From 5c9c4339ac97ffb9c66d9f3dd3a8285badd24d71 Mon Sep 17 00:00:00 2001
From: Test_User <hax@andrewyu.org>
Date: Fri, 7 Jun 2024 22:09:06 -0400
Subject: (Optional) Client certificate support, fix main to exit if init
 client or server network fails

---
 config.h |  3 +++
 main.c   |  6 ++++--
 tls.c    | 17 ++++++++++-------
 3 files changed, 17 insertions(+), 9 deletions(-)

diff --git a/config.h b/config.h
index 9474353..931d726 100644
--- a/config.h
+++ b/config.h
@@ -50,3 +50,6 @@ extern struct string client_hostmask; // = STRING("127.0.0.1");
 extern struct string client_cert; // = STRING("NiceInvalidCertForNickServToAcceptRegardlessOfItsPossibility");
 
 extern struct string opertype; // = STRING("Admin");
+
+extern char *tls_cert_path; // = "/etc/keys/crt.pem";
+extern char *tls_key_path; // = "/etc/keys/key.pem";
diff --git a/main.c b/main.c
index f720b3c..323ea8e 100644
--- a/main.c
+++ b/main.c
@@ -241,8 +241,10 @@ void *client_loop(void *ign) {
 
 pthread_t client_thread_id;
 int main(void) {
-	initservernetwork();
-	initclientnetwork();
+	if (initservernetwork() != 0)
+		return 1;
+	if (initclientnetwork() != 0)
+		return 1;
 
 	pthread_create(&client_thread_id, NULL, client_loop, NULL);
 
diff --git a/tls.c b/tls.c
index 167f530..d526812 100644
--- a/tls.c
+++ b/tls.c
@@ -52,28 +52,31 @@ int connect_tls(void) {
 	if (gnutls_certificate_set_x509_system_trust(xcred) < 0)
 		return 3;
 
-	if (gnutls_init(&session, GNUTLS_CLIENT) < 0)
+	if (tls_cert_path && tls_key_path && gnutls_certificate_set_x509_key_file(xcred, tls_cert_path, tls_key_path, GNUTLS_X509_FMT_PEM) < 0)
 		return 4;
 
-	if (gnutls_server_name_set(session, GNUTLS_NAME_DNS, address.data, address.len) < 0)
+	if (gnutls_init(&session, GNUTLS_CLIENT) < 0)
 		return 5;
 
-	if (gnutls_set_default_priority(session) < 0)
+	if (gnutls_server_name_set(session, GNUTLS_NAME_DNS, address.data, address.len) < 0)
 		return 6;
 
-	if (gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred) < 0)
+	if (gnutls_set_default_priority(session) < 0)
 		return 7;
+
+	if (gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred) < 0)
+		return 8;
 	gnutls_session_set_verify_cert(session, address.data, 0);
 
 	fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
 	if (fd == -1)
-		return 8;
+		return 9;
 
 	struct sockaddr sockaddr;
 	resolve(address.data, port.data, &sockaddr);
 	int ret = connect(fd, &sockaddr, sizeof(sockaddr));
 	if (ret != 0)
-		return 9;
+		return 10;
 
 	gnutls_transport_set_int(session, fd);
 	gnutls_handshake_set_timeout(session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
@@ -82,7 +85,7 @@ int connect_tls(void) {
 		ret = gnutls_handshake(session);
 	} while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
 	if (ret < 0)
-		return 10;
+		return 11;
 
 	gnutls_record_set_timeout(session, 60000); // 60s
 
-- 
cgit v1.2.3