summaryrefslogtreecommitdiff
path: root/src/plugins
diff options
context:
space:
mode:
Diffstat (limited to 'src/plugins')
-rw-r--r--src/plugins/relay/relay-client.c16
-rw-r--r--src/plugins/relay/relay-client.h1
-rw-r--r--src/plugins/relay/relay-config.c79
-rw-r--r--src/plugins/relay/relay-config.h1
-rw-r--r--src/plugins/relay/relay-network.c34
-rw-r--r--src/plugins/relay/relay-network.h1
6 files changed, 120 insertions, 12 deletions
diff --git a/src/plugins/relay/relay-client.c b/src/plugins/relay/relay-client.c
index 8714d33de..c2cfe3d1f 100644
--- a/src/plugins/relay/relay-client.c
+++ b/src/plugins/relay/relay-client.c
@@ -217,6 +217,7 @@ relay_client_handshake_timer_cb (void *data, int remaining_calls)
/* handshake OK, set status to "connected" */
weechat_unhook (client->hook_timer_handshake);
client->hook_timer_handshake = NULL;
+ client->gnutls_handshake_ok = 1;
relay_client_set_status (client, RELAY_STATUS_CONNECTED);
return WEECHAT_RC_OK;
}
@@ -1062,6 +1063,7 @@ relay_client_new (int sock, const char *address, struct t_relay_server *server)
new_client->ssl = server->ssl;
#ifdef HAVE_GNUTLS
new_client->hook_timer_handshake = NULL;
+ new_client->gnutls_handshake_ok = 0;
#endif
new_client->websocket = 0;
new_client->http_headers = NULL;
@@ -1230,6 +1232,7 @@ relay_client_new_with_infolist (struct t_infolist *infolist)
#ifdef HAVE_GNUTLS
new_client->gnutls_sess = NULL;
new_client->hook_timer_handshake = NULL;
+ new_client->gnutls_handshake_ok = 0;
#endif
new_client->websocket = weechat_infolist_integer (infolist, "websocket");
new_client->http_headers = NULL;
@@ -1321,6 +1324,14 @@ relay_client_set_status (struct t_relay_client *client,
relay_client_outqueue_free_all (client);
+#ifdef HAVE_GNUTLS
+ if (client->hook_timer_handshake)
+ {
+ weechat_unhook (client->hook_timer_handshake);
+ client->hook_timer_handshake = NULL;
+ }
+ client->gnutls_handshake_ok = 0;
+#endif
if (client->hook_fd)
{
weechat_unhook (client->hook_fd);
@@ -1364,7 +1375,7 @@ relay_client_set_status (struct t_relay_client *client,
if (client->sock >= 0)
{
#ifdef HAVE_GNUTLS
- if (client->ssl)
+ if (client->ssl && client->gnutls_handshake_ok)
gnutls_bye (client->gnutls_sess, GNUTLS_SHUT_WR);
#endif
close (client->sock);
@@ -1528,6 +1539,8 @@ relay_client_add_to_infolist (struct t_infolist *infolist,
#ifdef HAVE_GNUTLS
if (!weechat_infolist_new_var_pointer (ptr_item, "hook_timer_handshake", client->hook_timer_handshake))
return 0;
+ if (!weechat_infolist_new_var_integer (ptr_item, "gnutls_handshake_ok", client->gnutls_handshake_ok))
+ return 0;
#endif
if (!weechat_infolist_new_var_integer (ptr_item, "websocket", client->websocket))
return 0;
@@ -1604,6 +1617,7 @@ relay_client_print_log ()
#ifdef HAVE_GNUTLS
weechat_log_printf (" gnutls_sess . . . . . : 0x%lx", ptr_client->gnutls_sess);
weechat_log_printf (" hook_timer_handshake. : 0x%lx", ptr_client->hook_timer_handshake);
