aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl_gnutls.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/ssl_gnutls.c')
-rw-r--r--lib/ssl_gnutls.c61
1 files changed, 43 insertions, 18 deletions
diff --git a/lib/ssl_gnutls.c b/lib/ssl_gnutls.c
index 3ebe1756..fbd1d0c0 100644
--- a/lib/ssl_gnutls.c
+++ b/lib/ssl_gnutls.c
@@ -48,6 +48,8 @@ struct scd
};
static gboolean ssl_connected( gpointer data, gint source, b_input_condition cond );
+static gboolean ssl_starttls_real( gpointer data, gint source, b_input_condition cond );
+static gboolean ssl_handshake( gpointer data, gint source, b_input_condition cond );
void *ssl_connect( char *host, int port, ssl_input_function func, gpointer data )
@@ -62,25 +64,41 @@ void *ssl_connect( char *host, int port, ssl_input_function func, gpointer data
if( conn->fd < 0 )
{
g_free( conn );
- return( NULL );
+ return NULL;
}
- if( !initialized )
- {
- gnutls_global_init();
- initialized = TRUE;
- atexit( gnutls_global_deinit );
- }
+ return conn;
+}
+
+void *ssl_starttls( int fd, ssl_input_function func, gpointer data )
+{
+ struct scd *conn = g_new0( struct scd, 1 );
- gnutls_certificate_allocate_credentials( &conn->xcred );
- gnutls_init( &conn->session, GNUTLS_CLIENT );
- gnutls_set_default_priority( conn->session );
- gnutls_credentials_set( conn->session, GNUTLS_CRD_CERTIFICATE, conn->xcred );
+ conn->fd = fd;
+ conn->func = func;
+ conn->data = data;
+ conn->inpa = -1;
+
+ /* This function should be called via a (short) timeout instead of
+ directly from here, because these SSL calls are *supposed* to be
+ *completely* asynchronous and not ready yet when this function
+ (or *_connect, for examle) returns. Also, errors are reported via
+ the callback function, not via this function's return value.
+
+ In short, doing things like this makes the rest of the code a lot
+ simpler. */
+
+ b_timeout_add( 1, ssl_starttls_real, conn );
- return( conn );
+ return conn;
}
-static gboolean ssl_handshake( gpointer data, gint source, b_input_condition cond );
+static gboolean ssl_starttls_real( gpointer data, gint source, b_input_condition cond )
+{
+ struct scd *conn = data;
+
+ return ssl_connected( conn, conn->fd, GAIM_INPUT_WRITE );
+}
static gboolean ssl_connected( gpointer data, gint source, b_input_condition cond )
{
@@ -89,15 +107,22 @@ static gboolean ssl_connected( gpointer data, gint source, b_input_condition con
if( source == -1 )
{
conn->func( conn->data, NULL, cond );
-
- gnutls_deinit( conn->session );
- gnutls_certificate_free_credentials( conn->xcred );
-
g_free( conn );
-
return FALSE;
}
+ if( !initialized )
+ {
+ gnutls_global_init();
+ initialized = TRUE;
+ atexit( gnutls_global_deinit );
+ }
+
+ gnutls_certificate_allocate_credentials( &conn->xcred );
+ gnutls_init( &conn->session, GNUTLS_CLIENT );
+ gnutls_set_default_priority( conn->session );
+ gnutls_credentials_set( conn->session, GNUTLS_CRD_CERTIFICATE, conn->xcred );
+
sock_make_nonblocking( conn->fd );
gnutls_transport_set_ptr( conn->session, (gnutls_transport_ptr) conn->fd );
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-27 19:33:56 +0000