summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDirk Engling <erdgeist@erdgeist.org>2014-11-16 00:31:32 +0100
committerDirk Engling <erdgeist@erdgeist.org>2014-11-16 00:31:32 +0100
commit4c635b85709b33f5161674fcea273d5739d484fe (patch)
tree50d8d6b398cc91c10109d12f6c2638c94e6814e5
parent279772cb4f3894f087b9e0389c6742c6ebb48062 (diff)
Keep pulling openssl's tentacles out of protocol code
-rwxr-xr-xvchat-protocol.c28
-rwxr-xr-xvchat-ssl.c66
-rwxr-xr-xvchat-ssl.h42
3 files changed, 72 insertions, 64 deletions
diff --git a/vchat-protocol.c b/vchat-protocol.c
index b077411..6532fbb 100755
--- a/vchat-protocol.c
+++ b/vchat-protocol.c
@@ -24,11 +24,12 @@
24#include <sys/socket.h> 24#include <sys/socket.h>
25#include <netinet/in.h> 25#include <netinet/in.h>
26#include <readline/readline.h> 26#include <readline/readline.h>
27#include <openssl/ssl.h>
28#include <openssl/err.h>
29#include <locale.h> 27#include <locale.h>
30#include <langinfo.h> 28#include <langinfo.h>
31 29
30// TO BE GONE
31#include <openssl/bio.h>
32
32/* local includes */ 33/* local includes */
33#include "vchat.h" 34#include "vchat.h"
34#include "vchat-user.h" 35#include "vchat-user.h"
@@ -108,7 +109,7 @@ vcconnect (char *server, char *port)
108 char *tildex = NULL; 109 char *tildex = NULL;
109 110
110 /* vchat connection x509 store */ 111 /* vchat connection x509 store */
111 vc_x509store_t vc_store; 112 vc_x509store_t *vc_store;
112 113
113 /* pointer to tilde-expanded certificate/keyfile-names */ 114 /* pointer to tilde-expanded certificate/keyfile-names */
114 char *certfile = NULL, *keyfile = NULL; 115 char *certfile = NULL, *keyfile = NULL;
@@ -126,14 +127,9 @@ vcconnect (char *server, char *port)
126 127
127 /* If SSL is requested, get our ssl-BIO running */ 128 /* If SSL is requested, get our ssl-BIO running */
128 if( server_conn && getintoption(CF_USESSL) ) { 129 if( server_conn && getintoption(CF_USESSL) ) {
129 static int sslinit; 130 vc_store = vc_init_x509store();
130 if( !sslinit++ ) { 131 // XXX TODO: Check error (with new API)
131 SSL_library_init (); 132 vc_x509store_setflags(vc_store, VC_X509S_SSL_VERIFY_PEER);
132 SSL_load_error_strings();
133 }
134
135 vc_init_x509store(&vc_store);
136 vc_x509store_setflags(&vc_store, VC_X509S_SSL_VERIFY_PEER);
137 133
138 /* get name of certificate file */ 134 /* get name of certificate file */
139 certfile = getstroption (CF_CERTFILE); 135 certfile = getstroption (CF_CERTFILE);
@@ -145,8 +141,8 @@ vcconnect (char *server, char *port)
145 else 141 else
146 tildex = certfile; 142 tildex = certfile;
147 143
148 vc_x509store_setflags(&vc_store, VC_X509S_USE_CERTIFICATE); 144 vc_x509store_setflags(vc_store, VC_X509S_USE_CERTIFICATE);
149 vc_x509store_setcertfile(&vc_store, tildex); 145 vc_x509store_setcertfile(vc_store, tildex);
150 146
151 /* get name of key file */ 147 /* get name of key file */
152 keyfile = getstroption (CF_KEYFILE); 148 keyfile = getstroption (CF_KEYFILE);
