1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
|
// TLS handler for HaxServ
//
// Written by: Test_User <hax@andrewyu.org>
//
// This is free and unencumbered software released into the public
// domain.
//
// Anyone is free to copy, modify, publish, use, compile, sell, or
// distribute this software, either in source code form or as a compiled
// binary, for any purpose, commercial or non-commercial, and by any
// means.
//
// In jurisdictions that recognize copyright laws, the author or authors
// of this software dedicate any and all copyright interest in the
// software to the public domain. We make this dedication for the benefit
// of the public at large and to the detriment of our heirs and
// successors. We intend this dedication to be an overt act of
// relinquishment in perpetuity of all present and future rights to this
// software under copyright law.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
// IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
// OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
// ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
// OTHER DEALINGS IN THE SOFTWARE.
#include <gnutls/gnutls.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <arpa/inet.h>
#include "network.h"
#include "config.h"
#include "types.h"
#include "tls.h"
gnutls_session_t session;
int fd;
int connect_tls(void) {
// TODO: free used things on failure
if (gnutls_global_init() < 0)
return 1;
gnutls_certificate_credentials_t xcred; // TODO: if we reconnect
if (gnutls_certificate_allocate_credentials(&xcred) < 0)
return 2;
if (gnutls_certificate_set_x509_system_trust(xcred) < 0)
return 3;
if (gnutls_init(&session, GNUTLS_CLIENT) < 0)
return 4;
if (gnutls_server_name_set(session, GNUTLS_NAME_DNS, address.data, address.len) < 0)
return 5;
if (gnutls_set_default_priority(session) < 0)
return 6;
if (gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred) < 0)
return 7;
gnutls_session_set_verify_cert(session, address.data, 0);
fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if (fd == -1)
return 8;
struct sockaddr sockaddr;
resolve(address.data, port.data, &sockaddr);
int ret = connect(fd, &sockaddr, sizeof(sockaddr));
if (ret != 0)
return 9;
gnutls_transport_set_int(session, fd);
gnutls_handshake_set_timeout(session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
do {
ret = gnutls_handshake(session);
} while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
if (ret < 0)
return 10;
gnutls_record_set_timeout(session, 60000); // 60s
return 0;
}
extern inline size_t RECV(char *buf, size_t buflen, char *timeout); // Should force it to get compiled into tls.o
#if LOGALL
ssize_t SEND(struct string msg) {
static char printprefix = 1;
if (printprefix) {
#if COLORIZE
WRITES(1, STRING("\x1b[33m[Us->Server] \x1b[34m"));
#else
WRITES(1, STRING("[Us->Server] "));
#endif
printprefix = 0;
}
WRITES(1, msg);
if (msg.len == 0 || msg.data[msg.len - 1] == '\n') {
printprefix = 1;
#if COLORIZE
WRITES(1, STRING("\x1b[0m\n"));
#else
WRITES(1, STRING("\n"));
#endif
}
return gnutls_record_send(session, msg.data, msg.len);
}
#endif
|
