Context Navigation

source: lib/ssl_gnutls.c @ 3e1ef92c

Last change on this file since 3e1ef92c was 8a2221a7, checked in by Wilmer van der Gaast <wilmer@…>, at 2008-03-23T14:29:19Z
Fixed stalling issue with OpenSSL and Jabber (#368).
Property mode set to `100644`
File size: 6.0 KB

Rev	Line
[b7d3cc34]	1	/********************************************************************\
	2	* BitlBee -- An IRC to other IM-networks gateway *
	3	* *
	4	* Copyright 2002-2004 Wilmer van der Gaast and others *
	5	\********************************************************************/
	6
	7	/* SSL module - GnuTLS version */
	8
	9	/*
	10	This program is free software; you can redistribute it and/or modify
	11	it under the terms of the GNU General Public License as published by
	12	the Free Software Foundation; either version 2 of the License, or
	13	(at your option) any later version.
	14
	15	This program is distributed in the hope that it will be useful,
	16	but WITHOUT ANY WARRANTY; without even the implied warranty of
	17	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	18	GNU General Public License for more details.
	19
	20	You should have received a copy of the GNU General Public License with
	21	the Debian GNU/Linux distribution in /usr/share/common-licenses/GPL;
	22	if not, write to the Free Software Foundation, Inc., 59 Temple Place,
	23	Suite 330, Boston, MA 02111-1307 USA
	24	*/
	25
	26	#include <gnutls/gnutls.h>
[701acdd4]	27	#include <fcntl.h>
	28	#include <unistd.h>
[b7d3cc34]	29	#include "proxy.h"
	30	#include "ssl_client.h"
	31	#include "sock.h"
	32	#include "stdlib.h"
	33
[701acdd4]	34	int ssl_errno = 0;
	35
[b7d3cc34]	36	static gboolean initialized = FALSE;
	37
[56f260a]	38	#include <limits.h>
	39
	40	#if defined(ULONG_MAX) && ULONG_MAX > 4294967295UL
	41	#define GNUTLS_STUPID_CAST (long)
	42	#else
	43	#define GNUTLS_STUPID_CAST (int)
	44	#endif
	45
[b7d3cc34]	46	struct scd
	47	{
[3d64e5b]	48	ssl_input_function func;
[b7d3cc34]	49	gpointer data;
	50	int fd;
	51	gboolean established;
[701acdd4]	52	int inpa;
[b7d3cc34]	53
	54	gnutls_session session;
	55	gnutls_certificate_credentials xcred;
	56	};
	57
[2b7d2d1]	58	static gboolean ssl_connected( gpointer data, gint source, b_input_condition cond );
[c1ed6527]	59	static gboolean ssl_starttls_real( gpointer data, gint source, b_input_condition cond );
	60	static gboolean ssl_handshake( gpointer data, gint source, b_input_condition cond );
[b7d3cc34]	61
	62
[3d64e5b]	63	void ssl_connect( char host, int port, ssl_input_function func, gpointer data )
[b7d3cc34]	64	{
	65	struct scd *conn = g_new0( struct scd, 1 );
	66
	67	conn->fd = proxy_connect( host, port, ssl_connected, conn );
	68	conn->func = func;
	69	conn->data = data;
[701acdd4]	70	conn->inpa = -1;
[b7d3cc34]	71
	72	if( conn->fd < 0 )
	73	{
	74	g_free( conn );
[42127dc]	75	return NULL;
[b7d3cc34]	76	}
	77
[42127dc]	78	return conn;
	79	}
	80
	81	void *ssl_starttls( int fd, ssl_input_function func, gpointer data )
	82	{
	83	struct scd *conn = g_new0( struct scd, 1 );
[b7d3cc34]	84
[42127dc]	85	conn->fd = fd;
	86	conn->func = func;
	87	conn->data = data;
	88	conn->inpa = -1;
	89
[c1ed6527]	90	/* This function should be called via a (short) timeout instead of
	91	directly from here, because these SSL calls are supposed to be
	92	completely asynchronous and not ready yet when this function
	93	(or *_connect, for examle) returns. Also, errors are reported via
	94	the callback function, not via this function's return value.
	95
	96	In short, doing things like this makes the rest of the code a lot
	97	simpler. */
	98
	99	b_timeout_add( 1, ssl_starttls_real, conn );
[b7d3cc34]	100
[42127dc]	101	return conn;
[b7d3cc34]	102	}
	103
[c1ed6527]	104	static gboolean ssl_starttls_real( gpointer data, gint source, b_input_condition cond )
	105	{
	106	struct scd *conn = data;
	107
	108	return ssl_connected( conn, conn->fd, GAIM_INPUT_WRITE );
