rename set_cipher_list() to set_tls_cipher_list()

2017-12-21 11:35:05 +01:00 · 2017-12-21 11:35:05 +01:00 · 8f88981efe
parent 7fe3bd6a1f
commit 8f88981efe
6 changed files with 37 additions and 33 deletions
--- a/2
+++ b/2
@ -1,6 +1,6 @@
 * 2017-12-??: Version 1.3.0
  * Specify available cipher suites for authenticated TLS upstreams
-    with getdns_context_set_ciphers_list()
+    with getdns_context_set_tls_ciphers_list()
  * PR #366: Add support for TLS 1.3 and Chacha20-Poly1305
    Thanks Pascal Ernster
  * Bugfix #356: Do Zero configuration DNSSEC meta queries over on the
--- a/src/const-info.c
+++ b/src/const-info.c
@ -91,7 +91,7 @@ static struct const_info consts_info[] = {
 	{     630, "GETDNS_CONTEXT_CODE_HOSTS", GETDNS_CONTEXT_CODE_HOSTS_TEXT },
 	{     631, "GETDNS_CONTEXT_CODE_CAPATH", GETDNS_CONTEXT_CODE_CAPATH_TEXT },
 	{     632, "GETDNS_CONTEXT_CODE_CAFILE", GETDNS_CONTEXT_CODE_CAFILE_TEXT },
-	{     633, "GETDNS_CONTEXT_CODE_CIPHER_LIST", GETDNS_CONTEXT_CODE_CIPHER_LIST_TEXT },
+	{     633, "GETDNS_CONTEXT_CODE_TLS_CIPHER_LIST", GETDNS_CONTEXT_CODE_TLS_CIPHER_LIST_TEXT },
 	{     700, "GETDNS_CALLBACK_COMPLETE", GETDNS_CALLBACK_COMPLETE_TEXT },
 	{     701, "GETDNS_CALLBACK_CANCEL", GETDNS_CALLBACK_CANCEL_TEXT },
 	{     702, "GETDNS_CALLBACK_TIMEOUT", GETDNS_CALLBACK_TIMEOUT_TEXT },
@ -164,7 +164,6 @@ static struct const_name_info consts_name_info[] = {
 	{ "GETDNS_CONTEXT_CODE_APPEND_NAME", 607 },
 	{ "GETDNS_CONTEXT_CODE_CAFILE", 632 },
 	{ "GETDNS_CONTEXT_CODE_CAPATH", 631 },
-	{ "GETDNS_CONTEXT_CODE_CIPHER_LIST", 633 },
 	{ "GETDNS_CONTEXT_CODE_DNSSEC_ALLOWED_SKEW", 614 },
 	{ "GETDNS_CONTEXT_CODE_DNSSEC_TRUST_ANCHORS", 609 },
 	{ "GETDNS_CONTEXT_CODE_DNS_ROOT_SERVERS", 604 },
@ -188,6 +187,7 @@ static struct const_name_info consts_name_info[] = {
 	{ "GETDNS_CONTEXT_CODE_TIMEOUT", 616 },
 	{ "GETDNS_CONTEXT_CODE_TLS_AUTHENTICATION", 618 },
 	{ "GETDNS_CONTEXT_CODE_TLS_BACKOFF_TIME", 623 },
+	{ "GETDNS_CONTEXT_CODE_TLS_CIPHER_LIST", 633 },
 	{ "GETDNS_CONTEXT_CODE_TLS_CONNECTION_RETRIES", 624 },
 	{ "GETDNS_CONTEXT_CODE_TLS_QUERY_PADDING_BLOCKSIZE", 620 },
 	{ "GETDNS_CONTEXT_CODE_TRUST_ANCHORS_URL", 625 },
--- a/src/context.c
+++ b/src/context.c
@ -1407,7 +1407,7 @@ static char const * const _getdns_default_trust_anchors_verify_CA =
 static char const * const _getdns_default_trust_anchors_verify_email =
    "dnssec@iana.org";

-static char const * const _getdns_default_cipher_list = 
+static char const * const _getdns_default_tls_cipher_list = 
 	"TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:"
 	"TLS13-CHACHA20-POLY1305-SHA256:EECDH+AESGCM:EECDH+CHACHA20";

@ -1518,7 +1518,7 @@ getdns_context_create_with_extended_memory_functions(
 	result->appdata_dir = NULL;
 	result->CApath = NULL;
 	result->CAfile = NULL;
-	result->cipher_list = NULL;
+	result->tls_cipher_list = NULL;

