blackbeard420/weechat
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix crash with SSL connection to IRC server if option ssl_cert is set (bug #28752)

Browse Source
This commit is contained in:
Sebastien Helleu 2010-01-29 12:42:53 +01:00
parent 1d803a6972
commit d157f42ec9
3 changed files with 22 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@ -6,6 +6,7 @@ v0.3.1.1, 2010-01-29
Version 0.3.1.1 (under dev!)
--------------------------
* irc: fix crash with SSL connection if option ssl_cert is set (bug #28752)
* irc: fix bug with SSL connection (fails sometimes when ssl_verify is on)
(bug #28741)
* irc: fix compilation with old GnuTLS versions (bug #28723)

32
src/plugins/irc/irc-server.c
View File

@ -2222,8 +2222,6 @@ irc_server_gnutls_callback (void *data, gnutls_session_t tls_session,
{
struct t_irc_server *server;
gnutls_retr_st tls_struct;
gnutls_x509_crt_t tls_cert;
gnutls_x509_privkey_t tls_cert_key;
gnutls_x509_crt_t cert_temp;
const gnutls_datum_t *cert_list;
gnutls_datum_t filedatum;
@ -2242,7 +2240,7 @@ irc_server_gnutls_callback (void *data, gnutls_session_t tls_session,
(void) nreq;
(void) pk_algos;
(void) pk_algos_len;
rc = 0;
if (!data)
@ -2363,7 +2361,8 @@ irc_server_gnutls_callback (void *data, gnutls_session_t tls_session,
}
/* using client certificate if it exists */
cert_path0 = (char *) IRC_SERVER_OPTION_STRING(server, IRC_SERVER_OPTION_SSL_CERT);
cert_path0 = (char *) IRC_SERVER_OPTION_STRING(server,
IRC_SERVER_OPTION_SSL_CERT);
if (cert_path0 && cert_path0[0])
{
weechat_dir = weechat_info_get ("weechat_dir", "");
@ -2383,29 +2382,36 @@ irc_server_gnutls_callback (void *data, gnutls_session_t tls_session,
filedatum.size = strlen (cert_str);
/* certificate */
gnutls_x509_crt_init (&tls_cert);
gnutls_x509_crt_import (tls_cert, &filedatum, GNUTLS_X509_FMT_PEM);
gnutls_x509_crt_init (&server->tls_cert);
gnutls_x509_crt_import (server->tls_cert, &filedatum,
GNUTLS_X509_FMT_PEM);
/* key */
gnutls_x509_privkey_init (&tls_cert_key);
gnutls_x509_privkey_import (tls_cert_key, &filedatum, GNUTLS_X509_FMT_PEM);
gnutls_x509_privkey_init (&server->tls_cert_key);
gnutls_x509_privkey_import (server->tls_cert_key, &filedatum,
GNUTLS_X509_FMT_PEM);
tls_struct.type = GNUTLS_CRT_X509;
tls_struct.ncerts = 1;
tls_struct.deinit_all = 0;
tls_struct.cert.x509 = &tls_cert;
tls_struct.key.x509 = tls_cert_key;
tls_struct.cert.x509 = &server->tls_cert;
tls_struct.key.x509 = server->tls_cert_key;
#if LIBGNUTLS_VERSION_NUMBER >= 0x010706
/* client certificate info */
#if LIBGNUTLS_VERSION_NUMBER < 0x020400
rinfo = gnutls_x509_crt_print (cert_temp, GNUTLS_X509_CRT_ONELINE, &cinfo);
rinfo = gnutls_x509_crt_print (cert_temp,
GNUTLS_X509_CRT_ONELINE,
&cinfo);
#else
rinfo = gnutls_x509_crt_print (cert_temp, GNUTLS_CRT_PRINT_ONELINE, &cinfo);
rinfo = gnutls_x509_crt_print (cert_temp,
GNUTLS_CRT_PRINT_ONELINE,
&cinfo);
#endif
if (rinfo == 0)
{
weechat_printf (server->buffer,
_(" - client certificate info (%s):"), cert_path2);
_(" - client certificate info (%s):"),
cert_path2);
weechat_printf (server->buffer, " - %s", cinfo.data);
gnutls_free (cinfo.data);
}

2
src/plugins/irc/irc-server.h
View File

@ -121,6 +121,8 @@ struct t_irc_server
int ssl_connected; /* = 1 if connected with SSL */
#ifdef HAVE_GNUTLS
gnutls_session_t gnutls_sess; /* gnutls session (only if SSL is used) */
gnutls_x509_crt_t tls_cert; /* certificate used if ssl_cert is set */
gnutls_x509_privkey_t tls_cert_key; /* key used if ssl_cert is set */
#endif
char *unterminated_message; /* beginning of a message in input buf */
int nicks_count; /* number of nicknames */