diff options
Diffstat (limited to 'src/core')
| -rw-r--r-- | src/core/chat-commands.c | 8 | ||||
| -rw-r--r-- | src/core/network-openssl.c | 25 | ||||
| -rw-r--r-- | src/core/server-connect-rec.h | 1 | ||||
| -rw-r--r-- | src/core/server-setup-rec.h | 1 | ||||
| -rw-r--r-- | src/core/servers-setup.c | 5 | ||||
| -rw-r--r-- | src/core/servers.c | 1 |
6 files changed, 36 insertions, 5 deletions
diff --git a/src/core/chat-commands.c b/src/core/chat-commands.c index f5d0e9f8..c128439d 100644 --- a/src/core/chat-commands.c +++ b/src/core/chat-commands.c @@ -98,6 +98,8 @@ static SERVER_CONNECT_REC *get_server_connect(const char *data, int *plus_addr, conn->ssl_cert = g_strdup(tmp); if ((tmp = g_hash_table_lookup(optlist, "ssl_pkey")) != NULL) conn->ssl_pkey = g_strdup(tmp); + if ((tmp = g_hash_table_lookup(optlist, "ssl_pass")) != NULL) + conn->ssl_pass = g_strdup(tmp); if (g_hash_table_lookup(optlist, "ssl_verify") != NULL) conn->ssl_verify = TRUE; if ((tmp = g_hash_table_lookup(optlist, "ssl_cafile")) != NULL) @@ -134,7 +136,7 @@ static SERVER_CONNECT_REC *get_server_connect(const char *data, int *plus_addr, return conn; } -/* SYNTAX: CONNECT [-4 | -6] [-ssl] [-ssl_cert <cert>] [-ssl_pkey <pkey>] +/* SYNTAX: CONNECT [-4 | -6] [-ssl] [-ssl_cert <cert>] [-ssl_pkey <pkey>] [-ssl_pass <password>] [-ssl_verify] [-ssl_cafile <cafile>] [-ssl_capath <capath>] [-!] [-noautosendcmd] [-noproxy] [-network <network>] [-host <hostname>] @@ -240,7 +242,7 @@ static void sig_default_command_server(const char *data, SERVER_REC *server, signal_emit("command server connect", 3, data, server, item); } -/* SYNTAX: SERVER [-4 | -6] [-ssl] [-ssl_cert <cert>] [-ssl_pkey <pkey>] +/* SYNTAX: SERVER [-4 | -6] [-ssl] [-ssl_cert <cert>] [-ssl_pkey <pkey>] [-ssl_pass <password>] [-ssl_verify] [-ssl_cafile <cafile>] [-ssl_capath <capath>] [-!] [-noautosendcmd] [-noproxy] [-network <network>] [-host <hostname>] @@ -458,7 +460,7 @@ void chat_commands_init(void) signal_add("default command server", (SIGNAL_FUNC) sig_default_command_server); signal_add("server sendmsg", (SIGNAL_FUNC) sig_server_sendmsg); - command_set_options("connect", "4 6 !! -network ssl +ssl_cert +ssl_pkey ssl_verify +ssl_cafile +ssl_capath +host noproxy -rawlog noautosendcmd"); + command_set_options("connect", "4 6 !! -network ssl +ssl_cert +ssl_pkey +ssl_pass ssl_verify +ssl_cafile +ssl_capath +host noproxy -rawlog noautosendcmd"); command_set_options("msg", "channel nick"); } diff --git a/src/core/network-openssl.c b/src/core/network-openssl.c index 514f748e..6a0d078c 100644 --- a/src/core/network-openssl.c +++ b/src/core/network-openssl.c @@ -429,6 +429,24 @@ static gboolean irssi_ssl_init(void) } +static int get_pem_password_callback(char *buffer, int max_length, int rwflag, void *pass) +{ + char *password; + size_t length; + + if (pass == NULL) + return 0; + + password = (char *)pass; + length = strlen(pass); + + if (length > max_length) + return 0; + + memcpy(buffer, password, length + 1); + return length; +} + static GIOChannel *irssi_ssl_get_iochannel(GIOChannel *handle, int port, SERVER_REC *server) { GIOSSLChannel *chan; @@ -439,6 +457,7 @@ static GIOChannel *irssi_ssl_get_iochannel(GIOChannel *handle, int port, SERVER_ const char *mycert = server->connrec->ssl_cert; const char *mypkey = server->connrec->ssl_pkey; + const char *mypass = server->connrec->ssl_pass; const char *cafile = server->connrec->ssl_cafile; const char *capath = server->connrec->ssl_capath; gboolean verify = server->connrec->ssl_verify; @@ -457,6 +476,8 @@ static GIOChannel *irssi_ssl_get_iochannel(GIOChannel *handle, int port, SERVER_ return NULL; } SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2); + SSL_CTX_set_default_passwd_cb(ctx, get_pem_password_callback); + SSL_CTX_set_default_passwd_cb_userdata(ctx, mypass); if (mycert && *mycert) { char *scert = NULL, *spkey = NULL; @@ -464,9 +485,9 @@ static GIOChannel *irssi_ssl_get_iochannel(GIOChannel *handle, int port, SERVER_ if (mypkey && *mypkey) spkey = convert_home(mypkey); if (! SSL_CTX_use_certificate_file(ctx, scert, SSL_FILETYPE_PEM)) - g_warning("Loading of client certificate '%s' failed", mycert); + g_warning("Loading of client certificate '%s' failed: %s", mycert, ERR_reason_error_string(ERR_get_error())); else if (! SSL_CTX_use_PrivateKey_file(ctx, spkey ? spkey : scert, SSL_FILETYPE_PEM)) - g_warning("Loading of private key '%s' failed", mypkey ? mypkey : mycert); + g_warning("Loading of private key '%s' failed: %s", mypkey ? mypkey : mycert, ERR_reason_error_string(ERR_get_error())); else if (! SSL_CTX_check_private_key(ctx)) g_warning("Private key does not match the certificate"); g_free(scert); diff --git a/src/core/server-connect-rec.h b/src/core/server-connect-rec.h index a9588f04..17537508 100644 --- a/src/core/server-connect-rec.h +++ b/src/core/server-connect-rec.h @@ -25,6 +25,7 @@ char *realname; char *ssl_cert; char *ssl_pkey; +char *ssl_pass; char *ssl_cafile; char *ssl_capath; diff --git a/src/core/server-setup-rec.h b/src/core/server-setup-rec.h index b7a0c80d..ae797559 100644 --- a/src/core/server-setup-rec.h +++ b/src/core/server-setup-rec.h @@ -10,6 +10,7 @@ char *password; char *ssl_cert; char *ssl_pkey; +char *ssl_pass; char *ssl_cafile; char *ssl_capath; diff --git a/src/core/servers-setup.c b/src/core/servers-setup.c index 83b90db3..fcb0180b 100644 --- a/src/core/servers-setup.c +++ b/src/core/servers-setup.c @@ -169,6 +169,8 @@ static void server_setup_fill_server(SERVER_CONNECT_REC *conn, conn->ssl_cert = g_strdup(sserver->ssl_cert); if (conn->ssl_pkey == NULL && sserver->ssl_pkey != NULL && sserver->ssl_pkey[0] != '\0') conn->ssl_pkey = g_strdup(sserver->ssl_pkey); + if (conn->ssl_pass == NULL && sserver->ssl_pass != NULL && sserver->ssl_pass[0] != '\0') + conn->ssl_pass = g_strdup(sserver->ssl_pass); conn->ssl_verify = sserver->ssl_verify; if (conn->ssl_cafile == NULL && sserver->ssl_cafile != NULL && sserver->ssl_cafile[0] != '\0') conn->ssl_cafile = g_strdup(sserver->ssl_cafile); @@ -396,6 +398,7 @@ static SERVER_SETUP_REC *server_setup_read(CONFIG_NODE *node) rec->use_ssl = config_node_get_bool(node, "use_ssl", FALSE); rec->ssl_cert = g_strdup(config_node_get_str(node, "ssl_cert", NULL)); rec->ssl_pkey = g_strdup(config_node_get_str(node, "ssl_pkey", NULL)); + rec->ssl_pass = g_strdup(config_node_get_str(node, "ssl_pass", NULL)); rec->ssl_verify = config_node_get_bool(node, "ssl_verify", FALSE); rec->ssl_cafile = g_strdup(config_node_get_str(node, "ssl_cafile", NULL)); rec->ssl_capath = g_strdup(config_node_get_str(node, "ssl_capath", NULL)); @@ -435,6 +438,7 @@ static void server_setup_save(SERVER_SETUP_REC *rec) iconfig_node_set_bool(node, "use_ssl", rec->use_ssl); iconfig_node_set_str(node, "ssl_cert", rec->ssl_cert); iconfig_node_set_str(node, "ssl_pkey", rec->ssl_pkey); + iconfig_node_set_str(node, "ssl_pass", rec->ssl_pass); iconfig_node_set_bool(node, "ssl_verify", rec->ssl_verify); iconfig_node_set_str(node, "ssl_cafile", rec->ssl_cafile); iconfig_node_set_str(node, "ssl_capath", rec->ssl_capath); @@ -476,6 +480,7 @@ static void server_setup_destroy(SERVER_SETUP_REC *rec) g_free_not_null(rec->password); g_free_not_null(rec->ssl_cert); g_free_not_null(rec->ssl_pkey); + g_free_not_null(rec->ssl_pass); g_free_not_null(rec->ssl_cafile); g_free_not_null(rec->ssl_capath); g_free(rec->address); diff --git a/src/core/servers.c b/src/core/servers.c index d0e6bb7e..eb2be4de 100644 --- a/src/core/servers.c +++ b/src/core/servers.c @@ -635,6 +635,7 @@ void server_connect_unref(SERVER_CONNECT_REC *conn) g_free_not_null(conn->ssl_cert); g_free_not_null(conn->ssl_pkey); + g_free_not_null(conn->ssl_pass); g_free_not_null(conn->ssl_cafile); g_free_not_null(conn->ssl_capath); |