From 4c635b85709b33f5161674fcea273d5739d484fe Mon Sep 17 00:00:00 2001
From: Dirk Engling <erdgeist@erdgeist.org>
Date: Sun, 16 Nov 2014 00:31:32 +0100
Subject: Keep pulling openssl's tentacles out of protocol code

---
 vchat-protocol.c | 28 +++++++++++-------------
 vchat-ssl.c      | 66 ++++++++++++++++++++++++++++++++++++++++++++------------
 vchat-ssl.h      | 42 +++++++-----------------------------
 3 files changed, 72 insertions(+), 64 deletions(-)

diff --git a/vchat-protocol.c b/vchat-protocol.c
index b077411..6532fbb 100755
--- a/vchat-protocol.c
+++ b/vchat-protocol.c
@@ -24,11 +24,12 @@
 #include <sys/socket.h>
 #include <netinet/in.h>
 #include <readline/readline.h>
-#include <openssl/ssl.h>
-#include <openssl/err.h>
 #include <locale.h>
 #include <langinfo.h>
 
+// TO BE GONE
+#include <openssl/bio.h>
+
 /* local includes */
 #include "vchat.h"
 #include "vchat-user.h"
@@ -108,7 +109,7 @@ vcconnect (char *server, char *port)
   char *tildex = NULL;
 
   /* vchat connection x509 store */
-  vc_x509store_t vc_store;
+  vc_x509store_t *vc_store;
 
   /* pointer to tilde-expanded certificate/keyfile-names */
   char *certfile = NULL, *keyfile = NULL;
@@ -126,14 +127,9 @@ vcconnect (char *server, char *port)
 
   /* If SSL is requested, get our ssl-BIO running */
   if( server_conn && getintoption(CF_USESSL) ) {
-    static int sslinit;
-    if( !sslinit++ ) {
-      SSL_library_init ();
-      SSL_load_error_strings();
-    }
-
-    vc_init_x509store(&vc_store);
-    vc_x509store_setflags(&vc_store, VC_X509S_SSL_VERIFY_PEER);
+    vc_store = vc_init_x509store();
+    // XXX TODO: Check error (with new API)
+    vc_x509store_setflags(vc_store, VC_X509S_SSL_VERIFY_PEER);
 
     /* get name of certificate file */
     certfile = getstroption (CF_CERTFILE);
@@ -145,8 +141,8 @@ vcconnect (char *server, char *port)
       else
         tildex = certfile;
 
-      vc_x509store_setflags(&vc_store, VC_X509S_USE_CERTIFICATE);
-      vc_x509store_setcertfile(&vc_store, tildex);
+      vc_x509store_setflags(vc_store, VC_X509S_USE_CERTIFICATE);
+      vc_x509store_setcertfile(vc_store, tildex);
 
       /* get name of key file */
       keyfile = getstroption (CF_KEYFILE);
@@ -161,12 +157,12 @@ vcconnect (char *server, char *port)
       else
         tildex = keyfile;
 
-      vc_x509store_set_pkeycb(&vc_store, (vc_askpass_cb_t)passprompt);
-      vc_x509store_setkeyfile(&vc_store, tildex);
+      vc_x509store_set_pkeycb(vc_store, (vc_askpass_cb_t)passprompt);
+      vc_x509store_setkeyfile(vc_store, tildex);
     }
 
     /* upgrade our plain BIO to ssl */
-    if( vc_connect_ssl( &server_conn, &vc_store ) ) {
+    if( vc_connect_ssl( &server_conn, vc_store ) ) {
       BIO_free_all( server_conn );
       server_conn = NULL;
       errno = EIO;
diff --git a/vchat-ssl.c b/vchat-ssl.c
index 73a56fa..fab5ffe 100755
--- a/vchat-ssl.c
+++ b/vchat-ssl.c
@@ -34,6 +34,33 @@
 
 const char *vchat_ssl_version = "vchat-ssl.c      $Id$";
 
+typedef int (*vc_x509verify_cb_t)(int, X509_STORE_CTX *);
+struct vc_x509store_t {
+   char                 *cafile;
+   char                 *capath;
+   char                 *crlfile;
+   vc_x509verify_cb_t   callback;
+   vc_askpass_cb_t      askpass_callback;
+   STACK_OF(X509)       *certs;
+   STACK_OF(X509_CRL)   *crls;
+   char                 *use_certfile;
+   STACK_OF(X509)       *use_certs;
+   char                 *use_keyfile;
+   EVP_PKEY             *use_key;
+   int                  flags;
+};
+
+static void vc_cleanup_x509store(vc_x509store_t *); // Should not be static but is unused
+static SSL_CTX * vc_create_sslctx( vc_x509store_t *vc_store );
+static int vc_verify_callback(int, X509_STORE_CTX *);
+static X509_STORE * vc_x509store_create(vc_x509store_t *);
+static void vc_x509store_clearflags(vc_x509store_t *, int);
+static void vc_x509store_setcafile(vc_x509store_t *, char *);
+static void vc_x509store_setcapath(vc_x509store_t *, char *);
+static void vc_x509store_setcrlfile(vc_x509store_t *, char *);
+static void vc_x509store_addcert(vc_x509store_t *, X509 *);
+static void vc_x509store_setcb(vc_x509store_t *, vc_x509verify_cb_t);
+
 #define VC_CTX_ERR_EXIT(se, cx) do { \
       snprintf(tmpstr, TMPSTRSIZE, "CREATE CTX: %s", \
             ERR_error_string (ERR_get_error (), NULL)); \
@@ -51,7 +78,7 @@ const char *vchat_ssl_version = "vchat-ssl.c      $Id$";
       return(NULL); \
    } while(0)
 
-SSL_CTX * vc_create_sslctx( vc_x509store_t *vc_store )
+static SSL_CTX * vc_create_sslctx( vc_x509store_t *vc_store )
 {
    int                  i                 = 0;
    int                  n                 = 0;
@@ -372,20 +399,31 @@ void vc_x509store_setcertfile(vc_x509store_t *store, char *file)
 }
 
 
-void vc_init_x509store(vc_x509store_t *s)
+vc_x509store_t *vc_init_x509store()
 {
-   s->cafile         = NULL;
-   s->capath         = NULL;
-   s->crlfile        = NULL;
-   s->callback       = NULL;
-   s->askpass_callback = NULL;
-   s->certs          = sk_X509_new_null();
-   s->crls           = sk_X509_CRL_new_null();
-   s->use_certfile   = NULL;
-   s->use_certs      = sk_X509_new_null();
-   s->use_keyfile    = NULL;
-   s->use_key        = NULL;
-   s->flags          = 0;
+   vc_x509store_t *s = malloc(sizeof(vc_x509store_t));
+   if (s) {
+
+       static int sslinit;
+       if( !sslinit++ ) {
+           SSL_library_init ();
+           SSL_load_error_strings();
+       }
+
+       s->cafile         = NULL;
+       s->capath         = NULL;
+       s->crlfile        = NULL;
+       s->callback       = NULL;
+       s->askpass_callback = NULL;
+       s->certs          = sk_X509_new_null();
+       s->crls           = sk_X509_CRL_new_null();
+       s->use_certfile   = NULL;
+       s->use_certs      = sk_X509_new_null();
+       s->use_keyfile    = NULL;
+       s->use_key        = NULL;
+       s->flags          = 0;
+   }
+   return s;
 }
 
 void vc_cleanup_x509store(vc_x509store_t *s)
diff --git a/vchat-ssl.h b/vchat-ssl.h
index 12d5fdb..8dc1bfc 100755
--- a/vchat-ssl.h
+++ b/vchat-ssl.h
@@ -1,42 +1,16 @@
 
-/* types */
+/* prototypes */
 
-typedef int (*vc_x509verify_cb_t)(int, X509_STORE_CTX *);
+struct vc_x509store_t;
+typedef struct vc_x509store_t vc_x509store_t;
 typedef int (*vc_askpass_cb_t)(char *, int, int, void *);
-typedef struct {
-   char                 *cafile;
-   char                 *capath;
-   char                 *crlfile;
-   vc_x509verify_cb_t   callback;
-   vc_askpass_cb_t      askpass_callback;
-   STACK_OF(X509)       *certs;
-   STACK_OF(X509_CRL)   *crls;
-   char                 *use_certfile;
-   STACK_OF(X509)       *use_certs;
-   char                 *use_keyfile;
-   EVP_PKEY             *use_key;
-   int                  flags;
-} vc_x509store_t;
-
-/* prototypes */
 
-int  vc_connect_ssl(BIO **conn, vc_x509store_t * );
-SSL_CTX * vc_create_sslctx( vc_x509store_t *);
-void vc_init_x509store(vc_x509store_t *);
-void vc_cleanup_x509store(vc_x509store_t *);
-void vc_x509store_setcafile(vc_x509store_t *, char *); 
-void vc_x509store_setcapath(vc_x509store_t *, char *); 
-void vc_x509store_setcrlfile(vc_x509store_t *, char *); 
-void vc_x509store_setkeyfile(vc_x509store_t *, char *); 
-void vc_x509store_setcertfile(vc_x509store_t *, char *); 
-void vc_x509store_addcert(vc_x509store_t *, X509 *);
-void vc_x509store_setcb(vc_x509store_t *, vc_x509verify_cb_t);
-void vc_x509store_set_pkeycb(vc_x509store_t *, vc_askpass_cb_t); 
+vc_x509store_t *vc_init_x509store();
+void vc_x509store_set_pkeycb(vc_x509store_t *, vc_askpass_cb_t);
 void vc_x509store_setflags(vc_x509store_t *, int);
-void vc_x509store_clearflags(vc_x509store_t *, int);
-int vc_verify_callback(int, X509_STORE_CTX *);
-X509_STORE * vc_x509store_create(vc_x509store_t *);
-char *vc_ssl_version(char *, int);
+void vc_x509store_setkeyfile(vc_x509store_t *, char *);
+void vc_x509store_setcertfile(vc_x509store_t *, char *);
+int  vc_connect_ssl(BIO **conn, vc_x509store_t * );
 
 #define VC_X509S_NODEF_CAFILE                      0x01
 #define VC_X509S_NODEF_CAPATH                      0x02
-- 
cgit v1.2.3