-/* +------------------------------------+
- * | Inspire Internet Relay Chat Daemon |
- * +------------------------------------+
+/*
+ * InspIRCd -- Internet Relay Chat Daemon
*
- * InspIRCd: (C) 2002-2010 InspIRCd Development Team
- * See: http://wiki.inspircd.org/Credits
+ * Copyright (C) 2009-2010 Daniel De Graaf <danieldg@inspircd.org>
+ * Copyright (C) 2008 John Brooks <john.brooks@dereferenced.net>
+ * Copyright (C) 2006-2008 Craig Edwards <craigedwards@brainbox.cc>
+ * Copyright (C) 2007 Dennis Friis <peavey@inspircd.org>
+ * Copyright (C) 2006 Oliver Lupton <oliverlupton@gmail.com>
*
- * This program is free but copyrighted software; see
- * the file COPYING for details.
+ * This file is part of InspIRCd. InspIRCd is free software: you can
+ * redistribute it and/or modify it under the terms of the GNU General Public
+ * License as published by the Free Software Foundation, version 2.
*
- * ---------------------------------------------------
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
+
#include "inspircd.h"
#include <gnutls/gnutls.h>
#include <gnutls/x509.h>
/* $ModDesc: Provides SSL support for clients */
/* $CompileFlags: pkgconfincludes("gnutls","/gnutls/gnutls.h","") */
-/* $LinkerFlags: rpath("pkg-config --libs gnutls") pkgconflibs("gnutls","/libgnutls.so","-lgnutls") */
+/* $LinkerFlags: rpath("pkg-config --libs gnutls") pkgconflibs("gnutls","/libgnutls.so","-lgnutls") -lgcrypt */
enum issl_status { ISSL_NONE, ISSL_HANDSHAKING_READ, ISSL_HANDSHAKING_WRITE, ISSL_HANDSHAKEN, ISSL_CLOSING, ISSL_CLOSED };
errno = EAGAIN;
return -1;
}
- int rv = recv(user->GetFd(), reinterpret_cast<char *>(buffer), size, 0);
+ int rv = ServerInstance->SE->Recv(user, reinterpret_cast<char *>(buffer), size, 0);
if (rv < (int)size)
ServerInstance->SE->ChangeEventMask(user, FD_READ_WILL_BLOCK);
return rv;
errno = EAGAIN;
return -1;
}
- int rv = send(user->GetFd(), reinterpret_cast<const char *>(buffer), size, 0);
+ int rv = ServerInstance->SE->Send(user, reinterpret_cast<const char *>(buffer), size, 0);
if (rv < (int)size)
ServerInstance->SE->ChangeEventMask(user, FD_WRITE_WILL_BLOCK);
return rv;
int dh_bits;
bool cred_alloc;
+ bool dh_alloc;
RandGen randhandler;
CommandStartTLS starttls;
gnutls_x509_privkey_init(&x509_key);
cred_alloc = false;
+ dh_alloc = false;
}
void init()
int ret;
+ if (dh_alloc)
+ {
+ gnutls_dh_params_deinit(dh_params);
+ dh_alloc = false;
+ }
+
if (cred_alloc)
{
// Deallocate the old credentials
- gnutls_dh_params_deinit(dh_params);
gnutls_certificate_free_credentials(x509_cred);
for(unsigned int i=0; i < x509_certs.size(); i++)
gnutls_x509_crt_deinit(x509_certs[i]);
x509_certs.clear();
}
- else
- cred_alloc = true;
- if((ret = gnutls_certificate_allocate_credentials(&x509_cred)) < 0)
+ ret = gnutls_certificate_allocate_credentials(&x509_cred);
+ cred_alloc = (ret >= 0);
+ if (!cred_alloc)
ServerInstance->Logs->Log("m_ssl_gnutls",DEBUG, "m_ssl_gnutls.so: Failed to allocate certificate credentials: %s", gnutls_strerror(ret));
if((ret =gnutls_certificate_set_x509_trust_file(x509_cred, cafile.c_str(), GNUTLS_X509_FMT_PEM)) < 0)
gnutls_certificate_client_set_retrieve_function (x509_cred, cert_callback);
- if((ret = gnutls_dh_params_init(&dh_params)) < 0)
+ ret = gnutls_dh_params_init(&dh_params);
+ dh_alloc = (ret >= 0);
+ if (!dh_alloc)
ServerInstance->Logs->Log("m_ssl_gnutls",DEFAULT, "m_ssl_gnutls.so: Failed to initialise DH parameters: %s", gnutls_strerror(ret));
// This may be on a large (once a day or week) timer eventually.
// once a day, once a week or once a month. Depending on the
// security requirements.
+ if (!dh_alloc)
+ return;
+
int ret;
if((ret = gnutls_dh_params_generate2(dh_params, dh_bits)) < 0)
{
for(unsigned int i=0; i < x509_certs.size(); i++)
gnutls_x509_crt_deinit(x509_certs[i]);
- x509_certs.clear();
+
gnutls_x509_privkey_deinit(x509_key);
- if (cred_alloc)
- {
+
+ if (dh_alloc)
gnutls_dh_params_deinit(dh_params);
+ if (cred_alloc)
gnutls_certificate_free_credentials(x509_cred);
- }
+
gnutls_global_deinit();
delete[] sessions;
ServerInstance->GenRandom = &ServerInstance->HandleGenRandom;