=== modified file 'lib/ssl_bogus.c'
|
|
|
|
| 31 | 31 | { |
| 32 | 32 | } |
| 33 | 33 | |
| | 34 | void ssl_deinit( void ) |
| | 35 | { |
| | 36 | } |
| | 37 | |
| 34 | 38 | void *ssl_connect( char *host, int port, gboolean verify, ssl_input_function func, gpointer data ) |
| 35 | 39 | { |
| 36 | 40 | return( NULL ); |
=== modified file 'lib/ssl_client.h'
|
|
|
|
| 57 | 57 | |
| 58 | 58 | /* Perform any global initialization the SSL library might need. */ |
| 59 | 59 | G_MODULE_EXPORT void ssl_init( void ); |
| | 60 | G_MODULE_EXPORT void ssl_deinit( void ); |
| 60 | 61 | |
| 61 | 62 | /* Connect to host:port, call the given function when the connection is |
| 62 | 63 | ready to be used for SSL traffic. This is all done asynchronously, no |
=== modified file 'lib/ssl_gnutls.c'
|
|
|
|
| 37 | 37 | int ssl_errno = 0; |
| 38 | 38 | |
| 39 | 39 | static gboolean initialized = FALSE; |
| | 40 | gnutls_certificate_credentials xcred; |
| 40 | 41 | |
| 41 | 42 | #include <limits.h> |
| 42 | 43 | |
| … |
… |
|
| 59 | 60 | gboolean verify; |
| 60 | 61 | |
| 61 | 62 | gnutls_session session; |
| 62 | | gnutls_certificate_credentials xcred; |
| 63 | 63 | }; |
| 64 | 64 | |
| 65 | 65 | static gboolean ssl_connected( gpointer data, gint source, b_input_condition cond ); |
| 66 | 66 | static gboolean ssl_starttls_real( gpointer data, gint source, b_input_condition cond ); |
| 67 | 67 | static gboolean ssl_handshake( gpointer data, gint source, b_input_condition cond ); |
| 68 | 68 | |
| 69 | | |
| 70 | 69 | void ssl_init( void ) |
| 71 | 70 | { |
| 72 | 71 | if( initialized ) |
| 73 | 72 | return; |
| 74 | 73 | |
| 75 | 74 | gnutls_global_init(); |
| | 75 | gnutls_certificate_allocate_credentials( &xcred ); |
| | 76 | if( global.conf->cafile ) |
| | 77 | { |
| | 78 | gnutls_certificate_set_x509_trust_file( xcred, global.conf->cafile, GNUTLS_X509_FMT_PEM ); |
| | 79 | /* TODO: Do we want/need this? */ |
| | 80 | gnutls_certificate_set_verify_flags( xcred, GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT ); |
| | 81 | } |
| 76 | 82 | initialized = TRUE; |
| 77 | | atexit( gnutls_global_deinit ); |
| | 83 | } |
| | 84 | |
| | 85 | void ssl_deinit (void) |
| | 86 | { |
| | 87 | gnutls_global_deinit(); |
| | 88 | gnutls_certificate_free_credentials( xcred ); |
| 78 | 89 | } |
| 79 | 90 | |
| 80 | 91 | void *ssl_connect( char *host, int port, gboolean verify, ssl_input_function func, gpointer data ) |
| … |
… |
|
| 244 | 255 | |
| 245 | 256 | ssl_init(); |
| 246 | 257 | |
| 247 | | gnutls_certificate_allocate_credentials( &conn->xcred ); |
| 248 | | if( conn->verify && global.conf->cafile ) |
| 249 | | { |
| 250 | | gnutls_certificate_set_x509_trust_file( conn->xcred, global.conf->cafile, GNUTLS_X509_FMT_PEM ); |
| 251 | | gnutls_certificate_set_verify_flags( conn->xcred, GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT ); |