	109	}
[701acdd4]	110
[2b7d2d1]	111	static gboolean ssl_connected( gpointer data, gint source, b_input_condition cond )
[b7d3cc34]	112	{
	113	struct scd *conn = data;
	114
	115	if( source == -1 )
[701acdd4]	116	{
	117	conn->func( conn->data, NULL, cond );
	118	g_free( conn );
[2b7d2d1]	119	return FALSE;
[701acdd4]	120	}
[b7d3cc34]	121
[42127dc]	122	if( !initialized )
	123	{
	124	gnutls_global_init();
	125	initialized = TRUE;
	126	atexit( gnutls_global_deinit );
	127	}
	128
	129	gnutls_certificate_allocate_credentials( &conn->xcred );
	130	gnutls_init( &conn->session, GNUTLS_CLIENT );
	131	gnutls_set_default_priority( conn->session );
	132	gnutls_credentials_set( conn->session, GNUTLS_CRD_CERTIFICATE, conn->xcred );
	133
[701acdd4]	134	sock_make_nonblocking( conn->fd );
[56f260a]	135	gnutls_transport_set_ptr( conn->session, (gnutls_transport_ptr) GNUTLS_STUPID_CAST conn->fd );
[b7d3cc34]	136
[2b7d2d1]	137	return ssl_handshake( data, source, cond );
[701acdd4]	138	}
	139
[2b7d2d1]	140	static gboolean ssl_handshake( gpointer data, gint source, b_input_condition cond )
[701acdd4]	141	{
	142	struct scd *conn = data;
	143	int st;
[b7d3cc34]	144
[701acdd4]	145	if( ( st = gnutls_handshake( conn->session ) ) < 0 )
	146	{
	147	if( st == GNUTLS_E_AGAIN \|\| st == GNUTLS_E_INTERRUPTED )
	148	{
[2b7d2d1]	149	conn->inpa = b_input_add( conn->fd, ssl_getdirection( conn ),
	150	ssl_handshake, data );
[701acdd4]	151	}
	152	else
	153	{
	154	conn->func( conn->data, NULL, cond );
	155
	156	gnutls_deinit( conn->session );
	157	gnutls_certificate_free_credentials( conn->xcred );
	158	closesocket( conn->fd );
	159
	160	g_free( conn );
	161	}
	162	}
	163	else
	164	{
	165	/* For now we can't handle non-blocking perfectly everywhere... */
	166	sock_make_blocking( conn->fd );
	167
	168	conn->established = TRUE;
	169	conn->func( conn->data, conn, cond );
	170	}
[2b7d2d1]	171
	172	return FALSE;
[b7d3cc34]	173	}
	174
	175	int ssl_read( void conn, char buf, int len )
	176	{
[8a9afe4]	177	int st;
	178
[b7d3cc34]	179	if( !((struct scd*)conn)->established )
[701acdd4]	180	{
	181	ssl_errno = SSL_NOHANDSHAKE;
	182	return( -1 );
	183	}
[b7d3cc34]	184
[8a9afe4]	185	st = gnutls_record_recv( ((struct scd*)conn)->session, buf, len );
	186
	187	ssl_errno = SSL_OK;
	188	if( st == GNUTLS_E_AGAIN \|\| st == GNUTLS_E_INTERRUPTED )
	189	ssl_errno = SSL_AGAIN;
[701acdd4]	190
[8a9afe4]	191	return st;
[b7d3cc34]	192	}
	193
	194	int ssl_write( void conn, const char buf, int len )
	195	{
[8a9afe4]	196	int st;
	197
[b7d3cc34]	198	if( !((struct scd*)conn)->established )
[701acdd4]	199	{
	200	ssl_errno = SSL_NOHANDSHAKE;
	201	return( -1 );
	202	}
[b7d3cc34]	203
[8a9afe4]	204	st = gnutls_record_send( ((struct scd*)conn)->session, buf, len );
	205
	206	ssl_errno = SSL_OK;
	207	if( st == GNUTLS_E_AGAIN \|\| st == GNUTLS_E_INTERRUPTED )
	208	ssl_errno = SSL_AGAIN;
	209
	210	return st;
[b7d3cc34]	211	}
	212
[8a2221a7]	213	/* See ssl_openssl.c for an explanation. */
	214	int ssl_pending( void *conn )
	215	{
	216	return 0;
	217	}
	218
[b7d3cc34]	219	void ssl_disconnect( void *conn_ )
	220	{
	221	struct scd *conn = conn_;
	222
[a03a9f3]	223	if( conn->inpa != -1 )
[2b7d2d1]	224	b_event_remove( conn->inpa );
[a03a9f3]	225
[b7d3cc34]	226	if( conn->established )
	227	gnutls_bye( conn->session, GNUTLS_SHUT_WR );
	228
	229	closesocket( conn->fd );
	230
[3e79889]	231	if( conn->session )
	232	gnutls_deinit( conn->session );
	233	if( conn->xcred )
	234	gnutls_certificate_free_credentials( conn->xcred );
[b7d3cc34]	235	g_free( conn );
	236	}
	237
	238	int ssl_getfd( void *conn )
	239	{
	240	return( ((struct scd*)conn)->fd );
	241	}
[8a9afe4]	242
[ba9edaa]	243	b_input_condition ssl_getdirection( void *conn )
[8a9afe4]	244	{
	245	return( gnutls_record_get_direction( ((struct scd*)conn)->session ) ?
	246	GAIM_INPUT_WRITE : GAIM_INPUT_READ );
	247	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: