1 -----BEGIN PGP SIGNED MESSAGE-----
6 I've been hacking together a way to use rsync with OpenSSL, and have
7 attached my current patch against a recent CVS tree. The details of
8 this implementation are:
10 1. The SSL code is added as a "layer" that is forked into its own
13 2. An SSL connection is established by the client issuing the
18 And, if the server allows SSL, it replies with
22 At which point both sides begin negotiating the SSL connection.
23 Servers that can't or don't want to use SSL just treat it as a
24 normal unknown command.
26 3. The SSL code is meant to be unobtrusive, and when this patch is
27 applied the program may still be built with no SSL code.
29 4. There are a number of details not implemented.
31 All warnings apply; I don't do C programming all that often, so I
32 can't say if I've left any cleanup/compatibility errors in the code.
34 Also: <http://rsync.samba.org/lists.html> refers to the (now gone)
35 smart-questions document on tuxedo.org, which should now be catb.org.
40 Casey Marshall || rsdio@metastatic.org
41 -----BEGIN PGP SIGNATURE-----
42 Version: GnuPG v1.2.1 (GNU/Linux)
43 Comment: Processed by Mailcrypt 3.5.7 <http://mailcrypt.sourceforge.net/>
45 iD8DBQE/ih9xgAuWMgRGsWsRAp8RAJ0XyONLiOSDgHHAOBRNO6sZ/P2dRwCeKfu8
46 LEvhhkUglOm3xMyrdJT4u9Q=
48 -----END PGP SIGNATURE-----
50 --- Makefile.in 2 May 2004 17:04:14 -0000 1.100
51 +++ Makefile.in 8 May 2004 18:40:16 -0000
52 @@ -39,7 +39,7 @@ OBJS3=progress.o pipe.o
53 DAEMON_OBJ = params.o loadparm.o clientserver.o access.o connection.o authenticate.o
54 popt_OBJS=popt/findme.o popt/popt.o popt/poptconfig.o \
55 popt/popthelp.o popt/poptparse.o
56 -OBJS=$(OBJS1) $(OBJS2) $(OBJS3) $(DAEMON_OBJ) $(LIBOBJ) $(ZLIBOBJ) @BUILD_POPT@
57 +OBJS=$(OBJS1) $(OBJS2) $(OBJS3) $(DAEMON_OBJ) $(LIBOBJ) $(ZLIBOBJ) @BUILD_POPT@ @SSL_OBJS@
59 TLS_OBJ = tls.o syscall.o lib/permstring.o
61 --- cleanup.c 27 Jan 2004 08:14:33 -0000 1.21
62 +++ cleanup.c 8 May 2004 18:40:16 -0000
63 @@ -87,6 +87,9 @@ void _exit_cleanup(int code, const char
65 extern int keep_partial;
66 extern int log_got_error;
70 static int inside_cleanup = 0;
72 if (inside_cleanup > 10) {
73 @@ -97,6 +100,11 @@ void _exit_cleanup(int code, const char
75 signal(SIGUSR1, SIG_IGN);
76 signal(SIGUSR2, SIG_IGN);
84 rprintf(FINFO,"_exit_cleanup(code=%d, file=%s, line=%d): entered\n",
85 --- clientserver.c 14 Apr 2004 23:33:34 -0000 1.121
86 +++ clientserver.c 8 May 2004 18:40:16 -0000
87 @@ -46,6 +46,9 @@ extern int io_timeout;
88 extern int orig_umask;
90 extern int default_af_hint;
94 extern char *bind_address;
95 extern struct exclude_list_struct server_exclude_list;
96 extern char *exclude_path_prefix;
97 @@ -93,8 +96,18 @@ int start_socket_client(char *host, char
98 exit_cleanup(RERR_SOCKETIO);
100 ret = start_inband_exchange(user, path, fd, fd, argc);
106 + int f_in = get_tls_rfd();
107 + int f_out = get_tls_wfd();
108 + return client_run(f_in, f_out, -1, argc, argv);
112 - return ret < 0? ret : client_run(fd, fd, -1, argc, argv);
113 + return client_run(fd, fd, -1, argc, argv);
116 int start_inband_exchange(char *user, char *path, int f_in, int f_out, int argc)
117 @@ -145,6 +158,33 @@ int start_inband_exchange(char *user, ch
118 if (protocol_version > remote_protocol)
119 protocol_version = remote_protocol;
123 + io_printf(f_out, "#starttls\n");
125 + if (!read_line(f_in, line, sizeof(line)-1)) {
126 + rprintf(FERROR, "rsync: did not receive reply to #starttls\n");
129 + if (strncmp(line, "@ERROR", 6) == 0) {
130 + rprintf(FERROR, "rsync: ssl connection denied\n");
133 + if (strcmp(line, "@RSYNCD: starttls") == 0) {
136 + rprintf(FINFO, "%s\n", line);
138 + if (start_tls(f_in, f_out)) {
139 + rprintf(FERROR, "rsync: error during SSL handshake: %s\n",
143 + f_in = get_tls_rfd();
144 + f_out = get_tls_wfd();
148 p = strchr(path,'/');
150 io_printf(f_out, "%s\n", path);
151 @@ -172,6 +212,10 @@ int start_inband_exchange(char *user, ch
152 * server to terminate the listing of modules.
