Changeset 164352e for lib/ssl_openssl.c

Timestamp:

2011-12-24T18:02:39Z (13 years ago)

Author:

Wilmer van der Gaast <wilmer@…>

Branches:

master

Children:

34ded90

Parents:

e306fbf (diff), 96f954d (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the (diff) links above to see all the changes relative to each parent.

Message:

Merging mainline.

File:

• lib/ssl_openssl.c (modified) (9 diffs)

lib/ssl_openssl.c

@@ -45 +45 @@
         int fd;
         gboolean established;
+        gboolean verify;
         
         int inpa;
@@ -64 +65 @@
 }
 
-void *ssl_connect( char *host, int port, ssl_input_function func, gpointer data )
+void *ssl_connect( char *host, int port, gboolean verify, ssl_input_function func, gpointer data )
 {
         struct scd *conn = g_new0( struct scd, 1 );
@@ -82 +83 @@
 }
 
-void *ssl_starttls( int fd, ssl_input_function func, gpointer data )
+void *ssl_starttls( int fd, char *hostname, gboolean verify, ssl_input_function func, gpointer data )
 {
         struct scd *conn = g_new0( struct scd, 1 );
@@ -90 +91 @@
         conn->data = data;
         conn->inpa = -1;
+        conn->verify = verify && global.conf->cafile;
         
         /* This function should be called via a (short) timeout instead of
@@ -117 +119 @@
         SSL_METHOD *meth;
         
+        /* Right now we don't have any verification functionality for OpenSSL. */
+
+        if( conn->verify )
+        {
+                conn->func( conn->data, 1, NULL, cond );
+                if( source >= 0 ) closesocket( source );
+                g_free( conn );
+
+                return FALSE;
+        }
+
         if( source == -1 )
                 goto ssl_connected_failure;
@@ -141 +154 @@
 
 ssl_connected_failure:
-        conn->func( conn->data, NULL, cond );
+        conn->func( conn->data, 0, NULL, cond );
         
         if( conn->ssl )
@@ -169 +182 @@
                 if( conn->lasterr != SSL_ERROR_WANT_READ && conn->lasterr != SSL_ERROR_WANT_WRITE )
                 {
-                        conn->func( conn->data, NULL, cond );
+                        conn->func( conn->data, 0, NULL, cond );
                         
                         SSL_shutdown( conn->ssl );
@@ -187 +200 @@
         conn->established = TRUE;
         sock_make_blocking( conn->fd );         /* For now... */
-        conn->func( conn->data, conn, cond );
+        conn->func( conn->data, 0, conn, cond );
         return FALSE;
 }
@@ -272 +285 @@
 {
         return( ((struct scd*)conn)->lasterr == SSL_ERROR_WANT_WRITE ? B_EV_IO_WRITE : B_EV_IO_READ );
+}
+
+char *ssl_verify_strerror( int code )
+{
+        return g_strdup( "SSL certificate verification not supported by BitlBee OpenSSL code." );
 }