Context Navigation

source: lib/ssl_gnutls.c @ eab2ac4

Last change on this file since eab2ac4 was 42127dc, checked in by Wilmer van der Gaast <wilmer@…>, at 2006-09-24T11:57:45Z
Added support for SSL- and TLS-connections. Checking of the "tls" user setting has to be finished, plus an ssl_starttls() function for the other SSL libraries (this code will only compile with GnuTLS for now).
Property mode set to `100644`
File size: 5.3 KB

Rev	Line
[b7d3cc34]	1	/********************************************************************\
	2	* BitlBee -- An IRC to other IM-networks gateway *
	3	* *
	4	* Copyright 2002-2004 Wilmer van der Gaast and others *
	5	\********************************************************************/
	6
	7	/* SSL module - GnuTLS version */
	8
	9	/*
	10	This program is free software; you can redistribute it and/or modify
	11	it under the terms of the GNU General Public License as published by
	12	the Free Software Foundation; either version 2 of the License, or
	13	(at your option) any later version.
	14
	15	This program is distributed in the hope that it will be useful,
	16	but WITHOUT ANY WARRANTY; without even the implied warranty of
	17	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	18	GNU General Public License for more details.
	19
	20	You should have received a copy of the GNU General Public License with
	21	the Debian GNU/Linux distribution in /usr/share/common-licenses/GPL;
	22	if not, write to the Free Software Foundation, Inc., 59 Temple Place,
	23	Suite 330, Boston, MA 02111-1307 USA
	24	*/
	25
	26	#include <gnutls/gnutls.h>
[701acdd4]	27	#include <fcntl.h>
	28	#include <unistd.h>
[b7d3cc34]	29	#include "proxy.h"
	30	#include "ssl_client.h"
	31	#include "sock.h"
	32	#include "stdlib.h"
	33
[701acdd4]	34	int ssl_errno = 0;
	35
[b7d3cc34]	36	static gboolean initialized = FALSE;
	37
	38	struct scd
	39	{
[3d64e5b]	40	ssl_input_function func;
[b7d3cc34]	41	gpointer data;
	42	int fd;
	43	gboolean established;
[701acdd4]	44	int inpa;
[b7d3cc34]	45
	46	gnutls_session session;
	47	gnutls_certificate_credentials xcred;
	48	};
	49
[2b7d2d1]	50	static gboolean ssl_connected( gpointer data, gint source, b_input_condition cond );
[b7d3cc34]	51
	52
[3d64e5b]	53	void ssl_connect( char host, int port, ssl_input_function func, gpointer data )
[b7d3cc34]	54	{
	55	struct scd *conn = g_new0( struct scd, 1 );
	56
	57	conn->fd = proxy_connect( host, port, ssl_connected, conn );
	58	conn->func = func;
	59	conn->data = data;
[701acdd4]	60	conn->inpa = -1;
[b7d3cc34]	61
	62	if( conn->fd < 0 )
	63	{
	64	g_free( conn );
[42127dc]	65	return NULL;
[b7d3cc34]	66	}
	67
[42127dc]	68	return conn;
	69	}
	70
	71	/* FIXME: It can happen that the handshake fails even before ssl_connected()
	72	returns already. This function will then return an invalid pointer because
	73	these failures can't be detected properly yet. Maybe ssl_connected()
	74	shouldn't be called directly, but via a short timeout? */
	75	void *ssl_starttls( int fd, ssl_input_function func, gpointer data )
	76	{
	77	struct scd *conn = g_new0( struct scd, 1 );
[b7d3cc34]	78
[42127dc]	79	conn->fd = fd;
	80	conn->func = func;
	81	conn->data = data;
	82	conn->inpa = -1;
	83
	84	ssl_connected( conn, fd, GAIM_INPUT_WRITE );
[b7d3cc34]	85
[42127dc]	86	return conn;
[b7d3cc34]	87	}
	88
[2b7d2d1]	89	static gboolean ssl_handshake( gpointer data, gint source, b_input_condition cond );
[701acdd4]	90
[2b7d2d1]	91	static gboolean ssl_connected( gpointer data, gint source, b_input_condition cond )
[b7d3cc34]	92	{
