From 329ca8e8f40efdd7838d40435b5f113d2877c13c Mon Sep 17 00:00:00 2001
From: Test_User <hax@andrewyu.org>
Date: Fri, 5 May 2023 23:34:55 -0400
Subject: Switch to gnutls, add handling of NICK, add responses to
 unknown/invalid/etc command, change a few other things

---
 tls.c | 56 +++++++++++++++++++++++++-------------------------------
 1 file changed, 25 insertions(+), 31 deletions(-)

(limited to 'tls.c')

diff --git a/tls.c b/tls.c
index c643f3a..b173d82 100644
--- a/tls.c
+++ b/tls.c
@@ -26,9 +26,7 @@
 // ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
 // OTHER DEALINGS IN THE SOFTWARE.
 
-#include <openssl/ssl.h>
-#include <openssl/err.h>
-#include <openssl/x509v3.h>
+#include <gnutls/gnutls.h>
 #include <sys/socket.h>
 #include <sys/types.h>
 #include <arpa/inet.h>
@@ -36,59 +34,55 @@
 #include "network.h"
 #include "config.h"
 #include "types.h"
+#include "tls.h"
 
-SSL *ssl;
-SSL_CTX *ctx;
+gnutls_session_t session;
 int fd;
 
 int connect_tls(void) {
 	// TODO: free used things on failure
 
-	SSL_library_init();
-	SSL_load_error_strings();
-
-	const SSL_METHOD *method = TLS_client_method();
-	if (method == NULL)
+	if (gnutls_global_init() < 0)
 		return 1;
 
-	ctx = SSL_CTX_new(method);
-	if (ctx == NULL)
+	gnutls_certificate_credentials_t xcred; // TODO: if we reconnect
+	if (gnutls_certificate_allocate_credentials(&xcred) < 0)
 		return 2;
 
-	SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION);
-
-	int success = SSL_CTX_load_verify_locations(ctx, X509_get_default_cert_file(), NULL);
-	success |= SSL_CTX_load_verify_locations(ctx, NULL, X509_get_default_cert_dir());
-	if (!success)
+	if (gnutls_certificate_set_x509_system_trust(xcred) < 0)
 		return 3;
 
-	fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
-	if (fd == -1)
+	if (gnutls_init(&session, GNUTLS_CLIENT) < 0)
 		return 4;
 
-	ssl = SSL_new(ctx);
-	if (ssl == NULL)
+	if (gnutls_server_name_set(session, GNUTLS_NAME_DNS, address.data, address.len) < 0)
 		return 5;
 
-	X509_VERIFY_PARAM *param = SSL_get0_param(ssl);
-	X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_WILDCARDS);
-	if (!X509_VERIFY_PARAM_set1_host(param, address.data, address.len))
+	if (gnutls_set_default_priority(session) < 0)
 		return 6;
 
-	SSL_set_verify(ssl, SSL_VERIFY_PEER, NULL);
+	if (gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred) < 0)
+		return 7;
+	gnutls_session_set_verify_cert(session, address.data, 0);
+
+	fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
+	if (fd == -1)
+		return 8;
 
 	struct sockaddr sockaddr;
 	resolve(address.data, port.data, &sockaddr);
 	int ret = connect(fd, &sockaddr, sizeof(sockaddr));
 	if (ret != 0)
-		return 7;
+		return 9;
 
-	if (SSL_set_fd(ssl, fd) != 1)
-		return 8;
+	gnutls_transport_set_int(session, fd);
+	gnutls_handshake_set_timeout(session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
 
-	ret = SSL_connect(ssl);
-	if (ret != 1)
-		return 9;
+	do {
+		ret = gnutls_handshake(session);
+	} while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+	if (ret < 0)
+		return 10;
 
 	return 0;
 }
-- 
cgit v1.2.3