1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-09 05:43:12 +02:00
Files
unrealircd/src/ssl.c
T
stskeeps 14bb1968ba Index: Changes
===================================================================
RCS file: /home/cmunk/ircsystems/cvsroot/unreal/Changes,v
retrieving revision 1.1.1.1.2.1.2.1.2.258
diff -u -r1.1.1.1.2.1.2.1.2.258 Changes
--- Changes	2000/10/22 17:51:31	1.1.1.1.2.1.2.1.2.258
+++ Changes	2000/10/25 18:26:37
@@ -638,3 +638,5 @@
 - Merged in changes from TEMPcvs branch
 - Fixed a /UNSQLINE para problem, found by Joe
 - #define SHOW_SECRET now allows all ircops to see +s channels in /whois.  If not defined, only net/tech admins can.
+- Added #define CENSOR_QUIT, for WaveRide
+- Fixed hashing bug that caused the server to crash on exit
2000-10-25 18:26:40 +00:00

169 lines
3.7 KiB
C

/*
This was originally done by the hq.alert.sk implementation
Modified by Stskeeps
*/
#include "config.h"
#ifdef USE_SSL
#include "struct.h"
/* The SSL structures */
SSL_CTX *ctx;
SSL_METHOD *meth;
void init_ssl()
{
/* SSL preliminaries. We keep the certificate and key with the context. */
SSL_load_error_strings();
SSLeay_add_ssl_algorithms();
meth = SSLv23_server_method();
ctx = SSL_CTX_new(meth);
if (!ctx)
{
ircd_log("Failed to do SSL CTX new");
exit(2);
}
if (SSL_CTX_use_certificate_file(ctx, CERTF, SSL_FILETYPE_PEM) <= 0)
{
ircd_log("Failed to load SSL certificate %s", CERTF);
exit(3);
}
if (SSL_CTX_use_PrivateKey_file(ctx, KEYF, SSL_FILETYPE_PEM) <= 0)
{
ircd_log("Failed to load SSL private key %s", KEYF);
exit(4);
}
if (!SSL_CTX_check_private_key(ctx))
{
ircd_log("Failed to check SSL private key");
exit(5);
}
}
#define CHK_NULL(x) if ((x)==NULL) {\
sendto_umode(UMODE_JUNK, "Lost connection to %s:Error in SSL", \
get_client_name(cptr, TRUE)); \
return 0;\
}
int ssl_handshake(aClient *cptr)
{
char *str;
int err;
cptr->ssl = (struct SSL *)SSL_new(ctx);
CHK_NULL(cptr->ssl);
SSL_set_fd((SSL *) cptr->ssl, cptr->fd);
err = SSL_accept((SSL *) cptr->ssl);
if ((err) == -1)
{
if (IsHandshake(cptr))
sendto_ops("Lost connection to %s:Error in SSL_accept()",
get_client_name(cptr, TRUE));
return 0;
}
/* Get the cipher - opt */
/* ircd_log("SSL connection using %s\n",
SSL_get_cipher((SSL *) cptr->ssl));
*/
/* Get client's certificate (note: beware of dynamic
* allocation) - opt */
cptr->client_cert =
(struct X509 *)SSL_get_peer_certificate((SSL *) cptr->ssl);
if (cptr->client_cert != NULL)
{
// log (L_DEBUG,"Client certificate:\n");
str =
X509_NAME_oneline(X509_get_subject_name((X509 *) cptr->
client_cert), 0, 0);
CHK_NULL(str);
// log (L_DEBUG, "\t subject: %s\n", str);
Free(str);
str =
X509_NAME_oneline(X509_get_issuer_name((X509 *) cptr->
client_cert), 0, 0);
CHK_NULL(str);
// log (L_DEBUG, "\t issuer: %s\n", str);
Free(str);
/* We could do all sorts of certificate
* verification stuff here before
* deallocating the certificate. */
X509_free((X509 *) cptr->client_cert);
}
else
{
// log (L_DEBUG, "Client does not have certificate.\n");
}
return 0;
}
int ssl_client_handshake(struct Client *cptr)
{
char *str;
int err;
cptr->ssl = (struct SSL *)SSL_new(ctx);
CHK_NULL(cptr->ssl);
SSL_set_fd((SSL *) cptr->ssl, cptr->fd);
// set_blocking(cptr->fd);
err = SSL_connect((SSL *) cptr->ssl);
set_non_blocking(cptr->fd);
if ((err) == -1)
{
ircd_log("Could connect to %s:Error in SSL_connect()",
get_client_name(cptr, TRUE));
return 0;
}
/* Following two steps are optional and not required for
data exchange to be successful. */
/* Get the cipher - opt */
// set_blocking(cptr->fd);
/* ircd_log("SSL connection using %s\n",
SSL_get_cipher((SSL *) cptr->ssl));
*/
/* Get server's certificate (note: beware of dynamic allocation) - opt */
cptr->client_cert =
(struct X509 *)SSL_get_peer_certificate((SSL *) cptr->ssl);
set_non_blocking(cptr->fd);
CHK_NULL(cptr->client_cert);
// log (L_NOTICE,"Server certificate:\n");
str =
X509_NAME_oneline(X509_get_subject_name((X509 *) cptr->client_cert),
0, 0);
CHK_NULL(str);
// log (L_NOTICE, "\t subject: %s\n", str);
Free(str);
str =
X509_NAME_oneline(X509_get_issuer_name((X509 *) cptr->client_cert),
0, 0);
CHK_NULL(str);
// log (L_NOTICE, "\t issuer: %s\n", str);
Free(str);
/* We could do all sorts of certificate verification stuff here before
deallocating the certificate. */
X509_free((X509 *) cptr->client_cert);
return 1;
}
#endif