153 * We don't want to go on and transfer
154 * anything; just exit. */
162 @@ -179,6 +223,10 @@ int start_inband_exchange(char *user, ch
163 rprintf(FERROR,"%s\n", line);
164 /* This is always fatal; the server will now
165 * close the socket. */
170 return RERR_STARTCLIENT;
172 rprintf(FINFO,"%s\n", line);
173 @@ -485,6 +533,7 @@ static void send_listing(int fd)
174 io_printf(fd,"@RSYNCD: EXIT\n");
178 /* this is called when a connection is established to a client
179 and we want to start talking. The setup of the system is done from
181 @@ -543,6 +592,20 @@ int start_daemon(int f_in, int f_out)
187 + if (use_ssl && strcmp(line, "#starttls") == 0) {
188 + io_printf(f_out, "@RSYNCD: starttls\n");
189 + if (start_tls(f_in, f_out)) {
190 + rprintf(FLOG, "SSL connection failed: %s\n",
194 + f_in = get_tls_rfd();
195 + f_out = get_tls_wfd();
201 /* it's some sort of command that I don't understand */
202 --- config.h.in 29 Apr 2004 19:40:39 -0000 1.90
203 +++ config.h.in 8 May 2004 18:40:16 -0000
208 +/* true if you want to use SSL. */
211 /* Define to 1 if you have the `readlink' function. */
214 --- configure.in 30 Apr 2004 18:03:33 -0000 1.196
215 +++ configure.in 8 May 2004 18:40:16 -0000
216 @@ -271,6 +271,21 @@ yes
217 AC_SEARCH_LIBS(getaddrinfo, inet6)
220 +AC_ARG_ENABLE(openssl,
221 + AC_HELP_STRING([--enable-openssl], [compile SSL support with OpenSSL.]))
223 +if test "x$enable_openssl" != xno
226 + AC_CHECK_LIB(ssl, SSL_library_init, , [have_ssl=no])
227 + if test "x$have_ssl" = xyes
229 + AC_DEFINE(HAVE_OPENSSL, 1, [true if you want to use SSL.])
