"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/tls_openssl.c" between
ircd-hybrid-8.2.27.tgz and ircd-hybrid-8.2.28.tgz

About: IRCD-Hybrid is a Internet Relay Chat server.

tls_openssl.c  (ircd-hybrid-8.2.27.tgz):tls_openssl.c  (ircd-hybrid-8.2.28.tgz)
skipping to change at line 26 skipping to change at line 26
* GNU General Public License for more details. * GNU General Public License for more details.
* *
* You should have received a copy of the GNU General Public License * You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software * along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
* USA * USA
*/ */
/*! \file tls_openssl.c /*! \file tls_openssl.c
* \brief Includes all OpenSSL-specific TLS functions * \brief Includes all OpenSSL-specific TLS functions
* \version $Id: tls_openssl.c 9164 2020-01-18 13:01:17Z michael $ * \version $Id: tls_openssl.c 9223 2020-01-26 11:35:22Z michael $
*/ */
#include "stdinc.h" #include "stdinc.h"
#include "tls.h" #include "tls.h"
#include "conf.h" #include "conf.h"
#include "log.h" #include "log.h"
#include "misc.h" #include "misc.h"
#include "memory.h" #include "memory.h"
#ifdef HAVE_TLS_OPENSSL #ifdef HAVE_TLS_OPENSSL
skipping to change at line 107 skipping to change at line 107
return; /* Not reached */ return; /* Not reached */
} }
SSL_CTX_set_min_proto_version(ConfigServerInfo.tls_ctx.client_ctx, TLS1_2_VERS ION); SSL_CTX_set_min_proto_version(ConfigServerInfo.tls_ctx.client_ctx, TLS1_2_VERS ION);
SSL_CTX_set_options(ConfigServerInfo.tls_ctx.client_ctx, SSL_OP_NO_TICKET); SSL_CTX_set_options(ConfigServerInfo.tls_ctx.client_ctx, SSL_OP_NO_TICKET);
SSL_CTX_set_verify(ConfigServerInfo.tls_ctx.client_ctx, SSL_VERIFY_PEER|SSL_VE RIFY_CLIENT_ONCE, always_accept_verify_cb); SSL_CTX_set_verify(ConfigServerInfo.tls_ctx.client_ctx, SSL_VERIFY_PEER|SSL_VE RIFY_CLIENT_ONCE, always_accept_verify_cb);
SSL_CTX_set_session_cache_mode(ConfigServerInfo.tls_ctx.client_ctx, SSL_SESS_C ACHE_OFF); SSL_CTX_set_session_cache_mode(ConfigServerInfo.tls_ctx.client_ctx, SSL_SESS_C ACHE_OFF);
} }
bool bool
tls_new_cred(void) tls_new_credentials(void)
{ {
TLS_initialized = false; TLS_initialized = false;
if (!ConfigServerInfo.tls_certificate_file || !ConfigServerInfo.rsa_private_ke y_file) if (ConfigServerInfo.tls_certificate_file == NULL || ConfigServerInfo.rsa_priv ate_key_file == NULL)
return true; return true;
if (SSL_CTX_use_certificate_chain_file(ConfigServerInfo.tls_ctx.server_ctx, Co if (SSL_CTX_use_certificate_chain_file(ConfigServerInfo.tls_ctx.server_ctx, Co
nfigServerInfo.tls_certificate_file) <= 0 || nfigServerInfo.tls_certificate_file) != 1 ||
SSL_CTX_use_certificate_chain_file(ConfigServerInfo.tls_ctx.client_ctx, Co SSL_CTX_use_certificate_chain_file(ConfigServerInfo.tls_ctx.client_ctx, Co
nfigServerInfo.tls_certificate_file) <= 0) nfigServerInfo.tls_certificate_file) != 1)
{ {
report_crypto_errors(); report_crypto_errors();
return false; return false;
} }
if (SSL_CTX_use_PrivateKey_file(ConfigServerInfo.tls_ctx.server_ctx, ConfigSer if (SSL_CTX_use_PrivateKey_file(ConfigServerInfo.tls_ctx.server_ctx, ConfigSer
verInfo.rsa_private_key_file, SSL_FILETYPE_PEM) <= 0 || verInfo.rsa_private_key_file, SSL_FILETYPE_PEM) != 1 ||
SSL_CTX_use_PrivateKey_file(ConfigServerInfo.tls_ctx.client_ctx, ConfigSer SSL_CTX_use_PrivateKey_file(ConfigServerInfo.tls_ctx.client_ctx, ConfigSer
verInfo.rsa_private_key_file, SSL_FILETYPE_PEM) <= 0) verInfo.rsa_private_key_file, SSL_FILETYPE_PEM) != 1)
{ {
report_crypto_errors(); report_crypto_errors();
return false; return false;
} }
if (!SSL_CTX_check_private_key(ConfigServerInfo.tls_ctx.server_ctx) || if (SSL_CTX_check_private_key(ConfigServerInfo.tls_ctx.server_ctx) != 1 ||
!SSL_CTX_check_private_key(ConfigServerInfo.tls_ctx.client_ctx)) SSL_CTX_check_private_key(ConfigServerInfo.tls_ctx.client_ctx) != 1)
{ {
report_crypto_errors(); report_crypto_errors();
return false; return false;
} }
if (ConfigServerInfo.tls_dh_param_file) if (ConfigServerInfo.tls_dh_param_file)
{ {
BIO *file = BIO_new_file(ConfigServerInfo.tls_dh_param_file, "r"); BIO *file = BIO_new_file(ConfigServerInfo.tls_dh_param_file, "r");
if (file) if (file)
skipping to change at line 367 skipping to change at line 367
if (errstr) if (errstr)
*errstr = error; *errstr = error;
return TLS_HANDSHAKE_ERROR; return TLS_HANDSHAKE_ERROR;
} }
} }
} }
bool bool
tls_verify_cert(tls_data_t *tls_data, tls_md_t digest, char **fingerprint) tls_verify_certificate(tls_data_t *tls_data, tls_md_t digest, char **fingerprint )
{ {
SSL *ssl = *tls_data; SSL *ssl = *tls_data;
unsigned int n; unsigned int n;
char buf[EVP_MAX_MD_SIZE * 2 + 1]; char buf[EVP_MAX_MD_SIZE * 2 + 1];
unsigned char md[EVP_MAX_MD_SIZE]; unsigned char md[EVP_MAX_MD_SIZE];
bool ret = false; bool ret = false;
/* Accept NULL return from SSL_get_peer_certificate */ /* Accept NULL return from SSL_get_peer_certificate */
X509 *cert = SSL_get_peer_certificate(ssl); X509 *cert = SSL_get_peer_certificate(ssl);
if (cert == NULL) if (cert == NULL)
 End of changes. 7 change blocks. 
14 lines changed or deleted 14 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)