cadey
/
elemental-ircd
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

libratbox: Use the server SSL certificate on outgoing connections.

This commit is contained in:
William Pitcock 2010-12-13 22:58:09 -06:00
parent f0bbc013a2
commit 6ec1ddabff
2 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libratbox/src/gnutls.c
View File

@ -416,6 +416,7 @@ rb_ssl_tryconn(rb_fde_t *F, int status, void *data)
F->ssl = rb_malloc(sizeof(gnutls_session_t)); F->ssl = rb_malloc(sizeof(gnutls_session_t));
gnutls_init(F->ssl, GNUTLS_CLIENT); gnutls_init(F->ssl, GNUTLS_CLIENT);
gnutls_set_default_priority(SSL_P(F)); gnutls_set_default_priority(SSL_P(F));
gnutls_credentials_set(SSL_P(F), GNUTLS_CRD_CERTIFICATE, x509);
gnutls_dh_set_prime_bits(SSL_P(F), 1024); gnutls_dh_set_prime_bits(SSL_P(F), 1024);
gnutls_transport_set_ptr(SSL_P(F), (gnutls_transport_ptr_t) (long int)F->fd); gnutls_transport_set_ptr(SSL_P(F), (gnutls_transport_ptr_t) (long int)F->fd);
@ -460,6 +461,7 @@ rb_ssl_start_connected(rb_fde_t *F, CNCB * callback, void *data, int timeout)
gnutls_init(F->ssl, GNUTLS_CLIENT); gnutls_init(F->ssl, GNUTLS_CLIENT);
gnutls_set_default_priority(SSL_P(F)); gnutls_set_default_priority(SSL_P(F));
gnutls_credentials_set(SSL_P(F), GNUTLS_CRD_CERTIFICATE, x509);
gnutls_dh_set_prime_bits(SSL_P(F), 1024); gnutls_dh_set_prime_bits(SSL_P(F), 1024);
gnutls_transport_set_ptr(SSL_P(F), (gnutls_transport_ptr_t) (long int)F->fd); gnutls_transport_set_ptr(SSL_P(F), (gnutls_transport_ptr_t) (long int)F->fd);

4
libratbox/src/openssl.c
View File

@ -336,7 +336,7 @@ rb_setup_ssl_server(const char *cert, const char *keyfile, const char *dhfile)
rb_lib_log("rb_setup_ssl_server: No certificate file"); rb_lib_log("rb_setup_ssl_server: No certificate file");
return 0; return 0;
} }
if(!SSL_CTX_use_certificate_chain_file(ssl_server_ctx, cert)) if(!SSL_CTX_use_certificate_chain_file(ssl_server_ctx, cert) || !SSL_CTX_use_certificate_chain_file(ssl_client_ctx, cert))
{ {
err = ERR_get_error(); err = ERR_get_error();
rb_lib_log("rb_setup_ssl_server: Error loading certificate file [%s]: %s", cert, rb_lib_log("rb_setup_ssl_server: Error loading certificate file [%s]: %s", cert,
@ -351,7 +351,7 @@ rb_setup_ssl_server(const char *cert, const char *keyfile, const char *dhfile)
} }
if(!SSL_CTX_use_PrivateKey_file(ssl_server_ctx, keyfile, SSL_FILETYPE_PEM)) if(!SSL_CTX_use_PrivateKey_file(ssl_server_ctx, keyfile, SSL_FILETYPE_PEM) || !SSL_CTX_use_PrivateKey_file(ssl_client_ctx, keyfile, SSL_FILETYPE_PEM))
{ {
err = ERR_get_error(); err = ERR_get_error();
rb_lib_log("rb_setup_ssl_server: Error loading keyfile [%s]: %s", keyfile, rb_lib_log("rb_setup_ssl_server: Error loading keyfile [%s]: %s", keyfile,