summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xvchat-client.c6
-rwxr-xr-xvchat-commands.c4
-rw-r--r--vchat-connection.c28
-rwxr-xr-xvchat-tls.c308
-rwxr-xr-xvchat-tls.h21
-rwxr-xr-xvchat.h6
6 files changed, 139 insertions, 234 deletions
diff --git a/vchat-client.c b/vchat-client.c
index 39b42d9..65cc335 100755
--- a/vchat-client.c
+++ b/vchat-client.c
@@ -440,8 +440,8 @@ void versions() {
440 puts (vchat_io_version); 440 puts (vchat_io_version);
441 puts (vchat_us_version); 441 puts (vchat_us_version);
442 puts (vchat_cm_version); 442 puts (vchat_cm_version);
443 puts (vchat_ssl_version); 443 puts (vchat_tls_version);
444 puts (vchat_ssl_version_external); 444 puts (vchat_tls_version_external);
445} 445}
446 446
447/* main - d'oh */ 447/* main - d'oh */
@@ -457,7 +457,7 @@ main (int argc, char **argv)
457 loadconfig (getstroption (CF_CONFIGFILE)); 457 loadconfig (getstroption (CF_CONFIGFILE));
458 458
459 /* make SSL version used visible */ 459 /* make SSL version used visible */
460 vchat_ssl_get_version_external(); 460 vchat_tls_get_version_external();
461 461
462 /* parse commandline */ 462 /* parse commandline */
463 while (cmdsunparsed) { 463 while (cmdsunparsed) {
diff --git a/vchat-commands.c b/vchat-commands.c
index 1b69a94..8094a7c 100755
--- a/vchat-commands.c
+++ b/vchat-commands.c
@@ -456,8 +456,8 @@ command_version(char *tail)
456 writeout (vchat_io_version); 456 writeout (vchat_io_version);
457 writeout (vchat_us_version); 457 writeout (vchat_us_version);
458 writeout (vchat_cm_version); 458 writeout (vchat_cm_version);
459 writeout (vchat_ssl_version); 459 writeout (vchat_tls_version);
460 writeout (vchat_ssl_version_external); 460 writeout (vchat_tls_version_external);
461 showout(); 461 showout();
462} 462}
463 463
diff --git a/vchat-connection.c b/vchat-connection.c
index 60dc81f..c0648c8 100644
--- a/vchat-connection.c
+++ b/vchat-connection.c
@@ -84,7 +84,7 @@ int
84vc_connect (const char *server, const char *port) 84vc_connect (const char *server, const char *port)
85{ 85{
86 /* vchat connection x509 store */ 86 /* vchat connection x509 store */
87 vc_x509store_t *vc_store; 87 vc_x509store_t vc_store;
88 88
89 /* pointer to tilde-expanded certificate/keyfile-names */ 89 /* pointer to tilde-expanded certificate/keyfile-names */
90 char *certfile, *cafile; 90 char *certfile, *cafile;
@@ -102,12 +102,7 @@ vc_connect (const char *server, const char *port)
102 return 0; 102 return 0;
103 103
104 /* If SSL is requested, get our ssl-BIO running */ 104 /* If SSL is requested, get our ssl-BIO running */
105 vc_store = vc_init_x509store(); 105 vc_init_x509store(&vc_store);
106 if( !vc_store ) {
107 snprintf (tmpstr, TMPSTRSIZE, getformatstr(FS_ERR), "Out of memory" );
108 writechan (tmpstr);
109 return -1;
110 }
111 106
112 /* get name of certificate file */ 107 /* get name of certificate file */
113 certfile = get_tilde_expanded (CF_CERTFILE); 108 certfile = get_tilde_expanded (CF_CERTFILE);
@@ -116,30 +111,25 @@ vc_connect (const char *server, const char *port)
116 /* get name of key file */ 111 /* get name of key file */
117 char *keyfile = get_tilde_expanded (CF_KEYFILE); 112 char *keyfile = get_tilde_expanded (CF_KEYFILE);
