use libtls, remove raw OpenSSL code - irc - IRC client based on c9x.me/irc client
(HTM) git clone git://git.codemadness.org/irc
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
(DIR) LICENSE
---
(DIR) commit cd226fa73bb4f6ab20c4cbf3a2a8d6a2c4c407f5
(DIR) parent 7cabd77bc55e17135fce024801684b33806d2733
(HTM) Author: Hiltjo Posthuma <hiltjo@codemadness.org>
Date: Fri, 26 May 2017 13:12:44 +0200
use libtls, remove raw OpenSSL code
by using libtls we also support proper peer verification and other
security additions.
Diffstat:
M Makefile | 2 +-
M irc.c | 34 ++++++++++++-------------------
2 files changed, 14 insertions(+), 22 deletions(-)
---
(DIR) diff --git a/Makefile b/Makefile
@@ -1,7 +1,7 @@
BIN = irc
CFLAGS = -std=c99 -Os -D_POSIX_C_SOURCE=201112 -D_GNU_SOURCE -D_XOPEN_CURSES -D_XOPEN_SOURCE_EXTENDED=1 -D_DEFAULT_SOURCE -D_BSD_SOURCE
-LDFLAGS = -lncursesw -lssl -lcrypto
+LDFLAGS = -lncursesw -lssl -lcrypto -ltls
all: ${BIN}
(DIR) diff --git a/irc.c b/irc.c
@@ -20,7 +20,8 @@
#include <netdb.h>
#include <locale.h>
#include <wchar.h>
-#include <openssl/ssl.h>
+
+#include <tls.h>
#ifndef __OpenBSD__
#define pledge(a,b) 0
@@ -69,8 +70,7 @@ static struct Chan {
static int ssl;
static struct {
int fd;
- SSL *ssl;
- SSL_CTX *ctx;
+ struct tls *tls;
} srv;
static char nick[64];
static int quit, winchg;
@@ -187,7 +187,7 @@ srd(void)
if (p - l >= BufSz)
p = l; /* Input buffer overflow, there should something better to do. */
if (ssl)
- rd = SSL_read(srv.ssl, p, BufSz - (p - l));
+ rd = tls_read(srv.tls, p, BufSz - (p - l));
else
rd = read(srv.fd, p, BufSz - (p - l));
if (rd <= 0)
@@ -255,14 +255,11 @@ dial(const char *host, const char *service)
return "Cannot connect to host.";
srv.fd = fd;
if (ssl) {
- SSL_load_error_strings();
- SSL_library_init();
- srv.ctx = SSL_CTX_new(SSLv23_client_method());
- if (!srv.ctx)
- return "Could not initialize ssl context.";
- srv.ssl = SSL_new(srv.ctx);
- if (SSL_set_fd(srv.ssl, srv.fd) == 0
- || SSL_connect(srv.ssl) != 1)
+ if (tls_init() < 0)
+ return "Could not initialize TLS.";
+ if (!(srv.tls = tls_client()))
+ return "Could not initialize TLS context.";
+ if (tls_connect_socket(srv.tls, srv.fd, host) < 0)
return "Could not connect with ssl.";
}
freeaddrinfo(res);
@@ -272,19 +269,14 @@ dial(const char *host, const char *service)
static void
hangup(void)
{
- if (srv.ssl) {
- SSL_shutdown(srv.ssl);
- SSL_free(srv.ssl);
- srv.ssl = 0;
+ if (srv.tls) {
+ tls_close(srv.tls);
+ srv.tls = 0;
}
if (srv.fd) {
close(srv.fd);
srv.fd = 0;
}
- if (srv.ctx) {
- SSL_CTX_free(srv.ctx);
- srv.ctx = 0;
- }
}
static inline int
@@ -920,7 +912,7 @@ main(int argc, char *argv[])
int wr;
if (ssl)
- wr = SSL_write(srv.ssl, outb, outp - outb);
+ wr = tls_write(srv.tls, outb, outp - outb);
else
wr = write(srv.fd, outb, outp - outb);
if (wr <= 0) {