diff options
Diffstat (limited to 'src/plugins')
-rw-r--r-- | src/plugins/relay/relay-client.c | 16 | ||||
-rw-r--r-- | src/plugins/relay/relay-client.h | 1 | ||||
-rw-r--r-- | src/plugins/relay/relay-config.c | 79 | ||||
-rw-r--r-- | src/plugins/relay/relay-config.h | 1 | ||||
-rw-r--r-- | src/plugins/relay/relay-network.c | 34 | ||||
-rw-r--r-- | src/plugins/relay/relay-network.h | 1 |
6 files changed, 120 insertions, 12 deletions
diff --git a/src/plugins/relay/relay-client.c b/src/plugins/relay/relay-client.c index 8714d33de..c2cfe3d1f 100644 --- a/src/plugins/relay/relay-client.c +++ b/src/plugins/relay/relay-client.c @@ -217,6 +217,7 @@ relay_client_handshake_timer_cb (void *data, int remaining_calls) /* handshake OK, set status to "connected" */ weechat_unhook (client->hook_timer_handshake); client->hook_timer_handshake = NULL; + client->gnutls_handshake_ok = 1; relay_client_set_status (client, RELAY_STATUS_CONNECTED); return WEECHAT_RC_OK; } @@ -1062,6 +1063,7 @@ relay_client_new (int sock, const char *address, struct t_relay_server *server) new_client->ssl = server->ssl; #ifdef HAVE_GNUTLS new_client->hook_timer_handshake = NULL; + new_client->gnutls_handshake_ok = 0; #endif new_client->websocket = 0; new_client->http_headers = NULL; @@ -1230,6 +1232,7 @@ relay_client_new_with_infolist (struct t_infolist *infolist) #ifdef HAVE_GNUTLS new_client->gnutls_sess = NULL; new_client->hook_timer_handshake = NULL; + new_client->gnutls_handshake_ok = 0; #endif new_client->websocket = weechat_infolist_integer (infolist, "websocket"); new_client->http_headers = NULL; @@ -1321,6 +1324,14 @@ relay_client_set_status (struct t_relay_client *client, relay_client_outqueue_free_all (client); +#ifdef HAVE_GNUTLS + if (client->hook_timer_handshake) + { + weechat_unhook (client->hook_timer_handshake); + client->hook_timer_handshake = NULL; + } + client->gnutls_handshake_ok = 0; +#endif if (client->hook_fd) { weechat_unhook (client->hook_fd); @@ -1364,7 +1375,7 @@ relay_client_set_status (struct t_relay_client *client, if (client->sock >= 0) { #ifdef HAVE_GNUTLS - if (client->ssl) + if (client->ssl && client->gnutls_handshake_ok) gnutls_bye (client->gnutls_sess, GNUTLS_SHUT_WR); #endif close (client->sock); @@ -1528,6 +1539,8 @@ relay_client_add_to_infolist (struct t_infolist *infolist, #ifdef HAVE_GNUTLS if (!weechat_infolist_new_var_pointer (ptr_item, "hook_timer_handshake", client->hook_timer_handshake)) return 0; + if (!weechat_infolist_new_var_integer (ptr_item, "gnutls_handshake_ok", client->gnutls_handshake_ok)) + return 0; #endif if (!weechat_infolist_new_var_integer (ptr_item, "websocket", client->websocket)) return 0; @@ -1604,6 +1617,7 @@ relay_client_print_log () #ifdef HAVE_GNUTLS weechat_log_printf (" gnutls_sess . . . . . : 0x%lx", ptr_client->gnutls_sess); weechat_log_printf (" hook_timer_handshake. : 0x%lx", ptr_client->hook_timer_handshake); + weechat_log_printf (" gnutls_handshake_ok . : 0x%lx", ptr_client->gnutls_handshake_ok); #endif weechat_log_printf (" websocket . . . . . . : %d", ptr_client->websocket); weechat_log_printf (" http_headers. . . . . : 0x%lx (hashtable: '%s')", diff --git a/src/plugins/relay/relay-client.h b/src/plugins/relay/relay-client.h index 8ca05ceb4..8b2292245 100644 --- a/src/plugins/relay/relay-client.h +++ b/src/plugins/relay/relay-client.h @@ -79,6 +79,7 @@ struct t_relay_client #ifdef HAVE_GNUTLS gnutls_session_t gnutls_sess; /* gnutls session (only if SSL used) */ struct t_hook *hook_timer_handshake; /* timer for doing gnutls handshake*/ + int gnutls_handshake_ok; /* 1 if handshake was done and OK */ #endif int websocket; /* 0=not a ws, 1=init ws, 2=ws ready */ struct t_hashtable *http_headers; /* HTTP headers for websocket */ diff --git a/src/plugins/relay/relay-config.c b/src/plugins/relay/relay-config.c index 941733566..00eb6ca4c 100644 --- a/src/plugins/relay/relay-config.c +++ b/src/plugins/relay/relay-config.c @@ -60,6 +60,7 @@ struct t_config_option *relay_config_network_ipv6; struct t_config_option *relay_config_network_max_clients; struct t_config_option *relay_config_network_password; struct t_config_option *relay_config_network_ssl_cert_key; +struct t_config_option *relay_config_network_ssl_priorities; struct t_config_option *relay_config_network_websocket_allowed_origins; /* relay config, irc section */ @@ -193,6 +194,74 @@ relay_config_change_network_ssl_cert_key (void *data, } /* + * Callback for changes on option "relay.network.ssl_priorities". + */ + +int +relay_config_check_network_ssl_priorities (void *data, + struct