118 113
119 vc_x509store_setflags(vc_store, VC_X509S_USE_CERTIFICATE); 114 vc_x509store_setcertfile(&vc_store, certfile);
120 vc_x509store_setcertfile(vc_store, certfile); 115 vc_x509store_set_pkeycb(&vc_store, (vc_askpass_cb_t)passprompt);
121 116
122 vc_x509store_set_pkeycb(vc_store, (vc_askpass_cb_t)passprompt);
123 /* if we don't have a key file, the key may be in the cert file */ 117 /* if we don't have a key file, the key may be in the cert file */
124 vc_x509store_setkeyfile(vc_store, keyfile ? keyfile : certfile); 118 vc_x509store_setkeyfile(&vc_store, keyfile ? keyfile : certfile);
125 119
126 free(keyfile); 120 free(keyfile);
127 free(certfile); 121 free(certfile);
128 } 122 }
129 123
130 vc_x509store_setflags(vc_store, VC_X509S_SSL_VERIFY_PEER);
131
132 /* get name of ca file */ 124 /* get name of ca file */
133 cafile = get_tilde_expanded (CF_CAFILE); 125 cafile = get_tilde_expanded (CF_CAFILE);
134 if (cafile && !access(cafile, F_OK)) { 126 if (cafile && !access(cafile, F_OK))
135 vc_x509store_setflags(vc_store, VC_X509S_NODEF_CAFILE); 127 vc_x509store_setcafile(&vc_store, cafile);
136 vc_x509store_setcafile(vc_store, cafile);
137 }
138 free(cafile); 128 free(cafile);
139 129
140 /* upgrade our plain BIO to ssl */ 130 /* upgrade our plain BIO to ssl */
141 int result = vc_tls_connect( serverfd, vc_store ); 131 int result = vc_tls_connect( serverfd, &vc_store );
142 vc_cleanup_x509store(vc_store); 132 vc_cleanup_x509store(&vc_store);
143 133
144 if (result) { 134 if (result) {
145 close(serverfd); 135 close(serverfd);
diff --git a/vchat-tls.c b/vchat-tls.c
index 4131a23..205f0e0 100755
--- a/vchat-tls.c
+++ b/vchat-tls.c
@@ -20,6 +20,62 @@
20#include <string.h> 20#include <string.h>
21#include <assert.h> 21#include <assert.h>
22 22
23#include <readline/readline.h>
24
25#include "vchat.h"
26#include "vchat-tls.h"
27
28const char *vchat_tls_version = "vchat-tls.c $Id$";
29const char *vchat_tls_version_external = "Unknown implementation; version unknown";
30
31void vc_cleanup_x509store(vc_x509store_t *store)
32{
33 free(store->cafile);
34 free(store->capath);
35 free(store->crlfile);
36 free(store->certfile);
37 free(store->keyfile);
38 memset(store, 0, sizeof(vc_x509store_t));
39}
40
41void vc_x509store_setflags(vc_x509store_t *store, int flags) { store->flags |= flags; }
42void vc_x509store_clearflags(vc_x509store_t *store, int flags) { store->flags &= ~flags; }
43void vc_x509store_set_pkeycb(vc_x509store_t *store, vc_askpass_cb_t callback) { store->askpass_callback = callback; }
44
45void vc_x509store_setcafile(vc_x509store_t *store, char *file)
46{
47 free(store->cafile);
48 store->cafile = ( file ? strdup(file) : 0 );
49 store->flags |= VC_X509S_USE_CAFILE;
50}
51
52void vc_x509store_setcapath(vc_x509store_t *store, char *path)
53{
54 free(store->capath);
55 store->capath = ( path ? strdup(path) : 0 );
56}
57
58void vc_x509store_setcrlfile(vc_x509store_t *store, char *file)
59{
60 free(store->crlfile);
61 store->crlfile = ( file ? strdup(file) : 0 );
62}
63
64void vc_x509store_setkeyfile(vc_x509store_t *store, char *file)
65{
66 free(store->keyfile);
67 store->keyfile = ( file ? strdup(file) : 0 );
68}
69