235 AC_MSG_CHECKING([whether to call shutdown on all sockets])
237 *cygwin* ) AC_MSG_RESULT(yes)
238 --- main.c 10 Feb 2004 03:54:47 -0000 1.192
239 +++ main.c 8 May 2004 18:40:16 -0000
240 @@ -51,6 +51,9 @@ extern int rsync_port;
241 extern int read_batch;
242 extern int write_batch;
243 extern int filesfrom_fd;
247 extern pid_t cleanup_child_pid;
248 extern char *files_from;
249 extern char *remote_filesfrom_file;
250 @@ -701,17 +704,32 @@ static int start_client(int argc, char *
254 + int url_prefix = strlen(URL_PREFIX);
256 /* Don't clobber argv[] so that ps(1) can still show the right
258 if ((rc = copy_argv(argv)))
261 + if (strncasecmp(URL_PREFIX, argv[0], url_prefix) != 0) {
263 + url_prefix = strlen(SSL_URL_PREFIX);
264 + if (strncasecmp(SSL_URL_PREFIX, argv[0], url_prefix) != 0)
275 /* rsync:// always uses rsync server over direct socket connection */
276 - if (strncasecmp(URL_PREFIX, argv[0], strlen(URL_PREFIX)) == 0) {
280 - host = argv[0] + strlen(URL_PREFIX);
281 + host = argv[0] + url_prefix;
282 p = strchr(host,'/');
285 @@ -760,12 +778,27 @@ static int start_client(int argc, char *
289 + url_prefix = strlen(URL_PREFIX);
290 + if (strncasecmp(URL_PREFIX, argv[0], url_prefix) != 0) {
292 + url_prefix = strlen(SSL_URL_PREFIX);
293 + if (strncasecmp(SSL_URL_PREFIX, argv[0], url_prefix) != 0)
305 /* rsync:// destination uses rsync server over direct socket */
306 - if (strncasecmp(URL_PREFIX, argv[argc-1], strlen(URL_PREFIX)) == 0) {
310 - host = argv[argc-1] + strlen(URL_PREFIX);
311 + host = argv[argc-1] + url_prefix;
312 p = strchr(host,'/');
315 --- options.c 6 May 2004 21:08:01 -0000 1.148
316 +++ options.c 8 May 2004 18:40:17 -0000
317 @@ -130,6 +130,14 @@ int quiet = 0;
318 int always_checksum = 0;
323 +char *ssl_cert_path = NULL;
324 +char *ssl_key_path = NULL;
325 +char *ssl_key_passwd = NULL;
326 +char *ssl_ca_path = NULL;
329 #define FIXED_CHECKSUM_SEED 32761
330 #define MAX_BATCH_PREFIX_LEN 256 /* Must be less than MAXPATHLEN-13 */
331 char *batch_prefix = NULL;
332 @@ -142,13 +150,13 @@ static int modify_window_set;
333 * address, or a hostname. **/
337 static void print_rsync_version(enum logcode f)
339 char const *got_socketpair = "no ";
340 char const *hardlinks = "no ";
341 char const *links = "no ";
342 char const *ipv6 = "no ";
343 + char const *ssl = "no ";
344 STRUCT_STAT *dumstat;
346 #ifdef HAVE_SOCKETPAIR
347 @@ -167,6 +175,10 @@ static void print_rsync_version(enum log
355 rprintf(f, "%s version %s protocol version %d\n",
356 RSYNC_NAME, RSYNC_VERSION, PROTOCOL_VERSION);
358 @@ -180,10 +192,10 @@ static void print_rsync_version(enum log
359 /* Note that this field may not have type ino_t. It depends
360 * on the complicated interaction between largefile feature
362 - rprintf(f, " %sIPv6, %d-bit system inums, %d-bit internal inums\n",
363 + rprintf(f, " %sIPv6, %d-bit system inums, %d-bit internal inums, %sssl\n",
365 (int) (sizeof dumstat->st_ino * 8),
366 - (int) (sizeof (uint64) * 8));
367 + (int) (sizeof (uint64) * 8), ssl);
368 #ifdef MAINTAINER_MODE
369 rprintf(f, " panic action: \"%s\"\n",
371 @@ -294,6 +306,13 @@ void usage(enum logcode F)
372 rprintf(F," -4 --ipv4 prefer IPv4\n");
373 rprintf(F," -6 --ipv6 prefer IPv6\n");
376 + rprintf(F," --ssl allow socket connections to use SSL\n");
377 + rprintf(F," --ssl-cert=FILE path to server's SSL certificate\n");
378 + rprintf(F," --ssl-key=FILE path to server's SSL private key\n");
379 + rprintf(F," --ssl-key-passwd=PASS password for PEM-encoded private key\n");
380 + rprintf(F," --ssl-ca-certs=FILE path to trusted CA certificates\n");
382 rprintf(F," -h, --help show this help screen\n");
385 @@ -305,7 +324,7 @@ void usage(enum logcode F)
386 enum {OPT_VERSION = 1000, OPT_SENDER, OPT_EXCLUDE, OPT_EXCLUDE_FROM,
387 OPT_DELETE_AFTER, OPT_DELETE_EXCLUDED, OPT_LINK_DEST,