t_config_option *option, + const char *value) +{ +#ifdef HAVE_GNUTLS + gnutls_priority_t priority_cache; + const char *pos_error; + int rc; + + /* make C compiler happy */ + (void) data; + (void) option; + + pos_error = value; + + if (value && value[0]) + { + rc = gnutls_priority_init (&priority_cache, value, &pos_error); + if (rc == GNUTLS_E_SUCCESS) + { + gnutls_priority_deinit (priority_cache); + return 1; + } + } + + weechat_printf (NULL, + _("%s%s: invalid priorities string, error " + "at this position in string: \"%s\""), + weechat_prefix ("error"), RELAY_PLUGIN_NAME, + (pos_error) ? pos_error : value); + + return 0; +#else + /* make C compiler happy */ + (void) data; + (void) option; + (void) value; + + return 1; +#endif +} + +/* + * Callback for changes on option "relay.network.ssl_priorities". + */ + +void +relay_config_change_network_ssl_priorities (void *data, + struct t_config_option *option) +{ + /* make C compiler happy */ + (void) data; + (void) option; + +#ifdef HAVE_GNUTLS + if (relay_network_init_ok && relay_gnutls_priority_cache) + { + gnutls_priority_deinit (*relay_gnutls_priority_cache); + relay_network_set_priority (); + } +#endif +} + +/* * Callback for changes on option "relay.network.websocker_allowed_origins". */ @@ -697,6 +766,16 @@ relay_config_init () "with SSL)"), NULL, 0, 0, "%h/ssl/relay.pem", NULL, 0, NULL, NULL, &relay_config_change_network_ssl_cert_key, NULL, NULL, NULL); + relay_config_network_ssl_priorities = weechat_config_new_option ( + relay_config_file, ptr_section, + "ssl_priorities", "string", + N_("string with priorities for gnutls (for syntax, see " + "documentation of function gnutls_priority_init in gnutls " + "manual, common strings are: \"PERFORMANCE\", \"NORMAL\", " + "\"SECURE128\", \"SECURE256\", \"EXPORT\", \"NONE\")"), + NULL, 0, 0, "PERFORMANCE", NULL, 0, + &relay_config_check_network_ssl_priorities, NULL, + &relay_config_change_network_ssl_priorities, NULL, NULL, NULL); relay_config_network_websocket_allowed_origins = weechat_config_new_option ( relay_config_file, ptr_section, "websocket_allowed_origins", "string", diff --git a/src/plugins/relay/relay-config.h b/src/plugins/relay/relay-config.h index 5b37340d9..5d40878ef 100644 --- a/src/plugins/relay/relay-config.h +++ b/src/plugins/relay/relay-config.h @@ -44,6 +44,7 @@ extern struct t_config_option *relay_config_network_ipv6; extern struct t_config_option *relay_config_network_max_clients; extern struct t_config_option *relay_config_network_password; extern struct t_config_option *relay_config_network_ssl_cert_key; +extern struct t_config_option *relay_config_network_ssl_priorities; extern struct t_config_option *relay_config_network_websocket_allowed_origins; extern struct t_config_option *relay_config_irc_backlog_max_minutes; diff --git a/src/plugins/relay/relay-network.c b/src/plugins/relay/relay-network.c index c65dec985..e15c84a87 100644 --- a/src/plugins/relay/relay-network.c +++ b/src/plugins/relay/relay-network.c @@ -104,6 +104,28 @@ relay_network_set_ssl_cert_key (int verbose) } /* + * Sets gnutls priority cache. + */ + +void +relay_network_set_priority () +{ +#ifdef HAVE_GNUTLS + if (gnutls_priority_init (relay_gnutls_priority_cache, + weechat_config_string ( + relay_config_network_ssl_priorities), + NULL) != GNUTLS_E_SUCCESS) + { + weechat_printf (NULL, + _("%s%s: unable to initialize priority for SSL"), + weechat_prefix ("error"), RELAY_PLUGIN_NAME); + free (relay_gnutls_priority_cache); + relay_gnutls_priority_cache = NULL; + } +#endif +} + +/* * Initializes network for relay. */ @@ -119,17 +141,7 @@ relay_network_init () /* priority */ relay_gnutls_priority_cache = malloc (sizeof (*relay_gnutls_priority_cache)); if (relay_gnutls_priority_cache) - { - if (gnutls_priority_init (relay_gnutls_priority_cache, - "PERFORMANCE", NULL) != GNUTLS_E_SUCCESS) - { - weechat_printf (NULL, - _("%s%s: unable to initialize priority for SSL"), - weechat_prefix ("error"), RELAY_PLUGIN_NAME); - free (relay_gnutls_priority_cache); - relay_gnutls_priority_cache = NULL; - } - } + relay_network_set_priority (); #endif relay_network_init_ok = 1; } diff --git a/src/plugins/relay/relay-network.h b/src/plugins/relay/relay-network.h index 0e58ffb49..7e29c06eb 100644 --- a/src/plugins/relay/relay-network.h +++ b/src/plugins/relay/relay-network.h @@ -34,6 +34,7 @@ extern gnutls_dh_params_t *relay_gnutls_dh_params; #endif extern void relay_network_set_ssl_cert_key (int verbose); +extern void relay_network_set_priority (); extern void relay_network_init (); extern void relay_network_end (); |