70void vc_x509store_setcertfile(vc_x509store_t *store, char *file)
71{
72 free(store->certfile);
73 store->certfile = ( file ? strdup(file) : 0 );
74 store->flags |= VC_X509S_USE_CERTIFICATE;
75}
76
77//// OPENSSL SPECIFIC
78
23#include <openssl/err.h> 79#include <openssl/err.h>
24#include <openssl/ssl.h> 80#include <openssl/ssl.h>
25#include <openssl/bio.h> 81#include <openssl/bio.h>
@@ -28,77 +84,53 @@
28#include <openssl/x509v3.h> 84#include <openssl/x509v3.h>
29#include <openssl/conf.h> 85#include <openssl/conf.h>
30 86
31#include <readline/readline.h> 87void vchat_tls_get_version_external()
88{
89 snprintf(tmpstr, sizeof(tmpstr), "OpenSSL %s with %s", SSLeay_version(SSLEAY_VERSION), SSLeay_version(SSLEAY_CFLAGS));
90 vchat_tls_version_external = strdup(tmpstr);
91}
32 92
33#include "vchat.h" 93/* Helpers to work with vc_x509store_t used by all tls libs */
34#include "vchat-tls.h" 94void vc_init_x509store(vc_x509store_t *store)
95{
96 static int sslinit;
97 if (!sslinit++) {
98 SSL_library_init ();
99 SSL_load_error_strings();
100 }
101 memset(store, 0, sizeof(vc_x509store_t));
35 102
36const char *vchat_ssl_version = "vchat-tlsl.c $Id$"; 103 /* We want to make verifying the peer the default */
104 store->flags |= VC_X509S_SSL_VERIFY_PEER;
105}
37 106
38/* connection BIO for openssl */ 107/* connection BIO for openssl */
39static BIO *server_conn = NULL; 108static BIO *server_conn = NULL;
40 109
41typedef int (*vc_x509verify_cb_t)(int, X509_STORE_CTX *);
42struct vc_x509store_t {
43 char *cafile;
44 char *capath;
45 char *crlfile;
46 vc_x509verify_cb_t callback;
47 vc_askpass_cb_t askpass_callback;
48 STACK_OF(X509) *certs;
49 STACK_OF(X509_CRL) *crls;
50 char *use_certfile;
51 STACK_OF(X509) *use_certs;
52 char *use_keyfile;
53 EVP_PKEY *use_key;
54 int flags;
55};
56
57static SSL_CTX * vc_create_sslctx( vc_x509store_t *vc_store ); 110static SSL_CTX * vc_create_sslctx( vc_x509store_t *vc_store );
58static int vc_verify_callback(int, X509_STORE_CTX *); 111static int vc_verify_callback(int, X509_STORE_CTX *);
59static X509_STORE * vc_x509store_create(vc_x509store_t *); 112static X509_STORE * vc_x509store_create(vc_x509store_t *);
60static void vc_x509store_clearflags(vc_x509store_t *, int);
61static void vc_x509store_setcapath(vc_x509store_t *, char *);
62static void vc_x509store_setcrlfile(vc_x509store_t *, char *);
63static void vc_x509store_addcert(vc_x509store_t *, X509 *);
64static void vc_x509store_setcb(vc_x509store_t *, vc_x509verify_cb_t);
65
66#define VC_CTX_ERR_EXIT(se, cx) do { \
67 snprintf(tmpstr, TMPSTRSIZE, "CREATE CTX: %s", \
68 ERR_error_string (ERR_get_error (), NULL)); \
69 writecf(FS_ERR, tmpstr); \
70 if(se) X509_STORE_free(se); \
71 if(cx) SSL_CTX_free(cx); \
72 return(0); \
73 } while(0)
74
75#define VC_SETCERT_ERR_EXIT(se, cx, err) do { \
76 snprintf(tmpstr, TMPSTRSIZE, "CREATE CTX: %s", err); \
77 writecf(FS_ERR, tmpstr); \
78 if(se) X509_STORE_free(se); \
79 if(cx) SSL_CTX_free(cx); \
80 return(NULL); \
81 } while(0)
82 113
83static SSL_CTX * vc_create_sslctx( vc_x509store_t *vc_store ) 114static SSL_CTX * vc_create_sslctx( vc_x509store_t *vc_store )
84{ 115{
85 int i = 0; 116 int flags = 0;
86 int n = 0;
87 int flags = 0;