388 OPT_INCLUDE, OPT_INCLUDE_FROM, OPT_MODIFY_WINDOW,
389 - OPT_READ_BATCH, OPT_WRITE_BATCH,
390 + OPT_READ_BATCH, OPT_WRITE_BATCH, OPT_USE_SSL,
391 OPT_REFUSED_BASE = 9000};
393 static struct poptOption long_options[] = {
394 @@ -390,6 +409,13 @@ static struct poptOption long_options[]
395 {"ipv4", '4', POPT_ARG_VAL, &default_af_hint, AF_INET, 0, 0 },
396 {"ipv6", '6', POPT_ARG_VAL, &default_af_hint, AF_INET6, 0, 0 },
399 + {"ssl", 0, POPT_ARG_NONE, 0, OPT_USE_SSL, 0, 0},
400 + {"ssl-cert", 0, POPT_ARG_STRING, &ssl_cert_path, OPT_USE_SSL, 0, 0},
401 + {"ssl-key", 0, POPT_ARG_STRING, &ssl_key_path, OPT_USE_SSL, 0, 0},
402 + {"ssl-key-passwd", 0, POPT_ARG_STRING, &ssl_key_passwd, OPT_USE_SSL, 0, 0},
403 + {"ssl-ca-certs", 0, POPT_ARG_STRING, &ssl_ca_path, OPT_USE_SSL, 0, 0},
408 @@ -584,6 +610,12 @@ int parse_arguments(int *argc, const cha
419 /* A large opt value means that set_refuse_options()
420 * turned this option off (opt-BASE is its index). */
421 @@ -722,6 +754,17 @@ int parse_arguments(int *argc, const cha
423 if (do_progress && !verbose)
429 + snprintf(err_buf, sizeof(err_buf),
430 + "Openssl error: %s\n",
439 --- proto.h 22 Apr 2004 09:58:09 -0000 1.189
440 +++ proto.h 8 May 2004 18:40:17 -0000
441 @@ -209,6 +209,12 @@ void start_accept_loop(int port, int (*f
442 void set_socket_options(int fd, char *options);
443 void become_daemon(void);
444 int sock_exec(const char *prog);
446 +char *get_ssl_error(void);
447 +int get_tls_rfd(void);
448 +int get_tls_wfd(void);
449 +int start_tls(int f_in, int f_out);
451 int do_unlink(char *fname);
452 int do_symlink(char *fname1, char *fname2);
453 int do_link(char *fname1, char *fname2);
454 --- rsync.h 2 May 2004 16:34:33 -0000 1.200
455 +++ rsync.h 8 May 2004 18:40:17 -0000
458 #define DEFAULT_LOCK_FILE "/var/run/rsyncd.lock"
459 #define URL_PREFIX "rsync://"
460 +#define SSL_URL_PREFIX "rsyncs://"
462 #define BACKUP_SUFFIX "~"
464 @@ -321,6 +322,11 @@ enum msgcode {
466 /* As long as it gets... */
467 #define uint64 unsigned off_t
471 +#include <openssl/ssl.h>
472 +#include <openssl/err.h>
475 /* Starting from protocol version 26, we always use 64-bit
476 --- /dev/null 1 Jan 1970 00:00:00 -0000
477 +++ ssl.c 8 May 2004 18:40:17 -0000
479 +/* -*- c-file-style: "linux" -*-
480 + * ssl.c: operations for negotiating SSL rsync connections.
482 + * Copyright (C) 2003 Casey Marshall <rsdio@metastatic.org>
484 + * This program is free software; you can redistribute it and/or modify
485 + * it under the terms of the GNU General Public License as published by
486 + * the Free Software Foundation; either version 2 of the License, or
487 + * (at your option) any later version.
489 + * This program is distributed in the hope that it will be useful,
490 + * but WITHOUT ANY WARRANTY; without even the implied warranty of
491 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
492 + * GNU General Public License for more details.
494 + * You should have received a copy of the GNU General Public License
495 + * along with this program; if not, write to the Free Software
496 + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
501 +#ifdef HAVE_SYS_SELECT_H
502 +#include <sys/select.h>
504 +#include <sys/time.h>
505 +#include <sys/types.h>
510 +#define BUF_SIZE 1024
513 +extern int am_daemon;
514 +extern int am_server;
516 +extern char *ssl_cert_path;
517 +extern char *ssl_key_path;
518 +extern char *ssl_key_passwd;
519 +extern char *ssl_ca_path;
521 +static SSL_CTX *ssl_ctx;
523 +static int tls_read[2] = { -1, -1 };
524 +static int tls_write[2] = { -1, -1 };
525 +static int ssl_running;
526 +static int ssl_pid = -1;
529 + * A non-interactive callback to be passed to SSL_CTX_set_default_password_cb,
530 + * which merely copies the value of ssl_key_passwd into buf. This is
531 + * used for when the private key password is supplied via an option.
