diff options
-rwxr-xr-x | vchat-protocol.c | 28 | ||||
-rwxr-xr-x | vchat-ssl.c | 66 | ||||
-rwxr-xr-x | vchat-ssl.h | 42 |
3 files changed, 72 insertions, 64 deletions
diff --git a/vchat-protocol.c b/vchat-protocol.c index b077411..6532fbb 100755 --- a/vchat-protocol.c +++ b/vchat-protocol.c | |||
@@ -24,11 +24,12 @@ | |||
24 | #include <sys/socket.h> | 24 | #include <sys/socket.h> |
25 | #include <netinet/in.h> | 25 | #include <netinet/in.h> |
26 | #include <readline/readline.h> | 26 | #include <readline/readline.h> |
27 | #include <openssl/ssl.h> | ||
28 | #include <openssl/err.h> | ||
29 | #include <locale.h> | 27 | #include <locale.h> |
30 | #include <langinfo.h> | 28 | #include <langinfo.h> |
31 | 29 | ||
30 | // TO BE GONE | ||
31 | #include <openssl/bio.h> | ||
32 | |||
32 | /* local includes */ | 33 | /* local includes */ |
33 | #include "vchat.h" | 34 | #include "vchat.h" |
34 | #include "vchat-user.h" | 35 | #include "vchat-user.h" |
@@ -108,7 +109,7 @@ vcconnect (char *server, char *port) | |||
108 | char *tildex = NULL; | 109 | char *tildex = NULL; |
109 | 110 | ||
110 | /* vchat connection x509 store */ | 111 | /* vchat connection x509 store */ |
111 | vc_x509store_t vc_store; | 112 | vc_x509store_t *vc_store; |
112 | 113 | ||
113 | /* pointer to tilde-expanded certificate/keyfile-names */ | 114 | /* pointer to tilde-expanded certificate/keyfile-names */ |
114 | char *certfile = NULL, *keyfile = NULL; | 115 | char *certfile = NULL, *keyfile = NULL; |
@@ -126,14 +127,9 @@ vcconnect (char *server, char *port) | |||
126 | 127 | ||
127 | /* If SSL is requested, get our ssl-BIO running */ | 128 | /* If SSL is requested, get our ssl-BIO running */ |
128 | if( server_conn && getintoption(CF_USESSL) ) { | 129 | if( server_conn && getintoption(CF_USESSL) ) { |
129 | static int sslinit; | 130 | vc_store = vc_init_x509store(); |
130 | if( !sslinit++ ) { | 131 | // XXX TODO: Check error (with new API) |
131 | SSL_library_init (); | 132 | vc_x509store_setflags(vc_store, VC_X509S_SSL_VERIFY_PEER); |
132 | SSL_load_error_strings(); | ||
133 | } | ||
134 | |||
135 | vc_init_x509store(&vc_store); | ||
136 | vc_x509store_setflags(&vc_store, VC_X509S_SSL_VERIFY_PEER); | ||
137 | 133 | ||
138 | /* get name of certificate file */ | 134 | /* get name of certificate file */ |
139 | certfile = getstroption (CF_CERTFILE); | 135 | certfile = getstroption (CF_CERTFILE); |
@@ -145,8 +141,8 @@ vcconnect (char *server, char *port) | |||
145 | else | 141 | else |
146 | tildex = certfile; | 142 | tildex = certfile; |
147 | 143 | ||
148 | vc_x509store_setflags(&vc_store, VC_X509S_USE_CERTIFICATE); | 144 | vc_x509store_setflags(vc_store, VC_X509S_USE_CERTIFICATE); |
149 | vc_x509store_setcertfile(&vc_store, tildex); | 145 | vc_x509store_setcertfile(vc_store, tildex); |
150 | 146 | ||
151 | /* get name of key file */ | 147 | /* get name of key file */ |
152 | keyfile = getstroption (CF_KEYFILE); | 148 | keyfile = getstroption (CF_KEYFILE); |
@@ -161,12 +157,12 @@ vcconnect (char *server, char *port) | |||
161 | else | 157 | else |
162 | tildex = keyfile; | 158 | tildex = keyfile; |
163 | 159 | ||
164 | vc_x509store_set_pkeycb(&vc_store, (vc_askpass_cb_t)passprompt); | 160 | vc_x509store_set_pkeycb(vc_store, (vc_askpass_cb_t)passprompt); |
