diff options
| author | Test_User <hax@andrewyu.org> | 2023-05-05 23:34:55 -0400 |
|---|---|---|
| committer | Test_User <hax@andrewyu.org> | 2023-05-05 23:34:55 -0400 |
| commit | 329ca8e8f40efdd7838d40435b5f113d2877c13c (patch) | |
| tree | a71b82548acc60185a448261a0088fa7e925e948 /tls.c | |
| parent | 9343cffa8c032d5b44fce89af7fc5d8709acd9aa (diff) | |
| download | coupserv-329ca8e8f40efdd7838d40435b5f113d2877c13c.tar.gz coupserv-329ca8e8f40efdd7838d40435b5f113d2877c13c.zip | |
Switch to gnutls, add handling of NICK, add responses to unknown/invalid/etc command, change a few other things
Diffstat (limited to 'tls.c')
| -rw-r--r-- | tls.c | 56 |
1 files changed, 25 insertions, 31 deletions
@@ -26,9 +26,7 @@ // ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR // OTHER DEALINGS IN THE SOFTWARE. -#include <openssl/ssl.h> -#include <openssl/err.h> -#include <openssl/x509v3.h> +#include <gnutls/gnutls.h> #include <sys/socket.h> #include <sys/types.h> #include <arpa/inet.h> @@ -36,59 +34,55 @@ #include "network.h" #include "config.h" #include "types.h" +#include "tls.h" -SSL *ssl; -SSL_CTX *ctx; +gnutls_session_t session; int fd; int connect_tls(void) { // TODO: free used things on failure - SSL_library_init(); - SSL_load_error_strings(); - - const SSL_METHOD *method = TLS_client_method(); - if (method == NULL) + if (gnutls_global_init() < 0) return 1; - ctx = SSL_CTX_new(method); - if (ctx == NULL) + gnutls_certificate_credentials_t xcred; // TODO: if we reconnect + if (gnutls_certificate_allocate_credentials(&xcred) < 0) return 2; - SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION); - - int success = SSL_CTX_load_verify_locations(ctx, X509_get_default_cert_file(), NULL); - success |= SSL_CTX_load_verify_locations(ctx, NULL, X509_get_default_cert_dir()); - if (!success) + if (gnutls_certificate_set_x509_system_trust(xcred) < 0) return 3; - fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); - if (fd == -1) + if (gnutls_init(&session, GNUTLS_CLIENT) < 0) return 4; - ssl = SSL_new(ctx); - if (ssl == NULL) + if (gnutls_server_name_set(session, GNUTLS_NAME_DNS, address.data, address.len) < 0) return 5; - X509_VERIFY_PARAM *param = SSL_get0_param(ssl); - X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_WILDCARDS); - if (!X509_VERIFY_PARAM_set1_host(param, address.data, address.len)) + if (gnutls_set_default_priority(session) < 0) return 6; - SSL_set_verify(ssl, SSL_VERIFY_PEER, NULL); + if (gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred) < 0) + return 7; + gnutls_session_set_verify_cert(session, address.data, 0); + + fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); + if (fd == -1) + return 8; struct sockaddr sockaddr; resolve(address.data, port.data, &sockaddr); int ret = connect(fd, &sockaddr, sizeof(sockaddr)); if (ret != 0) - return 7; + return 9; - if (SSL_set_fd(ssl, fd) != 1) - return 8; + gnutls_transport_set_int(session, fd); + gnutls_handshake_set_timeout(session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT); - ret = SSL_connect(ssl); - if (ret != 1) - return 9; + do { + ret = gnutls_handshake(session); + } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) + return 10; return 0; } |