533 +static int default_password_cb(char *buf, int n, UNUSED(int f), UNUSED(void *u))
535 + if (ssl_key_passwd == NULL || n < strlen(ssl_key_passwd))
537 + strncpy(buf, ssl_key_passwd, n-1);
538 + return strlen(ssl_key_passwd);
542 + * If verbose, this method traces the status of the SSL handshake.
544 +static void info_callback(SSL *ssl, int cb, int val)
551 + cbs = "SSL_CB_LOOP";
554 + cbs = "SSL_CB_EXIT";
557 + cbs = "SSL_CB_READ";
560 + cbs = "SSL_CB_WRITE";
563 + cbs = "SSL_CB_ALERT";
565 + case SSL_CB_READ_ALERT:
566 + cbs = "SSL_CB_READ_ALERT";
568 + case SSL_CB_WRITE_ALERT:
569 + cbs = "SSL_CB_WRITE_ALERT";
571 + case SSL_CB_ACCEPT_LOOP:
572 + cbs = "SSL_CB_ACCEPT_LOOP";
574 + case SSL_CB_ACCEPT_EXIT:
575 + cbs = "SSL_CB_ACCEPT_EXIT";
577 + case SSL_CB_CONNECT_LOOP:
578 + cbs = "SSL_CB_CONNECT_LOOP";
580 + case SSL_CB_CONNECT_EXIT:
581 + cbs = "SSL_CB_CONNECT_EXIT";
583 + case SSL_CB_HANDSHAKE_START:
584 + cbs = "SSL_CB_HANDSHAKE_START";
586 + case SSL_CB_HANDSHAKE_DONE:
587 + cbs = "SSL_CB_HANDSHAKE_DONE";
590 + snprintf(buf, sizeof buf, "??? (%d)", cb);
595 + rprintf(FLOG, "SSL: info_callback(%p,%s,%d)\n", ssl, cbs, val);
596 + if (cb == SSL_CB_HANDSHAKE_DONE) {
597 + SSL_CIPHER_description(SSL_get_current_cipher(ssl),
599 + rprintf(FLOG, "SSL: cipher: %s", buf);
605 + * Initializes the SSL context for TLSv1 connections; returns zero on
612 + SSL_library_init();
613 + SSL_load_error_strings();
614 + ssl_ctx = SSL_CTX_new(TLSv1_method());
617 + SSL_CTX_set_info_callback(ssl_ctx, info_callback);
619 + /* Sets the certificate sent to the other party. */
620 + if (ssl_cert_path != NULL
621 + && SSL_CTX_use_certificate_file(ssl_ctx, ssl_cert_path,
622 + SSL_FILETYPE_PEM) != 1)
624 + /* Set up the simple non-interactive callback if the password
625 + * was supplied on the command line. */
626 + if (ssl_key_passwd != NULL)
627 + SSL_CTX_set_default_passwd_cb(ssl_ctx, default_password_cb);
628 + /* Sets the private key that matches the public certificate. */
629 + if (ssl_key_path != NULL) {
630 + if (SSL_CTX_use_PrivateKey_file(ssl_ctx, ssl_key_path,
631 + SSL_FILETYPE_PEM) != 1)
633 + if (SSL_CTX_check_private_key(ssl_ctx) != 1)
636 + if (ssl_ca_path != NULL
637 + && !SSL_CTX_load_verify_locations(ssl_ctx, ssl_ca_path, NULL))
644 + * Returns the error string for the current SSL error, if any.
646 +char *get_ssl_error(void)
648 + return ERR_error_string(ERR_get_error(), NULL);
652 + * Returns the input file descriptor for the SSL connection.
654 +int get_tls_rfd(void)
656 + return tls_read[0];
660 + * Returns the output file descriptor for the SSL connection.
662 +int get_tls_wfd(void)
664 + return tls_write[1];
668 + * Signal handler that ends the SSL connection.
670 +static RETSIGTYPE tls_sigusr1(int UNUSED(val))
681 + * Negotiates the TLS connection, creates a socket pair for communicating
682 + * with the rsync process, then forks into a new process that will handle
683 + * the communication.
