Changeset 792a93b for lib/ssl_openssl.c


Ignore:
Timestamp:
2011-12-23T12:44:08Z (12 years ago)
Author:
Wilmer van der Gaast <wilmer@…>
Branches:
master
Children:
200e151
Parents:
2d93a51e (diff), 41658da (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the (diff) links above to see all the changes relative to each parent.
Message:

Merging SSL certificate verification for GnuTLS, with help from AopicieR.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • lib/ssl_openssl.c

    r2d93a51e r792a93b  
    4545        int fd;
    4646        gboolean established;
     47        gboolean verify;
    4748       
    4849        int inpa;
     
    6465}
    6566
    66 void *ssl_connect( char *host, int port, ssl_input_function func, gpointer data )
     67void *ssl_connect( char *host, int port, gboolean verify, ssl_input_function func, gpointer data )
    6768{
    6869        struct scd *conn = g_new0( struct scd, 1 );
     
    8283}
    8384
    84 void *ssl_starttls( int fd, ssl_input_function func, gpointer data )
     85void *ssl_starttls( int fd, char *hostname, gboolean verify, ssl_input_function func, gpointer data )
    8586{
    8687        struct scd *conn = g_new0( struct scd, 1 );
     
    9091        conn->data = data;
    9192        conn->inpa = -1;
     93        conn->verify = verify;
    9294       
    9395        /* This function should be called via a (short) timeout instead of
     
    117119        SSL_METHOD *meth;
    118120       
     121        /* Right now we don't have any verification functionality for openssl so we
     122           fail in case verification has been requested by the user. */
     123
     124        if( conn->verify )
     125        {
     126                conn->func( conn->data, OPENSSL_VERIFY_ERROR, NULL, cond );
     127                if( source >= 0 ) closesocket( source );
     128                g_free( conn );
     129
     130                return FALSE;
     131        }
     132
    119133        if( source == -1 )
    120134                goto ssl_connected_failure;
     
    141155
    142156ssl_connected_failure:
    143         conn->func( conn->data, NULL, cond );
     157        conn->func( conn->data, 0, NULL, cond );
    144158       
    145159        if( conn->ssl )
     
    169183                if( conn->lasterr != SSL_ERROR_WANT_READ && conn->lasterr != SSL_ERROR_WANT_WRITE )
    170184                {
    171                         conn->func( conn->data, NULL, cond );
     185                        conn->func( conn->data, 0, NULL, cond );
    172186                       
    173187                        SSL_shutdown( conn->ssl );
     
    187201        conn->established = TRUE;
    188202        sock_make_blocking( conn->fd );         /* For now... */
    189         conn->func( conn->data, conn, cond );
     203        conn->func( conn->data, 0, conn, cond );
    190204        return FALSE;
    191205}
     
    272286{
    273287        return( ((struct scd*)conn)->lasterr == SSL_ERROR_WANT_WRITE ? B_EV_IO_WRITE : B_EV_IO_READ );
     288}
     289
     290char *ssl_verify_strerror( int code )
     291{
     292        return g_strdup( "SSL certificate verification not supported by BitlBee OpenSSL code." );
    274293}
    275294
Note: See TracChangeset for help on using the changeset viewer.