| 252 | | } |
| 253 | | |
| 254 | 258 | gnutls_init( &conn->session, GNUTLS_CLIENT ); |
| 255 | 259 | if( conn->verify ) |
| 256 | 260 | gnutls_session_set_ptr( conn->session, (void *) conn->hostname ); |
| … |
… |
|
| 258 | 262 | gnutls_transport_set_lowat( conn->session, 0 ); |
| 259 | 263 | #endif |
| 260 | 264 | gnutls_set_default_priority( conn->session ); |
| 261 | | gnutls_credentials_set( conn->session, GNUTLS_CRD_CERTIFICATE, conn->xcred ); |
| | 265 | gnutls_credentials_set( conn->session, GNUTLS_CRD_CERTIFICATE, xcred ); |
| 262 | 266 | |
| 263 | 267 | sock_make_nonblocking( conn->fd ); |
| 264 | 268 | gnutls_transport_set_ptr( conn->session, (gnutls_transport_ptr) GNUTLS_STUPID_CAST conn->fd ); |
| … |
… |
|
| 283 | 287 | conn->func( conn->data, 0, NULL, cond ); |
| 284 | 288 | |
| 285 | 289 | gnutls_deinit( conn->session ); |
| 286 | | gnutls_certificate_free_credentials( conn->xcred ); |
| 287 | 290 | closesocket( conn->fd ); |
| 288 | 291 | |
| 289 | 292 | g_free( conn ); |
| … |
… |
|
| 296 | 299 | conn->func( conn->data, stver, NULL, cond ); |
| 297 | 300 | |
| 298 | 301 | gnutls_deinit( conn->session ); |
| 299 | | gnutls_certificate_free_credentials( conn->xcred ); |
| 300 | 302 | closesocket( conn->fd ); |
| 301 | 303 | |
| 302 | 304 | g_free( conn ); |
| … |
… |
|
| 384 | 386 | |
| 385 | 387 | if( conn->session ) |
| 386 | 388 | gnutls_deinit( conn->session ); |
| 387 | | if( conn->xcred ) |
| 388 | | gnutls_certificate_free_credentials( conn->xcred ); |
| 389 | 389 | g_free( conn ); |
| 390 | 390 | } |
| 391 | 391 | |
=== modified file 'lib/ssl_nss.c'
|
|
|
|
| 102 | 102 | initialized = TRUE; |
| 103 | 103 | } |
| 104 | 104 | |
| | 105 | void ssl_deinit( void ) |
| | 106 | { |
| | 107 | } |
| | 108 | |
| 105 | 109 | void *ssl_connect( char *host, int port, gboolean verify, ssl_input_function func, gpointer data ) |
| 106 | 110 | { |
| 107 | 111 | struct scd *conn = g_new0( struct scd, 1 ); |
=== modified file 'lib/ssl_openssl.c'
|
|
|
|
| 29 | 29 | #include <openssl/pem.h> |
| 30 | 30 | #include <openssl/ssl.h> |
| 31 | 31 | #include <openssl/err.h> |
| | 32 | #include "bitlbee.h" |
| 32 | 33 | |
| 33 | 34 | #include "proxy.h" |
| 34 | 35 | #include "ssl_client.h" |
| … |
… |
|
| 64 | 65 | // SSLeay_add_ssl_algorithms(); |
| 65 | 66 | } |
| 66 | 67 | |
| | 68 | void ssl_deinit( void ) |
| | 69 | { |
| | 70 | } |
| | 71 | |
| 67 | 72 | void *ssl_connect( char *host, int port, gboolean verify, ssl_input_function func, gpointer data ) |
| 68 | 73 | { |
| 69 | 74 | struct scd *conn = g_new0( struct scd, 1 ); |
=== modified file 'unix.c'
|
|
|
|
| 184 | 184 | |
| 185 | 185 | /* Mainly good for restarting, to make sure we close the help.txt fd. */ |
| 186 | 186 | help_free( &global.help ); |
| | 187 | |
| | 188 | ssl_deinit(); |
| 187 | 189 | |
| 188 | 190 | if( global.restart ) |
| 189 | 191 | { |
