summaryrefslogtreecommitdiff
path: root/src/plugins/irc
diff options
context:
space:
mode:
authorSimmo Saan <simmo.saan@gmail.com>2019-10-09 20:47:42 +0300
committerSébastien Helleu <flashcode@flashtux.org>2019-10-09 21:37:41 +0200
commit116150c2fcab8676ff46d1c074ad82b5565048d6 (patch)
treee9578a3e9a3fb1377bc77b8b9d01236131718bc4 /src/plugins/irc
parent5398f5d566191ef87287cd4159d37b0ecea28685 (diff)
downloadweechat-116150c2fcab8676ff46d1c074ad82b5565048d6.zip
irc: add server option ssl_password for SSL certificate private key password (closes #115)
Diffstat (limited to 'src/plugins/irc')
-rw-r--r--src/plugins/irc/irc-command.c8
-rw-r--r--src/plugins/irc/irc-config.c19
-rw-r--r--src/plugins/irc/irc-server.c30
-rw-r--r--src/plugins/irc/irc-server.h1
4 files changed, 53 insertions, 5 deletions
diff --git a/src/plugins/irc/irc-command.c b/src/plugins/irc/irc-command.c
index 31a78be44..ae950cf31 100644
--- a/src/plugins/irc/irc-command.c
+++ b/src/plugins/irc/irc-command.c
@@ -4756,6 +4756,14 @@ irc_command_display_server (struct t_irc_server *server, int with_detail)
weechat_printf (NULL, " ssl_cert . . . . . . : %s'%s'",
IRC_COLOR_CHAT_VALUE,
weechat_config_string (server->options[IRC_SERVER_OPTION_SSL_CERT]));
+ /* ssl_password */
+ if (weechat_config_option_is_null (server->options[IRC_SERVER_OPTION_SSL_PASSWORD]))
+ weechat_printf (NULL, " ssl_password . . . . : %s",
+ _("(hidden)"));
+ else
+ weechat_printf (NULL, " ssl_password . . . . : %s%s",
+ IRC_COLOR_CHAT_VALUE,
+ _("(hidden)"));
/* ssl_priorities */
if (weechat_config_option_is_null (server->options[IRC_SERVER_OPTION_SSL_PRIORITIES]))
weechat_printf (NULL, " ssl_priorities . . . : ('%s')",
diff --git a/src/plugins/irc/irc-config.c b/src/plugins/irc/irc-config.c
index b95354ca1..6943f0a5e 100644
--- a/src/plugins/irc/irc-config.c
+++ b/src/plugins/irc/irc-config.c
@@ -1700,6 +1700,25 @@ irc_config_server_new_option (struct t_config_file *config_file,
callback_change_data,
NULL, NULL, NULL);
break;
+ case IRC_SERVER_OPTION_SSL_PASSWORD:
+ new_option = weechat_config_new_option (
+ config_file, section,
+ option_name, "string",
+ N_("password for SSL certificate's private key "
+ "(note: content is evaluated, see /help eval; server "
+ "options are evaluated with ${irc_server.xxx} and "
+ "${server} is replaced by the server name)"),
+ NULL, 0, 0,
+ default_value, value,
+ null_value_allowed,
+ callback_check_value,
+ callback_check_value_pointer,
+ callback_check_value_data,
+ callback_change,
+ callback_change_pointer,
+ callback_change_data,
+ NULL, NULL, NULL);
+ break;
case IRC_SERVER_OPTION_SSL_PRIORITIES:
new_option = weechat_config_new_option (
config_file, section,
diff --git a/src/plugins/irc/irc-server.c b/src/plugins/irc/irc-server.c
index 8bb5dc90a..828924fab 100644
--- a/src/plugins/irc/irc-server.c
+++ b/src/plugins/irc/irc-server.c
@@ -83,6 +83,7 @@ char *irc_server_options[IRC_SERVER_NUM_OPTIONS][2] =
{ "ipv6", "on" },
{ "ssl", "off" },
{ "ssl_cert", "" },
+ { "ssl_password", "" },
{ "ssl_priorities", "NORMAL:-VERS-SSL3.0" },
{ "ssl_dhkey_size", "2048" },
{ "ssl_fingerprint", "" },
