diff options
| author | Marius Halden <marius.h@lden.org> | 2015-11-08 08:58:37 +0100 |
|---|---|---|
| committer | Marius Halden <marius.h@lden.org> | 2016-05-07 14:26:17 +0200 |
| commit | f6119b76d73b9cdff3cbfd902675a36bcacbcd48 (patch) | |
| tree | 6c6f1581fd53a5b3094bfdc46838c2c893760a20 /lib | |
| parent | f0ff36f558329d096526004d4d912973bafd3904 (diff) | |
Start adding ssl support
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/ssl_client.h | 3 | ||||
| -rw-r--r-- | lib/ssl_gnutls.c | 35 |
2 files changed, 38 insertions, 0 deletions
diff --git a/lib/ssl_client.h b/lib/ssl_client.h index d2e12534..e307a6ce 100644 --- a/lib/ssl_client.h +++ b/lib/ssl_client.h @@ -32,6 +32,7 @@ is completed. */ #include <glib.h> +#include "irc.h" #include "proxy.h" /* Some generic error codes. Especially SSL_AGAIN is important if you @@ -71,6 +72,8 @@ G_MODULE_EXPORT void *ssl_starttls(int fd, char *hostname, gboolean verify, ssl_ G_MODULE_EXPORT int ssl_read(void *conn, char *buf, int len); G_MODULE_EXPORT int ssl_write(void *conn, const char *buf, int len); +G_MODULE_EXPORT gboolean ssl_accept(irc_t *irc); + /* Now needed by most SSL libs. See for more info: http://www.gnu.org/software/gnutls/manual/gnutls.html#index-gnutls_005frecord_005fcheck_005fpending-209 http://www.openssl.org/docs/ssl/SSL_pending.html diff --git a/lib/ssl_gnutls.c b/lib/ssl_gnutls.c index c9b35fff..1be3e1ed 100644 --- a/lib/ssl_gnutls.c +++ b/lib/ssl_gnutls.c @@ -33,6 +33,8 @@ #include "sock.h" #include "stdlib.h" #include "bitlbee.h" +#include "config.h" +#include "irc.h" int ssl_errno = 0; @@ -125,6 +127,39 @@ void *ssl_connect(char *host, int port, gboolean verify, ssl_input_function func return conn; } +gboolean ssl_setup_server() +{ + gnutls_certificate_credentials_t x509_cred; + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_key_file(x509_cred, global.conf->ssl_cert, global.conf->ssl_key, GNUTLS_X509_FMT_PEM); + + return TRUE; +} + +gboolean ssl_accept(irc_t *irc) +{ + int ret; + + gnutls_init(&irc->ssl_session, GNUTLS_SERVER); + gnutls_transport_set_int(irc->ssl_session, irc->fd); + + do { + ret = gnutls_handshake(irc->ssl_session); + } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + close(irc->fd); + gnutls_deinit(irc->ssl_session); + + fprintf(stderr, "SSL handshake failed (%s)\n", gnutls_strerror(ret)); + + return FALSE; + } + + return TRUE; +} + void *ssl_starttls(int fd, char *hostname, gboolean verify, ssl_input_function func, gpointer data) { struct scd *conn = g_new0(struct scd, 1); |