Changeset ba5add7

Timestamp:

2008-02-17T01:39:39Z (17 years ago)

Author:

Sven Moritz Hallberg <sm@…>

Branches:

master

Children:

82e8fe8

Parents:

fd9fa52

Message:

explicitly initialize ssl in order to avoid gnutls and libotr fighting over the global state of libgcrypt

Files:

• lib/ssl_bogus.c (modified) (1 diff)
• lib/ssl_client.h (modified) (1 diff)
• lib/ssl_gnutls.c (modified) (2 diffs)
• lib/ssl_nss.c (modified) (2 diffs)
• lib/ssl_openssl.c (modified) (2 diffs)
• otr.c (modified) (5 diffs)
• otr.h (modified) (2 diffs)
• unix.c (modified) (2 diffs)

lib/ssl_bogus.c

@@ -27 +27 @@
 
 int ssl_errno;
+
+void ssl_init( void )
+{
+}
 
 void *ssl_connect( char *host, int port, ssl_input_function func, gpointer data )

lib/ssl_client.h

@@ -47 +47 @@
 
 
+/* Perform any global initialization the SSL library might need. */
+G_MODULE_EXPORT void ssl_init( void );
+
 /* Connect to host:port, call the given function when the connection is
    ready to be used for SSL traffic. This is all done asynchronously, no

lib/ssl_gnutls.c

@@ -60 +60 @@
 static gboolean ssl_handshake( gpointer data, gint source, b_input_condition cond );
 
+
+void ssl_init( void )
+{
+        gnutls_global_init();
+        initialized = TRUE;
+        atexit( gnutls_global_deinit );
+}
 
 void *ssl_connect( char *host, int port, ssl_input_function func, gpointer data )
@@ -122 +129 @@
         if( !initialized )
         {
-                gnutls_global_init();
-                initialized = TRUE;
-                atexit( gnutls_global_deinit );
+                ssl_init();
         }
         

lib/ssl_nss.c

@@ -91 +91 @@
 
 
+void ssl_init( void )
+{
+        PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
+        NSS_NoDB_Init(NULL);
+        NSS_SetDomesticPolicy();
+        initialized = TRUE;
+}
+
 void *ssl_connect( char *host, int port, ssl_input_function func, gpointer data )
 {
@@ -107 +115 @@
         if( !initialized )
         {
-                PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
-                NSS_NoDB_Init(NULL);
-                NSS_SetDomesticPolicy();
+                ssl_init();
         }
 

lib/ssl_openssl.c

@@ -56 +56 @@
 static gboolean ssl_handshake( gpointer data, gint source, b_input_condition cond );
 
+
+void ssl_init( void );
+{
+        initialized = TRUE;
+        SSLeay_add_ssl_algorithms();
+}
 
 void *ssl_connect( char *host, int port, ssl_input_function func, gpointer data )
@@ -115 +121 @@
         if( !initialized )
         {
-                initialized = TRUE;
-                SSLeay_add_ssl_algorithms();
+                ssl_init();
         }
         

otr.c

@@ -112 +112 @@
 
 /* main function for the forked keygen slave */
-void keygen_child_main(OtrlUserState us, int infd, int outfd);
+void keygen_child_main(const char *nick, int infd, int outfd);
 
 /* mainloop handler for when a keygen finishes */
@@ -1527 +1527 @@
                         /* child process */
                         signal(SIGTERM, exit);
-                        keygen_child_main(irc->otr->us, to[0], from[1]);
+                        keygen_child_main(irc->nick, to[0], from[1]);
                         exit(0);
                 }
@@ -1548 +1548 @@
                         kg=&((*kg)->next);
                 *kg = g_new0(kg_t, 1);
-                (*kg)->accountname = handle;
-                (*kg)->protocol = protocol;
+                (*kg)->accountname = g_strdup(handle);
+                (*kg)->protocol = g_strdup(protocol);
         } else {
                 /* send our job over and remember it */
@@ -1555 +1555 @@
                 fprintf(irc->otr->to, "%s\n%s\n", handle, protocol);
                 fflush(irc->otr->to);
-                irc->otr->sent_accountname = handle;
-                irc->otr->sent_protocol = protocol;
-        }
-}
-
-void keygen_child_main(OtrlUserState us, int infd, int outfd)
-{
+                irc->otr->sent_accountname = g_strdup(handle);
+                irc->otr->sent_protocol = g_strdup(protocol);
+        }
+}
+
+void keygen_child_main(const char *nick, int infd, int outfd)
+{
+        OtrlUserState us;
+        char *kf;
         FILE *input, *output;
         char filename[128], accountname[512], protocol[512];
         gcry_error_t e;
         int tempfd;
+        
+        us = otrl_userstate_create();
+        kf = g_strdup_printf("%s%s.otr_keys", global.conf->configdir, nick);
+        otrl_privkey_read(us, kf);
+        g_free(kf);
         
         input = fdopen(infd, "r");
@@ -1620 +1627 @@
         
         /* forget this job */
+        g_free(irc->otr->sent_accountname);
+        g_free(irc->otr->sent_protocol);
         irc->otr->sent_accountname = NULL;
         irc->otr->sent_protocol = NULL;

otr.h

@@ -51 +51 @@
 /* representing a keygen job */
 typedef struct kg {
-        const char *accountname;
-        const char *protocol;
+        char *accountname;
+        char *protocol;
         
         struct kg *next;
@@ -65 +65 @@
         
         /* active keygen job (NULL if none) */
-        const char *sent_accountname;
-        const char *sent_protocol;
+        char *sent_accountname;
+        char *sent_protocol;
         
         /* keygen jobs waiting to be sent to slave */

unix.c

@@ -31 +31 @@
 #include "help.h"
 #include "ipc.h"
+#include "lib/ssl_client.h"
 #include <signal.h>
 #include <unistd.h>
@@ -55 +56 @@
         b_main_init();
         nogaim_init();
+        /* Ugly Note: libotr and gnutls both use libgcrypt. libgcrypt
+           has a process-global config state whose initialization happpens
+           twice if libotr and gnutls are used together. libotr installs custom
+           memory management functions for libgcrypt while our gnutls module
+           uses the defaults. Therefore we initialize OTR after SSL. *sigh* */
+        ssl_init();
         otr_init();