From 4b6215051f1d3b484e32dc95e33d83202bd89959 Mon Sep 17 00:00:00 2001 From: TingPing Date: Wed, 22 Oct 2014 05:24:29 -0400 Subject: ssl: Don't use global openssl context Fixes #789 --- src/common/hexchat.c | 14 -------------- src/common/hexchat.h | 1 + src/common/server.c | 21 ++++++++++++--------- 3 files changed, 13 insertions(+), 23 deletions(-) (limited to 'src') diff --git a/src/common/hexchat.c b/src/common/hexchat.c index 09afa445..fde6d108 100644 --- a/src/common/hexchat.c +++ b/src/common/hexchat.c @@ -55,11 +55,6 @@ #include /* for g_type_init() */ #endif -#ifdef USE_OPENSSL -#include /* SSL_() */ -#include "ssl.h" -#endif - #ifdef USE_MSPROXY #include "msproxy.h" #endif @@ -118,10 +113,6 @@ struct session *current_tab; struct session *current_sess = 0; struct hexchatprefs prefs; -#ifdef USE_OPENSSL -SSL_CTX *ctx = NULL; -#endif - #ifdef USE_LIBPROXY pxProxyFactory *libproxy_factory; #endif @@ -1114,11 +1105,6 @@ main (int argc, char *argv[]) px_proxy_factory_free(libproxy_factory); #endif -#ifdef USE_OPENSSL - if (ctx) - _SSL_context_free (ctx); -#endif - #ifdef WIN32 WSACleanup (); #endif diff --git a/src/common/hexchat.h b/src/common/hexchat.h index bbf32da5..993a209e 100644 --- a/src/common/hexchat.h +++ b/src/common/hexchat.h @@ -502,6 +502,7 @@ typedef struct server struct msproxy_state_t msp_state; int id; /* unique ID number (for plugin API) */ #ifdef USE_OPENSSL + SSL_CTX *ctx; SSL *ssl; int ssl_do_connect_tag; #else diff --git a/src/common/server.c b/src/common/server.c index 98785937..8603f138 100644 --- a/src/common/server.c +++ b/src/common/server.c @@ -76,7 +76,6 @@ #endif #ifdef USE_OPENSSL -extern SSL_CTX *ctx; /* hexchat.c */ /* local variables */ static struct session *g_sess = NULL; #endif @@ -861,8 +860,8 @@ server_connect_success (server *serv) /* it'll be a memory leak, if connection isn't terminated by server_cleanup() */ - serv->ssl = _SSL_socket (ctx, serv->sok); - if ((err = _SSL_set_verify (ctx, ssl_cb_verify, NULL))) + serv->ssl = _SSL_socket (serv->ctx, serv->sok); + if ((err = _SSL_set_verify (serv->ctx, ssl_cb_verify, NULL))) { EMIT_SIGNAL (XP_TE_CONNFAIL, serv->server_session, err, NULL, NULL, NULL, 0); @@ -1666,9 +1665,9 @@ server_connect (server *serv, char *hostname, int port, int no_login) session *sess = serv->server_session; #ifdef USE_OPENSSL - if (!ctx && serv->use_ssl) + if (!serv->ctx && serv->use_ssl) { - if (!(ctx = _SSL_context_init (ssl_cb_info, FALSE))) + if (!(serv->ctx = _SSL_context_init (ssl_cb_info, FALSE))) { fprintf (stderr, "_SSL_context_init failed\n"); exit (1); @@ -1711,18 +1710,18 @@ server_connect (server *serv, char *hostname, int port, int no_login) /* first try network specific cert/key */ cert_file = g_strdup_printf ("%s" G_DIR_SEPARATOR_S "certs" G_DIR_SEPARATOR_S "%s.pem", get_xdir (), server_get_network (serv, TRUE)); - if (SSL_CTX_use_certificate_file (ctx, cert_file, SSL_FILETYPE_PEM) == 1) + if (SSL_CTX_use_certificate_file (serv->ctx, cert_file, SSL_FILETYPE_PEM) == 1) { - if (SSL_CTX_use_PrivateKey_file (ctx, cert_file, SSL_FILETYPE_PEM) == 1) + if (SSL_CTX_use_PrivateKey_file (serv->ctx, cert_file, SSL_FILETYPE_PEM) == 1) serv->have_cert = TRUE; } else { /* if that doesn't exist, try /certs/client.pem */ cert_file = g_build_filename (get_xdir (), "certs", "client.pem", NULL); - if (SSL_CTX_use_certificate_file (ctx, cert_file, SSL_FILETYPE_PEM) == 1) + if (SSL_CTX_use_certificate_file (serv->ctx, cert_file, SSL_FILETYPE_PEM) == 1) { - if (SSL_CTX_use_PrivateKey_file (ctx, cert_file, SSL_FILETYPE_PEM) == 1) + if (SSL_CTX_use_PrivateKey_file (serv->ctx, cert_file, SSL_FILETYPE_PEM) == 1) serv->have_cert = TRUE; } } @@ -2047,6 +2046,10 @@ server_free (server *serv) free (serv->encoding); if (serv->favlist) g_slist_free_full (serv->favlist, (GDestroyNotify) servlist_favchan_free); +#ifdef USE_OPENSSL + if (serv->ctx) + _SSL_context_free (serv->ctx); +#endif fe_server_callback (serv); -- cgit 1.4.1