diff options
-rw-r--r-- | ChangeLog | 1 | ||||
-rw-r--r-- | src/plugins/irc/irc-server.c | 30 | ||||
-rw-r--r-- | src/plugins/irc/irc-server.h | 2 |
3 files changed, 21 insertions, 12 deletions
@@ -13,6 +13,7 @@ Version 0.3.2 (under dev!) input (bug #28754) * api: add missing infos in functions buffer_get_integer / buffer_get_string and in buffer infolist +* irc: fix crash with SSL connection if option ssl_cert is set (bug #28752) * irc: fix bug with SSL connection (fails sometimes when ssl_verify is on) (bug #28741) * irc: add options irc.look.smart_filter_join and irc.look.smart_filter_quit diff --git a/src/plugins/irc/irc-server.c b/src/plugins/irc/irc-server.c index 06f6ddf99..1ea4dabf1 100644 --- a/src/plugins/irc/irc-server.c +++ b/src/plugins/irc/irc-server.c @@ -2222,8 +2222,6 @@ irc_server_gnutls_callback (void *data, gnutls_session_t tls_session, { struct t_irc_server *server; gnutls_retr_st tls_struct; - gnutls_x509_crt_t tls_cert; - gnutls_x509_privkey_t tls_cert_key; gnutls_x509_crt_t cert_temp; const gnutls_datum_t *cert_list; gnutls_datum_t filedatum; @@ -2363,7 +2361,8 @@ irc_server_gnutls_callback (void *data, gnutls_session_t tls_session, } /* using client certificate if it exists */ - cert_path0 = (char *) IRC_SERVER_OPTION_STRING(server, IRC_SERVER_OPTION_SSL_CERT); + cert_path0 = (char *) IRC_SERVER_OPTION_STRING(server, + IRC_SERVER_OPTION_SSL_CERT); if (cert_path0 && cert_path0[0]) { weechat_dir = weechat_info_get ("weechat_dir", ""); @@ -2383,29 +2382,36 @@ irc_server_gnutls_callback (void *data, gnutls_session_t tls_session, filedatum.size = strlen (cert_str); /* certificate */ - gnutls_x509_crt_init (&tls_cert); - gnutls_x509_crt_import (tls_cert, &filedatum, GNUTLS_X509_FMT_PEM); + gnutls_x509_crt_init (&server->tls_cert); + gnutls_x509_crt_import (server->tls_cert, &filedatum, + GNUTLS_X509_FMT_PEM); /* key */ - gnutls_x509_privkey_init (&tls_cert_key); - gnutls_x509_privkey_import (tls_cert_key, &filedatum, GNUTLS_X509_FMT_PEM); + gnutls_x509_privkey_init (&server->tls_cert_key); + gnutls_x509_privkey_import (server->tls_cert_key, &filedatum, + GNUTLS_X509_FMT_PEM); tls_struct.type = GNUTLS_CRT_X509; tls_struct.ncerts = 1; tls_struct.deinit_all = 0; - tls_struct.cert.x509 = &tls_cert; - tls_struct.key.x509 = tls_cert_key; + tls_struct.cert.x509 = &server->tls_cert; + tls_struct.key.x509 = server->tls_cert_key; #if LIBGNUTLS_VERSION_NUMBER >= 0x010706 /* client certificate info */ #if LIBGNUTLS_VERSION_NUMBER < 0x020400 - rinfo = gnutls_x509_crt_print (cert_temp, GNUTLS_X509_CRT_ONELINE, &cinfo); + rinfo = gnutls_x509_crt_print (cert_temp, + GNUTLS_X509_CRT_ONELINE, + &cinfo); #else - rinfo = gnutls_x509_crt_print (cert_temp, GNUTLS_CRT_PRINT_ONELINE, &cinfo); + rinfo = gnutls_x509_crt_print (cert_temp, + GNUTLS_CRT_PRINT_ONELINE, + &cinfo); #endif if (rinfo == 0) { weechat_printf (server->buffer, - _(" - client certificate info (%s):"), cert_path2); + _(" - client certificate info (%s):"), + cert_path2); weechat_printf (server->buffer, " - %s", cinfo.data); gnutls_free (cinfo.data); } diff --git a/src/plugins/irc/irc-server.h b/src/plugins/irc/irc-server.h index bc3a129f9..385f596e2 100644 --- a/src/plugins/irc/irc-server.h +++ b/src/plugins/irc/irc-server.h @@ -121,6 +121,8 @@ struct t_irc_server int ssl_connected; /* = 1 if connected with SSL */ #ifdef HAVE_GNUTLS gnutls_session_t gnutls_sess; /* gnutls session (only if SSL is used) */ + gnutls_x509_crt_t tls_cert; /* certificate used if ssl_cert is set */ + gnutls_x509_privkey_t tls_cert_key; /* key used if ssl_cert is set */ #endif char *unterminated_message; /* beginning of a message in input buf */ int nicks_count; /* number of nicknames */ |