projects
/
citadel.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
bc94b11
)
openssl 1.1 in client
author
Art Cancro
<ajc@citadel.org>
Mon, 1 Jan 2018 22:41:19 +0000
(17:41 -0500)
committer
Art Cancro
<ajc@citadel.org>
Mon, 1 Jan 2018 22:41:19 +0000
(17:41 -0500)
textclient/src/citadel_ipc.c
patch
|
blob
|
history
diff --git
a/textclient/src/citadel_ipc.c
b/textclient/src/citadel_ipc.c
index 0ec44ed27af70f2daca32b3b5e191f89d0d9aaca..e5767357567a7b8484f7e3f957f6f6c88692c3aa 100644
(file)
--- a/
textclient/src/citadel_ipc.c
+++ b/
textclient/src/citadel_ipc.c
@@
-1,5
+1,5
@@
/*
/*
- * Copyright (c) 1987-201
7
by the citadel.org team
+ * Copyright (c) 1987-201
8
by the citadel.org team
*
* This program is open source software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 3.
*
* This program is open source software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 3.
@@
-2186,8
+2186,7
@@
int CtdlIPCStartEncryption(CtdlIPC *ipc, char *cret)
/* New SSL object */
temp_ssl = SSL_new(ssl_ctx);
if (!temp_ssl) {
/* New SSL object */
temp_ssl = SSL_new(ssl_ctx);
if (!temp_ssl) {
- error_printf("SSL_new failed: %s\n",
- ERR_reason_error_string(ERR_get_error()));
+ error_printf("SSL_new failed: %s\n", ERR_reason_error_string(ERR_get_error()));
return -2;
}
/* Pointless flag waving */
return -2;
}
/* Pointless flag waving */
@@
-2195,35
+2194,18
@@
int CtdlIPCStartEncryption(CtdlIPC *ipc, char *cret)
SSL_set_session_id_context(temp_ssl, (const unsigned char*) "Citadel SID", 14);
#endif
SSL_set_session_id_context(temp_ssl, (const unsigned char*) "Citadel SID", 14);
#endif
- if (!access(EGD_POOL, F_OK))
- RAND_egd(EGD_POOL);
-
- if (!RAND_status()) {
- error_printf("PRNG not properly seeded\n");
- return -2;
- }
-
/* Associate network connection with SSL object */
if (SSL_set_fd(temp_ssl, ipc->sock) < 1) {
/* Associate network connection with SSL object */
if (SSL_set_fd(temp_ssl, ipc->sock) < 1) {
- error_printf("SSL_set_fd failed: %s\n",
- ERR_reason_error_string(ERR_get_error()));
+ error_printf("SSL_set_fd failed: %s\n", ERR_reason_error_string(ERR_get_error()));
return -2;
}
return -2;
}
- if (status_hook != NULL)
+ if (status_hook != NULL)
{
status_hook("Requesting encryption...\r");
status_hook("Requesting encryption...\r");
+ }
/* Ready to start SSL/TLS */
/* Ready to start SSL/TLS */
- /* Old code
- CtdlIPC_putline(ipc, "STLS");
- CtdlIPC_getline(ipc, buf);
- if (buf[0] != '2') {
- error_printf("Server can't start TLS: %s\n", buf);
- return 0;
- }
- */
- r = CtdlIPCGenericCommand(ipc,
- "STLS", NULL, 0, NULL, NULL, cret);
+ r = CtdlIPCGenericCommand(ipc, "STLS", NULL, 0, NULL, NULL, cret);
if (r / 100 != 2) {
error_printf("Server can't start TLS: %s\n", buf);
endtls(temp_ssl);
if (r / 100 != 2) {
error_printf("Server can't start TLS: %s\n", buf);
endtls(temp_ssl);
@@
-2232,23
+2214,16
@@
int CtdlIPCStartEncryption(CtdlIPC *ipc, char *cret)
/* Do SSL/TLS handshake */
if ((a = SSL_connect(temp_ssl)) < 1) {
/* Do SSL/TLS handshake */
if ((a = SSL_connect(temp_ssl)) < 1) {
- error_printf("SSL_connect failed: %s\n",
- ERR_reason_error_string(ERR_get_error()));
+ error_printf("SSL_connect failed: %s\n", ERR_reason_error_string(ERR_get_error()));
endtls(temp_ssl);
return -2;
}
ipc->ssl = temp_ssl;
endtls(temp_ssl);
return -2;
}
ipc->ssl = temp_ssl;
- if (BIO_set_close(ipc->ssl->rbio, BIO_NOCLOSE))
- {
- int bits, alg_bits;
-
- bits = SSL_CIPHER_get_bits(SSL_get_current_cipher(ipc->ssl), &alg_bits);
- error_printf("Encrypting with %s cipher %s (%d of %d bits)\n",
- SSL_CIPHER_get_version(SSL_get_current_cipher(ipc->ssl)),
- SSL_CIPHER_get_name(SSL_get_current_cipher(ipc->ssl)),
