From 5c9c4339ac97ffb9c66d9f3dd3a8285badd24d71 Mon Sep 17 00:00:00 2001 From: Test_User Date: Fri, 7 Jun 2024 22:09:06 -0400 Subject: (Optional) Client certificate support, fix main to exit if init client or server network fails --- tls.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) (limited to 'tls.c') diff --git a/tls.c b/tls.c index 167f530..d526812 100644 --- a/tls.c +++ b/tls.c @@ -52,28 +52,31 @@ int connect_tls(void) { if (gnutls_certificate_set_x509_system_trust(xcred) < 0) return 3; - if (gnutls_init(&session, GNUTLS_CLIENT) < 0) + if (tls_cert_path && tls_key_path && gnutls_certificate_set_x509_key_file(xcred, tls_cert_path, tls_key_path, GNUTLS_X509_FMT_PEM) < 0) return 4; - if (gnutls_server_name_set(session, GNUTLS_NAME_DNS, address.data, address.len) < 0) + if (gnutls_init(&session, GNUTLS_CLIENT) < 0) return 5; - if (gnutls_set_default_priority(session) < 0) + if (gnutls_server_name_set(session, GNUTLS_NAME_DNS, address.data, address.len) < 0) return 6; - if (gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred) < 0) + if (gnutls_set_default_priority(session) < 0) return 7; + + if (gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred) < 0) + return 8; gnutls_session_set_verify_cert(session, address.data, 0); fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); if (fd == -1) - return 8; + return 9; struct sockaddr sockaddr; resolve(address.data, port.data, &sockaddr); int ret = connect(fd, &sockaddr, sizeof(sockaddr)); if (ret != 0) - return 9; + return 10; gnutls_transport_set_int(session, fd); gnutls_handshake_set_timeout(session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT); @@ -82,7 +85,7 @@ int connect_tls(void) { ret = gnutls_handshake(session); } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); if (ret < 0) - return 10; + return 11; gnutls_record_set_timeout(session, 60000); // 60s -- cgit v1.2.3