------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
+After applying this patch, run these commands for a successful build:
-Hi.
+ autoconf
+ autoheader
+ ./configure
+ make proto
+ make
+
+Casey Marshall writes:
I've been hacking together a way to use rsync with OpenSSL, and have
attached my current patch against a recent CVS tree. The details of
All warnings apply; I don't do C programming all that often, so I
can't say if I've left any cleanup/compatibility errors in the code.
-Also: <http://rsync.samba.org/lists.html> refers to the (now gone)
-smart-questions document on tuxedo.org, which should now be catb.org.
-
-Cheers,
-
-- --
-Casey Marshall || rsdio@metastatic.org
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.2.1 (GNU/Linux)
-Comment: Processed by Mailcrypt 3.5.7 <http://mailcrypt.sourceforge.net/>
-iD8DBQE/ih9xgAuWMgRGsWsRAp8RAJ0XyONLiOSDgHHAOBRNO6sZ/P2dRwCeKfu8
-LEvhhkUglOm3xMyrdJT4u9Q=
-=aT/N
------END PGP SIGNATURE-----
-
---- Makefile.in 2 May 2004 17:04:14 -0000 1.100
-+++ Makefile.in 8 May 2004 18:40:16 -0000
+--- orig/Makefile.in 2004-11-03 11:56:03
++++ Makefile.in 2004-10-08 20:17:06
@@ -39,7 +39,7 @@ OBJS3=progress.o pipe.o
DAEMON_OBJ = params.o loadparm.o clientserver.o access.o connection.o authenticate.o
popt_OBJS=popt/findme.o popt/popt.o popt/poptconfig.o \
-OBJS=$(OBJS1) $(OBJS2) $(OBJS3) $(DAEMON_OBJ) $(LIBOBJ) $(ZLIBOBJ) @BUILD_POPT@
+OBJS=$(OBJS1) $(OBJS2) $(OBJS3) $(DAEMON_OBJ) $(LIBOBJ) $(ZLIBOBJ) @BUILD_POPT@ @SSL_OBJS@
- TLS_OBJ = tls.o syscall.o lib/permstring.o
+ TLS_OBJ = tls.o syscall.o lib/compat.o lib/snprintf.o lib/permstring.o
---- cleanup.c 27 Jan 2004 08:14:33 -0000 1.21
-+++ cleanup.c 8 May 2004 18:40:16 -0000
-@@ -87,6 +87,9 @@ void _exit_cleanup(int code, const char
- int ocode = code;
- extern int keep_partial;
- extern int log_got_error;
-+#ifdef HAVE_OPENSSL
-+ extern int use_ssl;
-+#endif
- static int inside_cleanup = 0;
+--- orig/cleanup.c 2005-02-07 20:41:56
++++ cleanup.c 2005-01-10 10:43:22
+@@ -22,6 +22,9 @@
+ #include "rsync.h"
- if (inside_cleanup > 10) {
+ extern int io_error;
++#if HAVE_OPENSSL
++extern int use_ssl;
++#endif
+ extern int keep_partial;
+ extern int log_got_error;
+ extern char *partial_dir;
@@ -97,6 +100,11 @@ void _exit_cleanup(int code, const char
-
signal(SIGUSR1, SIG_IGN);
signal(SIGUSR2, SIG_IGN);
-+
-+#ifdef HAVE_OPENSSL
+
++#if HAVE_OPENSSL
+ if (use_ssl)
+ end_tls();
+#endif
-
- if (verbose > 3)
- rprintf(FINFO,"_exit_cleanup(code=%d, file=%s, line=%d): entered\n",
---- clientserver.c 14 Apr 2004 23:33:34 -0000 1.121
-+++ clientserver.c 8 May 2004 18:40:16 -0000
-@@ -46,6 +46,9 @@ extern int io_timeout;
++
+ if (verbose > 3) {
+ rprintf(FINFO,"_exit_cleanup(code=%d, file=%s, line=%d): entered\n",
+ code, safe_fname(file), line);
+--- orig/clientserver.c 2005-02-14 02:45:10
++++ clientserver.c 2004-10-08 20:44:59
