Changeset 59cd92b for lib


Ignore:
Timestamp:
2011-12-29T20:30:43Z (8 years ago)
Author:
Wilmer van der Gaast <wilmer@…>
Branches:
master
Children:
6451d27
Parents:
3558fea
Message:

Keep only one xcred object globally instead of one per connection. With
verification, this object gets pretty huge and there's no need to have it
more than once.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • lib/ssl_gnutls.c

    r3558fea r59cd92b  
    22  * BitlBee -- An IRC to other IM-networks gateway                     *
    33  *                                                                    *
    4   * Copyright 2002-2004 Wilmer van der Gaast and others                *
     4  * Copyright 2002-2011 Wilmer van der Gaast and others                *
    55  \********************************************************************/
    66
     
    3838
    3939static gboolean initialized = FALSE;
     40gnutls_certificate_credentials xcred;
    4041
    4142#include <limits.h>
     
    6061       
    6162        gnutls_session session;
    62         gnutls_certificate_credentials xcred;
    6363};
    6464
     
    6767static gboolean ssl_handshake( gpointer data, gint source, b_input_condition cond );
    6868
     69static void ssl_deinit( void );
    6970
    7071void ssl_init( void )
     
    7475       
    7576        gnutls_global_init();
     77        gnutls_certificate_allocate_credentials( &xcred );
     78        if( global.conf->cafile )
     79        {
     80                gnutls_certificate_set_x509_trust_file( xcred, global.conf->cafile, GNUTLS_X509_FMT_PEM );
     81                /* TODO: Do we want/need this? */
     82                gnutls_certificate_set_verify_flags( xcred, GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT );
     83        }
    7684        initialized = TRUE;
    77         atexit( gnutls_global_deinit );
     85       
     86        atexit( ssl_deinit );
     87}
     88
     89static void ssl_deinit( void )
     90{
     91        gnutls_global_deinit();
     92        gnutls_certificate_free_credentials( xcred );
    7893}
    7994
     
    145160        const char *hostname;
    146161       
    147         hostname = gnutls_session_get_ptr(session );
     162        hostname = gnutls_session_get_ptr( session );
    148163
    149164        gnutlsret = gnutls_certificate_verify_peers2( session, &status );
     
    245260        ssl_init();
    246261       
    247         gnutls_certificate_allocate_credentials( &conn->xcred );
    248         if( conn->verify && global.conf->cafile )
    249         {
    250                 gnutls_certificate_set_x509_trust_file( conn->xcred, global.conf->cafile, GNUTLS_X509_FMT_PEM );
    251                 gnutls_certificate_set_verify_flags( conn->xcred, GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT );
    252         }
    253 
    254262        gnutls_init( &conn->session, GNUTLS_CLIENT );
    255263        if( conn->verify )
     
    259267#endif
    260268        gnutls_set_default_priority( conn->session );
    261         gnutls_credentials_set( conn->session, GNUTLS_CRD_CERTIFICATE, conn->xcred );
     269        gnutls_credentials_set( conn->session, GNUTLS_CRD_CERTIFICATE, xcred );
    262270       
    263271        sock_make_nonblocking( conn->fd );
     
    284292                       
    285293                        gnutls_deinit( conn->session );
    286                         gnutls_certificate_free_credentials( conn->xcred );
    287294                        closesocket( conn->fd );
    288295                       
     
    297304
    298305                        gnutls_deinit( conn->session );
    299                         gnutls_certificate_free_credentials( conn->xcred );
    300306                        closesocket( conn->fd );
    301307
     
    385391        if( conn->session )
    386392                gnutls_deinit( conn->session );
    387         if( conn->xcred )
    388                 gnutls_certificate_free_credentials( conn->xcred );
    389393        g_free( conn );
    390394}
Note: See TracChangeset for help on using the changeset viewer.