88 int r = 0;
89 SSL_CTX *ctx = NULL;
90 X509_STORE *store = NULL;
91 vc_x509verify_cb_t verify_callback = NULL;
92 117
93 /* Explicitly use TLSv1 (or maybe later) */ 118 /* Explicitly use TLSv1 (or maybe later) */
94 if( !(ctx = SSL_CTX_new(TLS_client_method())) ) 119 SSL_CTX *ctx = SSL_CTX_new(TLS_client_method());
95 VC_CTX_ERR_EXIT(store, ctx); 120 X509_STORE *store = vc_x509store_create(vc_store);
96 121
97 if( !(store = vc_x509store_create(vc_store)) ) 122 if (!ctx || !store) {
98 VC_CTX_ERR_EXIT(store, ctx); 123 snprintf(tmpstr, sizeof(tmpstr), "CREATE CTX: %s",ERR_error_string (ERR_get_error (), NULL));
124 writecf(FS_ERR, tmpstr);
125 if (store)
126 X509_STORE_free(store);
127 if (ctx)
128 SSL_CTX_free(ctx);
129 return NULL;
130 }
99 131
100 SSL_CTX_set_cert_store(ctx, store); 132 SSL_CTX_set_cert_store(ctx, store);
101 store = NULL; 133
102 /* Disable some insecure protocols explicitly */ 134 /* Disable some insecure protocols explicitly */
103 SSL_CTX_set_options(ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); 135 SSL_CTX_set_options(ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
104 if (getstroption(CF_CIPHERSUITE)) 136 if (getstroption(CF_CIPHERSUITE))
@@ -108,14 +140,10 @@ static SSL_CTX * vc_create_sslctx( vc_x509store_t *vc_store )
108 140
109 SSL_CTX_set_verify_depth (ctx, getintoption(CF_VERIFYSSL)); 141 SSL_CTX_set_verify_depth (ctx, getintoption(CF_VERIFYSSL));
110 142
111 if( !(verify_callback = vc_store->callback) )
112 verify_callback = vc_verify_callback;
113
114 if( !(vc_store->flags & VC_X509S_SSL_VERIFY_MASK) ) { 143 if( !(vc_store->flags & VC_X509S_SSL_VERIFY_MASK) ) {
115 writecf(FS_DBG, tmpstr); 144 writecf(FS_DBG, tmpstr);
116 flags = SSL_VERIFY_NONE; 145 flags = SSL_VERIFY_NONE;
117 } 146 } else {
118 else {
119 if(vc_store->flags & VC_X509S_SSL_VERIFY_PEER) 147 if(vc_store->flags & VC_X509S_SSL_VERIFY_PEER)
120 flags |= SSL_VERIFY_PEER; 148 flags |= SSL_VERIFY_PEER;
121 if(vc_store->flags & VC_X509S_SSL_VERIFY_FAIL_IF_NO_PEER_CERT) 149 if(vc_store->flags & VC_X509S_SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
@@ -124,29 +152,25 @@ static SSL_CTX * vc_create_sslctx( vc_x509store_t *vc_store )
124 flags |= SSL_VERIFY_CLIENT_ONCE; 152 flags |= SSL_VERIFY_CLIENT_ONCE;
125 } 153 }
126 154
127 SSL_CTX_set_verify(ctx, flags, verify_callback); 155 SSL_CTX_set_verify(ctx, flags, vc_verify_callback);
128 156
129 if(vc_store->flags & VC_X509S_USE_CERTIFICATE) { 157 if(vc_store->flags & VC_X509S_USE_CERTIFICATE) {
130 if(vc_store->use_certfile) 158 int r = 0;
131 SSL_CTX_use_certificate_chain_file(ctx, vc_store->use_certfile); 159 if(vc_store->certfile)
132 else { 160 SSL_CTX_use_certificate_chain_file(ctx, vc_store->certfile);
133 SSL_CTX_use_certificate(ctx,
134 sk_X509_value(vc_store->use_certs, 0));
135 for(i=0,n=sk_X509_num(vc_store->use_certs); i<n; i++)
136 SSL_CTX_add_extra_chain_cert(ctx,
137 sk_X509_value(vc_store->use_certs, i));
138 }
139 161
140 SSL_CTX_set_default_passwd_cb(ctx, vc_store->askpass_callback); 162 SSL_CTX_set_default_passwd_cb(ctx, vc_store->askpass_callback);
141 163
142 if(vc_store->use_keyfile) { 164 if(vc_store->keyfile)
