summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndreas Kotes <count@flatline.de>2014-04-16 21:37:48 +0200
committerAndreas Kotes <count@flatline.de>2014-04-16 21:37:48 +0200
commit3c74b2a12a4a9e10fd768dad5ecb1f66f2be9afa (patch)
treed5a5c639cc32a1e5ab304733fdaa48c53527736b
parent3297473435ad53b6691d6c772f83457a72134c48 (diff)
reintroduce ignssl, safeguard pinning
-rwxr-xr-xvchat-config.h1
-rwxr-xr-xvchat-ssl.c11
-rwxr-xr-xvchat.h9
3 files changed, 16 insertions, 5 deletions
diff --git a/vchat-config.h b/vchat-config.h
index 0291100..9e10999 100755
--- a/vchat-config.h
+++ b/vchat-config.h
@@ -41,6 +41,7 @@ static volatile configoption configoptions[] = {
41 {CF_FINGERPRINT, CO_STR, "fingerprint","~/.vchat/fingerprint", NULL, { NULL } }, 41 {CF_FINGERPRINT, CO_STR, "fingerprint","~/.vchat/fingerprint", NULL, { NULL } },
42 {CF_ENCODING, CO_STR, "encoding", NULL, NULL, { .pstr = &encoding }}, 42 {CF_ENCODING, CO_STR, "encoding", NULL, NULL, { .pstr = &encoding }},
43 {CF_USESSL, CO_INT, "usessl", (char *) 1, (char *)-1, { NULL } }, 43 {CF_USESSL, CO_INT, "usessl", (char *) 1, (char *)-1, { NULL } },
44 {CF_IGNSSL, CO_INT, "ignssl", (char *) 0, (char *)-1, { NULL } },
44 {CF_VERIFYSSL, CO_INT, "verifyssl", (char *) 2, (char *)-1, { NULL } }, 45 {CF_VERIFYSSL, CO_INT, "verifyssl", (char *) 2, (char *)-1, { NULL } },
45 {CF_USECERT, CO_INT, "usecert", (char *) 1, (char *)-1, { NULL } }, 46 {CF_USECERT, CO_INT, "usecert", (char *) 1, (char *)-1, { NULL } },
46 {CF_USETIME, CO_INT, "usetime", (char *) 1, (char *)-1, { .pint = &usetime } }, 47 {CF_USETIME, CO_INT, "usetime", (char *) 1, (char *)-1, { .pint = &usetime } },
diff --git a/vchat-ssl.c b/vchat-ssl.c
index d240cbd..9495877 100755
--- a/vchat-ssl.c
+++ b/vchat-ssl.c
@@ -164,6 +164,14 @@ int vc_connect_ssl( BIO **conn, vc_x509store_t *vc_store )
164 if (sslp) { 164 if (sslp) {
165 long result = SSL_get_verify_result(sslp); 165 long result = SSL_get_verify_result(sslp);
166 166
167#if 1 == 1
168 if (result == X509_V_OK) {
169 return 0;
170 } else if (getintoption(CF_IGNSSL)) {
171 writecf(FS_ERR, "[SSL VERIFY ERROR ] FAILURE IGNORED!!!");
172 return 0;
173 }
174#else
167 /* show & verify fingerprint */ 175 /* show & verify fingerprint */
168 if (result == X509_V_OK) { 176 if (result == X509_V_OK) {
169 X509 *peercert = SSL_get_peer_certificate(sslp); 177 X509 *peercert = SSL_get_peer_certificate(sslp);
@@ -227,6 +235,7 @@ int vc_connect_ssl( BIO **conn, vc_x509store_t *vc_store )
227 } 235 }
228 } 236 }
229 } 237 }
238#endif
230 } 239 }
231 } 240 }
232 } 241 }
@@ -305,7 +314,7 @@ int vc_verify_callback(int ok, X509_STORE_CTX *store)
305 X509_verify_cert_error_string(store->error)); 314 X509_verify_cert_error_string(store->error));
306 writecf(FS_ERR, tmpstr); 315 writecf(FS_ERR, tmpstr);
307 } 316 }
308 return ok; 317 return (ok | getintoption(CF_IGNSSL));
309} 318}
310 319
311void vc_x509store_setflags(vc_x509store_t *store, int flags) 320void vc_x509store_setflags(vc_x509store_t *store, int flags)
diff --git a/vchat.h b/vchat.h
index 16ee181..654dc6d 100755
--- a/vchat.h
+++ b/vchat.h
@@ -30,10 +30,11 @@ typedef struct servermessage servermessage;
30/* configuration types and variable numbers */ 30/* configuration types and variable numbers */
31typedef enum { CO_NIL, CO_STR, CO_INT } conftype; 31typedef enum { CO_NIL, CO_STR, CO_INT } conftype;
32typedef enum { CF_NIL, CF_NICK, CF_FROM, CF_SERVERHOST, CF_SERVERPORT, 32typedef enum { CF_NIL, CF_NICK, CF_FROM, CF_SERVERHOST, CF_SERVERPORT,
33CF_CIPHERSUITE, CF_CONFIGFILE, CF_CERTFILE, CF_KEYFILE, CF_FORMFILE, CF_LOGINSCRIPT, CF_FINGERPRINT, 33CF_CIPHERSUITE, CF_CONFIGFILE, CF_CERTFILE, CF_KEYFILE, CF_FORMFILE,
34CF_USESSL, CF_VERIFYSSL, CF_USECERT, CF_PRIVHEIGHT, CF_PRIVCOLLAPS, CF_HSCROLL, CF_CHANNEL, CF_USETIME, 34CF_LOGINSCRIPT, CF_FINGERPRINT, CF_USESSL, CF_IGNSSL, CF_VERIFYSSL, CF_USECERT,
35CF_USETOPIC, CF_SCROLLBPRIV, CF_SCROLLBACK, CF_SCROLLBPRIVT, CF_SCROLLBACKT, 35CF_PRIVHEIGHT, CF_PRIVCOLLAPS, CF_HSCROLL, CF_CHANNEL, CF_USETIME, CF_USETOPIC,
36CF_ENCODING, CF_BELLPRIV, CF_CASEFIRST, CF_AUTORECONN, CF_KEEPALIVE } confopt; 36CF_SCROLLBPRIV, CF_SCROLLBACK, CF_SCROLLBPRIVT, CF_SCROLLBACKT, CF_ENCODING,
37CF_BELLPRIV, CF_CASEFIRST, CF_AUTORECONN, CF_KEEPALIVE } confopt;
37 38
38/* format strings */ 39/* format strings */
39typedef enum { FS_PLAIN, FS_CHAN, FS_PRIV, FS_SERV, FS_GLOB, FS_DBG, FS_ERR, 40typedef enum { FS_PLAIN, FS_CHAN, FS_PRIV, FS_SERV, FS_GLOB, FS_DBG, FS_ERR,