a few deleted whitespaces + Trou's patch: allows to trust when not connected / allow self-signed certs when in basic ssl mode / permit connection to serveurs w/o a motd
This commit is contained in:
nohar
parent
6a1ec2724b
commit
5574a6d335
@ -59,7 +59,7 @@ int conf_blreset_on_talk = 0;
|
|||||||
list_t *parse_conf(FILE *file);
|
list_t *parse_conf(FILE *file);
|
||||||
static void conf_die(char *fmt, ...);
|
static void conf_die(char *fmt, ...);
|
||||||
#ifdef HAVE_LIBSSL
|
#ifdef HAVE_LIBSSL
|
||||||
static int adm_trust(struct link_client *ic, struct line *line);
|
int adm_trust(struct link_client *ic, struct line *line);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
static void hash_binary(char *hex, unsigned char **password, unsigned int *seed)
|
static void hash_binary(char *hex, unsigned char **password, unsigned int *seed)
|
||||||
@ -1078,7 +1078,7 @@ static int ssl_discard_next_cert(struct link_client *ic)
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef HAVE_LIBSSL
|
#ifdef HAVE_LIBSSL
|
||||||
static int adm_trust(struct link_client *ic, struct line *line)
|
int adm_trust(struct link_client *ic, struct line *line)
|
||||||
{
|
{
|
||||||
if (ic->allow_trust != 1) {
|
if (ic->allow_trust != 1) {
|
||||||
mylog(LOG_ERROR, "User attempted TRUST command without "
|
mylog(LOG_ERROR, "User attempted TRUST command without "
|
||||||
@ -1102,7 +1102,7 @@ static int adm_trust(struct link_client *ic, struct line *line)
|
|||||||
/* OK, attempt to trust the cert! */
|
/* OK, attempt to trust the cert! */
|
||||||
BIO *bio = BIO_new_file(LINK(ic)->ssl_check_store, "a+");
|
BIO *bio = BIO_new_file(LINK(ic)->ssl_check_store, "a+");
|
||||||
X509 *trustcert = sk_X509_shift(LINK(ic)->untrusted_certs);
|
X509 *trustcert = sk_X509_shift(LINK(ic)->untrusted_certs);
|
||||||
|
|
||||||
if(!bio || !trustcert ||
|
if(!bio || !trustcert ||
|
||||||
PEM_write_bio_X509(bio, trustcert) <= 0)
|
PEM_write_bio_X509(bio, trustcert) <= 0)
|
||||||
write_line_fast(CONN(ic), ":irc.bip.net NOTICE pouet "
|
write_line_fast(CONN(ic), ":irc.bip.net NOTICE pouet "
|
||||||
|
|||||||
@ -62,6 +62,9 @@ struct c_channel
|
|||||||
char *key;
|
char *key;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
#ifdef HAVE_LIBSSL
|
||||||
|
int adm_trust(struct link_client *ic, struct line *line);
|
||||||
|
#endif
|
||||||
int adm_bip(struct link_client *ic, struct line *line);
|
int adm_bip(struct link_client *ic, struct line *line);
|
||||||
int ssl_check_trust(struct link_client *ic);
|
int ssl_check_trust(struct link_client *ic);
|
||||||
void adm_blreset(struct link_client *ic);
|
void adm_blreset(struct link_client *ic);
|
||||||
|
|||||||
@ -855,13 +855,13 @@ static void create_socket(char *dsthostname, char *dstport, char *srchostname,
|
|||||||
int err;
|
int err;
|
||||||
struct connecting_data *cdata;
|
struct connecting_data *cdata;
|
||||||
struct addrinfo hint;
|
struct addrinfo hint;
|
||||||
|
|
||||||
memset(&hint, 0, sizeof(hint));
|
memset(&hint, 0, sizeof(hint));
|
||||||
hint.ai_flags = AI_PASSIVE;
|
hint.ai_flags = AI_PASSIVE;
|
||||||
hint.ai_family = PF_UNSPEC;
|
hint.ai_family = PF_UNSPEC;
|
||||||
hint.ai_socktype = SOCK_STREAM;
|
hint.ai_socktype = SOCK_STREAM;
|
||||||
hint.ai_protocol = 0;
|
hint.ai_protocol = 0;
|
||||||
|
|
||||||
cn->connected = CONN_ERROR;