+@@ -45,6 +45,9 @@ extern int select_timeout;
extern int orig_umask;
extern int no_detach;
extern int default_af_hint;
-+#ifdef HAVE_OPENSSL
++#if HAVE_OPENSSL
+extern int use_ssl;
+#endif
extern char *bind_address;
- extern struct exclude_list_struct server_exclude_list;
- extern char *exclude_path_prefix;
-@@ -93,8 +96,18 @@ int start_socket_client(char *host, char
+ extern struct filter_list_struct server_filter_list;
+ extern char *config_file;
+@@ -100,8 +103,18 @@ int start_socket_client(char *host, char
exit_cleanup(RERR_SOCKETIO);
ret = start_inband_exchange(user, path, fd, fd, argc);
+ if (ret < 0)
+ return ret;
+
-+#ifdef HAVE_OPENSSL
++#if HAVE_OPENSSL
+ if (use_ssl) {
+ int f_in = get_tls_rfd();
+ int f_out = get_tls_wfd();
+ return client_run(fd, fd, -1, argc, argv);
}
- int start_inband_exchange(char *user, char *path, int f_in, int f_out, int argc)
-@@ -145,6 +158,33 @@ int start_inband_exchange(char *user, ch
- if (protocol_version > remote_protocol)
- protocol_version = remote_protocol;
+ int start_inband_exchange(char *user, char *path, int f_in, int f_out,
+@@ -162,6 +175,33 @@ int start_inband_exchange(char *user, ch
+ if (verbose > 1)
+ print_child_argv(sargs);
-+#ifdef HAVE_OPENSSL
++#if HAVE_OPENSSL
+ if (use_ssl) {
+ io_printf(f_out, "#starttls\n");
+ while (1) {
+ return -1;
+ }
+ if (strncmp(line, "@ERROR", 6) == 0) {
-+ rprintf(FERROR, "rsync: ssl connection denied\n");
++ rprintf(FERROR, "%s\n", line);
+ return -1;
+ }
+ if (strcmp(line, "@RSYNCD: starttls") == 0) {
p = strchr(path,'/');
if (p) *p = 0;
io_printf(f_out, "%s\n", path);
-@@ -172,6 +212,10 @@ int start_inband_exchange(char *user, ch
+@@ -190,6 +230,10 @@ int start_inband_exchange(char *user, ch
* server to terminate the listing of modules.
* We don't want to go on and transfer
* anything; just exit. */
-+#ifdef HAVE_OPENSSL
++#if HAVE_OPENSSL
+ if (use_ssl)
+ end_tls();
+#endif
exit(0);
}
-@@ -179,6 +223,10 @@ int start_inband_exchange(char *user, ch
- rprintf(FERROR,"%s\n", line);
+@@ -197,6 +241,10 @@ int start_inband_exchange(char *user, ch
+ rprintf(FERROR, "%s\n", line);
/* This is always fatal; the server will now
* close the socket. */
-+#ifdef HAVE_OPENSSL
++#if HAVE_OPENSSL
+ if (use_ssl)
+ end_tls();
+#endif
return RERR_STARTCLIENT;
} else {
rprintf(FINFO,"%s\n", line);
-@@ -485,6 +533,7 @@ static void send_listing(int fd)
+@@ -526,6 +574,7 @@ static void send_listing(int fd)
io_printf(fd,"@RSYNCD: EXIT\n");
}
/* this is called when a connection is established to a client
and we want to start talking. The setup of the system is done from
here */
-@@ -543,6 +592,20 @@ int start_daemon(int f_in, int f_out)
- send_listing(f_out);
- return -1;
- }
-+
+@@ -575,6 +624,9 @@ int start_daemon(int f_in, int f_out)
+ if (protocol_version > remote_protocol)
+ protocol_version = remote_protocol;
+
+#if HAVE_OPENSSL
