From 6ec1ddabff92d9af0a2f671b56310db417cc71eb Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 13 Dec 2010 22:58:09 -0600 Subject: [PATCH] libratbox: Use the server SSL certificate on outgoing connections. --- libratbox/src/gnutls.c | 2 ++ libratbox/src/openssl.c | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/libratbox/src/gnutls.c b/libratbox/src/gnutls.c index e1c0d8f..5daf1d2 100644 --- a/libratbox/src/gnutls.c +++ b/libratbox/src/gnutls.c @@ -416,6 +416,7 @@ rb_ssl_tryconn(rb_fde_t *F, int status, void *data) F->ssl = rb_malloc(sizeof(gnutls_session_t)); gnutls_init(F->ssl, GNUTLS_CLIENT); gnutls_set_default_priority(SSL_P(F)); + gnutls_credentials_set(SSL_P(F), GNUTLS_CRD_CERTIFICATE, x509); gnutls_dh_set_prime_bits(SSL_P(F), 1024); gnutls_transport_set_ptr(SSL_P(F), (gnutls_transport_ptr_t) (long int)F->fd); @@ -460,6 +461,7 @@ rb_ssl_start_connected(rb_fde_t *F, CNCB * callback, void *data, int timeout) gnutls_init(F->ssl, GNUTLS_CLIENT); gnutls_set_default_priority(SSL_P(F)); + gnutls_credentials_set(SSL_P(F), GNUTLS_CRD_CERTIFICATE, x509); gnutls_dh_set_prime_bits(SSL_P(F), 1024); gnutls_transport_set_ptr(SSL_P(F), (gnutls_transport_ptr_t) (long int)F->fd); diff --git a/libratbox/src/openssl.c b/libratbox/src/openssl.c index 1c7c0ec..254975a 100644 --- a/libratbox/src/openssl.c +++ b/libratbox/src/openssl.c @@ -336,7 +336,7 @@ rb_setup_ssl_server(const char *cert, const char *keyfile, const char *dhfile) rb_lib_log("rb_setup_ssl_server: No certificate file"); return 0; } - if(!SSL_CTX_use_certificate_chain_file(ssl_server_ctx, cert)) + if(!SSL_CTX_use_certificate_chain_file(ssl_server_ctx, cert) || !SSL_CTX_use_certificate_chain_file(ssl_client_ctx, cert)) { err = ERR_get_error(); rb_lib_log("rb_setup_ssl_server: Error loading certificate file [%s]: %s", cert, @@ -351,7 +351,7 @@ rb_setup_ssl_server(const char *cert, const char *keyfile, const char *dhfile) } - if(!SSL_CTX_use_PrivateKey_file(ssl_server_ctx, keyfile, SSL_FILETYPE_PEM)) + if(!SSL_CTX_use_PrivateKey_file(ssl_server_ctx, keyfile, SSL_FILETYPE_PEM) || !SSL_CTX_use_PrivateKey_file(ssl_client_ctx, keyfile, SSL_FILETYPE_PEM)) { err = ERR_get_error(); rb_lib_log("rb_setup_ssl_server: Error loading keyfile [%s]: %s", keyfile,