165 | vc_x509store_setkeyfile(&vc_store, tildex); | 161 | vc_x509store_setkeyfile(vc_store, tildex); |
166 | } | 162 | } |
167 | 163 | ||
168 | /* upgrade our plain BIO to ssl */ | 164 | /* upgrade our plain BIO to ssl */ |
169 | if( vc_connect_ssl( &server_conn, &vc_store ) ) { | 165 | if( vc_connect_ssl( &server_conn, vc_store ) ) { |
170 | BIO_free_all( server_conn ); | 166 | BIO_free_all( server_conn ); |
171 | server_conn = NULL; | 167 | server_conn = NULL; |
172 | errno = EIO; | 168 | errno = EIO; |
diff --git a/vchat-ssl.c b/vchat-ssl.c index 73a56fa..fab5ffe 100755 --- a/vchat-ssl.c +++ b/vchat-ssl.c | |||
@@ -34,6 +34,33 @@ | |||
34 | 34 | ||
35 | const char *vchat_ssl_version = "vchat-ssl.c $Id$"; | 35 | const char *vchat_ssl_version = "vchat-ssl.c $Id$"; |
36 | 36 | ||
37 | typedef int (*vc_x509verify_cb_t)(int, X509_STORE_CTX *); | ||
38 | struct vc_x509store_t { | ||
39 | char *cafile; | ||
40 | char *capath; | ||
41 | char *crlfile; | ||
42 | vc_x509verify_cb_t callback; | ||
43 | vc_askpass_cb_t askpass_callback; | ||
44 | STACK_OF(X509) *certs; | ||
45 | STACK_OF(X509_CRL) *crls; | ||
46 | char *use_certfile; | ||
47 | STACK_OF(X509) *use_certs; | ||
48 | char *use_keyfile; | ||
49 | EVP_PKEY *use_key; | ||
50 | int flags; | ||
51 | }; | ||
52 | |||
53 | static void vc_cleanup_x509store(vc_x509store_t *); // Should not be static but is unused | ||
54 | static SSL_CTX * vc_create_sslctx( vc_x509store_t *vc_store ); | ||
55 | static int vc_verify_callback(int, X509_STORE_CTX *); | ||
56 | static X509_STORE * vc_x509store_create(vc_x509store_t *); | ||
57 | static void vc_x509store_clearflags(vc_x509store_t *, int); | ||
58 | static void vc_x509store_setcafile(vc_x509store_t *, char *); | ||
59 | static void vc_x509store_setcapath(vc_x509store_t *, char *); | ||
60 | static void vc_x509store_setcrlfile(vc_x509store_t *, char *); | ||
61 | static void vc_x509store_addcert(vc_x509store_t *, X509 *); | ||
62 | static void vc_x509store_setcb(vc_x509store_t *, vc_x509verify_cb_t); | ||
63 | |||
37 | #define VC_CTX_ERR_EXIT(se, cx) do { \ | 64 | #define VC_CTX_ERR_EXIT(se, cx) do { \ |
38 | snprintf(tmpstr, TMPSTRSIZE, "CREATE CTX: %s", \ | 65 | snprintf(tmpstr, TMPSTRSIZE, "CREATE CTX: %s", \ |
39 | ERR_error_string (ERR_get_error (), NULL)); \ | 66 | ERR_error_string (ERR_get_error (), NULL)); \ |
@@ -51,7 +78,7 @@ const char *vchat_ssl_version = "vchat-ssl.c $Id$"; | |||
51 | return(NULL); \ | 78 | return(NULL); \ |
52 | } while(0) | 79 | } while(0) |
53 | 80 | ||
54 | SSL_CTX * vc_create_sslctx( vc_x509store_t *vc_store ) | 81 | static SSL_CTX * vc_create_sslctx( vc_x509store_t *vc_store ) |
55 | { | 82 | { |
56 | int i = 0; | 83 | int i = 0; |
57 | int n = 0; | 84 | int n = 0; |
@@ -372,20 +399,31 @@ void vc_x509store_setcertfile(vc_x509store_t *store, char *file) | |||
372 | } | 399 | } |
373 | 400 | ||
374 | 401 | ||
375 | void vc_init_x509store(vc_x509store_t *s) | 402 | vc_x509store_t *vc_init_x509store() |
376 | { | 403 | { |
377 | s->cafile = NULL; | 404 | vc_x509store_t *s = malloc(sizeof(vc_x509store_t)); |
378 | s->capath = NULL; | 405 | if (s) { |
379 | s->crlfile = NULL; | 406 | |
380 | s->callback = NULL; | 407 | static int sslinit; |
381 | s->askpass_callback = NULL; | 408 | if( !sslinit++ ) { |
382 | s->certs = sk_X509_new_null(); | 409 | SSL_library_init (); |