685 + * 0 is returned on success.
687 +int start_tls(int f_in, int f_out)
691 + unsigned char buf1[BUF_SIZE], buf2[BUF_SIZE];
692 + int avail1 = 0, avail2 = 0, write1 = 0, write2 = 0;
695 + if (fd_pair(tls_read))
697 + if (fd_pair(tls_write))
700 + set_blocking(tls_read[0]);
701 + set_blocking(tls_read[1]);
702 + set_blocking(tls_write[0]);
703 + set_blocking(tls_write[1]);
704 + set_blocking(f_in);
705 + set_blocking(f_out);
707 + ssl_pid = do_fork();
710 + if (ssl_pid != 0) {
711 + close(tls_write[0]);
712 + close(tls_read[1]);
716 + signal(SIGUSR1, tls_sigusr1);
717 + ssl = SSL_new(ssl_ctx);
720 + if (am_daemon || am_server)
721 + SSL_set_accept_state(ssl);
723 + SSL_set_connect_state(ssl);
724 + SSL_set_rfd(ssl, f_in);
725 + SSL_set_wfd(ssl, f_out);
727 + tls_fd = SSL_get_fd(ssl);
729 + n = MAX(tls_read[1], n);
730 + n = MAX(tls_fd, n) + 1;
733 + while (ssl_running) {
736 + FD_SET(tls_write[0], &rd);
737 + FD_SET(tls_read[1], &wd);
738 + FD_SET(tls_fd, &rd);
739 + FD_SET(tls_fd, &wd);
741 + r = select(n, &rd, &wd, NULL, NULL);
743 + if (r == -1 && errno == EINTR)
745 + if (FD_ISSET(tls_write[0], &rd)) {
746 + r = read(tls_write[0], buf1+avail1, BUF_SIZE-avail1);
750 + rprintf(FERROR, "pipe read error: %s\n",
755 + if (FD_ISSET(tls_fd, &rd)) {
756 + r = SSL_read(ssl, buf2+avail2, BUF_SIZE-avail2);
760 + switch (SSL_get_error(ssl, r)) {
761 + case SSL_ERROR_ZERO_RETURN:
763 + case SSL_ERROR_WANT_READ:
764 + case SSL_ERROR_WANT_WRITE:
766 + case SSL_ERROR_SYSCALL:
768 + rprintf(FERROR, "SSL spurious EOF\n");
770 + rprintf(FERROR, "SSL I/O error: %s\n",
773 + case SSL_ERROR_SSL:
774 + rprintf(FERROR, "SSL: %s\n",
775 + ERR_error_string(ERR_get_error(), NULL));
778 + rprintf(FERROR, "unexpected ssl error %d\n", r);
783 + if (FD_ISSET(tls_read[1], &wd) && write2 < avail2) {
784 + r = write(tls_read[1], buf2+write2, avail2-write2);
788 + rprintf(FERROR, "pipe write error: %s\n",
793 + if (FD_ISSET(tls_fd, &wd) && write1 < avail1) {
794 + r = SSL_write(ssl, buf1+write1, avail1-write1);
798 + switch (SSL_get_error(ssl, r)) {
799 + case SSL_ERROR_ZERO_RETURN:
801 + case SSL_ERROR_WANT_READ:
802 + case SSL_ERROR_WANT_WRITE:
804 + case SSL_ERROR_SYSCALL:
806 + rprintf(FERROR, "SSL: spurious EOF\n");
808 + rprintf(FERROR, "SSL: I/O error: %s\n",
811 + case SSL_ERROR_SSL:
812 + rprintf(FERROR, "SSL: %s\n",
813 + ERR_error_string(ERR_get_error(), NULL));
816 + rprintf(FERROR, "unexpected ssl error %d\n", r);
821 + if (avail1 == write1)
822 + avail1 = write1 = 0;
823 + if (avail2 == write2)
824 + avail2 = write2 = 0;
827 + /* XXX I'm pretty sure that there is a lot that I am not considering
828 + here. Bugs? Yes, probably. */
830 + /* We're finished. */
832 + close(tls_read[1]);
833 + close(tls_write[0]);
838 + * Ends the TLS connection.
843 + kill(ssl_pid, SIGUSR1);
Matt McCutchen's Web Site / rsync / rsync-patches.git / blob