diff options
author | SoniEx2 <endermoneymod@gmail.com> | 2021-05-28 00:26:37 -0300 |
---|---|---|
committer | SoniEx2 <endermoneymod@gmail.com> | 2021-05-28 00:26:37 -0300 |
commit | 390240ac622ab1d81704bad694ba6187738ae9b8 (patch) | |
tree | 7c6e3c68f411fea2fe5c6f3dd31a63456db41074 /src/common/server.c | |
parent | a97299020b27894e3390ecc52d6f7a4e2c55d818 (diff) |
Initial TLS-SRP support
Diffstat (limited to 'src/common/server.c')
-rw-r--r-- | src/common/server.c | 38 |
1 files changed, 37 insertions, 1 deletions
diff --git a/src/common/server.c b/src/common/server.c index 5c645eb5..3dd92be3 100644 --- a/src/common/server.c +++ b/src/common/server.c @@ -596,6 +596,9 @@ ssl_do_connect (server * serv) EMIT_SIGNAL (XP_TE_SSLMESSAGE, serv->server_session, buf, NULL, NULL, NULL, 0); } else +#ifndef OPENSSL_NO_SRP + if (!serv->use_pake) +#endif { g_snprintf (buf, sizeof (buf), "No Certificate"); goto conn_fail; @@ -618,7 +621,8 @@ ssl_do_connect (server * serv) { X509 *cert = SSL_get_peer_certificate (serv->ssl); int hostname_err; - if ((hostname_err = _SSL_check_hostname(cert, serv->hostname)) != 0) + /* cert may be NULL due to pake */ + if (cert && (hostname_err = _SSL_check_hostname(cert, serv->hostname)) != 0) { g_snprintf (buf, sizeof (buf), "* Verify E: Failed to validate hostname? (%d)%s", hostname_err, serv->accept_invalid_cert ? " -- Ignored" : ""); @@ -1601,6 +1605,38 @@ server_connect (server *serv, char *hostname, int port, int no_login) } } g_free (cert_file); + +#ifndef OPENSSL_NO_SRP + /* also setup PAKE/SRP */ + if (serv->password[0] && (serv->loginmethod == LOGIN_SASLPAKE || serv->loginmethod == LOGIN_PAKE)) { + char *username; + char *password; + ircnet *net = (ircnet*)serv->network; + + if (net->user && !(net->flags & FLAG_USE_GLOBAL)) + username = net->user; + else + username = prefs.hex_irc_user_name; + password = serv->password; + + if (strlen(username) < 255) { + if (SSL_CTX_set_srp_username(serv->ctx, username) && + SSL_CTX_set_srp_password(serv->ctx, password)) { + serv->use_pake = TRUE; + } else { + goto pakefail; + } + } else { + goto pakefail; + } + } else { +pakefail: + /* clear PAKE just in case */ + SSL_CTX_set_srp_username(serv->ctx, NULL); + SSL_CTX_set_srp_password(serv->ctx, NULL); + serv->use_pake = FALSE; + } +#endif } #endif |