-+ if (use_ssl && strcmp(line, "#starttls") == 0) {
-+ io_printf(f_out, "@RSYNCD: starttls\n");
-+ if (start_tls(f_in, f_out)) {
-+ rprintf(FLOG, "SSL connection failed: %s\n",
-+ get_ssl_error());
-+ return -1;
-+ }
-+ f_in = get_tls_rfd();
-+ f_out = get_tls_wfd();
-+ continue;
-+ }
++retry:
+#endif
+ line[0] = 0;
+ if (!read_line(f_in, line, sizeof line - 1))
+ return -1;
+@@ -584,6 +636,20 @@ int start_daemon(int f_in, int f_out)
+ return -1;
+ }
- if (*line == '#') {
- /* it's some sort of command that I don't understand */
---- config.h.in 29 Apr 2004 19:40:39 -0000 1.90
-+++ config.h.in 8 May 2004 18:40:16 -0000
-@@ -167,6 +167,9 @@
- /* */
- #undef HAVE_OFF64_T
-
-+/* true if you want to use SSL. */
-+#undef HAVE_OPENSSL
++#if HAVE_OPENSSL
++ if (use_ssl && strcmp(line, "#starttls") == 0) {
++ io_printf(f_out, "@RSYNCD: starttls\n");
++ if (start_tls(f_in, f_out)) {
++ rprintf(FLOG, "SSL connection failed: %s\n",
++ get_ssl_error());
++ return -1;
++ }
++ f_in = get_tls_rfd();
++ f_out = get_tls_wfd();
++ goto retry;
++ }
++#endif
+
- /* Define to 1 if you have the `readlink' function. */
- #undef HAVE_READLINK
-
---- configure.in 30 Apr 2004 18:03:33 -0000 1.196
-+++ configure.in 8 May 2004 18:40:16 -0000
+ if (*line == '#') {
+ /* it's some sort of command that I don't understand */
+ io_printf(f_out, "@ERROR: Unknown command '%s'\n", line);
+--- orig/configure.in 2005-01-28 23:01:08
++++ configure.in 2004-07-03 20:22:28
@@ -271,6 +271,21 @@ yes
AC_SEARCH_LIBS(getaddrinfo, inet6)
fi
AC_MSG_CHECKING([whether to call shutdown on all sockets])
case $host_os in
*cygwin* ) AC_MSG_RESULT(yes)
---- main.c 10 Feb 2004 03:54:47 -0000 1.192
-+++ main.c 8 May 2004 18:40:16 -0000
-@@ -51,6 +51,9 @@ extern int rsync_port;
- extern int read_batch;
- extern int write_batch;
+--- orig/main.c 2005-02-14 02:45:10
++++ main.c 2004-10-08 20:15:28
+@@ -53,6 +53,9 @@ extern int write_batch;
+ extern int batch_fd;
+ extern int batch_gen_fd;
extern int filesfrom_fd;
-+#ifdef HAVE_OPENSSL
++#if HAVE_OPENSSL
+extern int use_ssl;
+#endif
extern pid_t cleanup_child_pid;
extern char *files_from;
extern char *remote_filesfrom_file;
-@@ -701,17 +704,32 @@ static int start_client(int argc, char *
- pid_t pid;
- int f_in,f_out;
- int rc;
-+ int url_prefix = strlen(URL_PREFIX);
-
- /* Don't clobber argv[] so that ps(1) can still show the right
- * command line. */
+@@ -823,33 +826,48 @@ static int start_client(int argc, char *
if ((rc = copy_argv(argv)))
return rc;
-+ if (strncasecmp(URL_PREFIX, argv[0], url_prefix) != 0) {
-+#ifdef HAVE_OPENSSL
-+ url_prefix = strlen(SSL_URL_PREFIX);
-+ if (strncasecmp(SSL_URL_PREFIX, argv[0], url_prefix) != 0)
-+ url_prefix = 0;
-+ else {
-+ if (!use_ssl)
-+ init_tls();
-+ use_ssl = 1;
-+ }
-+#else
-+ url_prefix = 0;
-+#endif
-+ }
- /* rsync:// always uses rsync server over direct socket connection */