 	(void) memset(&result->root_ksk, 0, sizeof(result->root_ksk));

@ -1787,8 +1787,8 @@ getdns_context_destroy(struct getdns_context *context)
 		GETDNS_FREE(context->mf, context->CApath);
 	if (context->CAfile)
 		GETDNS_FREE(context->mf, context->CAfile);
-	if (context->cipher_list)
-		GETDNS_FREE(context->mf, context->cipher_list);
+	if (context->tls_cipher_list)
+		GETDNS_FREE(context->mf, context->tls_cipher_list);

 #ifdef USE_WINSOCK
 	WSACleanup();
@ -3580,8 +3580,8 @@ _getdns_context_prepare_for_resolution(getdns_context *context)
 			/* Be strict and only use the cipher suites recommended in RFC7525
 			   Unless we later fallback to opportunistic. */
 			if (!SSL_CTX_set_cipher_list(context->tls_ctx,
-			    context->cipher_list ? context->cipher_list
-			                         : _getdns_default_cipher_list))
+			    context->tls_cipher_list ? context->tls_cipher_list
+			                             : _getdns_default_tls_cipher_list))
 				return GETDNS_RETURN_BAD_CONTEXT;
 			/* For strict authentication, we must have local root certs available
 		       Set up is done only when the tls_ctx is created (per getdns_context)*/
@ -3897,8 +3897,8 @@ _get_context_settings(getdns_context* context)
 		(void) getdns_dict_util_set_string(result, "CApath", str_value);
 	if (!getdns_context_get_CAfile(context, &str_value) && str_value)
 		(void) getdns_dict_util_set_string(result, "CAfile", str_value);
-	if (!getdns_context_get_cipher_list(context, &str_value) && str_value)
-		(void) getdns_dict_util_set_string(result, "cipher_list", str_value);
+	if (!getdns_context_get_tls_cipher_list(context, &str_value) && str_value)
+		(void) getdns_dict_util_set_string(result, "tls_cipher_list", str_value);

 	/* Default settings for extensions */
 	(void)getdns_dict_set_int(
@ -4691,7 +4691,7 @@ _getdns_context_config_setting(getdns_context *context,
 	CONTEXT_SETTING_STRING(hosts)
 	CONTEXT_SETTING_STRING(CApath)
 	CONTEXT_SETTING_STRING(CAfile)
-	CONTEXT_SETTING_STRING(cipher_list)
+	CONTEXT_SETTING_STRING(tls_cipher_list)

 	/**************************************/
 	/****                              ****/
@ -5243,29 +5243,31 @@ getdns_context_get_CAfile(getdns_context *context, const char **CAfile)
 }

 getdns_return_t
-getdns_context_set_cipher_list(getdns_context *context, const char *cipher_list)
+getdns_context_set_tls_cipher_list(
+    getdns_context *context, const char *tls_cipher_list)
 {
 	if (!context)
 		return GETDNS_RETURN_INVALID_PARAMETER;
-	if (context->cipher_list)
-		GETDNS_FREE(context->mf, context->cipher_list);
-	context->cipher_list = cipher_list
-	                     ? _getdns_strdup(&context->mf, cipher_list)
-	                     : NULL;
+	if (context->tls_cipher_list)
+		GETDNS_FREE(context->mf, context->tls_cipher_list);
+	context->tls_cipher_list = tls_cipher_list
+	                         ? _getdns_strdup(&context->mf, tls_cipher_list)
+	                         : NULL;

-	dispatch_updated(context, GETDNS_CONTEXT_CODE_CIPHER_LIST);
+	dispatch_updated(context, GETDNS_CONTEXT_CODE_TLS_CIPHER_LIST);
 	return GETDNS_RETURN_GOOD;
 }

 getdns_return_t
-getdns_context_get_cipher_list(getdns_context *context, const char **cipher_list)
+getdns_context_get_tls_cipher_list(
+    getdns_context *context, const char **tls_cipher_list)
 {
-	if (!context || !cipher_list)
+	if (!context || !tls_cipher_list)
 		return GETDNS_RETURN_INVALID_PARAMETER;

