1 // TLS handler for HaxServ
3 // Written by: Test_User <hax@andrewyu.org>
5 // This is free and unencumbered software released into the public
8 // Anyone is free to copy, modify, publish, use, compile, sell, or
9 // distribute this software, either in source code form or as a compiled
10 // binary, for any purpose, commercial or non-commercial, and by any
13 // In jurisdictions that recognize copyright laws, the author or authors
14 // of this software dedicate any and all copyright interest in the
15 // software to the public domain. We make this dedication for the benefit
16 // of the public at large and to the detriment of our heirs and
17 // successors. We intend this dedication to be an overt act of
18 // relinquishment in perpetuity of all present and future rights to this
19 // software under copyright law.
21 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
22 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
23 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
24 // IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
25 // OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
26 // ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
27 // OTHER DEALINGS IN THE SOFTWARE.
29 #include <gnutls/gnutls.h>
30 #include <sys/socket.h>
31 #include <sys/types.h>
32 #include <arpa/inet.h>
39 gnutls_session_t session
;
42 int connect_tls(void) {
43 // TODO: free used things on failure
45 if (gnutls_global_init() < 0)
48 gnutls_certificate_credentials_t xcred
; // TODO: if we reconnect
49 if (gnutls_certificate_allocate_credentials(&xcred
) < 0)
52 if (gnutls_certificate_set_x509_system_trust(xcred
) < 0)
55 if (tls_cert_path
&& tls_key_path
&& gnutls_certificate_set_x509_key_file(xcred
, tls_cert_path
, tls_key_path
, GNUTLS_X509_FMT_PEM
) < 0)
58 if (gnutls_init(&session
, GNUTLS_CLIENT
) < 0)
61 if (gnutls_server_name_set(session
, GNUTLS_NAME_DNS
, address
.data
, address
.len
) < 0)
64 if (gnutls_set_default_priority(session
) < 0)
67 if (gnutls_credentials_set(session
, GNUTLS_CRD_CERTIFICATE
, xcred
) < 0)
69 gnutls_session_set_verify_cert(session
, address
.data
, 0);
71 fd
= socket(AF_INET
, SOCK_STREAM
, IPPROTO_TCP
);
75 struct sockaddr sockaddr
;
76 resolve(address
.data
, port
.data
, &sockaddr
);
77 int ret
= connect(fd
, &sockaddr
, sizeof(sockaddr
));
81 gnutls_transport_set_int(session
, fd
);
82 gnutls_handshake_set_timeout(session
, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT
);
85 ret
= gnutls_handshake(session
);
86 } while (ret
< 0 && gnutls_error_is_fatal(ret
) == 0);
90 gnutls_record_set_timeout(session
, 60000); // 60s
95 extern inline size_t RECV(char *buf
, size_t buflen
, char *timeout
); // Should force it to get compiled into tls.o
98 ssize_t
SEND(struct string msg
) {
99 static char printprefix
= 1;
102 WRITES(1, STRING("\x1b[33m[Us->Server] \x1b[34m"));
104 WRITES(1, STRING("[Us->Server] "));
112 if (msg
.len
== 0 || msg
.data
[msg
.len
- 1] == '\n') {
115 WRITES(1, STRING("\x1b[0m\n"));
117 WRITES(1, STRING("\n"));
121 return gnutls_record_send(session
, msg
.data
, msg
.len
);