143 r=SSL_CTX_use_PrivateKey_file(ctx, vc_store->use_keyfile, 165 r=SSL_CTX_use_PrivateKey_file(ctx, vc_store->keyfile,
144 SSL_FILETYPE_PEM); 166 SSL_FILETYPE_PEM);
145 } else if(vc_store->use_key)
146 r=SSL_CTX_use_PrivateKey(ctx, vc_store->use_key);
147 167
148 if( r!=1 || !SSL_CTX_check_private_key(ctx)) 168 if( r!=1 || !SSL_CTX_check_private_key(ctx)) {
149 VC_SETCERT_ERR_EXIT(store, ctx, "Load private key failed"); 169 snprintf(tmpstr, sizeof(tmpstr), "CREATE CTX: Load private key failed");
170 writecf(FS_ERR, tmpstr);
171 SSL_CTX_free(ctx);
172 return NULL;
173 }
150 } 174 }
151 175
152 SSL_CTX_set_app_data(ctx, vc_store); 176 SSL_CTX_set_app_data(ctx, vc_store);
@@ -298,29 +322,24 @@ all_errors:
298 322
299X509_STORE *vc_x509store_create(vc_x509store_t *vc_store) 323X509_STORE *vc_x509store_create(vc_x509store_t *vc_store)
300{ 324{
301 int i = 0;
302 int n = 0;
303 X509_STORE *store = NULL; 325 X509_STORE *store = NULL;
304 X509_LOOKUP *lookup = NULL; 326 X509_LOOKUP *lookup = NULL;
305 327
306 store = X509_STORE_new(); 328 store = X509_STORE_new();
307 329
308 if(vc_store->callback) 330 X509_STORE_set_verify_cb_func(store, vc_verify_callback);
309 X509_STORE_set_verify_cb_func(store, vc_store->callback);
310 else
311 X509_STORE_set_verify_cb_func(store, vc_verify_callback);
312 331
313 if( !(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file())) ) 332 if( !(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file())) )
314 VC_STORE_ERR_EXIT(store); 333 VC_STORE_ERR_EXIT(store);
315 334
316 if(!vc_store->cafile) { 335 if (!vc_store->cafile) {
317 if( !(vc_store->flags & VC_X509S_NODEF_CAFILE) ) 336 if( !(vc_store->flags & VC_X509S_USE_CAFILE) )
318 X509_LOOKUP_load_file(lookup, 0, X509_FILETYPE_DEFAULT); 337 X509_LOOKUP_load_file(lookup, 0, X509_FILETYPE_DEFAULT);
319 } else if( !X509_LOOKUP_load_file(lookup, vc_store->cafile, 338 } else if( !X509_LOOKUP_load_file(lookup, vc_store->cafile,
320 X509_FILETYPE_PEM) ) 339 X509_FILETYPE_PEM) )
321 VC_STORE_ERR_EXIT(store); 340 VC_STORE_ERR_EXIT(store);
322 341
323 if(vc_store->crlfile) { 342 if (vc_store->crlfile) {
324 if( !X509_load_crl_file(lookup, vc_store->crlfile, 343 if( !X509_load_crl_file(lookup, vc_store->crlfile,
325 X509_FILETYPE_PEM) ) 344 X509_FILETYPE_PEM) )
326 VC_STORE_ERR_EXIT(store); 345 VC_STORE_ERR_EXIT(store);
@@ -329,25 +348,16 @@ X509_STORE *vc_x509store_create(vc_x509store_t *vc_store)
329 X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL ); 348 X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL );
330 } 349 }
331 350
332 if( !(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir())) ) 351 if ( !(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir())) )
333 VC_STORE_ERR_EXIT(store); 352 VC_STORE_ERR_EXIT(store);
334 353
335 if( !vc_store->capath ) { 354 if ( !vc_store->capath ) {
336 if( !(vc_store->flags & VC_X509S_NODEF_CAPATH) ) 355 if( !(vc_store->flags & VC_X509S_USE_CAPATH) )
337 X509_LOOKUP_add_dir(lookup, 0, X509_FILETYPE_DEFAULT); 356 X509_LOOKUP_add_dir(lookup, 0, X509_FILETYPE_DEFAULT);
338 } else if( !X509_LOOKUP_add_dir(lookup, vc_store->capath, 357 } else if( !X509_LOOKUP_add_dir(lookup, vc_store->capath,
339 X509_FILETYPE_PEM) ) 358 X509_FILETYPE_PEM) )