|
cn->connected = CONN_ERROR;
|
||||||
cdata = (struct connecting_data *)
|
cdata = (struct connecting_data *)
|
||||||
malloc(sizeof(struct connecting_data));
|
malloc(sizeof(struct connecting_data));
|
||||||
@ -888,7 +888,7 @@ static void create_socket(char *dsthostname, char *dstport, char *srchostname,
|
|||||||
cdata->src = NULL;
|
cdata->src = NULL;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
cdata->cur = cdata->dst;
|
cdata->cur = cdata->dst;
|
||||||
cn->connecting_data = cdata;
|
cn->connecting_data = cdata;
|
||||||
|
|
||||||
@ -1177,7 +1177,8 @@ static int bip_ssl_verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
|
|||||||
if (c->ssl_check_mode == SSL_CHECK_BASIC && depth == 0 && result == 0 &&
|
if (c->ssl_check_mode == SSL_CHECK_BASIC && depth == 0 && result == 0 &&
|
||||||
(err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY ||
|
(err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY ||
|
||||||
err == X509_V_ERR_CERT_UNTRUSTED ||
|
err == X509_V_ERR_CERT_UNTRUSTED ||
|
||||||
err == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE)) {
|
err == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE ||
|
||||||
|
err == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)) {
|
||||||
|
|
||||||
if (X509_STORE_get_by_subject(ctx, X509_LU_X509,
|
if (X509_STORE_get_by_subject(ctx, X509_LU_X509,
|
||||||
X509_get_subject_name(err_cert), &xobj) > 0 &&
|
X509_get_subject_name(err_cert), &xobj) > 0 &&
|
||||||
|
|||||||
32
src/irc.c
32
src/irc.c
@ -420,10 +420,17 @@ int irc_dispatch_server(struct link_server *server, struct line *line)
|
|||||||
ret = OK_FORGET;
|
ret = OK_FORGET;
|
||||||
if (strcmp(line->elemv[0], "376") == 0) /* end of motd */
|
if (strcmp(line->elemv[0], "376") == 0) /* end of motd */
|
||||||
irc_server_connected(server);
|
irc_server_connected(server);
|
||||||
|
else if (strcmp(line->elemv[0], "422") == 0) /* no motd */
|
||||||
|
irc_server_connected(server);
|
||||||
|
|
||||||
} else if (LINK(server)->s_state == IRCS_CONNECTING) {
|
} else if (LINK(server)->s_state == IRCS_CONNECTING) {
|
||||||
ret = OK_FORGET;
|
ret = OK_FORGET;
|
||||||
if (strcmp(line->elemv[0], "NOTICE") == 0) {
|
if (strcmp(line->elemv[0], "NOTICE") == 0) {
|
||||||
} else if (strcmp(line->elemv[0], "376") == 0) {
|
} else if (strcmp(line->elemv[0], "376") == 0) { /* end of motd */
|
||||||
|
irc_server_connected(server);
|
||||||
|
list_add_last(&LINK(server)->init_strings,
|
||||||
|
irc_line_dup(line));
|
||||||
|
} else if (strcmp(line->elemv[0], "422") == 0) { /* no motd */
|
||||||
irc_server_connected(server);
|
irc_server_connected(server);
|
||||||
list_add_last(&LINK(server)->init_strings,
|
list_add_last(&LINK(server)->init_strings,
|
||||||
irc_line_dup(line));
|
irc_line_dup(line));
|
||||||
@ -702,12 +709,13 @@ static int irc_cli_startup(struct link_client *ic, struct line *line,
|
|||||||
if (LINK(ic)->s_state != IRCS_CONNECTED) {
|
if (LINK(ic)->s_state != IRCS_CONNECTED) {
|
||||||
/* Check if we have an untrusted certificate from the server */
|
/* Check if we have an untrusted certificate from the server */
|
||||||
if (ssl_check_trust(ic)) {
|
if (ssl_check_trust(ic)) {
|
||||||
|
TYPE(ic) = IRC_TYPE_TRUST_CLIENT;
|
||||||
ic->allow_trust = 1;
|
ic->allow_trust = 1;
|
||||||
free(init_nick);
|
