=== modified file 'lib/ssl_bogus.c'
|
|
|
31 | 31 | { |
32 | 32 | } |
33 | 33 | |
| 34 | void ssl_deinit( void ) |
| 35 | { |
| 36 | } |
| 37 | |
34 | 38 | void *ssl_connect( char *host, int port, gboolean verify, ssl_input_function func, gpointer data ) |
35 | 39 | { |
36 | 40 | return( NULL ); |
=== modified file 'lib/ssl_client.h'
|
|
|
57 | 57 | |
58 | 58 | /* Perform any global initialization the SSL library might need. */ |
59 | 59 | G_MODULE_EXPORT void ssl_init( void ); |
| 60 | G_MODULE_EXPORT void ssl_deinit( void ); |
60 | 61 | |
61 | 62 | /* Connect to host:port, call the given function when the connection is |
62 | 63 | ready to be used for SSL traffic. This is all done asynchronously, no |
=== modified file 'lib/ssl_gnutls.c'
|
|
|
37 | 37 | int ssl_errno = 0; |
38 | 38 | |
39 | 39 | static gboolean initialized = FALSE; |
| 40 | gnutls_certificate_credentials xcred; |
40 | 41 | |
41 | 42 | #include <limits.h> |
42 | 43 | |
… |
… |
|
59 | 60 | gboolean verify; |
60 | 61 | |
61 | 62 | gnutls_session session; |
62 | | gnutls_certificate_credentials xcred; |
63 | 63 | }; |
64 | 64 | |
65 | 65 | static gboolean ssl_connected( gpointer data, gint source, b_input_condition cond ); |
66 | 66 | static gboolean ssl_starttls_real( gpointer data, gint source, b_input_condition cond ); |
67 | 67 | static gboolean ssl_handshake( gpointer data, gint source, b_input_condition cond ); |
68 | 68 | |
69 | | |
70 | 69 | void ssl_init( void ) |
71 | 70 | { |
72 | 71 | if( initialized ) |
73 | 72 | return; |
74 | 73 | |
75 | 74 | gnutls_global_init(); |
| 75 | gnutls_certificate_allocate_credentials( &xcred ); |
| 76 | if( global.conf->cafile ) |
| 77 | { |
| 78 | gnutls_certificate_set_x509_trust_file( xcred, global.conf->cafile, GNUTLS_X509_FMT_PEM ); |
| 79 | /* TODO: Do we want/need this? */ |
| 80 | gnutls_certificate_set_verify_flags( xcred, GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT ); |
| 81 | } |
76 | 82 | initialized = TRUE; |
77 | | atexit( gnutls_global_deinit ); |
| 83 | } |
| 84 | |
| 85 | void ssl_deinit (void) |
| 86 | { |
| 87 | gnutls_global_deinit(); |
| 88 | gnutls_certificate_free_credentials( xcred ); |
78 | 89 | } |
79 | 90 | |
80 | 91 | void *ssl_connect( char *host, int port, gboolean verify, ssl_input_function func, gpointer data ) |
… |
… |
|
244 | 255 | |
245 | 256 | ssl_init(); |
246 | 257 | |
247 | | gnutls_certificate_allocate_credentials( &conn->xcred ); |
248 | | if( conn->verify && global.conf->cafile ) |
249 | | { |
250 | | gnutls_certificate_set_x509_trust_file( conn->xcred, global.conf->cafile, GNUTLS_X509_FMT_PEM ); |
251 | | gnutls_certificate_set_verify_flags( conn->xcred, GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT ); |
252 | | } |
253 | | |
254 | 258 | gnutls_init( &conn->session, GNUTLS_CLIENT ); |
255 | 259 | if( conn->verify ) |
256 | 260 | gnutls_session_set_ptr( conn->session, (void *) conn->hostname ); |
… |
… |
|
258 | 262 | gnutls_transport_set_lowat( conn->session, 0 ); |
259 | 263 | #endif |
260 | 264 | gnutls_set_default_priority( conn->session ); |
261 | | gnutls_credentials_set( conn->session, GNUTLS_CRD_CERTIFICATE, conn->xcred ); |
| 265 | gnutls_credentials_set( conn->session, GNUTLS_CRD_CERTIFICATE, xcred ); |
262 | 266 | |
263 | 267 | sock_make_nonblocking( conn->fd ); |
264 | 268 | gnutls_transport_set_ptr( conn->session, (gnutls_transport_ptr) GNUTLS_STUPID_CAST conn->fd ); |
… |
… |
|
283 | 287 | conn->func( conn->data, 0, NULL, cond ); |
284 | 288 | |
285 | 289 | gnutls_deinit( conn->session ); |
286 | | gnutls_certificate_free_credentials( conn->xcred ); |
287 | 290 | closesocket( conn->fd ); |
288 | 291 | |
289 | 292 | g_free( conn ); |
… |
… |
|
296 | 299 | conn->func( conn->data, stver, NULL, cond ); |
297 | 300 | |
298 | 301 | gnutls_deinit( conn->session ); |
299 | | gnutls_certificate_free_credentials( conn->xcred ); |
300 | 302 | closesocket( conn->fd ); |
301 | 303 | |
302 | 304 | g_free( conn ); |
… |
… |
|
384 | 386 | |
385 | 387 | if( conn->session ) |
386 | 388 | gnutls_deinit( conn->session ); |
387 | | if( conn->xcred ) |
388 | | gnutls_certificate_free_credentials( conn->xcred ); |
389 | 389 | g_free( conn ); |
390 | 390 | } |
391 | 391 | |
=== modified file 'lib/ssl_nss.c'
|
|
|
102 | 102 | initialized = TRUE; |
103 | 103 | } |
104 | 104 | |
| 105 | void ssl_deinit( void ) |
| 106 | { |
| 107 | } |
| 108 | |
105 | 109 | void *ssl_connect( char *host, int port, gboolean verify, ssl_input_function func, gpointer data ) |
106 | 110 | { |
107 | 111 | struct scd *conn = g_new0( struct scd, 1 ); |
=== modified file 'lib/ssl_openssl.c'
|
|
|
29 | 29 | #include <openssl/pem.h> |
30 | 30 | #include <openssl/ssl.h> |
31 | 31 | #include <openssl/err.h> |
| 32 | #include "bitlbee.h" |
32 | 33 | |
33 | 34 | #include "proxy.h" |
34 | 35 | #include "ssl_client.h" |
… |
… |
|
64 | 65 | // SSLeay_add_ssl_algorithms(); |
65 | 66 | } |
66 | 67 | |
| 68 | void ssl_deinit( void ) |
| 69 | { |
| 70 | } |
| 71 | |
67 | 72 | void *ssl_connect( char *host, int port, gboolean verify, ssl_input_function func, gpointer data ) |
68 | 73 | { |
69 | 74 | struct scd *conn = g_new0( struct scd, 1 ); |
=== modified file 'unix.c'
|
|
|
184 | 184 | |
185 | 185 | /* Mainly good for restarting, to make sure we close the help.txt fd. */ |
186 | 186 | help_free( &global.help ); |
| 187 | |
| 188 | ssl_deinit(); |
187 | 189 | |
188 | 190 | if( global.restart ) |
189 | 191 | { |