340 VC_STORE_ERR_EXIT(store); 359 VC_STORE_ERR_EXIT(store);
341 360
342 for( i=0, n=sk_X509_num(vc_store->certs); i<n; i++)
343 if( !X509_STORE_add_cert(store, sk_X509_value(vc_store->certs, i)) )
344 VC_STORE_ERR_EXIT(store);
345
346 for( i=0, n=sk_X509_CRL_num(vc_store->crls); i<n; i++)
347 if( !X509_STORE_add_crl(store,
348 sk_X509_CRL_value(vc_store->crls, i)) )
349 VC_STORE_ERR_EXIT(store);
350
351 return(store); 361 return(store);
352} 362}
353 363
@@ -361,104 +371,6 @@ int vc_verify_callback(int ok, X509_STORE_CTX *store)
361 return (ok | getintoption(CF_IGNSSL)); 371 return (ok | getintoption(CF_IGNSSL));
362} 372}
363 373
364void vc_x509store_setflags(vc_x509store_t *store, int flags)
365{
366 store->flags |= flags;
367}
368
369void vc_x509store_clearflags(vc_x509store_t *store, int flags)
370{
371 store->flags &= ~flags;
372}
373
374void vc_x509store_setcb(vc_x509store_t *store,
375 vc_x509verify_cb_t callback)
376{
377 store->callback = callback;
378}
379
380void vc_x509store_set_pkeycb(vc_x509store_t *store,
381 vc_askpass_cb_t callback)
382{
383 store->askpass_callback = callback;
384}
385
386void vc_x509store_addcert(vc_x509store_t *store, X509 *cert)
387{
388 sk_X509_push(store->certs, cert);
389}
390
391void vc_x509store_setcafile(vc_x509store_t *store, char *file)
392{
393 free(store->cafile);
394 store->cafile = ( file ? strdup(file) : 0 );
395}
396
397void vc_x509store_setcapath(vc_x509store_t *store, char *path)
398{
399 free(store->capath);
400 store->capath = ( path ? strdup(path) : 0 );
401}
402
403void vc_x509store_setcrlfile(vc_x509store_t *store, char *file)
404{
405 free(store->crlfile);
406 store->crlfile = ( file ? strdup(file) : 0 );
407}
408
409void vc_x509store_setkeyfile(vc_x509store_t *store, char *file)
410{
411 free(store->use_keyfile);
412 store->use_keyfile = ( file ? strdup(file) : 0 );
413}
414
415void vc_x509store_setcertfile(vc_x509store_t *store, char *file)
416{
417 free(store->use_certfile);
418 store->use_certfile = ( file ? strdup(file) : 0 );
419}
420
421vc_x509store_t *vc_init_x509store()
422{
423 vc_x509store_t *s = malloc(sizeof(vc_x509store_t));
424 if (s) {
425
426 static int sslinit;
427 if( !sslinit++ ) {
428 SSL_library_init ();
429 SSL_load_error_strings();
430 }
431
432 s->cafile = NULL;
433 s->capath = NULL;
434 s->crlfile = NULL;
435 s->callback = NULL;
436 s->askpass_callback = NULL;
437 s->certs = sk_X509_new_null();
438 s->crls = sk_X509_CRL_new_null();
439 s->use_certfile = NULL;
440 s->use_certs = sk_X509_new_null();
441 s->use_keyfile = NULL;
442 s->use_key = NULL;
443 s->flags = 0;
444 }
445 return s;
446}
447
448void vc_cleanup_x509store(vc_x509store_t *s)
449{
450 free(s->cafile);
451 free(s->capath);
452 free(s->crlfile);
453 free(s->use_certfile);
454 free(s->use_keyfile);
455 free(s->use_key);
456 sk_X509_free(s->certs);
457 sk_X509_CRL_free(s->crls);
458 sk_X509_free(s->use_certs);
459 free(s);
460}
461
462ssize_t vc_tls_sendmessage(const void *buf, size_t size) { 374ssize_t vc_tls_sendmessage(const void *buf, size_t size) {
463 return BIO_write(server_conn, buf, size); 375 return BIO_write(server_conn, buf, size);
464} 376}
@@ -476,11 +388,3 @@ void vc_tls_cleanup() {