	93	struct scd *conn = data;
	94
	95	if( source == -1 )
[701acdd4]	96	{
	97	conn->func( conn->data, NULL, cond );
	98
	99	g_free( conn );
	100
[2b7d2d1]	101	return FALSE;
[701acdd4]	102	}
[b7d3cc34]	103
[42127dc]	104	if( !initialized )
	105	{
	106	gnutls_global_init();
	107	initialized = TRUE;
	108	atexit( gnutls_global_deinit );
	109	}
	110
	111	gnutls_certificate_allocate_credentials( &conn->xcred );
	112	gnutls_init( &conn->session, GNUTLS_CLIENT );
	113	gnutls_set_default_priority( conn->session );
	114	gnutls_credentials_set( conn->session, GNUTLS_CRD_CERTIFICATE, conn->xcred );
	115
[701acdd4]	116	sock_make_nonblocking( conn->fd );
[b7d3cc34]	117	gnutls_transport_set_ptr( conn->session, (gnutls_transport_ptr) conn->fd );
	118
[2b7d2d1]	119	return ssl_handshake( data, source, cond );
[701acdd4]	120	}
	121
[2b7d2d1]	122	static gboolean ssl_handshake( gpointer data, gint source, b_input_condition cond )
[701acdd4]	123	{
	124	struct scd *conn = data;
	125	int st;
[b7d3cc34]	126
[701acdd4]	127	if( ( st = gnutls_handshake( conn->session ) ) < 0 )
	128	{
	129	if( st == GNUTLS_E_AGAIN \|\| st == GNUTLS_E_INTERRUPTED )
	130	{
[2b7d2d1]	131	conn->inpa = b_input_add( conn->fd, ssl_getdirection( conn ),
	132	ssl_handshake, data );
[701acdd4]	133	}
	134	else
	135	{
	136	conn->func( conn->data, NULL, cond );
	137
	138	gnutls_deinit( conn->session );
	139	gnutls_certificate_free_credentials( conn->xcred );
	140	closesocket( conn->fd );
	141
	142	g_free( conn );
	143	}
	144	}
	145	else
	146	{
	147	/* For now we can't handle non-blocking perfectly everywhere... */
	148	sock_make_blocking( conn->fd );
	149
	150	conn->established = TRUE;
	151	conn->func( conn->data, conn, cond );
	152	}
[2b7d2d1]	153
	154	return FALSE;
[b7d3cc34]	155	}
	156
	157	int ssl_read( void conn, char buf, int len )
	158	{
[8a9afe4]	159	int st;
	160
[b7d3cc34]	161	if( !((struct scd*)conn)->established )
[701acdd4]	162	{
	163	ssl_errno = SSL_NOHANDSHAKE;
	164	return( -1 );
	165	}
[b7d3cc34]	166
[8a9afe4]	167	st = gnutls_record_recv( ((struct scd*)conn)->session, buf, len );
	168
	169	ssl_errno = SSL_OK;
	170	if( st == GNUTLS_E_AGAIN \|\| st == GNUTLS_E_INTERRUPTED )
	171	ssl_errno = SSL_AGAIN;
[701acdd4]	172
[8a9afe4]	173	return st;
[b7d3cc34]	174	}
	175
	176	int ssl_write( void conn, const char buf, int len )
	177	{
[8a9afe4]	178	int st;
	179
[b7d3cc34]	180	if( !((struct scd*)conn)->established )
[701acdd4]	181	{
	182	ssl_errno = SSL_NOHANDSHAKE;
	183	return( -1 );
	184	}
[b7d3cc34]	185
[8a9afe4]	186	st = gnutls_record_send( ((struct scd*)conn)->session, buf, len );
	187
	188	ssl_errno = SSL_OK;
	189	if( st == GNUTLS_E_AGAIN \|\| st == GNUTLS_E_INTERRUPTED )
	190	ssl_errno = SSL_AGAIN;
	191
	192	return st;
[b7d3cc34]	193	}
	194
	195	void ssl_disconnect( void *conn_ )
	196	{
	197	struct scd *conn = conn_;
	198
[a03a9f3]	199	if( conn->inpa != -1 )
[2b7d2d1]	200	b_event_remove( conn->inpa );
[a03a9f3]	201
[b7d3cc34]	202	if( conn->established )
	203	gnutls_bye( conn->session, GNUTLS_SHUT_WR );
	204
	205	closesocket( conn->fd );
	206
	207	gnutls_deinit( conn->session );
	208	gnutls_certificate_free_credentials( conn->xcred );
	209	g_free( conn );
	210	}
	211
	212	int ssl_getfd( void *conn )
	213	{
	214	return( ((struct scd*)conn)->fd );
	215	}
[8a9afe4]	216
[ba9edaa]	217	b_input_condition ssl_getdirection( void *conn )
[8a9afe4]	218	{
	219	return( gnutls_record_get_direction( ((struct scd*)conn)->session ) ?
	220	GAIM_INPUT_WRITE : GAIM_INPUT_READ );
	221	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: