search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
free bugs [fixed]
[coupserv.git] / tls.c
blobd526812e9690e9513b0a6735f05312948f8812f8
1 // TLS handler for HaxServ
2 //
3 // Written by: Test_User <hax@andrewyu.org>
4 //
5 // This is free and unencumbered software released into the public
6 // domain.
7 //
8 // Anyone is free to copy, modify, publish, use, compile, sell, or
9 // distribute this software, either in source code form or as a compiled
10 // binary, for any purpose, commercial or non-commercial, and by any
11 // means.
12 //
13 // In jurisdictions that recognize copyright laws, the author or authors
14 // of this software dedicate any and all copyright interest in the
15 // software to the public domain. We make this dedication for the benefit
16 // of the public at large and to the detriment of our heirs and
17 // successors. We intend this dedication to be an overt act of
18 // relinquishment in perpetuity of all present and future rights to this
19 // software under copyright law.
20 //
21 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
22 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
23 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
24 // IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
25 // OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
26 // ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
27 // OTHER DEALINGS IN THE SOFTWARE.
28
29 #include <gnutls/gnutls.h>
30 #include <sys/socket.h>
31 #include <sys/types.h>
32 #include <arpa/inet.h>
33
34 #include "network.h"
35 #include "config.h"
36 #include "types.h"
37 #include "tls.h"
38
39 gnutls_session_t session;
40 int fd;
41
42 int connect_tls(void) {
43 // TODO: free used things on failure
44
45 if (gnutls_global_init() < 0)
46 return 1;
47
48 gnutls_certificate_credentials_t xcred; // TODO: if we reconnect
49 if (gnutls_certificate_allocate_credentials(&xcred) < 0)
50 return 2;
51
52 if (gnutls_certificate_set_x509_system_trust(xcred) < 0)
53 return 3;
54
55 if (tls_cert_path && tls_key_path && gnutls_certificate_set_x509_key_file(xcred, tls_cert_path, tls_key_path, GNUTLS_X509_FMT_PEM) < 0)
56 return 4;
57
58 if (gnutls_init(&session, GNUTLS_CLIENT) < 0)
59 return 5;
60
61 if (gnutls_server_name_set(session, GNUTLS_NAME_DNS, address.data, address.len) < 0)
62 return 6;
63
64 if (gnutls_set_default_priority(session) < 0)
65 return 7;
66
67 if (gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred) < 0)
68 return 8;
69 gnutls_session_set_verify_cert(session, address.data, 0);
70
71 fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
72 if (fd == -1)
73 return 9;
74
75 struct sockaddr sockaddr;
76 resolve(address.data, port.data, &sockaddr);
77 int ret = connect(fd, &sockaddr, sizeof(sockaddr));
78 if (ret != 0)
79 return 10;
80
81 gnutls_transport_set_int(session, fd);
82 gnutls_handshake_set_timeout(session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
83
84 do {
85 ret = gnutls_handshake(session);
86 } while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
87 if (ret < 0)
88 return 11;
89
90 gnutls_record_set_timeout(session, 60000); // 60s
91
92 return 0;
93 }
94
95 extern inline size_t RECV(char *buf, size_t buflen, char *timeout); // Should force it to get compiled into tls.o
96
97 #if LOGALL
98 ssize_t SEND(struct string msg) {
99 static char printprefix = 1;
100 if (printprefix) {
101 #if COLORIZE
102 WRITES(1, STRING("\x1b[33m[Us->Server] \x1b[34m"));
103 #else
104 WRITES(1, STRING("[Us->Server] "));
105 #endif
106
107 printprefix = 0;
108 }
109
110 WRITES(1, msg);
111
112 if (msg.len == 0 || msg.data[msg.len - 1] == '\n') {
113 printprefix = 1;
114 #if COLORIZE
115 WRITES(1, STRING("\x1b[0m\n"));
116 #else
117 WRITES(1, STRING("\n"));
118 #endif
119 }
120
121 return gnutls_record_send(session, msg.data, msg.len);
122 }
123 #endif
Test_User's chaotic InspIRCd-linking pseudo-server