tlshd: Relocate /etc/tlshd.conf

Makefile.am

@@ -20,5 +20,5 @@ AUTOMAKE_OPTIONS	= foreign
 
 EXTRA_DIST		= autogen.sh CONTRIBUTING.md LICENSE.txt \
 			  README.md SECURITY.md
-SUBDIRS			= man src systemd
+SUBDIRS			= etc man src systemd
 MAINTAINERCLEANFILES	= Makefile.in cscope.* ktls-utils*.tar.gz

configure.ac

@@ -95,6 +95,8 @@ fi
 AC_SUBST([AM_CPPFLAGS])
 
 AC_CONFIG_FILES([Makefile \
+                 etc/Makefile \
+                 etc/tlshd/Makefile \
                  man/Makefile \
                  man/man5/Makefile \
                  man/man8/Makefile \

etc/Makefile.am

@@ -0,0 +1,21 @@
+#
+# Copyright (c) 2025 Oracle and/or its affiliates.
+#
+# ktls-utils is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; version 2.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+# 02110-1301, USA.
+#
+
+SUBDIRS			= tlshd
+
+MAINTAINERCLEANFILES	= Makefile.in

etc/tlshd/Makefile.am

@@ -0,0 +1,29 @@
+#
+# Copyright (c) 2025 Oracle and/or its affiliates.
+#
+# ktls-utils is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; version 2.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+# 02110-1301, USA.
+#
+
+tlshdconfigdir		= $(sysconfdir)/tlshd
+
+dist_tlshdconfig_DATA	= config
+
+MAINTAINERCLEANFILES	= Makefile.in
+
+install-exec-hook:
+	mkdir -p $(DESTDIR)$(tlshdconfigdir)
+
+uninstall-hook:
+	rm -rf $(DESTDIR)$(tlshdconfigdir)

man/man5/tlshd.conf.5

@@ -18,11 +18,14 @@
 .\" tlshd.conf(5)
 .\"
 .\" Copyright (c) 2022 Oracle and/or its affiliates.
-.TH tlshd.conf 5 "20 Oct 2022"
+.TH tlshd.conf 5 "$(date +'%B %Y')"
 .SH NAME
 tlshd.conf \- tlshd configuration file
 .SH SYNOPSIS
+.I /etc/tlshd/config
+.br
 .I /etc/tlshd.conf
+(deprecated)
 .SH DESCRIPTION
 The
 .B tlshd

man/man8/tlshd.8

@@ -75,6 +75,13 @@ enabling decryption of recorded sessions.
 .B GNUTLS_FORCE_FIPS_MODE
 When set to `1', this variable forces the TLS library into FIPS mode
 if FIPS140-2 support is available.
+.SH FILES
+.TP
+.I /etc/tlshd/config
+Primary configuration file
+.TP
+.I /etc/tlshd.conf
+Legacy configuration file (deprecated)
 .SH SEE ALSO
 .BR tlshd.conf (5),
 .BR ssl (7)

src/tlshd/Makefile.am

@@ -16,8 +16,6 @@
 # 02110-1301, USA.
 #
 
-dist_sysconf_DATA	= tlshd.conf
-
 sbin_PROGRAMS		= tlshd
 tlshd_CFLAGS		= -Werror -Wall -Wextra $(LIBGNUTLS_CFLAGS) \
 			  $(LIBKEYUTILS_CFLAGS) $(GLIB_CFLAGS) $(LIBNL3_CFLAGS) \

src/tlshd/config.c

@@ -49,12 +49,13 @@ static GKeyFile *tlshd_configuration;
 /**
  * tlshd_config_init - Read tlshd's config file
  * @pathname: Pathname to config file
+ * @legacy: Don't generate an error if the config file doesn't exist
  *
  * Return values:
  *   %true: Config file read successfully
  *   %false: Unable to read config file
  */
-bool tlshd_config_init(const gchar *pathname)
+bool tlshd_config_init(const gchar *pathname, bool legacy)
 {
 	gchar **keyrings;
 	gsize i, length;
@@ -67,7 +68,8 @@ bool tlshd_config_init(const gchar *pathname)
 	if (!g_key_file_load_from_file(tlshd_configuration, pathname,
 				       G_KEY_FILE_KEEP_COMMENTS,
 				       &error)) {
-		tlshd_log_gerror("Failed to load config file", error);
+		if (!legacy)
+			tlshd_log_gerror("Failed to load config file", error);
 		g_error_free(error);
 		return false;
 	}

src/tlshd/main.c

@@ -63,13 +63,14 @@ static void usage(const char *progname)
 
 int main(int argc, char **argv)
 {
-	static gchar config_file[PATH_MAX + 1] = "/etc/tlshd.conf";
+	static gchar config_file[PATH_MAX + 1];
 	char *progname;
 	int c;
 	size_t len;
 
 	tlshd_tls_debug = 0;
 	progname = basename(argv[0]);
+	config_file[0] = '\0';
 	while ((c = getopt_long(argc, argv, optstring, longopts, NULL)) != -1) {
 		switch (c) {
 		case 'c':
@@ -100,10 +101,20 @@ int main(int argc, char **argv)
 
 	tlshd_log_init(progname);
 
-	if (!tlshd_config_init(config_file)) {
-		tlshd_log_shutdown();
-		tlshd_log_close();
-		return EXIT_FAILURE;
+	if (config_file[0] != '\0') {
+		if (!tlshd_config_init(config_file, false)) {
+			tlshd_log_shutdown();
+			tlshd_log_close();
+			return EXIT_FAILURE;
+		}
+	} else {
+		if (tlshd_config_init("/etc/tlshd.conf", true)) {
+			tlshd_log_notice("Please relocate /etc/tlshd.conf to /etc/tlshd/config");
+		} else if (!tlshd_config_init("/etc/tlshd/config", false)) {
+			tlshd_log_shutdown();
+			tlshd_log_close();
+			return EXIT_FAILURE;
+		}
 	}
 
 	if (tlshd_gnutls_priority_init()) {

src/tlshd/tlshd.h

@@ -54,7 +54,7 @@ extern void tlshd_tls13_clienthello_handshake(struct tlshd_handshake_parms *parm
 extern void tlshd_quic_clienthello_handshake(struct tlshd_handshake_parms *parms);
 
 /* config.c */
-bool tlshd_config_init(const gchar *pathname);
+bool tlshd_config_init(const gchar *pathname, bool legacy);
 void tlshd_config_shutdown(void);
 bool tlshd_config_get_truststore(int peer_type, char **bundle);
 bool tlshd_config_get_crl(int peer_type, char **result);