ViewVC Help
View File | Revision Log | Show Annotations | View Changeset | Root Listing
root/svn/ircd-hybrid/trunk/src/tls_openssl.c
(Generate patch)

Comparing ircd-hybrid/trunk/src/tls_openssl.c (file contents):
Revision 7148 by michael, Thu Jan 28 10:04:06 2016 UTC vs.
Revision 7278 by michael, Sun Feb 7 15:28:26 2016 UTC

# Line 1 | Line 1
1   /*
2   *  ircd-hybrid: an advanced, lightweight Internet Relay Chat Daemon (ircd)
3   *
4 *  Copyright (c) 2005-2016 ircd-hybrid development team
4   *  Copyright (c) 2015 Attila Molnar <attilamolnar@hush.com>
5   *  Copyright (c) 2015 Adam <Adam@anope.org>
6 + *  Copyright (c) 2005-2016 ircd-hybrid development team
7   *
8   *  This program is free software; you can redistribute it and/or modify
9   *  it under the terms of the GNU General Public License as published by
# Line 30 | Line 30
30   #include "tls.h"
31   #include "conf.h"
32   #include "log.h"
33 < #include "rsa.h"
33 > #include "misc.h"
34   #include "memory.h"
35  
36   #ifdef HAVE_TLS_OPENSSL
37  
38 + static int TLS_initialized;
39 +
40 + /*
41 + * report_crypto_errors - Dump crypto error list to log
42 + */
43 + static void
44 + report_crypto_errors(void)
45 + {
46 +  unsigned long e = 0;
47 +
48 +  while ((e = ERR_get_error()))
49 +    ilog(LOG_TYPE_IRCD, "SSL error: %s", ERR_error_string(e, 0));
50 + }
51 +
52   static int
53   always_accept_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
54   {
55    return 1;
56   }
57  
58 + int
59 + tls_is_initialized(void)
60 + {
61 +  return TLS_initialized;
62 + }
63 +
64   /* tls_init()
65   *
66   * inputs       - nothing
# Line 57 | Line 77 | tls_init(void)
77    {
78      const char *s = ERR_lib_error_string(ERR_get_error());
79  
80 <    fprintf(stderr, "ERROR: Could not initialize the SSL Server context -- %s\n", s);
61 <    ilog(LOG_TYPE_IRCD, "ERROR: Could not initialize the SSL Server context -- %s", s);
80 >    ilog(LOG_TYPE_IRCD, "ERROR: Could not initialize the TLS Server context -- %s", s);
81      exit(EXIT_FAILURE);
82      return;  /* Not reached */
83    }
# Line 70 | Line 89 | tls_init(void)
89    SSL_CTX_set_session_cache_mode(ConfigServerInfo.tls_ctx.server_ctx, SSL_SESS_CACHE_OFF);
90    SSL_CTX_set_cipher_list(ConfigServerInfo.tls_ctx.server_ctx, "EECDH+HIGH:EDH+HIGH:HIGH:!aNULL");
91  
92 < #if OPENSSL_VERSION_NUMBER >= 0x009080FFL && !defined(OPENSSL_NO_ECDH)
93 <  {
75 <    EC_KEY *key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
92 > #ifndef OPENSSL_NO_ECDH
93 >  EC_KEY *key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
94  
95 <    if (key)
96 <    {
97 <      SSL_CTX_set_tmp_ecdh(ConfigServerInfo.tls_ctx.server_ctx, key);
98 <      EC_KEY_free(key);
81 <    }
95 >  if (key)
96 >  {
97 >    SSL_CTX_set_tmp_ecdh(ConfigServerInfo.tls_ctx.server_ctx, key);
98 >    EC_KEY_free(key);
99    }
100  
101    SSL_CTX_set_options(ConfigServerInfo.tls_ctx.server_ctx, SSL_OP_SINGLE_ECDH_USE);
# Line 88 | Line 105 | tls_init(void)
105    {
106      const char *s = ERR_lib_error_string(ERR_get_error());
107  
108 <    fprintf(stderr, "ERROR: Could not initialize the SSL Client context -- %s\n", s);
92 <    ilog(LOG_TYPE_IRCD, "ERROR: Could not initialize the SSL Client context -- %s", s);
108 >    ilog(LOG_TYPE_IRCD, "ERROR: Could not initialize the TLS Client context -- %s", s);
109      exit(EXIT_FAILURE);
110      return;  /* Not reached */
111    }
# Line 104 | Line 120 | tls_init(void)
120   int
121   tls_new_cred(void)
122   {
123 +  TLS_initialized = 0;
124 +
125    if (!ConfigServerInfo.ssl_certificate_file || !ConfigServerInfo.rsa_private_key_file)
126      return 1;
127  
# Line 152 | Line 170 | tls_new_cred(void)
170        ilog(LOG_TYPE_IRCD, "Ignoring serverinfo::ssl_dh_param_file -- could not open/read Diffie-Hellman parameter file");
171    }
172  
173 < #if OPENSSL_VERSION_NUMBER >= 0x009080FFL && !defined(OPENSSL_NO_ECDH)
173 > #ifndef OPENSSL_NO_ECDH
174    if (ConfigServerInfo.ssl_dh_elliptic_curve)
175    {
176      int nid = 0;
# Line 196 | Line 214 | set_default_curve:
214      }
215    }
216  
217 +  if (ConfigServerInfo.ssl_cipher_list)
218 +    SSL_CTX_set_cipher_list(ConfigServerInfo.tls_ctx.server_ctx, ConfigServerInfo.ssl_cipher_list);
219 +
220 +  TLS_initialized = 1;
221    return 1;
222   }
223  
# Line 307 | Line 329 | tls_new(tls_data_t *tls_data, int fd, tl
329   {
330    SSL *ssl;
331  
332 +  if (!TLS_initialized)
333 +    return 0;
334 +
335    if (role == TLS_ROLE_SERVER)
336      ssl = SSL_new(ConfigServerInfo.tls_ctx.server_ctx);
337    else

Diff Legend

Removed lines
+ Added lines
< Changed lines (old)
> Changed lines (new)