-- if (strncasecmp(URL_PREFIX, argv[0], strlen(URL_PREFIX)) == 0) {
-+ if (url_prefix) {
- char *host, *path;
+- /* rsync:// always uses rsync server over direct socket connection */
+- if (strncasecmp(URL_PREFIX, argv[0], strlen(URL_PREFIX)) == 0
+- && !read_batch) {
+- char *host, *path;
++ if (!read_batch) { /* for read_batch, NO source is specified */
++ int url_prefix_len = sizeof URL_PREFIX - 1;
- host = argv[0] + strlen(URL_PREFIX);
-+ host = argv[0] + url_prefix;
- p = strchr(host,'/');
- if (p) {
- *p = 0;
-@@ -760,12 +778,27 @@ static int start_client(int argc, char *
+- p = strchr(host,'/');
+- if (p) {
+- *p = '\0';
+- path = p+1;
+- } else
+- path = "";
+- if (*host == '[' && (p = strchr(host, ']')) != NULL) {
+- host++;
+- *p++ = '\0';
+- if (*p != ':')
+- p = NULL;
+- } else
+- p = strchr(host, ':');
+- if (p) {
+- rsync_port = atoi(p+1);
+- *p = '\0';
++ /* rsync:// always uses rsync server over direct socket connection */
++ if (strncasecmp(URL_PREFIX, argv[0], url_prefix_len) != 0) {
++#if HAVE_OPENSSL
++ url_prefix_len = sizeof SSL_URL_PREFIX - 1;
++ if (strncasecmp(SSL_URL_PREFIX, argv[0], url_prefix_len) != 0)
++ url_prefix_len = 0;
++ else {
++ if (!use_ssl)
++ init_tls();
++ use_ssl = 1;
++ }
++#else
++ url_prefix_len = 0;
++#endif
++ }
++ if (url_prefix_len) {
++ char *host, *path;
++
++ host = argv[0] + url_prefix_len;
++ p = strchr(host,'/');
++ if (p) {
++ *p = '\0';
++ path = p+1;
++ } else
++ path = "";
++ if (*host == '[' && (p = strchr(host, ']')) != NULL) {
++ host++;
++ *p++ = '\0';
++ if (*p != ':')
++ p = NULL;
++ } else
++ p = strchr(host, ':');
++ if (p) {
++ rsync_port = atoi(p+1);
++ *p = '\0';
++ }
++ return start_socket_client(host, path, argc-1, argv+1);
+ }
+- return start_socket_client(host, path, argc-1, argv+1);
+- }
+
+- if (!read_batch) { /* for read_batch, NO source is specified */
+ p = find_colon(argv[0]);
+ if (p) { /* source is remote */
+ if (remote_filesfrom_file
+@@ -881,12 +899,26 @@ static int start_client(int argc, char *
argv++;
- } else {
+ } else { /* source is local */
am_sender = 1;
-+ url_prefix = strlen(URL_PREFIX);
-+ if (strncasecmp(URL_PREFIX, argv[0], url_prefix) != 0) {
-+#ifdef HAVE_OPENSSL
-+ url_prefix = strlen(SSL_URL_PREFIX);
-+ if (strncasecmp(SSL_URL_PREFIX, argv[0], url_prefix) != 0)
-+ url_prefix = 0;
+-
++ url_prefix_len = sizeof URL_PREFIX - 1;
+ /* rsync:// destination uses rsync server over direct socket */
+- if (strncasecmp(URL_PREFIX, argv[argc-1], strlen(URL_PREFIX)) == 0) {
++ if (strncasecmp(URL_PREFIX, argv[argc-1], url_prefix_len) != 0) {
++#if HAVE_OPENSSL
++ url_prefix_len = sizeof SSL_URL_PREFIX - 1;
++ if (strncasecmp(SSL_URL_PREFIX, argv[argc-1], url_prefix_len) != 0)
++ url_prefix_len = 0;
+ else {
+ if (!use_ssl)
+ init_tls();
+ use_ssl = 1;
+ }
+#else
-+ url_prefix = 0;
++ url_prefix_len = 0;
+#endif
+ }