@@ -161,12 +157,12 @@ vcconnect (char *server, char *port)
161 else 157 else
162 tildex = keyfile; 158 tildex = keyfile;
163 159
164 vc_x509store_set_pkeycb(&vc_store, (vc_askpass_cb_t)passprompt); 160 vc_x509store_set_pkeycb(vc_store, (vc_askpass_cb_t)passprompt);
165 vc_x509store_setkeyfile(&vc_store, tildex); 161 vc_x509store_setkeyfile(vc_store, tildex);
166 } 162 }
167 163
168 /* upgrade our plain BIO to ssl */ 164 /* upgrade our plain BIO to ssl */
169 if( vc_connect_ssl( &server_conn, &vc_store ) ) { 165 if( vc_connect_ssl( &server_conn, vc_store ) ) {
170 BIO_free_all( server_conn ); 166 BIO_free_all( server_conn );
171 server_conn = NULL; 167 server_conn = NULL;
172 errno = EIO; 168 errno = EIO;
diff --git a/vchat-ssl.c b/vchat-ssl.c
index 73a56fa..fab5ffe 100755
--- a/vchat-ssl.c
+++ b/vchat-ssl.c
@@ -34,6 +34,33 @@
34 34
35const char *vchat_ssl_version = "vchat-ssl.c $Id$"; 35const char *vchat_ssl_version = "vchat-ssl.c $Id$";
36 36
37typedef int (*vc_x509verify_cb_t)(int, X509_STORE_CTX *);
38struct vc_x509store_t {
39 char *cafile;
40 char *capath;
41 char *crlfile;
42 vc_x509verify_cb_t callback;
43 vc_askpass_cb_t askpass_callback;
44 STACK_OF(X509) *certs;
45 STACK_OF(X509_CRL) *crls;
46 char *use_certfile;
47 STACK_OF(X509) *use_certs;
48 char *use_keyfile;
49 EVP_PKEY *use_key;
50 int flags;
51};
52
53static void vc_cleanup_x509store(vc_x509store_t *); // Should not be static but is unused
54static SSL_CTX * vc_create_sslctx( vc_x509store_t *vc_store );
55static int vc_verify_callback(int, X509_STORE_CTX *);
56static X509_STORE * vc_x509store_create(vc_x509store_t *);
57static void vc_x509store_clearflags(vc_x509store_t *, int);
58static void vc_x509store_setcafile(vc_x509store_t *, char *);
59static void vc_x509store_setcapath(vc_x509store_t *, char *);
60static void vc_x509store_setcrlfile(vc_x509store_t *, char *);
61static void vc_x509store_addcert(vc_x509store_t *, X509 *);
62static void vc_x509store_setcb(vc_x509store_t *, vc_x509verify_cb_t);
63
37#define VC_CTX_ERR_EXIT(se, cx) do { \ 64#define VC_CTX_ERR_EXIT(se, cx) do { \
38 snprintf(tmpstr, TMPSTRSIZE, "CREATE CTX: %s", \ 65 snprintf(tmpstr, TMPSTRSIZE, "CREATE CTX: %s", \
39 ERR_error_string (ERR_get_error (), NULL)); \ 66 ERR_error_string (ERR_get_error (), NULL)); \
@@ -51,7 +78,7 @@ const char *vchat_ssl_version = "vchat-ssl.c $Id$";
51 return(NULL); \ 78 return(NULL); \
52 } while(0) 79 } while(0)
53 80
54SSL_CTX * vc_create_sslctx( vc_x509store_t *vc_store ) 81static SSL_CTX * vc_create_sslctx( vc_x509store_t *vc_store )
55{ 82{
56 int i = 0; 83 int i = 0;
57 int n = 0; 84 int n = 0;
@@ -372,20 +399,31 @@ void vc_x509store_setcertfile(vc_x509store_t *store, char *file)
372} 399}
373 400
374 401
375void vc_init_x509store(vc_x509store_t *s) 402vc_x509store_t *vc_init_x509store()
376{ 403{
377 s->cafile = NULL; 404 vc_x509store_t *s = malloc(sizeof(vc_x509store_t));
378 s->capath = NULL; 405 if (s) {
379 s->crlfile = NULL; 406
380 s->callback = NULL; 407 static int sslinit;
381 s->askpass_callback = NULL; 408 if( !sslinit++ ) {
382 s->certs = sk_X509_new_null(); 409 SSL_library_init ();
383 s->crls = sk_X509_CRL_new_null(); 410 SSL_load_error_strings();
384 s->use_certfile = NULL; 411 }
385 s->use_certs = sk_X509_new_null(); 412
386 s->use_keyfile = NULL; 413 s->cafile = NULL;
387 s->use_key = NULL; 414 s->capath = NULL;
388 s->flags = 0; 415 s->crlfile = NULL;
416 s->callback = NULL;
417 s->askpass_callback = NULL;
418 s->certs = sk_X509_new_null();
419 s->crls = sk_X509_CRL_new_null();
420 s->use_certfile = NULL;
421 s->use_certs = sk_X509_new_null();
422 s->use_keyfile = NULL;
423 s->use_key = NULL;
424 s->flags = 0;
425 }
426 return s;
389} 427}
390 428
391void vc_cleanup_x509store(vc_x509store_t *s) 429void vc_cleanup_x509store(vc_x509store_t *s)
diff --git a/vchat-ssl.h b/vchat-ssl.h
index 12d5fdb..8dc1bfc 100755
--- a/vchat-ssl.h
+++ b/vchat-ssl.h
@@ -1,42 +1,16 @@
1 1
2/* types */ 2/* prototypes */
3 3
4typedef int (*vc_x509verify_cb_t)(int, X509_STORE_CTX *); 4struct vc_x509store_t;
5typedef struct vc_x509store_t vc_x509store_t;
5typedef int (*vc_askpass_cb_t)(char *, int, int, void *); 6typedef int (*vc_askpass_cb_t)(char *, int, int, void *);
6typedef struct {
7 char *cafile;
8 char *capath;
9 char *crlfile;
10 vc_x509verify_cb_t callback;
11 vc_askpass_cb_t askpass_callback;
12 STACK_OF(X509) *certs;
13 STACK_OF(X509_CRL) *crls;
14 char *use_certfile;
15 STACK_OF(X509) *use_certs;
16 char *use_keyfile;
17 EVP_PKEY *use_key;
18 int flags;
19} vc_x509store_t;
20
21/* prototypes */
22 7
23int vc_connect_ssl(BIO **conn, vc_x509store_t * ); 8vc_x509store_t *vc_init_x509store();
24SSL_CTX * vc_create_sslctx( vc_x509store_t *); 9void vc_x509store_set_pkeycb(vc_x509store_t *, vc_askpass_cb_t);
25void vc_init_x509store(vc_x509store_t *);
26void vc_cleanup_x509store(vc_x509store_t *);
27void vc_x509store_setcafile(vc_x509store_t *, char *);
28void vc_x509store_setcapath(vc_x509store_t *, char *);
29void vc_x509store_setcrlfile(vc_x509store_t *, char *);
30void vc_x509store_setkeyfile(vc_x509store_t *, char *);
31void vc_x509store_setcertfile(vc_x509store_t *, char *);
32void vc_x509store_addcert(vc_x509store_t *, X509 *);
33void vc_x509store_setcb(vc_x509store_t *, vc_x509verify_cb_t);
34void vc_x509store_set_pkeycb(vc_x509store_t *, vc_askpass_cb_t);
35void vc_x509store_setflags(vc_x509store_t *, int); 10void vc_x509store_setflags(vc_x509store_t *, int);
36void vc_x509store_clearflags(vc_x509store_t *, int); 11void vc_x509store_setkeyfile(vc_x509store_t *, char *);
37int vc_verify_callback(int, X509_STORE_CTX *); 12void vc_x509store_setcertfile(vc_x509store_t *, char *);
38X509_STORE * vc_x509store_create(vc_x509store_t *); 13int vc_connect_ssl(BIO **conn, vc_x509store_t * );
39char *vc_ssl_version(char *, int);
40 14
41#define VC_X509S_NODEF_CAFILE 0x01 15#define VC_X509S_NODEF_CAFILE 0x01
42#define VC_X509S_NODEF_CAPATH 0x02 16#define VC_X509S_NODEF_CAPATH 0x02