config_shutdown(void); bool tlshd_config_get_truststore(int peer_type, char **bundle); bool tlshd_config_get_crl(int peer_type, char **result);