+ weechat_log_printf (" gnutls_handshake_ok . : 0x%lx", ptr_client->gnutls_handshake_ok);
#endif
weechat_log_printf (" websocket . . . . . . : %d", ptr_client->websocket);
weechat_log_printf (" http_headers. . . . . : 0x%lx (hashtable: '%s')",
diff --git a/src/plugins/relay/relay-client.h b/src/plugins/relay/relay-client.h
index 8ca05ceb4..8b2292245 100644
--- a/src/plugins/relay/relay-client.h
+++ b/src/plugins/relay/relay-client.h
@@ -79,6 +79,7 @@ struct t_relay_client
#ifdef HAVE_GNUTLS
gnutls_session_t gnutls_sess; /* gnutls session (only if SSL used) */
struct t_hook *hook_timer_handshake; /* timer for doing gnutls handshake*/
+ int gnutls_handshake_ok; /* 1 if handshake was done and OK */
#endif
int websocket; /* 0=not a ws, 1=init ws, 2=ws ready */
struct t_hashtable *http_headers; /* HTTP headers for websocket */
diff --git a/src/plugins/relay/relay-config.c b/src/plugins/relay/relay-config.c
index 941733566..00eb6ca4c 100644
--- a/src/plugins/relay/relay-config.c
+++ b/src/plugins/relay/relay-config.c
@@ -60,6 +60,7 @@ struct t_config_option *relay_config_network_ipv6;
struct t_config_option *relay_config_network_max_clients;
struct t_config_option *relay_config_network_password;
struct t_config_option *relay_config_network_ssl_cert_key;
+struct t_config_option *relay_config_network_ssl_priorities;
struct t_config_option *relay_config_network_websocket_allowed_origins;
/* relay config, irc section */
@@ -193,6 +194,74 @@ relay_config_change_network_ssl_cert_key (void *data,
}
/*
+ * Callback for changes on option "relay.network.ssl_priorities".
+ */
+
+int
+relay_config_check_network_ssl_priorities (void *data,
+ struct t_config_option *option,
+ const char *value)
+{
+#ifdef HAVE_GNUTLS
+ gnutls_priority_t priority_cache;
+ const char *pos_error;
+ int rc;
+
+ /* make C compiler happy */
+ (void) data;
+ (void) option;
+
+ pos_error = value;
+
+ if (value && value[0])
+ {
+ rc = gnutls_priority_init (&priority_cache, value, &pos_error);
+ if (rc == GNUTLS_E_SUCCESS)
+ {
+ gnutls_priority_deinit (priority_cache);
+ return 1;
+ }
+ }
+
+ weechat_printf (NULL,
+ _("%s%s: invalid priorities string, error "
+ "at this position in string: \"%s\""),
+ weechat_prefix ("error"), RELAY_PLUGIN_NAME,
+ (pos_error) ? pos_error : value);
+
+ return 0;
+#else
+ /* make C compiler happy */
+ (void) data;
+ (void) option;
+ (void) value;
+
+ return 1;
+#endif
+}
+
+/*
+ * Callback for changes on option "relay.network.ssl_priorities".
+ */
+
+void
+relay_config_change_network_ssl_priorities (void *data,
+ struct t_config_option *option)
+{
+ /* make C compiler happy */
+ (void) data;
+ (void) option;
+
+#ifdef HAVE_GNUTLS
+ if (relay_network_init_ok && relay_gnutls_priority_cache)
+ {
+ gnutls_priority_deinit (*relay_gnutls_priority_cache);
+ relay_network_set_priority ();
+ }
+#endif
+}
+
+/*
* Callback for changes on option "relay.network.websocker_allowed_origins".
