From cbd8c5573ef6816d585d00d63568cf98aa6a97b8 Mon Sep 17 00:00:00 2001
From: Garrett D'Amore <garrett@damore.org>
Date: Sun, 27 Oct 2024 22:51:29 -0700
Subject: tls: Remove the individual TLS configuration options

This is a breaking change.

TLS configuration changes are to be made using TLS configuration
objects, and then set on a listener or dialer with NNG_OPT_TLS_CONFIG.
This should be a bit less racy, and allows for simpler code.
---
 src/supplemental/tls/tls_common.c | 167 --------------------------------------
 1 file changed, 167 deletions(-)

(limited to 'src/supplemental/tls')

diff --git a/src/supplemental/tls/tls_common.c b/src/supplemental/tls/tls_common.c
index a6b3a8d6..02ca1442 100644
--- a/src/supplemental/tls/tls_common.c
+++ b/src/supplemental/tls/tls_common.c
@@ -190,23 +190,6 @@ tls_dialer_dial(void *arg, nng_aio *aio)
 	nng_stream_dialer_dial(d->d, &conn->conn_aio);
 }
 
-static int
-tls_check_string(const void *v, size_t sz, nni_opt_type t)
-{
-	switch (t) {
-	case NNI_TYPE_OPAQUE:
-		if (nni_strnlen(v, sz) >= sz) {
-			return (NNG_EINVAL);
-		}
-		return (0);
-	case NNI_TYPE_STRING:
-		// Caller is assumed to pass a good string.
-		return (0);
-	default:
-		return (NNG_EBADTYPE);
-	}
-}
-
 static int
 tls_dialer_set_config(void *arg, const void *buf, size_t sz, nni_type t)
 {
@@ -249,87 +232,12 @@ tls_dialer_get_config(void *arg, void *buf, size_t *szp, nni_type t)
 	return (rv);
 }
 
-static int
-tls_dialer_set_server_name(void *arg, const void *buf, size_t sz, nni_type t)
-{
-	tls_dialer *d = arg;
-	int         rv;
-	if ((rv = tls_check_string(buf, sz, t)) == 0) {
-		nni_mtx_lock(&d->lk);
-		rv = nng_tls_config_server_name(d->cfg, buf);
-		nni_mtx_unlock(&d->lk);
-	}
-	return (rv);
-}
-
-static int
-tls_dialer_set_auth_mode(void *arg, const void *buf, size_t sz, nni_type t)
-{
-	int         mode;
-	int         rv;
-	tls_dialer *d = arg;
-
-	rv = nni_copyin_int(&mode, buf, sz, NNG_TLS_AUTH_MODE_NONE,
-	    NNG_TLS_AUTH_MODE_REQUIRED, t);
-	if (rv == 0) {
-		nni_mtx_lock(&d->lk);
-		rv = nng_tls_config_auth_mode(d->cfg, mode);
-		nni_mtx_unlock(&d->lk);
-	}
-	return (rv);
-}
-
-static int
-tls_dialer_set_ca_file(void *arg, const void *buf, size_t sz, nni_opt_type t)
-{
-	tls_dialer *d = arg;
-	int         rv;
-
-	if ((rv = tls_check_string(buf, sz, t)) == 0) {
-		nni_mtx_lock(&d->lk);
-		rv = nng_tls_config_ca_file(d->cfg, buf);
-		nni_mtx_unlock(&d->lk);
-	}
-	return (rv);
-}
-
-static int
-tls_dialer_set_cert_key_file(
-    void *arg, const void *buf, size_t sz, nni_opt_type t)
-{
-	tls_dialer *d = arg;
-	int         rv;
-
-	if ((rv = tls_check_string(buf, sz, t)) == 0) {
-		nni_mtx_lock(&d->lk);
-		rv = nng_tls_config_cert_key_file(d->cfg, buf, NULL);
-		nni_mtx_unlock(&d->lk);
-	}
-	return (rv);
-}
-
 static const nni_option tls_dialer_opts[] = {
 	{
 	    .o_name = NNG_OPT_TLS_CONFIG,
 	    .o_get  = tls_dialer_get_config,
 	    .o_set  = tls_dialer_set_config,
 	},
-	{
-	    .o_name = NNG_OPT_TLS_SERVER_NAME,
-	    .o_set  = tls_dialer_set_server_name,
-	},
-	{
-	    .o_name = NNG_OPT_TLS_CA_FILE,
-	    .o_set  = tls_dialer_set_ca_file,
-	},
-	{
-	    .o_name = NNG_OPT_TLS_CERT_KEY_FILE,
-	    .o_set  = tls_dialer_set_cert_key_file,
-	},
-	{
-	    .o_name = NNG_OPT_TLS_AUTH_MODE,
-	    .o_set  = tls_dialer_set_auth_mode,
-	},
 	{
 	    .o_name = NULL,
 	},
@@ -508,87 +416,12 @@ tls_listener_get_config(void *arg, void *buf, size_t *szp, nni_type t)
 	return (rv);
 }
 
