From e4b5445b3ca844e568a84abbf931a026a6ca6226 Mon Sep 17 00:00:00 2001
From: Test_User <hax@andrewyu.org>
Date: Wed, 3 May 2023 22:57:53 -0400
Subject: C HaxServ

---
 tls.c | 66 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 66 insertions(+)
 create mode 100644 tls.c

(limited to 'tls.c')

diff --git a/tls.c b/tls.c
new file mode 100644
index 0000000..aeb83fb
--- /dev/null
+++ b/tls.c
@@ -0,0 +1,66 @@
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+#include <openssl/x509v3.h>
+#include <sys/socket.h>
+#include <sys/types.h>
+#include <arpa/inet.h>
+
+#include "network.h"
+#include "config.h"
+#include "types.h"
+
+SSL *ssl;
+SSL_CTX *ctx;
+int fd;
+
+int connect_tls(void) {
+	// TODO: free used things on failure
+
+	SSL_library_init();
+	SSL_load_error_strings();
+
+	const SSL_METHOD *method = TLS_client_method();
+	if (method == NULL)
+		return 1;
+
+	ctx = SSL_CTX_new(method);
+	if (ctx == NULL)
+		return 2;
+
+	SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION);
+
+	int success = SSL_CTX_load_verify_locations(ctx, X509_get_default_cert_file(), NULL);
+	success |= SSL_CTX_load_verify_locations(ctx, NULL, X509_get_default_cert_dir());
+	if (!success)
+		return 3;
+
+	fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
+	if (fd == -1)
+		return 4;
+
+	ssl = SSL_new(ctx);
+	if (ssl == NULL)
+		return 5;
+
+	X509_VERIFY_PARAM *param = SSL_get0_param(ssl);
+	X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_WILDCARDS);
+	if (!X509_VERIFY_PARAM_set1_host(param, address.data, address.len))
+		return 6;
+
+	SSL_set_verify(ssl, SSL_VERIFY_PEER, NULL);
+
+	struct sockaddr sockaddr;
+	resolve(address.data, port.data, &sockaddr);
+	int ret = connect(fd, &sockaddr, sizeof(sockaddr));
+	if (ret != 0)
+		return 7;
+
+	if (SSL_set_fd(ssl, fd) != 1)
+		return 8;
+
+	ret = SSL_connect(ssl);
+	if (ret != 1)
+		return 9;
+
+	return 0;
+}
-- 
cgit v1.2.3