 |
use libtls, remove raw OpenSSL code - irc - IRC client based on c9x.me/irc clie… |
 |
git clone git://git.codemadness.org/irc |
 |
Log |
|
Files |
|
Refs |
|
README |
|
LICENSE |
|
--- |
|
commit cd226fa73bb4f6ab20c4cbf3a2a8d6a2c4c407f5 |
|
parent 7cabd77bc55e17135fce024801684b33806d2733 |
|
Author: Hiltjo Posthuma <[email protected]> |
|
Date: Fri, 26 May 2017 13:12:44 +0200 |
|
|
|
use libtls, remove raw OpenSSL code |
|
|
|
by using libtls we also support proper peer verification and other |
|
security additions. |
|
|
|
Diffstat: |
|
M Makefile | 2 +- |
|
M irc.c | 34 ++++++++++++-----------------… |
|
|
|
2 files changed, 14 insertions(+), 22 deletions(-) |
|
--- |
|
diff --git a/Makefile b/Makefile |
|
@@ -1,7 +1,7 @@ |
|
BIN = irc |
|
|
|
CFLAGS = -std=c99 -Os -D_POSIX_C_SOURCE=201112 -D_GNU_SOURCE -D_XOPEN_CURSES -… |
|
-LDFLAGS = -lncursesw -lssl -lcrypto |
|
+LDFLAGS = -lncursesw -lssl -lcrypto -ltls |
|
|
|
all: ${BIN} |
|
|
|
diff --git a/irc.c b/irc.c |
|
@@ -20,7 +20,8 @@ |
|
#include <netdb.h> |
|
#include <locale.h> |
|
#include <wchar.h> |
|
-#include <openssl/ssl.h> |
|
+ |
|
+#include <tls.h> |
|
|
|
#ifndef __OpenBSD__ |
|
#define pledge(a,b) 0 |
|
@@ -69,8 +70,7 @@ static struct Chan { |
|
static int ssl; |
|
static struct { |
|
int fd; |
|
- SSL *ssl; |
|
- SSL_CTX *ctx; |
|
+ struct tls *tls; |
|
} srv; |
|
static char nick[64]; |
|
static int quit, winchg; |
|
@@ -187,7 +187,7 @@ srd(void) |
|
if (p - l >= BufSz) |
|
p = l; /* Input buffer overflow, there should something better… |
|
if (ssl) |
|
- rd = SSL_read(srv.ssl, p, BufSz - (p - l)); |
|
+ rd = tls_read(srv.tls, p, BufSz - (p - l)); |
|
else |
|
rd = read(srv.fd, p, BufSz - (p - l)); |
|
if (rd <= 0) |
|
@@ -255,14 +255,11 @@ dial(const char *host, const char *service) |
|
return "Cannot connect to host."; |
|
srv.fd = fd; |
|
if (ssl) { |
|
- SSL_load_error_strings(); |
|
- SSL_library_init(); |
|
- srv.ctx = SSL_CTX_new(SSLv23_client_method()); |
|
- if (!srv.ctx) |
|
- return "Could not initialize ssl context."; |
|
- srv.ssl = SSL_new(srv.ctx); |
|
- if (SSL_set_fd(srv.ssl, srv.fd) == 0 |
|
- || SSL_connect(srv.ssl) != 1) |
|
+ if (tls_init() < 0) |
|
+ return "Could not initialize TLS."; |
|
+ if (!(srv.tls = tls_client())) |
|
+ return "Could not initialize TLS context."; |
|
+ if (tls_connect_socket(srv.tls, srv.fd, host) < 0) |
|
return "Could not connect with ssl."; |
|
} |
|
freeaddrinfo(res); |
|
@@ -272,19 +269,14 @@ dial(const char *host, const char *service) |
|
static void |
|
hangup(void) |
|
{ |
|
- if (srv.ssl) { |
|
- SSL_shutdown(srv.ssl); |
|
- SSL_free(srv.ssl); |
|
- srv.ssl = 0; |
|
+ if (srv.tls) { |
|
+ tls_close(srv.tls); |
|
+ srv.tls = 0; |
|
} |
|
if (srv.fd) { |
|
close(srv.fd); |
|
srv.fd = 0; |
|
} |
|
- if (srv.ctx) { |
|
- SSL_CTX_free(srv.ctx); |
|
- srv.ctx = 0; |
|
- } |
|
} |
|
|
|
static inline int |
|
@@ -920,7 +912,7 @@ main(int argc, char *argv[]) |
|
int wr; |
|
|
|
if (ssl) |
|
- wr = SSL_write(srv.ssl, outb, outp - outb); |
|
+ wr = tls_write(srv.tls, outb, outp - outb); |
|
else |
|
wr = write(srv.fd, outb, outp - outb); |
|
if (wr <= 0) { |