@@ -4431,7 +4432,7 @@ irc_server_gnutls_callback (const void *pointer, void *data,
unsigned int i, cert_list_len, status;
time_t cert_time;
char *cert_path0, *cert_path1, *cert_path2, *cert_str, *fingerprint_eval;
- char *weechat_dir;
+ char *weechat_dir, *ssl_password;
const char *ptr_fingerprint;
int rc, ret, fingerprint_match, hostname_match, cert_temp_init;
#if LIBGNUTLS_VERSION_NUMBER >= 0x010706 /* 1.7.6 */
@@ -4701,18 +4702,26 @@ irc_server_gnutls_callback (const void *pointer, void *data,
gnutls_x509_crt_import (server->tls_cert, &filedatum,
GNUTLS_X509_FMT_PEM);
+ /* key password */
+ ssl_password = irc_server_eval_expression (
+ server,
+ IRC_SERVER_OPTION_STRING(server,
+ IRC_SERVER_OPTION_SSL_PASSWORD));
+
/* key */
gnutls_x509_privkey_init (&server->tls_cert_key);
- ret = gnutls_x509_privkey_import (server->tls_cert_key,
- &filedatum,
- GNUTLS_X509_FMT_PEM);
+ ret = gnutls_x509_privkey_import2 (server->tls_cert_key,
+ &filedatum,
+ GNUTLS_X509_FMT_PEM,
+ ssl_password,
+ 0);
if (ret < 0)
{
ret = gnutls_x509_privkey_import_pkcs8 (
server->tls_cert_key,
&filedatum,
GNUTLS_X509_FMT_PEM,
- NULL,
+ ssl_password,
GNUTLS_PKCS_PLAIN);
}
if (ret < 0)
@@ -4764,6 +4773,9 @@ irc_server_gnutls_callback (const void *pointer, void *data,
memcpy (answer, &tls_struct, sizeof (tls_struct));
free (cert_str);
}
+
+ if (ssl_password)
+ free (ssl_password);
}
else
{
@@ -5822,6 +5834,9 @@ irc_server_add_to_infolist (struct t_infolist *infolist,
if (!weechat_infolist_new_var_string (ptr_item, "ssl_cert",
IRC_SERVER_OPTION_STRING(server, IRC_SERVER_OPTION_SSL_CERT)))
return 0;
+ if (!weechat_infolist_new_var_string (ptr_item, "ssl_password",
+ IRC_SERVER_OPTION_STRING(server, IRC_SERVER_OPTION_SSL_PASSWORD)))
+ return 0;
if (!weechat_infolist_new_var_string (ptr_item, "ssl_priorities",
IRC_SERVER_OPTION_STRING(server, IRC_SERVER_OPTION_SSL_PRIORITIES)))
return 0;
@@ -6072,6 +6087,11 @@ irc_server_print_log ()
else
weechat_log_printf (" ssl_cert . . . . . . : '%s'",
weechat_config_string (ptr_server->options[IRC_SERVER_OPTION_SSL_CERT]));
+ /* ssl_password */
+ if (weechat_config_option_is_null (ptr_server->options[IRC_SERVER_OPTION_SSL_PASSWORD]))
+ weechat_log_printf (" ssl_password . . . . : null");
+ else
+ weechat_log_printf (" ssl_password . . . . : (hidden)");
/* ssl_priorities */
if (weechat_config_option_is_null (ptr_server->options[IRC_SERVER_OPTION_SSL_PRIORITIES]))
weechat_log_printf (" ssl_priorities . . . : null ('%s')",
diff --git a/src/plugins/irc/irc-server.h b/src/plugins/irc/irc-server.h
index 680f406ed..6aaf05e4d 100644
--- a/src/plugins/irc/irc-server.h
+++ b/src/plugins/irc/irc-server.h
@@ -56,6 +56,7 @@ enum t_irc_server_option
IRC_SERVER_OPTION_IPV6, /* use IPv6 protocol */
IRC_SERVER_OPTION_SSL, /* SSL protocol */
IRC_SERVER_OPTION_SSL_CERT, /* client ssl certificate file */
+ IRC_SERVER_OPTION_SSL_PASSWORD, /* client ssl certificate key password */
IRC_SERVER_OPTION_SSL_PRIORITIES, /* gnutls priorities */
IRC_SERVER_OPTION_SSL_DHKEY_SIZE, /* Diffie Hellman key size */
IRC_SERVER_OPTION_SSL_FINGERPRINT, /* SHA1 fingerprint of certificate */