source: lib/ssl_gnutls.c @ 6baca2a

Last change on this file since 6baca2a was 42127dc, checked in by Wilmer van der Gaast <wilmer@…>, at 2006-09-24T11:57:45Z

Added support for SSL- and TLS-connections. Checking of the "tls" user
setting has to be finished, plus an ssl_starttls() function for the other
SSL libraries (this code will only compile with GnuTLS for now).

  • Property mode set to 100644
File size: 5.3 KB
Line 
1  /********************************************************************\
2  * BitlBee -- An IRC to other IM-networks gateway                     *
3  *                                                                    *
4  * Copyright 2002-2004 Wilmer van der Gaast and others                *
5  \********************************************************************/
6
7/* SSL module - GnuTLS version                                          */
8
9/*
10  This program is free software; you can redistribute it and/or modify
11  it under the terms of the GNU General Public License as published by
12  the Free Software Foundation; either version 2 of the License, or
13  (at your option) any later version.
14
15  This program is distributed in the hope that it will be useful,
16  but WITHOUT ANY WARRANTY; without even the implied warranty of
17  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
18  GNU General Public License for more details.
19
20  You should have received a copy of the GNU General Public License with
21  the Debian GNU/Linux distribution in /usr/share/common-licenses/GPL;
22  if not, write to the Free Software Foundation, Inc., 59 Temple Place,
23  Suite 330, Boston, MA  02111-1307  USA
24*/
25
26#include <gnutls/gnutls.h>
27#include <fcntl.h>
28#include <unistd.h>
29#include "proxy.h"
30#include "ssl_client.h"
31#include "sock.h"
32#include "stdlib.h"
33
34int ssl_errno = 0;
35
36static gboolean initialized = FALSE;
37
38struct scd
39{
40        ssl_input_function func;
41        gpointer data;
42        int fd;
43        gboolean established;
44        int inpa;
45       
46        gnutls_session session;
47        gnutls_certificate_credentials xcred;
48};
49
50static gboolean ssl_connected( gpointer data, gint source, b_input_condition cond );
51
52
53void *ssl_connect( char *host, int port, ssl_input_function func, gpointer data )
54{
55        struct scd *conn = g_new0( struct scd, 1 );
56       
57        conn->fd = proxy_connect( host, port, ssl_connected, conn );
58        conn->func = func;
59        conn->data = data;
60        conn->inpa = -1;
61       
62        if( conn->fd < 0 )
63        {
64                g_free( conn );
65                return NULL;
66        }
67       
68        return conn;
69}
70
71/* FIXME: It can happen that the handshake fails even before ssl_connected()
72   returns already. This function will then return an invalid pointer because
73   these failures can't be detected properly yet. Maybe ssl_connected()
74   shouldn't be called directly, but via a short timeout? */
75void *ssl_starttls( int fd, ssl_input_function func, gpointer data )
76{
77        struct scd *conn = g_new0( struct scd, 1 );
78       
79        conn->fd = fd;
80        conn->func = func;
81        conn->data = data;
82        conn->inpa = -1;
83       
84        ssl_connected( conn, fd, GAIM_INPUT_WRITE );
85       
86        return conn;
87}
88
89static gboolean ssl_handshake( gpointer data, gint source, b_input_condition cond );
90
91static gboolean ssl_connected( gpointer data, gint source, b_input_condition cond )
92{
93        struct scd *conn = data;
94       
95        if( source == -1 )
96        {
97                conn->func( conn->data, NULL, cond );
98               
99                g_free( conn );
100               
101                return FALSE;
102        }
103       
104        if( !initialized )
105        {
106                gnutls_global_init();
107                initialized = TRUE;
108                atexit( gnutls_global_deinit );
109        }
110       
111        gnutls_certificate_allocate_credentials( &conn->xcred );
112        gnutls_init( &conn->session, GNUTLS_CLIENT );
113        gnutls_set_default_priority( conn->session );
114        gnutls_credentials_set( conn->session, GNUTLS_CRD_CERTIFICATE, conn->xcred );
115       
116        sock_make_nonblocking( conn->fd );
117        gnutls_transport_set_ptr( conn->session, (gnutls_transport_ptr) conn->fd );
118       
119        return ssl_handshake( data, source, cond );
120}
121
122static gboolean ssl_handshake( gpointer data, gint source, b_input_condition cond )
123{
124        struct scd *conn = data;
125        int st;
126       
127        if( ( st = gnutls_handshake( conn->session ) ) < 0 )
128        {
129                if( st == GNUTLS_E_AGAIN || st == GNUTLS_E_INTERRUPTED )
130                {
131                        conn->inpa = b_input_add( conn->fd, ssl_getdirection( conn ),
132                                                  ssl_handshake, data );
133                }
134                else
135                {
136                        conn->func( conn->data, NULL, cond );
137                       
138                        gnutls_deinit( conn->session );
139                        gnutls_certificate_free_credentials( conn->xcred );
140                        closesocket( conn->fd );
141                       
142                        g_free( conn );
143                }
144        }
145        else
146        {
147                /* For now we can't handle non-blocking perfectly everywhere... */
148                sock_make_blocking( conn->fd );
149               
150                conn->established = TRUE;
151                conn->func( conn->data, conn, cond );
152        }
153       
154        return FALSE;
155}
156
157int ssl_read( void *conn, char *buf, int len )
158{
159        int st;
160       
161        if( !((struct scd*)conn)->established )
162        {
163                ssl_errno = SSL_NOHANDSHAKE;
164                return( -1 );
165        }
166       
167        st = gnutls_record_recv( ((struct scd*)conn)->session, buf, len );
168       
169        ssl_errno = SSL_OK;
170        if( st == GNUTLS_E_AGAIN || st == GNUTLS_E_INTERRUPTED )
171                ssl_errno = SSL_AGAIN;
172       
173        return st;
174}
175
176int ssl_write( void *conn, const char *buf, int len )
177{
178        int st;
179       
180        if( !((struct scd*)conn)->established )
181        {
182                ssl_errno = SSL_NOHANDSHAKE;
183                return( -1 );
184        }
185       
186        st = gnutls_record_send( ((struct scd*)conn)->session, buf, len );
187       
188        ssl_errno = SSL_OK;
189        if( st == GNUTLS_E_AGAIN || st == GNUTLS_E_INTERRUPTED )
190                ssl_errno = SSL_AGAIN;
191       
192        return st;
193}
194
195void ssl_disconnect( void *conn_ )
196{
197        struct scd *conn = conn_;
198       
199        if( conn->inpa != -1 )
200                b_event_remove( conn->inpa );
201       
202        if( conn->established )
203                gnutls_bye( conn->session, GNUTLS_SHUT_WR );
204       
205        closesocket( conn->fd );
206       
207        gnutls_deinit( conn->session );
208        gnutls_certificate_free_credentials( conn->xcred );
209        g_free( conn );
210}
211
212int ssl_getfd( void *conn )
213{
214        return( ((struct scd*)conn)->fd );
215}
216
217b_input_condition ssl_getdirection( void *conn )
218{
219        return( gnutls_record_get_direction( ((struct scd*)conn)->session ) ?
220                GAIM_INPUT_WRITE : GAIM_INPUT_READ );
221}
Note: See TracBrowser for help on using the repository browser.