-	*cipher_list = context->cipher_list
-	             ? context->cipher_list
-	             : _getdns_default_cipher_list;
+	*tls_cipher_list = context->tls_cipher_list
+	                 ? context->tls_cipher_list
+	                 : _getdns_default_tls_cipher_list;
 	return GETDNS_RETURN_GOOD;
 }

--- a/src/context.h
+++ b/src/context.h
@ -345,7 +345,7 @@ struct getdns_context {

 	char                 *CApath;
 	char                 *CAfile;
-	char                 *cipher_list;
+	char                 *tls_cipher_list;

 	getdns_upstreams     *upstreams;
 	uint16_t             limit_outstanding_queries;
--- a/src/getdns/getdns_extra.h.in
+++ b/src/getdns/getdns_extra.h.in
@ -98,8 +98,8 @@ extern "C" {
 #define GETDNS_CONTEXT_CODE_CAPATH_TEXT "Change related to getdns_context_set_CApath"
 #define GETDNS_CONTEXT_CODE_CAFILE 632
 #define GETDNS_CONTEXT_CODE_CAFILE_TEXT "Change related to getdns_context_set_CAfile"
-#define GETDNS_CONTEXT_CODE_CIPHER_LIST 633
-#define GETDNS_CONTEXT_CODE_CIPHER_LIST_TEXT "Change related to getdns_context_set_cipher_list"
+#define GETDNS_CONTEXT_CODE_TLS_CIPHER_LIST 633
+#define GETDNS_CONTEXT_CODE_TLS_CIPHER_LIST_TEXT "Change related to getdns_context_set_tls_cipher_list"

 /** @}
  */
@ -743,14 +743,15 @@ getdns_context_set_CAfile(getdns_context *context, const char *CAfile);

 /**
 * Sets the list of available ciphers for authenticated TLS upstreams.
- * @see getdns_context_get_cipher_list
+ * @see getdns_context_get_tls_cipher_list
 * @param[in] context      The context to configure
 * @param[in] cipher_list  The cipher list
 * @return GETDNS_RETURN_GOOD when successful
 * @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL.
 */
 getdns_return_t
-getdns_context_set_cipher_list(getdns_context *context, const char *CAfile);
+getdns_context_set_tls_cipher_list(
+    getdns_context *context, const char *cipher_list);

 /**
 * Get the current resolution type setting from this context.
@ -1261,14 +1262,15 @@ getdns_context_get_CAfile(getdns_context *context, const char **CAfile);

 /**
 * Get the list of available ciphers for authenticated TLS upstreams.
- * @see getdns_context_set_cipher_list
+ * @see getdns_context_set_tls_cipher_list
 * @param[in]  context      The context configure
 * @param[out] cipher_list  The cipher list
 * @return GETDNS_RETURN_GOOD when successful
 * @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL.
 */
 getdns_return_t
-getdns_context_get_cipher_list(getdns_context *context, const char **cipher_list);
+getdns_context_get_tls_cipher_list(
+    getdns_context *context, const char **cipher_list);


 /** @}
--- a/src/libgetdns.symbols
+++ b/src/libgetdns.symbols
@ -11,7 +11,6 @@ getdns_context_get_CAfile
 getdns_context_get_CApath
 getdns_context_get_api_information
 getdns_context_get_append_name
-getdns_context_get_cipher_list
 getdns_context_get_dns_root_servers
 getdns_context_get_dns_transport
 getdns_context_get_dns_transport_list
@ -36,6 +35,7 @@ getdns_context_get_suffix
 getdns_context_get_timeout
 getdns_context_get_tls_authentication
 getdns_context_get_tls_backoff_time
+getdns_context_get_tls_cipher_list
 getdns_context_get_tls_connection_retries
 getdns_context_get_tls_query_padding_blocksize
 getdns_context_get_trust_anchors_url
@ -49,7 +49,6 @@ getdns_context_set_CAfile
 getdns_context_set_CApath
 getdns_context_set_appdata_dir
 getdns_context_set_append_name
-getdns_context_set_cipher_list
 getdns_context_set_context_update_callback
 getdns_context_set_dns_root_servers
 getdns_context_set_dns_transport
@ -79,6 +78,7 @@ getdns_context_set_suffix
 getdns_context_set_timeout
 getdns_context_set_tls_authentication
 getdns_context_set_tls_backoff_time
+getdns_context_set_tls_cipher_list
 getdns_context_set_tls_connection_retries
 getdns_context_set_tls_query_padding_blocksize
 getdns_context_set_trust_anchors_url