diff options
Diffstat (limited to 'vchat-ssl.c')
-rwxr-xr-x | vchat-ssl.c | 35 |
1 files changed, 17 insertions, 18 deletions
diff --git a/vchat-ssl.c b/vchat-ssl.c index 9495877..91b25ba 100755 --- a/vchat-ssl.c +++ b/vchat-ssl.c | |||
@@ -103,17 +103,17 @@ SSL_CTX * vc_create_sslctx( vc_x509store_t *vc_store ) | |||
103 | if(vc_store->use_certfile) | 103 | if(vc_store->use_certfile) |
104 | SSL_CTX_use_certificate_chain_file(ctx, vc_store->use_certfile); | 104 | SSL_CTX_use_certificate_chain_file(ctx, vc_store->use_certfile); |
105 | else { | 105 | else { |
106 | SSL_CTX_use_certificate(ctx, | 106 | SSL_CTX_use_certificate(ctx, |
107 | sk_X509_value(vc_store->use_certs, 0)); | 107 | sk_X509_value(vc_store->use_certs, 0)); |
108 | for(i=0,n=sk_X509_num(vc_store->use_certs); i<n; i++) | 108 | for(i=0,n=sk_X509_num(vc_store->use_certs); i<n; i++) |
109 | SSL_CTX_add_extra_chain_cert(ctx, | 109 | SSL_CTX_add_extra_chain_cert(ctx, |
110 | sk_X509_value(vc_store->use_certs, i)); | 110 | sk_X509_value(vc_store->use_certs, i)); |
111 | } | 111 | } |
112 | 112 | ||
113 | SSL_CTX_set_default_passwd_cb(ctx, vc_store->askpass_callback); | 113 | SSL_CTX_set_default_passwd_cb(ctx, vc_store->askpass_callback); |
114 | 114 | ||
115 | if(vc_store->use_keyfile) { | 115 | if(vc_store->use_keyfile) { |
116 | r=SSL_CTX_use_PrivateKey_file(ctx, vc_store->use_keyfile, | 116 | r=SSL_CTX_use_PrivateKey_file(ctx, vc_store->use_keyfile, |
117 | SSL_FILETYPE_PEM); | 117 | SSL_FILETYPE_PEM); |
118 | } else if(vc_store->use_key) | 118 | } else if(vc_store->use_key) |
119 | r=SSL_CTX_use_PrivateKey(ctx, vc_store->use_key); | 119 | r=SSL_CTX_use_PrivateKey(ctx, vc_store->use_key); |
@@ -163,7 +163,6 @@ int vc_connect_ssl( BIO **conn, vc_x509store_t *vc_store ) | |||
163 | /* Accept being connected, _if_ verification passed */ | 163 | /* Accept being connected, _if_ verification passed */ |
164 | if (sslp) { | 164 | if (sslp) { |
165 | long result = SSL_get_verify_result(sslp); | 165 | long result = SSL_get_verify_result(sslp); |
166 | |||
167 | #if 1 == 1 | 166 | #if 1 == 1 |
168 | if (result == X509_V_OK) { | 167 | if (result == X509_V_OK) { |
169 | return 0; | 168 | return 0; |
@@ -272,16 +271,16 @@ X509_STORE *vc_x509store_create(vc_x509store_t *vc_store) | |||
272 | if(!vc_store->cafile) { | 271 | if(!vc_store->cafile) { |
273 | if( !(vc_store->flags & VC_X509S_NODEF_CAFILE) ) | 272 | if( !(vc_store->flags & VC_X509S_NODEF_CAFILE) ) |
274 | X509_LOOKUP_load_file(lookup, 0, X509_FILETYPE_DEFAULT); | 273 | X509_LOOKUP_load_file(lookup, 0, X509_FILETYPE_DEFAULT); |
275 | } else if( !X509_LOOKUP_load_file(lookup, vc_store->cafile, | 274 | } else if( !X509_LOOKUP_load_file(lookup, vc_store->cafile, |
276 | X509_FILETYPE_PEM) ) | 275 | X509_FILETYPE_PEM) ) |
277 | VC_STORE_ERR_EXIT(store); | 276 | VC_STORE_ERR_EXIT(store); |
278 | 277 | ||
279 | if(vc_store->crlfile) { | 278 | if(vc_store->crlfile) { |
280 | if( !X509_load_crl_file(lookup, vc_store->crlfile, | 279 | if( !X509_load_crl_file(lookup, vc_store->crlfile, |
281 | X509_FILETYPE_PEM) ) | 280 | X509_FILETYPE_PEM) ) |
282 | VC_STORE_ERR_EXIT(store); | 281 | VC_STORE_ERR_EXIT(store); |
283 | 282 | ||
284 | X509_STORE_set_flags( store, | 283 | X509_STORE_set_flags( store, |
285 | X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL ); | 284 | X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL ); |
286 | } | 285 | } |
287 | 286 | ||
@@ -291,7 +290,7 @@ X509_STORE *vc_x509store_create(vc_x509store_t *vc_store) | |||
291 | if( !vc_store->capath ) { | 290 | if( !vc_store->capath ) { |
292 | if( !(vc_store->flags & VC_X509S_NODEF_CAPATH) ) | 291 | if( !(vc_store->flags & VC_X509S_NODEF_CAPATH) ) |
293 | X509_LOOKUP_add_dir(lookup, 0, X509_FILETYPE_DEFAULT); | 292 | X509_LOOKUP_add_dir(lookup, 0, X509_FILETYPE_DEFAULT); |
294 | } else if( !X509_LOOKUP_add_dir(lookup, vc_store->capath, | 293 | } else if( !X509_LOOKUP_add_dir(lookup, vc_store->capath, |
295 | X509_FILETYPE_PEM) ) | 294 | X509_FILETYPE_PEM) ) |
296 | VC_STORE_ERR_EXIT(store); | 295 | VC_STORE_ERR_EXIT(store); |