-
- /* rsync:// destination uses rsync server over direct socket */
-- if (strncasecmp(URL_PREFIX, argv[argc-1], strlen(URL_PREFIX)) == 0) {
-+ if (url_prefix) {
++ if (url_prefix_len) {
char *host, *path;
- host = argv[argc-1] + strlen(URL_PREFIX);
-+ host = argv[argc-1] + url_prefix;
++ host = argv[argc-1] + url_prefix_len;
p = strchr(host,'/');
if (p) {
- *p = 0;
---- options.c 6 May 2004 21:08:01 -0000 1.148
-+++ options.c 8 May 2004 18:40:17 -0000
-@@ -130,6 +130,14 @@ int quiet = 0;
+ *p = '\0';
+--- orig/options.c 2005-02-14 02:45:10
++++ options.c 2004-11-27 18:31:46
+@@ -144,6 +144,14 @@ int quiet = 0;
int always_checksum = 0;
int list_only = 0;
-+#ifdef HAVE_OPENSSL
++#if HAVE_OPENSSL
+int use_ssl = 0;
+char *ssl_cert_path = NULL;
+char *ssl_key_path = NULL;
+char *ssl_ca_path = NULL;
+#endif
+
- #define FIXED_CHECKSUM_SEED 32761
- #define MAX_BATCH_PREFIX_LEN 256 /* Must be less than MAXPATHLEN-13 */
- char *batch_prefix = NULL;
-@@ -142,13 +150,13 @@ static int modify_window_set;
- * address, or a hostname. **/
- char *bind_address;
+ #define MAX_BATCH_NAME_LEN 256 /* Must be less than MAXPATHLEN-13 */
+ char *batch_name = NULL;
--
- static void print_rsync_version(enum logcode f)
- {
- char const *got_socketpair = "no ";
+@@ -169,6 +177,7 @@ static void print_rsync_version(enum log
char const *hardlinks = "no ";
char const *links = "no ";
char const *ipv6 = "no ";
STRUCT_STAT *dumstat;
#ifdef HAVE_SOCKETPAIR
-@@ -167,6 +175,10 @@ static void print_rsync_version(enum log
+@@ -191,6 +200,10 @@ static void print_rsync_version(enum log
ipv6 = "";
#endif
-+#ifdef HAVE_OPENSSL
++#if HAVE_OPENSSL
+ ssl = "";
+#endif
+
rprintf(f, "%s version %s protocol version %d\n",
RSYNC_NAME, RSYNC_VERSION, PROTOCOL_VERSION);
rprintf(f,
-@@ -180,10 +192,10 @@ static void print_rsync_version(enum log
+@@ -204,10 +217,10 @@ static void print_rsync_version(enum log
/* Note that this field may not have type ino_t. It depends
* on the complicated interaction between largefile feature
* macros. */
-- rprintf(f, " %sIPv6, %d-bit system inums, %d-bit internal inums\n",
-+ rprintf(f, " %sIPv6, %d-bit system inums, %d-bit internal inums, %sssl\n",
- ipv6,
+- rprintf(f, " %sinplace, %sIPv6, %d-bit system inums, %d-bit internal inums\n",
++ rprintf(f, " %sinplace, %sIPv6, %d-bit system inums, %d-bit internal inums, %sssl\n",
+ have_inplace, ipv6,
(int) (sizeof dumstat->st_ino * 8),
-- (int) (sizeof (uint64) * 8));
-+ (int) (sizeof (uint64) * 8), ssl);
+- (int) (sizeof (int64) * 8));
++ (int) (sizeof (int64) * 8), ssl);
#ifdef MAINTAINER_MODE
rprintf(f, " panic action: \"%s\"\n",
get_panic_action());
-@@ -294,6 +306,13 @@ void usage(enum logcode F)
- rprintf(F," -4 --ipv4 prefer IPv4\n");
- rprintf(F," -6 --ipv6 prefer IPv6\n");
+@@ -335,6 +348,13 @@ void usage(enum logcode F)
+ rprintf(F," -4, --ipv4 prefer IPv4\n");
