summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--bounce.c10
-rw-r--r--client.c11
-rwxr-xr-xconfigure4
-rw-r--r--local.c2
4 files changed, 24 insertions, 3 deletions
diff --git a/bounce.c b/bounce.c
index 95e3711..924a01b 100644
--- a/bounce.c
+++ b/bounce.c
@@ -64,6 +64,15 @@
 
 bool verbose;
 
+#ifdef __OpenBSD__
+static void hashPass(void) {
+	char hash[_PASSWORD_LEN];
+	char *pass = getpass("Password: ");
+	int error = crypt_newhash(pass, "bcrypt,a", hash, sizeof(hash));
+	if (error) err(EX_OSERR, "crypt_newhash");
+	printf("%s\n", hash);
+}
+#else
 static void hashPass(void) {
 	byte rand[12];
 	int error = getentropy(rand, sizeof(rand));
@@ -75,6 +84,7 @@ static void hashPass(void) {
 	char *pass = getpass("Password: ");
 	printf("%s\n", crypt(pass, salt));
 }
+#endif
 
 static void genReq(const char *path) {
 	const char *name = strrchr(path, '/');
diff --git a/client.c b/client.c
index 06efeb8..dcfc835 100644
--- a/client.c
+++ b/client.c
@@ -166,11 +166,16 @@ static void handlePass(struct Client *client, struct Message *msg) {
 		client->error = true;
 		return;
 	}
-	if (!strcmp(crypt(msg->params[0], clientPass), clientPass)) {
+#ifdef __OpenBSD__
+	int error = crypt_checkpass(msg->params[0], clientPass);
+#else
+	int error = strcmp(crypt(msg->params[0], clientPass), clientPass);
+#endif
+	if (error) {
+		passRequired(client);
+	} else {
 		client->need &= ~NeedPass;
 		maybeSync(client);
-	} else {
-		passRequired(client);
 	}
 	explicit_bzero(msg->params[0], strlen(msg->params[0]));
 }
diff --git a/configure b/configure
index 12f411c..4384104 100755
--- a/configure
+++ b/configure
@@ -37,6 +37,10 @@ case "$(uname)" in
 		defstr OPENSSL_BIN /usr/bin/openssl
 		defstr CERTBOT_PATH /usr/local/etc/letsencrypt
 		;;
+	(OpenBSD)
+		ldlibs -ltls
+		defstr OPENSSL_BIN /usr/bin/openssl
+		;;
 	(Linux)
 		cflags -D_GNU_SOURCE
 		ldlibs -lcrypt
diff --git a/local.c b/local.c
index ad95a00..a697e15 100644
--- a/local.c
+++ b/local.c
@@ -236,9 +236,11 @@ struct tls *localAccept(int *fd, int bind) {
 	int error = setsockopt(*fd, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on));
 	if (error) err(EX_OSERR, "setsockopt");
 
+#ifdef TCP_KEEPIDLE
 	int idle = 15 * 60;
 	error = setsockopt(*fd, IPPROTO_TCP, TCP_KEEPIDLE, &idle, sizeof(idle));
 	if (error) err(EX_OSERR, "setsockopt");
+#endif
 
 	struct tls *client;
 	error = tls_accept_socket(server, &client, *fd);