*/
@@ -697,6 +766,16 @@ relay_config_init ()
"with SSL)"),
NULL, 0, 0, "%h/ssl/relay.pem", NULL, 0, NULL, NULL,
&relay_config_change_network_ssl_cert_key, NULL, NULL, NULL);
+ relay_config_network_ssl_priorities = weechat_config_new_option (
+ relay_config_file, ptr_section,
+ "ssl_priorities", "string",
+ N_("string with priorities for gnutls (for syntax, see "
+ "documentation of function gnutls_priority_init in gnutls "
+ "manual, common strings are: \"PERFORMANCE\", \"NORMAL\", "
+ "\"SECURE128\", \"SECURE256\", \"EXPORT\", \"NONE\")"),
+ NULL, 0, 0, "PERFORMANCE", NULL, 0,
+ &relay_config_check_network_ssl_priorities, NULL,
+ &relay_config_change_network_ssl_priorities, NULL, NULL, NULL);
relay_config_network_websocket_allowed_origins = weechat_config_new_option (
relay_config_file, ptr_section,
"websocket_allowed_origins", "string",
diff --git a/src/plugins/relay/relay-config.h b/src/plugins/relay/relay-config.h
index 5b37340d9..5d40878ef 100644
--- a/src/plugins/relay/relay-config.h
+++ b/src/plugins/relay/relay-config.h
@@ -44,6 +44,7 @@ extern struct t_config_option *relay_config_network_ipv6;
extern struct t_config_option *relay_config_network_max_clients;
extern struct t_config_option *relay_config_network_password;
extern struct t_config_option *relay_config_network_ssl_cert_key;
+extern struct t_config_option *relay_config_network_ssl_priorities;
extern struct t_config_option *relay_config_network_websocket_allowed_origins;
extern struct t_config_option *relay_config_irc_backlog_max_minutes;
diff --git a/src/plugins/relay/relay-network.c b/src/plugins/relay/relay-network.c
index c65dec985..e15c84a87 100644
--- a/src/plugins/relay/relay-network.c
+++ b/src/plugins/relay/relay-network.c
@@ -104,6 +104,28 @@ relay_network_set_ssl_cert_key (int verbose)
}
/*
+ * Sets gnutls priority cache.
+ */
+
+void
+relay_network_set_priority ()
+{
+#ifdef HAVE_GNUTLS
+ if (gnutls_priority_init (relay_gnutls_priority_cache,
+ weechat_config_string (
+ relay_config_network_ssl_priorities),
+ NULL) != GNUTLS_E_SUCCESS)
+ {
+ weechat_printf (NULL,
+ _("%s%s: unable to initialize priority for SSL"),
+ weechat_prefix ("error"), RELAY_PLUGIN_NAME);
+ free (relay_gnutls_priority_cache);
+ relay_gnutls_priority_cache = NULL;
+ }
+#endif
+}
+
+/*
* Initializes network for relay.
*/
@@ -119,17 +141,7 @@ relay_network_init ()
/* priority */
relay_gnutls_priority_cache = malloc (sizeof (*relay_gnutls_priority_cache));
if (relay_gnutls_priority_cache)
- {
- if (gnutls_priority_init (relay_gnutls_priority_cache,
- "PERFORMANCE", NULL) != GNUTLS_E_SUCCESS)
- {
- weechat_printf (NULL,
- _("%s%s: unable to initialize priority for SSL"),
- weechat_prefix ("error"), RELAY_PLUGIN_NAME);
- free (relay_gnutls_priority_cache);
- relay_gnutls_priority_cache = NULL;
- }
- }
+ relay_network_set_priority ();
#endif
relay_network_init_ok = 1;
}
diff --git a/src/plugins/relay/relay-network.h b/src/plugins/relay/relay-network.h
index 0e58ffb49..7e29c06eb 100644
--- a/src/plugins/relay/relay-network.h
+++ b/src/plugins/relay/relay-network.h
@@ -34,6 +34,7 @@ extern gnutls_dh_params_t *relay_gnutls_dh_params;
#endif
extern void relay_network_set_ssl_cert_key (int verbose);
+extern void relay_network_set_priority ();
extern void relay_network_init ();
extern void relay_network_end ();