(Optional) Client certificate support, fix main to exit if init client or server network fails

author: Test_User <hax@andrewyu.org> 2024-06-07 22:09:06 -0400
committer: Test_User <hax@andrewyu.org> 2024-06-07 22:09:06 -0400
commit: 5c9c4339ac97ffb9c66d9f3dd3a8285badd24d71 (patch)
tree: 59ff5a5bf712e8fc02717cdb4e1d597497cc38e5
parent: 92d08e2442d0230ac096b6484d32f6ec75a8a622 (diff)
download: coupserv-5c9c4339ac97ffb9c66d9f3dd3a8285badd24d71.tar.gz
coupserv-5c9c4339ac97ffb9c66d9f3dd3a8285badd24d71.zip
3 files changed, 17 insertions, 9 deletions
diff --git a/config.h b/config.h
index 9474353..931d726 100644
--- a/config.h
+++ b/config.h
@@ -50,3 +50,6 @@ extern struct string client_hostmask; // = STRING("127.0.0.1");
 extern struct string client_cert; // = STRING("NiceInvalidCertForNickServToAcceptRegardlessOfItsPossibility");
 
 extern struct string opertype; // = STRING("Admin");
+
+extern char *tls_cert_path; // = "/etc/keys/crt.pem";
+extern char *tls_key_path; // = "/etc/keys/key.pem";
diff --git a/main.c b/main.c
index f720b3c..323ea8e 100644
--- a/main.c
+++ b/main.c
@@ -241,8 +241,10 @@ void *client_loop(void *ign) {
 
 pthread_t client_thread_id;
 int main(void) {
-	initservernetwork();
-	initclientnetwork();
+	if (initservernetwork() != 0)
+		return 1;
+	if (initclientnetwork() != 0)
+		return 1;
 
 	pthread_create(&client_thread_id, NULL, client_loop, NULL);
 
diff --git a/tls.c b/tls.c
index 167f530..d526812 100644
--- a/tls.c
+++ b/tls.c
@@ -52,28 +52,31 @@ int connect_tls(void) {
 	if (gnutls_certificate_set_x509_system_trust(xcred) < 0)
 		return 3;
 
-	if (gnutls_init(&session, GNUTLS_CLIENT) < 0)
+	if (tls_cert_path && tls_key_path && gnutls_certificate_set_x509_key_file(xcred, tls_cert_path, tls_key_path, GNUTLS_X509_FMT_PEM) < 0)
 		return 4;
 
-	if (gnutls_server_name_set(session, GNUTLS_NAME_DNS, address.data, address.len) < 0)
+	if (gnutls_init(&session, GNUTLS_CLIENT) < 0)
 		return 5;
 
-	if (gnutls_set_default_priority(session) < 0)
+	if (gnutls_server_name_set(session, GNUTLS_NAME_DNS, address.data, address.len) < 0)
 		return 6;
 
-	if (gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred) < 0)
+	if (gnutls_set_default_priority(session) < 0)
 		return 7;
+
+	if (gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred) < 0)
+		return 8;
 	gnutls_session_set_verify_cert(session, address.data, 0);
 
 	fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
 	if (fd == -1)
-		return 8;
+		return 9;
 
 	struct sockaddr sockaddr;
 	resolve(address.data, port.data, &sockaddr);
 	int ret = connect(fd, &sockaddr, sizeof(sockaddr));
 	if (ret != 0)
-		return 9;
+		return 10;
 
 	gnutls_transport_set_int(session, fd);
 	gnutls_handshake_set_timeout(session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
@@ -82,7 +85,7 @@ int connect_tls(void) {
 		ret = gnutls_handshake(session);
 	} while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
 	if (ret < 0)
-		return 10;
+		return 11;
 
 	gnutls_record_set_timeout(session, 60000); // 60s
author	Test_User <hax@andrewyu.org>	2024-06-07 22:09:06 -0400
committer	Test_User <hax@andrewyu.org>	2024-06-07 22:09:06 -0400
commit	5c9c4339ac97ffb9c66d9f3dd3a8285badd24d71 (patch)
tree	59ff5a5bf712e8fc02717cdb4e1d597497cc38e5
parent	92d08e2442d0230ac096b6484d32f6ec75a8a622 (diff)
download	coupserv-5c9c4339ac97ffb9c66d9f3dd3a8285badd24d71.tar.gz coupserv-5c9c4339ac97ffb9c66d9f3dd3a8285badd24d71.zip