| 243 |
|
client_p->from = NULL; /* ...this should catch them! >:) --msa */ |
| 244 |
|
} |
| 245 |
|
|
| 246 |
– |
/* Base16 encoding is: |
| 247 |
– |
* Copyright (c) 2001-2004, Roger Dingledine |
| 248 |
– |
* Copyright (c) 2004-2007, Roger Dingledine, Nick Mathewson |
| 249 |
– |
* |
| 250 |
– |
* Redistribution and use in source and binary forms, with or without |
| 251 |
– |
* modification, are permitted provided that the following conditions are |
| 252 |
– |
* met: |
| 253 |
– |
* |
| 254 |
– |
* Redistributions of source code must retain the above copyright |
| 255 |
– |
* notice, this list of conditions and the following disclaimer. |
| 256 |
– |
|
| 257 |
– |
* Redistributions in binary form must reproduce the above copyright notice, |
| 258 |
– |
* this list of conditions and the following disclaimer |
| 259 |
– |
* in the documentation and/or other materials provided with the distribution. |
| 260 |
– |
* |
| 261 |
– |
* Neither the names of the copyright owners nor the names of its |
| 262 |
– |
* contributors may be used to endorse or promote products derived from |
| 263 |
– |
* this software without specific prior written permission. |
| 264 |
– |
|
| 265 |
– |
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
| 266 |
– |
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
| 267 |
– |
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
| 268 |
– |
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT |
| 269 |
– |
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
| 270 |
– |
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
| 271 |
– |
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
| 272 |
– |
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
| 273 |
– |
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| 274 |
– |
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
| 275 |
– |
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 276 |
– |
*/ |
| 277 |
– |
static void |
| 278 |
– |
base16_encode(char *dest, size_t destlen, const char *src, size_t srclen) |
| 279 |
– |
{ |
| 280 |
– |
const char *end; |
| 281 |
– |
char *cp; |
| 282 |
– |
|
| 283 |
– |
assert(destlen >= srclen * 2 + 1); |
| 284 |
– |
|
| 285 |
– |
cp = dest; |
| 286 |
– |
end = src + srclen; |
| 287 |
– |
|
| 288 |
– |
while (src < end) |
| 289 |
– |
{ |
| 290 |
– |
*cp++ = "0123456789ABCDEF"[(*(const uint8_t *)src) >> 4]; |
| 291 |
– |
*cp++ = "0123456789ABCDEF"[(*(const uint8_t *)src) & 0xf]; |
| 292 |
– |
++src; |
| 293 |
– |
} |
| 294 |
– |
|
| 295 |
– |
*cp = '\0'; |
| 296 |
– |
} |
| 297 |
– |
|
| 246 |
|
#ifdef HAVE_LIBCRYPTO |
| 247 |
|
/* |
| 248 |
|
* ssl_handshake - let OpenSSL initialize the protocol. Register for |
| 260 |
|
if ((cert = SSL_get_peer_certificate(client_p->localClient->fd.ssl))) |
| 261 |
|
{ |
| 262 |
|
int res = SSL_get_verify_result(client_p->localClient->fd.ssl); |
| 263 |
< |
char buf[SHA_DIGEST_LENGTH * 2 + 1] = { '\0' }; |
| 263 |
> |
char buf[EVP_MAX_MD_SIZE * 2 + 1] = { '\0' }; |
| 264 |
> |
unsigned char md[EVP_MAX_MD_SIZE * 2 + 1] = { '\0' }; |
| 265 |
|
|
| 266 |
|
if (res == X509_V_OK || res == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN || |
| 267 |
|
res == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE || |
| 268 |
|
res == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) |
| 269 |
|
{ |
| 270 |
< |
base16_encode(buf, sizeof(buf), |
| 271 |
< |
(const char *)cert->sha1_hash, sizeof(cert->sha1_hash)); |
| 272 |
< |
client_p->certfp = xstrdup(buf); |
| 270 |
> |
unsigned int i = 0, n = 0; |
| 271 |
> |
|
| 272 |
> |
if (X509_digest(cert, EVP_sha256(), md, &n)) |
| 273 |
> |
{ |
| 274 |
> |
for (; i < n; ++i) |
| 275 |
> |
snprintf(buf + 2 * i, 3, "%02X", md[i]); |
| 276 |
> |
client_p->certfp = xstrdup(buf); |
| 277 |
> |
} |
| 278 |
|
} |
| 279 |
|
else |
| 280 |
|
ilog(LOG_TYPE_IRCD, "Client %s!%s@%s gave bad SSL client certificate: %d", |
| 368 |
|
return; |
| 369 |
|
} |
| 370 |
|
|
| 371 |
+ |
AddFlag(new_client, FLAGS_SSL); |
| 372 |
|
SSL_set_fd(new_client->localClient->fd.ssl, fd); |
| 373 |
|
ssl_handshake(0, new_client); |
| 374 |
|
} |