+ rprintf(F," -6, --ipv6 prefer IPv6\n");
#endif
-+#ifdef HAVE_OPENSSL
++#if HAVE_OPENSSL
+ rprintf(F," --ssl allow socket connections to use SSL\n");
+ rprintf(F," --ssl-cert=FILE path to server's SSL certificate\n");
+ rprintf(F," --ssl-key=FILE path to server's SSL private key\n");
+#endif
rprintf(F," -h, --help show this help screen\n");
- rprintf(F,"\n");
-@@ -305,7 +324,7 @@ void usage(enum logcode F)
- enum {OPT_VERSION = 1000, OPT_SENDER, OPT_EXCLUDE, OPT_EXCLUDE_FROM,
- OPT_DELETE_AFTER, OPT_DELETE_EXCLUDED, OPT_LINK_DEST,
+ rprintf(F,"\nUse \"rsync --daemon --help\" to see the daemon-mode command-line options.\n");
+@@ -345,7 +365,7 @@ void usage(enum logcode F)
+ enum {OPT_VERSION = 1000, OPT_DAEMON, OPT_SENDER, OPT_EXCLUDE, OPT_EXCLUDE_FROM,
+ OPT_FILTER, OPT_COMPARE_DEST, OPT_COPY_DEST, OPT_LINK_DEST,
OPT_INCLUDE, OPT_INCLUDE_FROM, OPT_MODIFY_WINDOW,
-- OPT_READ_BATCH, OPT_WRITE_BATCH,
-+ OPT_READ_BATCH, OPT_WRITE_BATCH, OPT_USE_SSL,
+- OPT_READ_BATCH, OPT_WRITE_BATCH, OPT_TIMEOUT, OPT_MAX_SIZE,
++ OPT_READ_BATCH, OPT_WRITE_BATCH, OPT_TIMEOUT, OPT_MAX_SIZE, OPT_USE_SSL,
OPT_REFUSED_BASE = 9000};
static struct poptOption long_options[] = {
-@@ -390,6 +409,13 @@ static struct poptOption long_options[]
+@@ -442,6 +462,13 @@ static struct poptOption long_options[]
{"ipv4", '4', POPT_ARG_VAL, &default_af_hint, AF_INET, 0, 0 },
{"ipv6", '6', POPT_ARG_VAL, &default_af_hint, AF_INET6, 0, 0 },
#endif
-+#ifdef HAVE_OPENSSL
-+ {"ssl", 0, POPT_ARG_NONE, 0, OPT_USE_SSL, 0, 0},
-+ {"ssl-cert", 0, POPT_ARG_STRING, &ssl_cert_path, OPT_USE_SSL, 0, 0},
-+ {"ssl-key", 0, POPT_ARG_STRING, &ssl_key_path, OPT_USE_SSL, 0, 0},
++#if HAVE_OPENSSL
++ {"ssl", 0, POPT_ARG_NONE, 0, OPT_USE_SSL, 0, 0},
++ {"ssl-cert", 0, POPT_ARG_STRING, &ssl_cert_path, OPT_USE_SSL, 0, 0},
++ {"ssl-key", 0, POPT_ARG_STRING, &ssl_key_path, OPT_USE_SSL, 0, 0},
+ {"ssl-key-passwd", 0, POPT_ARG_STRING, &ssl_key_passwd, OPT_USE_SSL, 0, 0},
-+ {"ssl-ca-certs", 0, POPT_ARG_STRING, &ssl_ca_path, OPT_USE_SSL, 0, 0},
++ {"ssl-ca-certs", 0, POPT_ARG_STRING, &ssl_ca_path, OPT_USE_SSL, 0, 0},
+#endif
- {0,0,0,0, 0, 0, 0}
- };
-
-@@ -584,6 +610,12 @@ int parse_arguments(int *argc, const cha
- return 0;
- #endif
+ /* All these options switch us into daemon-mode option-parsing. */
+ {"address", 0, POPT_ARG_STRING, 0, OPT_DAEMON, 0, 0 },
+ {"config", 0, POPT_ARG_STRING, 0, OPT_DAEMON, 0, 0 },
+@@ -834,6 +861,12 @@ int parse_arguments(int *argc, const cha
+ basis_dir[basis_dir_cnt++] = (char *)arg;
+ break;
+ case OPT_USE_SSL:
-+#ifdef HAVE_OPENSSL
++#if HAVE_OPENSSL
+ use_ssl = 1;
+#endif
+ break;
+
default:
/* A large opt value means that set_refuse_options()
- * turned this option off (opt-BASE is its index). */
-@@ -722,6 +754,17 @@ int parse_arguments(int *argc, const cha
+ * turned this option off. */
+@@ -1066,6 +1099,17 @@ int parse_arguments(int *argc, const cha
