summaryrefslogtreecommitdiff
path: root/vchat-ssl.c
diff options
context:
space:
mode:
Diffstat (limited to 'vchat-ssl.c')
-rwxr-xr-xvchat-ssl.c35
1 files changed, 17 insertions, 18 deletions
diff --git a/vchat-ssl.c b/vchat-ssl.c
index 9495877..91b25ba 100755
--- a/vchat-ssl.c
+++ b/vchat-ssl.c
@@ -103,17 +103,17 @@ SSL_CTX * vc_create_sslctx( vc_x509store_t *vc_store )
103 if(vc_store->use_certfile) 103 if(vc_store->use_certfile)
104 SSL_CTX_use_certificate_chain_file(ctx, vc_store->use_certfile); 104 SSL_CTX_use_certificate_chain_file(ctx, vc_store->use_certfile);
105 else { 105 else {
106 SSL_CTX_use_certificate(ctx, 106 SSL_CTX_use_certificate(ctx,
107 sk_X509_value(vc_store->use_certs, 0)); 107 sk_X509_value(vc_store->use_certs, 0));
108 for(i=0,n=sk_X509_num(vc_store->use_certs); i<n; i++) 108 for(i=0,n=sk_X509_num(vc_store->use_certs); i<n; i++)
109 SSL_CTX_add_extra_chain_cert(ctx, 109 SSL_CTX_add_extra_chain_cert(ctx,
110 sk_X509_value(vc_store->use_certs, i)); 110 sk_X509_value(vc_store->use_certs, i));
111 } 111 }
112 112
113 SSL_CTX_set_default_passwd_cb(ctx, vc_store->askpass_callback); 113 SSL_CTX_set_default_passwd_cb(ctx, vc_store->askpass_callback);
114 114
115 if(vc_store->use_keyfile) { 115 if(vc_store->use_keyfile) {
116 r=SSL_CTX_use_PrivateKey_file(ctx, vc_store->use_keyfile, 116 r=SSL_CTX_use_PrivateKey_file(ctx, vc_store->use_keyfile,
117 SSL_FILETYPE_PEM); 117 SSL_FILETYPE_PEM);
118 } else if(vc_store->use_key) 118 } else if(vc_store->use_key)
119 r=SSL_CTX_use_PrivateKey(ctx, vc_store->use_key); 119 r=SSL_CTX_use_PrivateKey(ctx, vc_store->use_key);
@@ -163,7 +163,6 @@ int vc_connect_ssl( BIO **conn, vc_x509store_t *vc_store )
163 /* Accept being connected, _if_ verification passed */ 163 /* Accept being connected, _if_ verification passed */
164 if (sslp) { 164 if (sslp) {
165 long result = SSL_get_verify_result(sslp); 165 long result = SSL_get_verify_result(sslp);
166
167#if 1 == 1 166#if 1 == 1
168 if (result == X509_V_OK) { 167 if (result == X509_V_OK) {
169 return 0; 168 return 0;
@@ -272,16 +271,16 @@ X509_STORE *vc_x509store_create(vc_x509store_t *vc_store)
272 if(!vc_store->cafile) { 271 if(!vc_store->cafile) {
273 if( !(vc_store->flags & VC_X509S_NODEF_CAFILE) ) 272 if( !(vc_store->flags & VC_X509S_NODEF_CAFILE) )
274 X509_LOOKUP_load_file(lookup, 0, X509_FILETYPE_DEFAULT); 273 X509_LOOKUP_load_file(lookup, 0, X509_FILETYPE_DEFAULT);
275 } else if( !X509_LOOKUP_load_file(lookup, vc_store->cafile, 274 } else if( !X509_LOOKUP_load_file(lookup, vc_store->cafile,
276 X509_FILETYPE_PEM) ) 275 X509_FILETYPE_PEM) )
277 VC_STORE_ERR_EXIT(store); 276 VC_STORE_ERR_EXIT(store);
278 277
279 if(vc_store->crlfile) { 278 if(vc_store->crlfile) {
280 if( !X509_load_crl_file(lookup, vc_store->crlfile, 279 if( !X509_load_crl_file(lookup, vc_store->crlfile,
281 X509_FILETYPE_PEM) ) 280 X509_FILETYPE_PEM) )
282 VC_STORE_ERR_EXIT(store); 281 VC_STORE_ERR_EXIT(store);
283 282
284 X509_STORE_set_flags( store, 283 X509_STORE_set_flags( store,
285 X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL ); 284 X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL );
286 } 285 }
287 286
@@ -291,7 +290,7 @@ X509_STORE *vc_x509store_create(vc_x509store_t *vc_store)
291 if( !vc_store->capath ) { 290 if( !vc_store->capath ) {
292 if( !(vc_store->flags & VC_X509S_NODEF_CAPATH) ) 291 if( !(vc_store->flags & VC_X509S_NODEF_CAPATH) )
293 X509_LOOKUP_add_dir(lookup, 0, X509_FILETYPE_DEFAULT); 292 X509_LOOKUP_add_dir(lookup, 0, X509_FILETYPE_DEFAULT);
294 } else if( !X509_LOOKUP_add_dir(lookup, vc_store->capath, 293 } else if( !X509_LOOKUP_add_dir(lookup, vc_store->capath,
