diff options
| author | Marius Halden <marius.h@lden.org> | 2016-03-13 01:19:37 +0100 |
|---|---|---|
| committer | Marius Halden <marius.h@lden.org> | 2016-05-07 14:27:54 +0200 |
| commit | c9cf3bf878606ee7d4b3933b7e86af9fb05f58b5 (patch) | |
| tree | 702b4d95ef35de2b854d407c4db664a7b5a7e039 /lib | |
| parent | 35648353ff877344d577e9247ee6f8cfa15ed940 (diff) | |
more ssl
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/ssl_client.h | 3 | ||||
| -rw-r--r-- | lib/ssl_gnutls.c | 48 |
2 files changed, 46 insertions, 5 deletions
diff --git a/lib/ssl_client.h b/lib/ssl_client.h index e307a6ce..08debe48 100644 --- a/lib/ssl_client.h +++ b/lib/ssl_client.h @@ -72,7 +72,10 @@ G_MODULE_EXPORT void *ssl_starttls(int fd, char *hostname, gboolean verify, ssl_ G_MODULE_EXPORT int ssl_read(void *conn, char *buf, int len); G_MODULE_EXPORT int ssl_write(void *conn, const char *buf, int len); +G_MODULE_EXPORT gboolean ssl_setup_server(void); G_MODULE_EXPORT gboolean ssl_accept(irc_t *irc); +G_MODULE_EXPORT int ssl_server_read(irc_t *irc, char *buf, int len); +G_MODULE_EXPORT int ssl_server_write(irc_t *irc, const char *buf, int len); /* Now needed by most SSL libs. See for more info: http://www.gnu.org/software/gnutls/manual/gnutls.html#index-gnutls_005frecord_005fcheck_005fpending-209 diff --git a/lib/ssl_gnutls.c b/lib/ssl_gnutls.c index 1be3e1ed..c37449c4 100644 --- a/lib/ssl_gnutls.c +++ b/lib/ssl_gnutls.c @@ -40,6 +40,7 @@ int ssl_errno = 0; static gboolean initialized = FALSE; gnutls_certificate_credentials_t xcred; +gnutls_certificate_credentials_t server_xcred; #include <limits.h> @@ -129,10 +130,8 @@ void *ssl_connect(char *host, int port, gboolean verify, ssl_input_function func gboolean ssl_setup_server() { - gnutls_certificate_credentials_t x509_cred; - - gnutls_certificate_allocate_credentials(&x509_cred); - gnutls_certificate_set_x509_key_file(x509_cred, global.conf->ssl_cert, global.conf->ssl_key, GNUTLS_X509_FMT_PEM); + gnutls_certificate_allocate_credentials(&server_xcred); + gnutls_certificate_set_x509_key_file(server_xcred, global.conf->ssl_cert, global.conf->ssl_key, GNUTLS_X509_FMT_PEM); return TRUE; } @@ -143,6 +142,8 @@ gboolean ssl_accept(irc_t *irc) gnutls_init(&irc->ssl_session, GNUTLS_SERVER); gnutls_transport_set_int(irc->ssl_session, irc->fd); + gnutls_credentials_set(irc->ssl_session, GNUTLS_CRD_CERTIFICATE, server_xcred); + gnutls_certificate_server_set_request(irc->ssl_session, GNUTLS_CERT_REQUEST); do { ret = gnutls_handshake(irc->ssl_session); @@ -152,8 +153,9 @@ gboolean ssl_accept(irc_t *irc) close(irc->fd); gnutls_deinit(irc->ssl_session); - fprintf(stderr, "SSL handshake failed (%s)\n", gnutls_strerror(ret)); + log_message(LOGLVL_INFO, "SSL Handshake failed (%s)", gnutls_strerror(ret)); // XXX + exit(1); return FALSE; } @@ -428,6 +430,24 @@ int ssl_read(void *conn, char *buf, int len) return st; } +int ssl_server_read(irc_t *irc, char *buf, int len) +{ + int st; + + st = gnutls_record_recv(irc->ssl_session, buf, len); + + ssl_errno = SSL_OK; + if (st == GNUTLS_E_AGAIN || st == GNUTLS_E_INTERRUPTED) { + ssl_errno = SSL_AGAIN; + } + + if (SSLDEBUG && getenv("BITLBEE_DEBUG") && st > 0) { + len = write(2, buf, st); + } + + return st; +} + int ssl_write(void *conn, const char *buf, int len) { int st; @@ -451,6 +471,24 @@ int ssl_write(void *conn, const char *buf, int len) return st; } +int ssl_server_write(irc_t *irc, const char *buf, int len) +{ + int st; + + st = gnutls_record_send(irc->ssl_session, buf, len); + + ssl_errno = SSL_OK; + if (st == GNUTLS_E_AGAIN || st == GNUTLS_E_INTERRUPTED) { + ssl_errno = SSL_AGAIN; + } + + if (SSLDEBUG && getenv("BITLBEE_DEBUG") && st > 0) { + len = write(2, buf, st); + } + + return st; +} + int ssl_pending(void *conn) { if (conn == NULL) { |