+ if (delay_updates && !partial_dir)
+ partial_dir = partialdir_for_delayupdate;
- if (do_progress && !verbose)
- verbose = 1;
-+
-+#ifdef HAVE_OPENSSL
++#if HAVE_OPENSSL
+ if (use_ssl) {
+ if (init_tls()) {
+ snprintf(err_buf, sizeof(err_buf),
+ }
+ }
+#endif
-
- if (files_from) {
- char *colon;
---- proto.h 22 Apr 2004 09:58:09 -0000 1.189
-+++ proto.h 8 May 2004 18:40:17 -0000
-@@ -209,6 +209,12 @@ void start_accept_loop(int port, int (*f
- void set_socket_options(int fd, char *options);
- void become_daemon(void);
- int sock_exec(const char *prog);
-+int init_tls(void);
-+char *get_ssl_error(void);
-+int get_tls_rfd(void);
-+int get_tls_wfd(void);
-+int start_tls(int f_in, int f_out);
-+void end_tls(void);
- int do_unlink(char *fname);
- int do_symlink(char *fname1, char *fname2);
- int do_link(char *fname1, char *fname2);
---- rsync.h 2 May 2004 16:34:33 -0000 1.200
-+++ rsync.h 8 May 2004 18:40:17 -0000
++
+ if (inplace) {
+ #ifdef HAVE_FTRUNCATE
+ if (partial_dir) {
+--- orig/rsync.h 2005-02-14 02:45:10
++++ rsync.h 2004-10-08 21:01:33
@@ -32,6 +32,7 @@
#define DEFAULT_LOCK_FILE "/var/run/rsyncd.lock"
#define BACKUP_SUFFIX "~"
-@@ -321,6 +322,11 @@ enum msgcode {
- #else
- /* As long as it gets... */
- #define uint64 unsigned off_t
-+#endif
-+
+@@ -384,6 +385,11 @@ enum msgcode {
+ # define SIZEOF_INT64 SIZEOF_OFF_T
+ #endif
+
+#if HAVE_OPENSSL
+#include <openssl/ssl.h>
+#include <openssl/err.h>
- #endif
-
++#endif
++
/* Starting from protocol version 26, we always use 64-bit
---- /dev/null 1 Jan 1970 00:00:00 -0000
-+++ ssl.c 8 May 2004 18:40:17 -0000
+ * ino_t and dev_t internally, even if this platform does not
+ * allow files to have 64-bit inums. That's because the
+--- orig/ssl.c 2004-10-08 19:37:22
++++ ssl.c 2004-10-08 19:37:22
@@ -0,0 +1,366 @@
+/* -*- c-file-style: "linux" -*-
+ * ssl.c: operations for negotiating SSL rsync connections.
+
+#include "rsync.h"
+
-+#ifdef HAVE_SYS_SELECT_H
++#if HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#else
+#include <sys/time.h>
+ */
+static int default_password_cb(char *buf, int n, UNUSED(int f), UNUSED(void *u))
+{
-+ if (ssl_key_passwd == NULL || n < strlen(ssl_key_passwd))
++ if (ssl_key_passwd == NULL || n < (int)strlen(ssl_key_passwd))
+ return 0;
+ strncpy(buf, ssl_key_passwd, n-1);
+ return strlen(ssl_key_passwd);
+/**
+ * If verbose, this method traces the status of the SSL handshake.
+ */
-+static void info_callback(SSL *ssl, int cb, int val)
++static void info_callback(const SSL *ssl, int cb, int val)
+{
+ char buf[128];
+ char *cbs;
+ if (verbose > 2) {
+ rprintf(FLOG, "SSL: info_callback(%p,%s,%d)\n", ssl, cbs, val);
+ if (cb == SSL_CB_HANDSHAKE_DONE) {
-+ SSL_CIPHER_description(SSL_get_current_cipher(ssl),
++ SSL_CIPHER_description(SSL_get_current_cipher((SSL*)ssl),
+ buf, sizeof buf);
+ rprintf(FLOG, "SSL: cipher: %s", buf);
+ }