297 | 296 | ||
@@ -300,8 +299,8 @@ X509_STORE *vc_x509store_create(vc_x509store_t *vc_store) | |||
300 | VC_STORE_ERR_EXIT(store); | 299 | VC_STORE_ERR_EXIT(store); |
301 | 300 | ||
302 | for( i=0, n=sk_X509_CRL_num(vc_store->crls); i<n; i++) | 301 | for( i=0, n=sk_X509_CRL_num(vc_store->crls); i<n; i++) |
303 | if( !X509_STORE_add_crl(store, | 302 | if( !X509_STORE_add_crl(store, |
304 | sk_X509_CRL_value(vc_store->crls, i)) ) | 303 | sk_X509_CRL_value(vc_store->crls, i)) ) |
305 | VC_STORE_ERR_EXIT(store); | 304 | VC_STORE_ERR_EXIT(store); |
306 | 305 | ||
307 | return(store); | 306 | return(store); |
@@ -310,7 +309,7 @@ X509_STORE *vc_x509store_create(vc_x509store_t *vc_store) | |||
310 | int vc_verify_callback(int ok, X509_STORE_CTX *store) | 309 | int vc_verify_callback(int ok, X509_STORE_CTX *store) |
311 | { | 310 | { |
312 | if(!ok) { | 311 | if(!ok) { |
313 | snprintf(tmpstr, TMPSTRSIZE, "[SSL VERIFY ERROR ] %s", | 312 | snprintf(tmpstr, TMPSTRSIZE, "[SSL VERIFY ERROR ] %s", |
314 | X509_verify_cert_error_string(store->error)); | 313 | X509_verify_cert_error_string(store->error)); |
315 | writecf(FS_ERR, tmpstr); | 314 | writecf(FS_ERR, tmpstr); |
316 | } | 315 | } |
@@ -327,13 +326,13 @@ void vc_x509store_clearflags(vc_x509store_t *store, int flags) | |||
327 | store->flags &= ~flags; | 326 | store->flags &= ~flags; |
328 | } | 327 | } |
329 | 328 | ||
330 | void vc_x509store_setcb(vc_x509store_t *store, | 329 | void vc_x509store_setcb(vc_x509store_t *store, |
331 | vc_x509verify_cb_t callback) | 330 | vc_x509verify_cb_t callback) |
332 | { | 331 | { |
333 | store->callback = callback; | 332 | store->callback = callback; |
334 | } | 333 | } |
335 | 334 | ||
336 | void vc_x509store_set_pkeycb(vc_x509store_t *store, | 335 | void vc_x509store_set_pkeycb(vc_x509store_t *store, |
337 | vc_askpass_cb_t callback) | 336 | vc_askpass_cb_t callback) |
338 | { | 337 | { |
339 | store->askpass_callback = callback; | 338 | store->askpass_callback = callback; |
@@ -344,31 +343,31 @@ void vc_x509store_addcert(vc_x509store_t *store, X509 *cert) | |||
344 | sk_X509_push(store->certs, cert); | 343 | sk_X509_push(store->certs, cert); |
345 | } | 344 | } |
346 | 345 | ||
347 | void vc_x509store_setcafile(vc_x509store_t *store, char *file) | 346 | void vc_x509store_setcafile(vc_x509store_t *store, char *file) |
348 | { | 347 | { |
349 | free(store->cafile); | 348 | free(store->cafile); |
350 | store->cafile = ( file ? strdup(file) : 0 ); | 349 | store->cafile = ( file ? strdup(file) : 0 ); |
351 | } | 350 | } |
352 | 351 | ||
353 | void vc_x509store_setcapath(vc_x509store_t *store, char *path) | 352 | void vc_x509store_setcapath(vc_x509store_t *store, char *path) |
354 | { | 353 | { |
355 | free(store->capath); | 354 | free(store->capath); |
356 | store->capath = ( path ? strdup(path) : 0 ); | 355 | store->capath = ( path ? strdup(path) : 0 ); |
357 | } | 356 | } |
358 | 357 | ||
359 | void vc_x509store_setcrlfile(vc_x509store_t *store, char *file) | 358 | void vc_x509store_setcrlfile(vc_x509store_t *store, char *file) |
360 | { | 359 | { |
361 | free(store->crlfile); | 360 | free(store->crlfile); |
362 | store->crlfile = ( file ? strdup(file) : 0 ); | 361 | store->crlfile = ( file ? strdup(file) : 0 ); |
363 | } | 362 | } |
364 | 363 | ||
365 | void vc_x509store_setkeyfile(vc_x509store_t *store, char *file) | 364 | void vc_x509store_setkeyfile(vc_x509store_t *store, char *file) |
366 | { | 365 | { |
367 | free(store->use_keyfile); | 366 | free(store->use_keyfile); |
368 | store->use_keyfile = ( file ? strdup(file) : 0 ); | 367 | store->use_keyfile = ( file ? strdup(file) : 0 ); |
369 | } | 368 | } |
370 | 369 | ||
371 | void vc_x509store_setcertfile(vc_x509store_t *store, char *file) | 370 | void vc_x509store_setcertfile(vc_x509store_t *store, char *file) |
372 | { | 371 | { |
373 | free(store->use_certfile); | 372 | free(store->use_certfile); |
374 | store->use_certfile = ( file ? strdup(file) : 0 ); | 373 | store->use_certfile = ( file ? strdup(file) : 0 ); |