383 | s->crls = sk_X509_CRL_new_null(); | 410 | SSL_load_error_strings(); |
384 | s->use_certfile = NULL; | 411 | } |
385 | s->use_certs = sk_X509_new_null(); | 412 | |
386 | s->use_keyfile = NULL; | 413 | s->cafile = NULL; |
387 | s->use_key = NULL; | 414 | s->capath = NULL; |
388 | s->flags = 0; | 415 | s->crlfile = NULL; |
416 | s->callback = NULL; | ||
417 | s->askpass_callback = NULL; | ||
418 | s->certs = sk_X509_new_null(); | ||
419 | s->crls = sk_X509_CRL_new_null(); | ||
420 | s->use_certfile = NULL; | ||
421 | s->use_certs = sk_X509_new_null(); | ||
422 | s->use_keyfile = NULL; | ||
423 | s->use_key = NULL; | ||
424 | s->flags = 0; | ||
425 | } | ||
426 | return s; | ||
389 | } | 427 | } |
390 | 428 | ||
391 | void vc_cleanup_x509store(vc_x509store_t *s) | 429 | void vc_cleanup_x509store(vc_x509store_t *s) |
diff --git a/vchat-ssl.h b/vchat-ssl.h index 12d5fdb..8dc1bfc 100755 --- a/vchat-ssl.h +++ b/vchat-ssl.h | |||
@@ -1,42 +1,16 @@ | |||
1 | 1 | ||
2 | /* types */ | 2 | /* prototypes */ |
3 | 3 | ||
4 | typedef int (*vc_x509verify_cb_t)(int, X509_STORE_CTX *); | 4 | struct vc_x509store_t; |
5 | typedef struct vc_x509store_t vc_x509store_t; | ||
5 | typedef int (*vc_askpass_cb_t)(char *, int, int, void *); | 6 | typedef int (*vc_askpass_cb_t)(char *, int, int, void *); |
6 | typedef struct { | ||
7 | char *cafile; | ||
8 | char *capath; | ||
9 | char *crlfile; | ||
10 | vc_x509verify_cb_t callback; | ||
11 | vc_askpass_cb_t askpass_callback; | ||
12 | STACK_OF(X509) *certs; | ||
13 | STACK_OF(X509_CRL) *crls; | ||
14 | char *use_certfile; | ||
15 | STACK_OF(X509) *use_certs; | ||
16 | char *use_keyfile; | ||
17 | EVP_PKEY *use_key; | ||
18 | int flags; | ||
19 | } vc_x509store_t; | ||
20 | |||
21 | /* prototypes */ | ||
22 | 7 | ||
23 | int vc_connect_ssl(BIO **conn, vc_x509store_t * ); | 8 | vc_x509store_t *vc_init_x509store(); |
24 | SSL_CTX * vc_create_sslctx( vc_x509store_t *); | 9 | void vc_x509store_set_pkeycb(vc_x509store_t *, vc_askpass_cb_t); |
25 | void vc_init_x509store(vc_x509store_t *); | ||
26 | void vc_cleanup_x509store(vc_x509store_t *); | ||
27 | void vc_x509store_setcafile(vc_x509store_t *, char *); | ||
28 | void vc_x509store_setcapath(vc_x509store_t *, char *); | ||
29 | void vc_x509store_setcrlfile(vc_x509store_t *, char *); | ||
30 | void vc_x509store_setkeyfile(vc_x509store_t *, char *); | ||
31 | void vc_x509store_setcertfile(vc_x509store_t *, char *); | ||
32 | void vc_x509store_addcert(vc_x509store_t *, X509 *); | ||
33 | void vc_x509store_setcb(vc_x509store_t *, vc_x509verify_cb_t); | ||
34 | void vc_x509store_set_pkeycb(vc_x509store_t *, vc_askpass_cb_t); | ||
35 | void vc_x509store_setflags(vc_x509store_t *, int); | 10 | void vc_x509store_setflags(vc_x509store_t *, int); |
36 | void vc_x509store_clearflags(vc_x509store_t *, int); | 11 | void vc_x509store_setkeyfile(vc_x509store_t *, char *); |
37 | int vc_verify_callback(int, X509_STORE_CTX *); | 12 | void vc_x509store_setcertfile(vc_x509store_t *, char *); |
38 | X509_STORE * vc_x509store_create(vc_x509store_t *); | 13 | int vc_connect_ssl(BIO **conn, vc_x509store_t * ); |
39 | char *vc_ssl_version(char *, int); | ||
40 | 14 | ||
41 | #define VC_X509S_NODEF_CAFILE 0x01 | 15 | #define VC_X509S_NODEF_CAFILE 0x01 |
42 | #define VC_X509S_NODEF_CAPATH 0x02 | 16 | #define VC_X509S_NODEF_CAPATH 0x02 |