diff options
Diffstat (limited to 'lib/ssl_gnutls.c')
| -rw-r--r-- | lib/ssl_gnutls.c | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/lib/ssl_gnutls.c b/lib/ssl_gnutls.c index c9b35fff..c37449c4 100644 --- a/lib/ssl_gnutls.c +++ b/lib/ssl_gnutls.c @@ -33,11 +33,14 @@ #include "sock.h" #include "stdlib.h" #include "bitlbee.h" +#include "config.h" +#include "irc.h" int ssl_errno = 0; static gboolean initialized = FALSE; gnutls_certificate_credentials_t xcred; +gnutls_certificate_credentials_t server_xcred; #include <limits.h> @@ -125,6 +128,40 @@ void *ssl_connect(char *host, int port, gboolean verify, ssl_input_function func return conn; } +gboolean ssl_setup_server() +{ + gnutls_certificate_allocate_credentials(&server_xcred); + gnutls_certificate_set_x509_key_file(server_xcred, global.conf->ssl_cert, global.conf->ssl_key, GNUTLS_X509_FMT_PEM); + + return TRUE; +} + +gboolean ssl_accept(irc_t *irc) +{ + int ret; + + gnutls_init(&irc->ssl_session, GNUTLS_SERVER); + gnutls_transport_set_int(irc->ssl_session, irc->fd); + gnutls_credentials_set(irc->ssl_session, GNUTLS_CRD_CERTIFICATE, server_xcred); + gnutls_certificate_server_set_request(irc->ssl_session, GNUTLS_CERT_REQUEST); + + do { + ret = gnutls_handshake(irc->ssl_session); + } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + close(irc->fd); + gnutls_deinit(irc->ssl_session); + + log_message(LOGLVL_INFO, "SSL Handshake failed (%s)", gnutls_strerror(ret)); // XXX + + exit(1); + return FALSE; + } + + return TRUE; +} + void *ssl_starttls(int fd, char *hostname, gboolean verify, ssl_input_function func, gpointer data) { struct scd *conn = g_new0(struct scd, 1); @@ -393,6 +430,24 @@ int ssl_read(void *conn, char *buf, int len) return st; } +int ssl_server_read(irc_t *irc, char *buf, int len) +{ + int st; + + st = gnutls_record_recv(irc->ssl_session, buf, len); + + ssl_errno = SSL_OK; + if (st == GNUTLS_E_AGAIN || st == GNUTLS_E_INTERRUPTED) { + ssl_errno = SSL_AGAIN; + } + + if (SSLDEBUG && getenv("BITLBEE_DEBUG") && st > 0) { + len = write(2, buf, st); + } + + return st; +} + int ssl_write(void *conn, const char *buf, int len) { int st; @@ -416,6 +471,24 @@ int ssl_write(void *conn, const char *buf, int len) return st; } +int ssl_server_write(irc_t *irc, const char *buf, int len) +{ + int st; + + st = gnutls_record_send(irc->ssl_session, buf, len); + + ssl_errno = SSL_OK; + if (st == GNUTLS_E_AGAIN || st == GNUTLS_E_INTERRUPTED) { + ssl_errno = SSL_AGAIN; + } + + if (SSLDEBUG && getenv("BITLBEE_DEBUG") && st > 0) { + len = write(2, buf, st); + } + + return st; +} + int ssl_pending(void *conn) { if (conn == NULL) { |