diff --git a/src/bip.c b/src/bip.c index 0bc83d3..aed0695 100644 --- a/src/bip.c +++ b/src/bip.c @@ -59,7 +59,7 @@ int conf_blreset_on_talk = 0; list_t *parse_conf(FILE *file); static void conf_die(char *fmt, ...); #ifdef HAVE_LIBSSL -static int adm_trust(struct link_client *ic, struct line *line); +int adm_trust(struct link_client *ic, struct line *line); #endif static void hash_binary(char *hex, unsigned char **password, unsigned int *seed) @@ -1078,7 +1078,7 @@ static int ssl_discard_next_cert(struct link_client *ic) #endif #ifdef HAVE_LIBSSL -static int adm_trust(struct link_client *ic, struct line *line) +int adm_trust(struct link_client *ic, struct line *line) { if (ic->allow_trust != 1) { mylog(LOG_ERROR, "User attempted TRUST command without " @@ -1102,7 +1102,7 @@ static int adm_trust(struct link_client *ic, struct line *line) /* OK, attempt to trust the cert! */ BIO *bio = BIO_new_file(LINK(ic)->ssl_check_store, "a+"); X509 *trustcert = sk_X509_shift(LINK(ic)->untrusted_certs); - + if(!bio || !trustcert || PEM_write_bio_X509(bio, trustcert) <= 0) write_line_fast(CONN(ic), ":irc.bip.net NOTICE pouet " diff --git a/src/bip.h b/src/bip.h index 99c1848..65af54b 100644 --- a/src/bip.h +++ b/src/bip.h @@ -62,6 +62,9 @@ struct c_channel char *key; }; +#ifdef HAVE_LIBSSL +int adm_trust(struct link_client *ic, struct line *line); +#endif int adm_bip(struct link_client *ic, struct line *line); int ssl_check_trust(struct link_client *ic); void adm_blreset(struct link_client *ic); diff --git a/src/connection.c b/src/connection.c index 237394f..3c64a70 100644 --- a/src/connection.c +++ b/src/connection.c @@ -855,13 +855,13 @@ static void create_socket(char *dsthostname, char *dstport, char *srchostname, int err; struct connecting_data *cdata; struct addrinfo hint; - + memset(&hint, 0, sizeof(hint)); hint.ai_flags = AI_PASSIVE; hint.ai_family = PF_UNSPEC; hint.ai_socktype = SOCK_STREAM; hint.ai_protocol = 0; - + cn->connected = CONN_ERROR; cdata = (struct connecting_data *) malloc(sizeof(struct connecting_data)); @@ -888,7 +888,7 @@ static void create_socket(char *dsthostname, char *dstport, char *srchostname, cdata->src = NULL; } } - + cdata->cur = cdata->dst; cn->connecting_data = cdata; @@ -1177,7 +1177,8 @@ static int bip_ssl_verify_callback(int preverify_ok, X509_STORE_CTX *ctx) if (c->ssl_check_mode == SSL_CHECK_BASIC && depth == 0 && result == 0 && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY || err == X509_V_ERR_CERT_UNTRUSTED || - err == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE)) { + err == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE || + err == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)) { if (X509_STORE_get_by_subject(ctx, X509_LU_X509, X509_get_subject_name(err_cert), &xobj) > 0 && diff --git a/src/irc.c b/src/irc.c index d5e6033..e857280 100644 --- a/src/irc.c +++ b/src/irc.c @@ -420,10 +420,17 @@ int irc_dispatch_server(struct link_server *server, struct line *line) ret = OK_FORGET; if (strcmp(line->elemv[0], "376") == 0) /* end of motd */ irc_server_connected(server); + else if (strcmp(line->elemv[0], "422") == 0) /* no motd */ + irc_server_connected(server); + } else if (LINK(server)->s_state == IRCS_CONNECTING) { ret = OK_FORGET; if (strcmp(line->elemv[0], "NOTICE") == 0) { - } else if (strcmp(line->elemv[0], "376") == 0) { + } else if (strcmp(line->elemv[0], "376") == 0) { /* end of motd */ + irc_server_connected(server); + list_add_last(&LINK(server)->init_strings, + irc_line_dup(line)); + } else if (strcmp(line->elemv[0], "422") == 0) { /* no motd */ irc_server_connected(server); list_add_last(&LINK(server)->init_strings, irc_line_dup(line)); @@ -702,12 +709,13 @@ static int irc_cli_startup(struct link_client *ic, struct line *line, if (LINK(ic)->s_state != IRCS_CONNECTED) { /* Check if we have an untrusted certificate from the server */ if (ssl_check_trust(ic)) { + TYPE(ic) = IRC_TYPE_TRUST_CLIENT; ic->allow_trust = 1; free(init_nick); return OK_FORGET; } } -#endif +#endif if (LINK(ic)->s_state == IRCS_NONE) { /* drop it if corresponding server hasn't connected at all. */ @@ -985,6 +993,21 @@ static int irc_cli_part(struct link_client *irc, struct line *line) return OK_COPY; } +#ifdef HAVE_LIBSSL +static int irc_dispatch_trust_client(struct link_client *ic, struct line *line) +{ + int r = OK_COPY; + if (line->elemc < 2) + return ERR_PROTOCOL; + + if (strcmp(line->elemv[0], "BIP") == 0 && + strcmp(line->elemv[1], "TRUST") == 0) + r = adm_trust(ic, line); + + return r; +} +#endif + int irc_cli_bip(struct link_client *ic, struct line *line); static int irc_dispatch_client(struct link_client *ic, struct line *line) { @@ -1120,6 +1143,11 @@ int irc_dispatch(struct link_any *l, struct line *line, list_t *linkl) return irc_dispatch_loging_client((struct link_client*)l, line, linkl); break; +#ifdef HAVE_LIBSSL + case IRC_TYPE_TRUST_CLIENT: + return irc_dispatch_trust_client((struct link_client*)l, line); + break; +#endif default: fatal("gnéééééé"); } diff --git a/src/irc.h b/src/irc.h index 185f3fb..d7c19b1 100644 --- a/src/irc.h +++ b/src/irc.h @@ -59,6 +59,7 @@ struct channel { #define IRC_TYPE_CLIENT (0) #define IRC_TYPE_SERVER (1) #define IRC_TYPE_LOGING_CLIENT (2) +#define IRC_TYPE_TRUST_CLIENT (3) struct link { char *name; /* id */ diff --git a/src/util.c b/src/util.c index 45a0685..939e351 100644 --- a/src/util.c +++ b/src/util.c @@ -106,14 +106,14 @@ void _mylog(int level, char *fmt, va_list ap) prefix = ""; break; } - + fprintf(conf_global_log_file, "%s %s", timestamp(), prefix); vfprintf(conf_global_log_file, fmt, ap); fprintf(conf_global_log_file, "\n"); #ifdef DEBUG fflush(conf_global_log_file); #endif -} +} void mylog(int level, char *fmt, ...) { @@ -132,7 +132,7 @@ void fatal(char *fmt, ...) { va_list ap; va_start(ap, fmt); - + _mylog(LOG_FATAL, fmt, ap); va_end(ap);