-static int
-tls_listener_set_server_name(void *arg, const void *buf, size_t sz, nni_type t)
-{
-	tls_listener *l = arg;
-	int           rv;
-	if ((rv = tls_check_string(buf, sz, t)) == 0) {
-		nni_mtx_lock(&l->lk);
-		rv = nng_tls_config_server_name(l->cfg, buf);
-		nni_mtx_unlock(&l->lk);
-	}
-	return (rv);
-}
-
-static int
-tls_listener_set_auth_mode(void *arg, const void *buf, size_t sz, nni_type t)
-{
-	int           mode;
-	int           rv;
-	tls_listener *l = arg;
-
-	rv = nni_copyin_int(&mode, buf, sz, NNG_TLS_AUTH_MODE_NONE,
-	    NNG_TLS_AUTH_MODE_REQUIRED, t);
-	if (rv == 0) {
-		nni_mtx_lock(&l->lk);
-		rv = nng_tls_config_auth_mode(l->cfg, mode);
-		nni_mtx_unlock(&l->lk);
-	}
-	return (rv);
-}
-
-static int
-tls_listener_set_ca_file(void *arg, const void *buf, size_t sz, nni_opt_type t)
-{
-	tls_listener *l = arg;
-	int           rv;
-
-	if ((rv = tls_check_string(buf, sz, t)) == 0) {
-		nni_mtx_lock(&l->lk);
-		rv = nng_tls_config_ca_file(l->cfg, buf);
-		nni_mtx_unlock(&l->lk);
-	}
-	return (rv);
-}
-
-static int
-tls_listener_set_cert_key_file(
-    void *arg, const void *buf, size_t sz, nni_opt_type t)
-{
-	tls_listener *l = arg;
-	int           rv;
-
-	if ((rv = tls_check_string(buf, sz, t)) == 0) {
-		nni_mtx_lock(&l->lk);
-		rv = nng_tls_config_cert_key_file(l->cfg, buf, NULL);
-		nni_mtx_unlock(&l->lk);
-	}
-	return (rv);
-}
-
 static const nni_option tls_listener_opts[] = {
 	{
 	    .o_name = NNG_OPT_TLS_CONFIG,
 	    .o_get  = tls_listener_get_config,
 	    .o_set  = tls_listener_set_config,
 	},
-	{
-	    .o_name = NNG_OPT_TLS_SERVER_NAME,
-	    .o_set  = tls_listener_set_server_name,
-	},
-	{
-	    .o_name = NNG_OPT_TLS_CA_FILE,
-	    .o_set  = tls_listener_set_ca_file,
-	},
-	{
-	    .o_name = NNG_OPT_TLS_CERT_KEY_FILE,
-	    .o_set  = tls_listener_set_cert_key_file,
-	},
-	{
-	    .o_name = NNG_OPT_TLS_AUTH_MODE,
-	    .o_set  = tls_listener_set_auth_mode,
-	},
 	{
 	    .o_name = NULL,
 	},
-- 
cgit v1.2.3-70-g09d2