295 X509_FILETYPE_PEM) ) 294 X509_FILETYPE_PEM) )
296 VC_STORE_ERR_EXIT(store); 295 VC_STORE_ERR_EXIT(store);
297 296
@@ -300,8 +299,8 @@ X509_STORE *vc_x509store_create(vc_x509store_t *vc_store)
300 VC_STORE_ERR_EXIT(store); 299 VC_STORE_ERR_EXIT(store);
301 300
302 for( i=0, n=sk_X509_CRL_num(vc_store->crls); i<n; i++) 301 for( i=0, n=sk_X509_CRL_num(vc_store->crls); i<n; i++)
303 if( !X509_STORE_add_crl(store, 302 if( !X509_STORE_add_crl(store,
304 sk_X509_CRL_value(vc_store->crls, i)) ) 303 sk_X509_CRL_value(vc_store->crls, i)) )
305 VC_STORE_ERR_EXIT(store); 304 VC_STORE_ERR_EXIT(store);
306 305
307 return(store); 306 return(store);
@@ -310,7 +309,7 @@ X509_STORE *vc_x509store_create(vc_x509store_t *vc_store)
310int vc_verify_callback(int ok, X509_STORE_CTX *store) 309int vc_verify_callback(int ok, X509_STORE_CTX *store)
311{ 310{
312 if(!ok) { 311 if(!ok) {
313 snprintf(tmpstr, TMPSTRSIZE, "[SSL VERIFY ERROR ] %s", 312 snprintf(tmpstr, TMPSTRSIZE, "[SSL VERIFY ERROR ] %s",
314 X509_verify_cert_error_string(store->error)); 313 X509_verify_cert_error_string(store->error));
315 writecf(FS_ERR, tmpstr); 314 writecf(FS_ERR, tmpstr);
316 } 315 }
@@ -327,13 +326,13 @@ void vc_x509store_clearflags(vc_x509store_t *store, int flags)
327 store->flags &= ~flags; 326 store->flags &= ~flags;
328} 327}
329 328
330void vc_x509store_setcb(vc_x509store_t *store, 329void vc_x509store_setcb(vc_x509store_t *store,
331 vc_x509verify_cb_t callback) 330 vc_x509verify_cb_t callback)
332{ 331{
333 store->callback = callback; 332 store->callback = callback;
334} 333}
335 334
336void vc_x509store_set_pkeycb(vc_x509store_t *store, 335void vc_x509store_set_pkeycb(vc_x509store_t *store,
337 vc_askpass_cb_t callback) 336 vc_askpass_cb_t callback)
338{ 337{
339 store->askpass_callback = callback; 338 store->askpass_callback = callback;
@@ -344,31 +343,31 @@ void vc_x509store_addcert(vc_x509store_t *store, X509 *cert)
344 sk_X509_push(store->certs, cert); 343 sk_X509_push(store->certs, cert);
345} 344}
346 345
347void vc_x509store_setcafile(vc_x509store_t *store, char *file) 346void vc_x509store_setcafile(vc_x509store_t *store, char *file)
348{ 347{
349 free(store->cafile); 348 free(store->cafile);
350 store->cafile = ( file ? strdup(file) : 0 ); 349 store->cafile = ( file ? strdup(file) : 0 );
351} 350}
352 351
353void vc_x509store_setcapath(vc_x509store_t *store, char *path) 352void vc_x509store_setcapath(vc_x509store_t *store, char *path)
354{ 353{
355 free(store->capath); 354 free(store->capath);
356 store->capath = ( path ? strdup(path) : 0 ); 355 store->capath = ( path ? strdup(path) : 0 );
357} 356}
358 357
359void vc_x509store_setcrlfile(vc_x509store_t *store, char *file) 358void vc_x509store_setcrlfile(vc_x509store_t *store, char *file)
360{ 359{
361 free(store->crlfile); 360 free(store->crlfile);
362 store->crlfile = ( file ? strdup(file) : 0 ); 361 store->crlfile = ( file ? strdup(file) : 0 );
363} 362}
364 363
365void vc_x509store_setkeyfile(vc_x509store_t *store, char *file) 364void vc_x509store_setkeyfile(vc_x509store_t *store, char *file)
366{ 365{
367 free(store->use_keyfile); 366 free(store->use_keyfile);
368 store->use_keyfile = ( file ? strdup(file) : 0 ); 367 store->use_keyfile = ( file ? strdup(file) : 0 );
369} 368}
370 369
371void vc_x509store_setcertfile(vc_x509store_t *store, char *file) 370void vc_x509store_setcertfile(vc_x509store_t *store, char *file)
372{ 371{
373 free(store->use_certfile); 372 free(store->use_certfile);
374 store->use_certfile = ( file ? strdup(file) : 0 ); 373 store->use_certfile = ( file ? strdup(file) : 0 );