forked from noisytoot/rubyserv-iirc
123 lines
3.4 KiB
C
123 lines
3.4 KiB
C
// TLS handler for HaxServ
|
|
//
|
|
// Written by: Test_User <hax@andrewyu.org>
|
|
//
|
|
// This is free and unencumbered software released into the public
|
|
// domain.
|
|
//
|
|
// Anyone is free to copy, modify, publish, use, compile, sell, or
|
|
// distribute this software, either in source code form or as a compiled
|
|
// binary, for any purpose, commercial or non-commercial, and by any
|
|
// means.
|
|
//
|
|
// In jurisdictions that recognize copyright laws, the author or authors
|
|
// of this software dedicate any and all copyright interest in the
|
|
// software to the public domain. We make this dedication for the benefit
|
|
// of the public at large and to the detriment of our heirs and
|
|
// successors. We intend this dedication to be an overt act of
|
|
// relinquishment in perpetuity of all present and future rights to this
|
|
// software under copyright law.
|
|
//
|
|
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
|
// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
|
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
|
|
// IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
|
|
// OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
|
|
// ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
|
|
// OTHER DEALINGS IN THE SOFTWARE.
|
|
|
|
#include <gnutls/gnutls.h>
|
|
#include <sys/socket.h>
|
|
#include <sys/types.h>
|
|
#include <arpa/inet.h>
|
|
|
|
#include "network.h"
|
|
#include "config.h"
|
|
#include "types.h"
|
|
#include "tls.h"
|
|
|
|
gnutls_session_t session;
|
|
int fd;
|
|
|
|
int connect_tls(void) {
|
|
// TODO: free used things on failure
|
|
|
|
if (gnutls_global_init() < 0)
|
|
return 1;
|
|
|
|
gnutls_certificate_credentials_t xcred; // TODO: if we reconnect
|
|
if (gnutls_certificate_allocate_credentials(&xcred) < 0)
|
|
return 2;
|
|
|
|
if (gnutls_certificate_set_x509_system_trust(xcred) < 0)
|
|
return 3;
|
|
|
|
if (tls_cert_path && tls_key_path && gnutls_certificate_set_x509_key_file(xcred, tls_cert_path, tls_key_path, GNUTLS_X509_FMT_PEM) < 0)
|
|
return 4;
|
|
|
|
if (gnutls_init(&session, GNUTLS_CLIENT) < 0)
|
|
return 5;
|
|
|
|
if (gnutls_server_name_set(session, GNUTLS_NAME_DNS, address.data, address.len) < 0)
|
|
return 6;
|
|
|
|
if (gnutls_set_default_priority(session) < 0)
|
|
return 7;
|
|
|
|
if (gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred) < 0)
|
|
return 8;
|
|
gnutls_session_set_verify_cert(session, address.data, 0);
|
|
|
|
fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
|
|
if (fd == -1)
|
|
return 9;
|
|
|
|
struct sockaddr sockaddr;
|
|
resolve(address.data, port.data, &sockaddr);
|
|
int ret = connect(fd, &sockaddr, sizeof(sockaddr));
|
|
if (ret != 0)
|
|
return 10;
|
|
|
|
gnutls_transport_set_int(session, fd);
|
|
gnutls_handshake_set_timeout(session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
|
|
|
|
do {
|
|
ret = gnutls_handshake(session);
|
|
} while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
|
|
if (ret < 0)
|
|
return 11;
|
|
|
|
gnutls_record_set_timeout(session, 60000); // 60s
|
|
|
|
return 0;
|
|
}
|
|
|
|
extern inline size_t RECV(char *buf, size_t buflen, char *timeout); // Should force it to get compiled into tls.o
|
|
|
|
#if LOGALL
|
|
ssize_t SEND(struct string msg) {
|
|
static char printprefix = 1;
|
|
if (printprefix) {
|
|
#if COLORIZE
|
|
WRITES(1, STRING("\x1b[33m[Us->Server] \x1b[34m"));
|
|
#else
|
|
WRITES(1, STRING("[Us->Server] "));
|
|
#endif
|
|
|
|
printprefix = 0;
|
|
}
|
|
|
|
WRITES(1, msg);
|
|
|
|
if (msg.len == 0 || msg.data[msg.len - 1] == '\n') {
|
|
printprefix = 1;
|
|
#if COLORIZE
|
|
WRITES(1, STRING("\x1b[0m\n"));
|
|
#else
|
|
WRITES(1, STRING("\n"));
|
|
#endif
|
|
}
|
|
|
|
return gnutls_record_send(session, msg.data, msg.len);
|
|
}
|
|
#endif
|