free(init_nick);
|
||||||
return OK_FORGET;
|
return OK_FORGET;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if (LINK(ic)->s_state == IRCS_NONE) {
|
if (LINK(ic)->s_state == IRCS_NONE) {
|
||||||
/* drop it if corresponding server hasn't connected at all. */
|
/* drop it if corresponding server hasn't connected at all. */
|
||||||
@ -985,6 +993,21 @@ static int irc_cli_part(struct link_client *irc, struct line *line)
|
|||||||
return OK_COPY;
|
return OK_COPY;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifdef HAVE_LIBSSL
|
||||||
|
static int irc_dispatch_trust_client(struct link_client *ic, struct line *line)
|
||||||
|
{
|
||||||
|
int r = OK_COPY;
|
||||||
|
if (line->elemc < 2)
|
||||||
|
return ERR_PROTOCOL;
|
||||||
|
|
||||||
|
if (strcmp(line->elemv[0], "BIP") == 0 &&
|
||||||
|
strcmp(line->elemv[1], "TRUST") == 0)
|
||||||
|
r = adm_trust(ic, line);
|
||||||
|
|
||||||
|
return r;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
int irc_cli_bip(struct link_client *ic, struct line *line);
|
int irc_cli_bip(struct link_client *ic, struct line *line);
|
||||||
static int irc_dispatch_client(struct link_client *ic, struct line *line)
|
static int irc_dispatch_client(struct link_client *ic, struct line *line)
|
||||||
{
|
{
|
||||||
@ -1120,6 +1143,11 @@ int irc_dispatch(struct link_any *l, struct line *line, list_t *linkl)
|
|||||||
return irc_dispatch_loging_client((struct link_client*)l,
|
return irc_dispatch_loging_client((struct link_client*)l,
|
||||||
line, linkl);
|
line, linkl);
|
||||||
break;
|
break;
|
||||||
|
#ifdef HAVE_LIBSSL
|
||||||
|
case IRC_TYPE_TRUST_CLIENT:
|
||||||
|
return irc_dispatch_trust_client((struct link_client*)l, line);
|
||||||
|
break;
|
||||||
|
#endif
|
||||||
default:
|
default:
|
||||||
fatal("gnéééééé");
|
fatal("gnéééééé");
|
||||||
}
|
}
|
||||||
|
|||||||
@ -59,6 +59,7 @@ struct channel {
|
|||||||
#define IRC_TYPE_CLIENT (0)
|
#define IRC_TYPE_CLIENT (0)
|
||||||
#define IRC_TYPE_SERVER (1)
|
#define IRC_TYPE_SERVER (1)
|
||||||
#define IRC_TYPE_LOGING_CLIENT (2)
|
#define IRC_TYPE_LOGING_CLIENT (2)
|
||||||
|
#define IRC_TYPE_TRUST_CLIENT (3)
|
||||||
|
|
||||||
struct link {
|
struct link {
|
||||||
char *name; /* id */
|
char *name; /* id */
|
||||||
|
|||||||
@ -106,14 +106,14 @@ void _mylog(int level, char *fmt, va_list ap)
|
|||||||
prefix = "";
|
prefix = "";
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
fprintf(conf_global_log_file, "%s %s", timestamp(), prefix);
|
fprintf(conf_global_log_file, "%s %s", timestamp(), prefix);
|
||||||
vfprintf(conf_global_log_file, fmt, ap);
|
vfprintf(conf_global_log_file, fmt, ap);
|
||||||
fprintf(conf_global_log_file, "\n");
|
fprintf(conf_global_log_file, "\n");
|
||||||
#ifdef DEBUG
|
#ifdef DEBUG
|
||||||
fflush(conf_global_log_file);
|
fflush(conf_global_log_file);
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
void mylog(int level, char *fmt, ...)
|
void mylog(int level, char *fmt, ...)
|
||||||
{
|
{
|
||||||
@ -132,7 +132,7 @@ void fatal(char *fmt, ...)
|
|||||||
{
|
{
|
||||||
va_list ap;
|
va_list ap;
|
||||||
va_start(ap, fmt);
|
va_start(ap, fmt);
|
||||||
|
|
||||||
_mylog(LOG_FATAL, fmt, ap);
|
_mylog(LOG_FATAL, fmt, ap);
|
||||||
|
|
||||||
va_end(ap);
|
va_end(ap);
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user