diff options
Diffstat (limited to 'src/core')
-rw-r--r-- | src/core/chat-commands.c | 14 | ||||
-rw-r--r-- | src/core/network-openssl.c | 17 |
2 files changed, 24 insertions, 7 deletions
diff --git a/src/core/chat-commands.c b/src/core/chat-commands.c index e86fdf9d..d5a133f8 100644 --- a/src/core/chat-commands.c +++ b/src/core/chat-commands.c @@ -149,9 +149,9 @@ static SERVER_CONNECT_REC *get_server_connect(const char *data, int *plus_addr, return conn; } -/* SYNTAX: CONNECT [-4 | -6] [-ssl] [-ssl_cert <cert>] [-ssl_pkey <pkey>] [-ssl_pass <password>] - [-ssl_verify] [-ssl_cafile <cafile>] [-ssl_capath <capath>] - [-ssl_ciphers <list>] +/* SYNTAX: CONNECT [-4 | -6] [-tls] [-tls_cert <cert>] [-tls_pkey <pkey>] [-tls_pass <password>] + [-tls_verify] [-tls_cafile <cafile>] [-tls_capath <capath>] + [-tls_ciphers <list>] [-tls_pinned_cert <fingerprint>] [-tls_pinned_pubkey <fingerprint>] [-!] [-noautosendcmd] [-noproxy] [-network <network>] [-host <hostname>] [-rawlog <file>] @@ -250,10 +250,10 @@ static void cmd_server(const char *data, SERVER_REC *server, WI_ITEM_REC *item) command_runsub("server", data, server, item); } -/* SYNTAX: SERVER CONNECT [-4 | -6] [-ssl] [-ssl_cert <cert>] [-ssl_pkey <pkey>] - [-ssl_pass <password>] [-ssl_verify] [-ssl_cafile <cafile>] - [-ssl_capath <capath>] - [-ssl_ciphers <list>] +/* SYNTAX: SERVER CONNECT [-4 | -6] [-tls] [-tls_cert <cert>] [-tls_pkey <pkey>] + [-tls_pass <password>] [-tls_verify] [-tls_cafile <cafile>] + [-tls_capath <capath>] + [-tls_ciphers <list>] [-tls_pinned_cert <fingerprint>] [-tls_pinned_pubkey <fingerprint>] [-!] [-noautosendcmd] [-noproxy] [-network <network>] [-host <hostname>] [-rawlog <file>] diff --git a/src/core/network-openssl.c b/src/core/network-openssl.c index 2054f28a..7ec902fb 100644 --- a/src/core/network-openssl.c +++ b/src/core/network-openssl.c @@ -45,6 +45,19 @@ #define ASN1_STRING_data(x) ASN1_STRING_get0_data(x) #endif +/* OpenSSL 1.1.0 also introduced some useful additions to the api */ +#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined (LIBRESSL_VERSION_NUMBER) +static int X509_STORE_up_ref(X509_STORE *vfy) +{ + int n; + + n = CRYPTO_add(&vfy->references, 1, CRYPTO_LOCK_X509_STORE); + g_assert(n > 1); + + return (n > 1) ? 1 : 0; +} +#endif + /* ssl i/o channel object */ typedef struct { @@ -510,6 +523,10 @@ static GIOChannel *irssi_ssl_get_iochannel(GIOChannel *handle, int port, SERVER_ g_free(scapath); verify = TRUE; } else if (store != NULL) { + /* Make sure to increment the refcount every time the store is + * used, that's essential not to get it free'd by OpenSSL when + * the SSL_CTX is destroyed. */ + X509_STORE_up_ref(store); SSL_CTX_set_cert_store(ctx, store); } |