476 BIO_free_all( server_conn ); 388 BIO_free_all( server_conn );
477 server_conn = NULL; 389 server_conn = NULL;
478} 390}
479
480const char *vchat_ssl_version_external = "OpenSSL implementation; version unknown";
481void vchat_ssl_get_version_external()
482{
483 char tmpstr[TMPSTRSIZE];
484 snprintf(tmpstr, TMPSTRSIZE, "%s with %s", SSLeay_version(SSLEAY_VERSION), SSLeay_version(SSLEAY_CFLAGS));
485 vchat_ssl_version_external = strdup(tmpstr);
486}
diff --git a/vchat-tls.h b/vchat-tls.h
index 8d33ebd..440d08e 100755
--- a/vchat-tls.h
+++ b/vchat-tls.h
@@ -2,16 +2,27 @@
2 2
3/* prototypes */ 3/* prototypes */
4 4
5struct vc_x509store_t;
6typedef struct vc_x509store_t vc_x509store_t;
7typedef int (*vc_askpass_cb_t)(char *, int, int, void *); 5typedef int (*vc_askpass_cb_t)(char *, int, int, void *);
6struct vc_x509store_t {
7 char *cafile;
8 char *capath;
9 char *crlfile;
10 vc_askpass_cb_t askpass_callback;
11 char *certfile;
12 char *keyfile;
13 int flags;
14};
15typedef struct vc_x509store_t vc_x509store_t;
8 16
9vc_x509store_t *vc_init_x509store(); 17void vc_init_x509store(vc_x509store_t *);
10void vc_x509store_set_pkeycb(vc_x509store_t *, vc_askpass_cb_t); 18void vc_x509store_set_pkeycb(vc_x509store_t *, vc_askpass_cb_t);
11void vc_x509store_setflags(vc_x509store_t *, int); 19void vc_x509store_setflags(vc_x509store_t *, int);
12void vc_x509store_setkeyfile(vc_x509store_t *, char *); 20void vc_x509store_setkeyfile(vc_x509store_t *, char *);
13void vc_x509store_setcertfile(vc_x509store_t *, char *); 21void vc_x509store_setcertfile(vc_x509store_t *, char *);
14void vc_x509store_setcafile(vc_x509store_t *, char *); 22void vc_x509store_setcafile(vc_x509store_t *, char *);
23void vc_x509store_clearflags(vc_x509store_t *, int);
24void vc_x509store_setcapath(vc_x509store_t *, char *);
25void vc_x509store_setcrlfile(vc_x509store_t *, char *);
15void vc_cleanup_x509store(vc_x509store_t *s); 26void vc_cleanup_x509store(vc_x509store_t *s);
16 27
17int vc_tls_connect(int serverfd, vc_x509store_t * ); 28int vc_tls_connect(int serverfd, vc_x509store_t * );
@@ -19,8 +30,8 @@ ssize_t vc_tls_sendmessage(const void *buf, size_t size);
19ssize_t vc_tls_receivemessage(void *buf, size_t size); 30ssize_t vc_tls_receivemessage(void *buf, size_t size);
20void vc_tls_cleanup(); 31void vc_tls_cleanup();
21 32
22#define VC_X509S_NODEF_CAFILE 0x01 33#define VC_X509S_USE_CAFILE 0x01
23#define VC_X509S_NODEF_CAPATH 0x02 34#define VC_X509S_USE_CAPATH 0x02
24#define VC_X509S_USE_CERTIFICATE 0x04 35#define VC_X509S_USE_CERTIFICATE 0x04
25#define VC_X509S_SSL_VERIFY_NONE 0x10 36#define VC_X509S_SSL_VERIFY_NONE 0x10
26#define VC_X509S_SSL_VERIFY_PEER 0x20 37#define VC_X509S_SSL_VERIFY_PEER 0x20
diff --git a/vchat.h b/vchat.h
index c6077a6..71ad149 100755
--- a/vchat.h
+++ b/vchat.h
@@ -167,6 +167,6 @@ typedef struct {
167} commandentry; 167} commandentry;
168 168
169/* vchat-tls.c */ 169/* vchat-tls.c */
170extern const char *vchat_ssl_version; 170extern const char *vchat_tls_version;
171extern const char *vchat_ssl_version_external; 171extern const char *vchat_tls_version_external;
172void vchat_ssl_get_version_external(); 172void vchat_tls_get_version_external();