- bits, alg_bits);
- }
+ error_printf("Encrypting with %s cipher %s\n",
+ SSL_CIPHER_get_version(SSL_get_current_cipher(ipc->ssl)),
+ SSL_CIPHER_get_name(SSL_get_current_cipher(ipc->ssl))
+ );
return r;
#else
return 0;
return r;
#else
return 0;
@@
-2996,8
+2971,7
@@
static void CtdlIPC_init_OpenSSL(void)
ssl_method = SSLv23_client_method();
ssl_ctx = SSL_CTX_new(ssl_method);
if (!ssl_ctx) {
ssl_method = SSLv23_client_method();
ssl_ctx = SSL_CTX_new(ssl_method);
if (!ssl_ctx) {
- error_printf("SSL_CTX_new failed: %s\n",
- ERR_reason_error_string(ERR_get_error()));
+ error_printf("SSL_CTX_new failed: %s\n", ERR_reason_error_string(ERR_get_error()));
return;
}
/* Any reasonable cipher we can get */
return;
}
/* Any reasonable cipher we can get */
@@
-3006,27
+2980,20
@@
static void CtdlIPC_init_OpenSSL(void)
return;
}
SSL_CTX_set_session_cache_mode(ssl_ctx, SSL_SESS_CACHE_BOTH);
return;
}
SSL_CTX_set_session_cache_mode(ssl_ctx, SSL_SESS_CACHE_BOTH);
-
+
/* Load DH parameters into the context */
dh = DH_new();
if (!dh) {
/* Load DH parameters into the context */
dh = DH_new();
if (!dh) {
- error_printf("Can't allocate a DH object: %s\n",
- ERR_reason_error_string(ERR_get_error()));
- return;
- }
- if (!(BN_hex2bn(&(dh->p), DH_P))) {
- error_printf("Can't assign DH_P: %s\n",
- ERR_reason_error_string(ERR_get_error()));
- DH_free(dh);
+ error_printf("Can't allocate a DH object: %s\n", ERR_reason_error_string(ERR_get_error()));
return;
}
return;
}
- if (!(BN_hex2bn(&(dh->g), DH_G))) {
- error_printf("Can't assign DH_G: %s\n",
-
ERR_reason_error_string(ERR_get_error()));
+
+ if (!(DH_generate_parameters_ex(dh, 128, DH_GENERATOR_2, 0))) {
+
error_printf("Can't generate DH parameters: %s\n",
ERR_reason_error_string(ERR_get_error()));
DH_free(dh);
return;
}
DH_free(dh);
return;
}
- dh->length = DH_L;
+
SSL_CTX_set_tmp_dh(ssl_ctx, dh);
DH_free(dh);
SSL_CTX_set_tmp_dh(ssl_ctx, dh);
DH_free(dh);
@@
-3067,7
+3034,6
@@
int
ReadNetworkChunk(CtdlIPC* ipc)
{
fd_set read_fd;
ReadNetworkChunk(CtdlIPC* ipc)
{
fd_set read_fd;
-/* int tries;*/
int ret = 0;
int err = 0;
struct timeval tv;
int ret = 0;
int err = 0;
struct timeval tv;
@@
-3084,12
+3050,9
@@
ReadNetworkChunk(CtdlIPC* ipc)
FD_SET(ipc->sock, &read_fd);
ret = select(ipc->sock+1, &read_fd, NULL, NULL, &tv);
FD_SET(ipc->sock, &read_fd);
ret = select(ipc->sock+1, &read_fd, NULL, NULL, &tv);
-// fprintf(stderr, "\nselect failed: %d %d %s\n", ret, err, strerror(err));
-
if (ret > 0) {
*(ipc->BufPtr) = '\0';
if (ret > 0) {
*(ipc->BufPtr) = '\0';
-// n = read(ipc->sock, ipc->BufPtr, ipc->BufSize - (ipc->BufPtr - ipc->Buf) - 1);
n = recv(ipc->sock, ipc->BufPtr, ipc->BufSize - (ipc->BufPtr - ipc->Buf) - 1, 0);
if (n > 0) {
ipc->BufPtr[n]='\0';
n = recv(ipc->sock, ipc->BufPtr, ipc->BufSize - (ipc->BufPtr - ipc->Buf) - 1, 0);
if (n > 0) {
ipc->BufPtr[n]='\0';
@@
-3331,11
+3294,13
@@
CtdlIPC* CtdlIPC_new(int argc, char **argv, char *hostbuf, char *portbuf)
strcpy(cithost, DEFAULT_HOST); /* default host */
strcpy(citport, DEFAULT_PORT); /* default port */
strcpy(cithost, DEFAULT_HOST); /* default host */
strcpy(citport, DEFAULT_PORT); /* default port */
- /* Allow caller to supply our values
(Windows)
*/
- if (hostbuf && strlen(hostbuf) > 0)
+ /* Allow caller to supply our values */
+ if (hostbuf && strlen(hostbuf) > 0)
{
strcpy(cithost, hostbuf);
strcpy(cithost, hostbuf);
- if (portbuf && strlen(portbuf) > 0)
+ }
+ if (portbuf && strlen(portbuf) > 0) {
strcpy(citport, portbuf);
strcpy(citport, portbuf);
+ }
/* Read host/port from command line if present */
for (a = 0; a < argc; ++a) {
/* Read host/port from command line if present */
for (a = 0; a < argc; ++a) {