Changeset f920d9e

Timestamp:

2006-10-19T07:51:35Z (18 years ago)

Author:

Wilmer van der Gaast <wilmer@…>

Branches:

master

Children:

dfa41a4

Parents:

1991be6

Message:

Added starttls code to ssl_openssl.c so GnuTLS isn't the only supported
SSL module in this branch anymore.

Location:

lib

Files:

• ssl_gnutls.c (modified) (1 diff)
• ssl_openssl.c (modified) (6 diffs)

lib/ssl_gnutls.c

@@ -108 +108 @@
         {
                 conn->func( conn->data, NULL, cond );
-                
                 g_free( conn );
-                
                 return FALSE;
         }

lib/ssl_openssl.c

@@ -53 +53 @@
 
 static gboolean ssl_connected( gpointer data, gint source, b_input_condition cond );
+static gboolean ssl_starttls_real( gpointer data, gint source, b_input_condition cond );
+static gboolean ssl_handshake( gpointer data, gint source, b_input_condition cond );
 
 
@@ -58 +60 @@
 {
         struct scd *conn = g_new0( struct scd, 1 );
-        SSL_METHOD *meth;
         
         conn->fd = proxy_connect( host, port, ssl_connected, conn );
         conn->func = func;
         conn->data = data;
+        conn->inpa = -1;
         
         if( conn->fd < 0 )
         {
                 g_free( conn );
-                return( NULL );
-        }
+                return NULL;
+        }
+        
+        return conn;
+}
+
+void *ssl_starttls( int fd, ssl_input_function func, gpointer data )
+{
+        struct scd *conn = g_new0( struct scd, 1 );
+        
+        conn->fd = fd;
+        conn->func = func;
+        conn->data = data;
+        conn->inpa = -1;
+        
+        /* This function should be called via a (short) timeout instead of
+           directly from here, because these SSL calls are *supposed* to be
+           *completely* asynchronous and not ready yet when this function
+           (or *_connect, for examle) returns. Also, errors are reported via
+           the callback function, not via this function's return value.
+           
+           In short, doing things like this makes the rest of the code a lot
+           simpler. */
+        
+        b_timeout_add( 1, ssl_starttls_real, conn );
+        
+        return conn;
+}
+
+static gboolean ssl_starttls_real( gpointer data, gint source, b_input_condition cond )
+{
+        struct scd *conn = data;
+        
+        return ssl_connected( conn, conn->fd, GAIM_INPUT_WRITE );
+}
+
+static gboolean ssl_connected( gpointer data, gint source, b_input_condition cond )
+{
+        struct scd *conn = data;
+        SSL_METHOD *meth;
+        
+        if( source == -1 )
+                goto ssl_connected_failure;
         
         if( !initialized )
@@ -79 +122 @@
         conn->ssl_ctx = SSL_CTX_new( meth );
         if( conn->ssl_ctx == NULL )
-        {
-                conn->fd = -1;
-                return( NULL );
-        }
+                goto ssl_connected_failure;
         
         conn->ssl = SSL_new( conn->ssl_ctx );
         if( conn->ssl == NULL )
-        {
-                conn->fd = -1;
-                return( NULL );
-        }
-        
-        return( conn );
-}
-
-static gboolean ssl_handshake( gpointer data, gint source, b_input_condition cond );
-
-static gboolean ssl_connected( gpointer data, gint source, b_input_condition cond )
-{
-        struct scd *conn = data;
-        
-        if( source == -1 )
-                return ssl_handshake( data, -1, cond );
+                goto ssl_connected_failure;
         
         /* We can do at least the handshake with non-blocking I/O */
@@ -108 +133 @@
         
         return ssl_handshake( data, source, cond );
+
+ssl_connected_failure:
+        conn->func( conn->data, NULL, cond );
+        
+        if( conn->ssl )
+        {
+                SSL_shutdown( conn->ssl );
+                SSL_free( conn->ssl );
+        }
+        if( conn->ssl_ctx )
+        {
+                SSL_CTX_free( conn->ssl_ctx );
+        }
+        if( source >= 0 ) closesocket( source );
+        g_free( conn );
+        
+        return FALSE;
+
 }       
 
@@ -119 +162 @@
                 conn->lasterr = SSL_get_error( conn->ssl, st );
                 if( conn->lasterr != SSL_ERROR_WANT_READ && conn->lasterr != SSL_ERROR_WANT_WRITE )
-                        goto ssl_connected_failure;
+                {
+                        conn->func( conn->data, NULL, cond );
+                        
+                        SSL_shutdown( conn->ssl );
+                        SSL_free( conn->ssl );
+                        SSL_CTX_free( conn->ssl_ctx );
+                        
+                        if( source >= 0 ) closesocket( source );
+                        g_free( conn );
+                        
+                        return FALSE;
+                }
                 
                 conn->inpa = b_input_add( conn->fd, ssl_getdirection( conn ), ssl_handshake, data );
@@ -129 +183 @@
         conn->func( conn->data, conn, cond );
         return FALSE;
-        
-ssl_connected_failure:
-        conn->func( conn->data, NULL, cond );
-        
-        if( conn->ssl )
-        {
-                SSL_shutdown( conn->ssl );
-                SSL_free( conn->ssl );
-        }
-        if( conn->ssl_ctx )
-        {
-                SSL_CTX_free( conn->ssl_ctx );
-        }
-        if( source >= 0 ) closesocket( source );
-        g_free( conn );
-        
-        return FALSE;
 }