Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
DISCONTINUED:openSUSE:11.2:Update
irssi
irssi-0.8.15_update-ssl-code-to-HEAD.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File irssi-0.8.15_update-ssl-code-to-HEAD.patch of Package irssi
Index: src/core/network-openssl.c =================================================================== --- src/core/network-openssl.c.orig 2010-04-14 18:10:09.000000000 +0200 +++ src/core/network-openssl.c 2010-04-14 18:12:33.997187894 +0200 @@ -43,15 +43,14 @@ typedef struct const char *hostname; } GIOSSLChannel; -static SSL_CTX *ssl_ctx = NULL; +static int ssl_inited = FALSE; static void irssi_ssl_free(GIOChannel *handle) { GIOSSLChannel *chan = (GIOSSLChannel *)handle; g_io_channel_unref(chan->giochan); SSL_free(chan->ssl); - if (chan->ctx != ssl_ctx) - SSL_CTX_free(chan->ctx); + SSL_CTX_free(chan->ctx); g_free(chan); } @@ -199,12 +198,16 @@ static gboolean irssi_ssl_verify_hostnam static gboolean irssi_ssl_verify(SSL *ssl, SSL_CTX *ctx, const char* hostname, X509 *cert) { - if (SSL_get_verify_result(ssl) != X509_V_OK) { + long result; + + result = SSL_get_verify_result(ssl); + if (result != X509_V_OK) { unsigned char md[EVP_MAX_MD_SIZE]; unsigned int n; char *str; - g_warning("Could not verify SSL servers certificate:"); + g_warning("Could not verify SSL servers certificate: %s", + X509_verify_cert_error_string(result)); if ((str = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0)) == NULL) g_warning(" Could not get subject-name from peer certificate"); else { @@ -375,13 +378,8 @@ static gboolean irssi_ssl_init(void) { SSL_library_init(); SSL_load_error_strings(); - - ssl_ctx = SSL_CTX_new(SSLv23_client_method()); - if(!ssl_ctx) - { - g_error("Initialization of the SSL library failed"); - return FALSE; - } + OpenSSL_add_all_algorithms(); + ssl_inited = TRUE; return TRUE; @@ -397,18 +395,20 @@ static GIOChannel *irssi_ssl_get_iochann g_return_val_if_fail(handle != NULL, NULL); - if(!ssl_ctx && !irssi_ssl_init()) + if(!ssl_inited && !irssi_ssl_init()) return NULL; if(!(fd = g_io_channel_unix_get_fd(handle))) return NULL; + ctx = SSL_CTX_new(SSLv23_client_method()); + if (ctx == NULL) { + g_error("Could not allocate memory for SSL context"); + return NULL; + } + if (mycert && *mycert) { char *scert = NULL, *spkey = NULL; - if ((ctx = SSL_CTX_new(SSLv23_client_method())) == NULL) { - g_error("Could not allocate memory for SSL context"); - return NULL; - } scert = convert_home(mycert); if (mypkey && *mypkey) spkey = convert_home(mypkey); @@ -425,10 +425,6 @@ static GIOChannel *irssi_ssl_get_iochann if ((cafile && *cafile) || (capath && *capath)) { char *scafile = NULL; char *scapath = NULL; - if (! ctx && (ctx = SSL_CTX_new(SSLv23_client_method())) == NULL) { - g_error("Could not allocate memory for SSL context"); - return NULL; - } if (cafile && *cafile) scafile = convert_home(cafile); if (capath && *capath) @@ -443,14 +439,15 @@ static GIOChannel *irssi_ssl_get_iochann g_free(scafile); g_free(scapath); verify = TRUE; + } else { + if (!SSL_CTX_set_default_verify_paths(ctx)) + g_warning("Could not load default certificates"); } - if (ctx == NULL) - ctx = ssl_ctx; - if(!(ssl = SSL_new(ctx))) { g_warning("Failed to allocate SSL structure"); + SSL_CTX_free(ctx); return NULL; } @@ -458,11 +455,13 @@ static GIOChannel *irssi_ssl_get_iochann { g_warning("Failed to associate socket to SSL stream"); SSL_free(ssl); - if (ctx != ssl_ctx) - SSL_CTX_free(ctx); + SSL_CTX_free(ctx); return NULL; } + SSL_set_mode(ssl, SSL_MODE_ENABLE_PARTIAL_WRITE | + SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); + chan = g_new0(GIOSSLChannel, 1); chan->fd = fd; chan->giochan = handle; @@ -536,7 +535,7 @@ int irssi_ssl_handshake(GIOChannel *hand #else /* HAVE_OPENSSL */ -GIOChannel *net_connect_ip_ssl(IPADDR *ip, int port, IPADDR *my_ip, const char *cert, const char *pkey, const char *cafile, const char *capath, gboolean verify) +GIOChannel *net_connect_ip_ssl(IPADDR *ip, int port, const char* hostname, IPADDR *my_ip, const char *cert, const char *pkey, const char *cafile, const char *capath, gboolean verify) { g_warning("Connection failed: SSL support not enabled in this build."); errno = ENOSYS;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor