summaryrefslogtreecommitdiff
path: root/kike.c
diff options
context:
space:
mode:
authorPřemysl Janouch <p.janouch@gmail.com>2015-07-15 23:34:36 +0200
committerPřemysl Janouch <p.janouch@gmail.com>2015-07-15 23:34:36 +0200
commit6f3b48e4eb7538ba2974730b1c09d752278ec93a (patch)
tree9de1d6d7e06f2be51cc83e05fe6b6c0a0a038483 /kike.c
parentc8496a83d88998ede42f04ce16b1daf6c7d39477 (diff)
downloadxK-6f3b48e4eb7538ba2974730b1c09d752278ec93a.tar.gz
xK-6f3b48e4eb7538ba2974730b1c09d752278ec93a.tar.xz
xK-6f3b48e4eb7538ba2974730b1c09d752278ec93a.zip
SSL -> TLS; fix error handling
Diffstat (limited to 'kike.c')
-rw-r--r--kike.c42
1 files changed, 23 insertions, 19 deletions
diff --git a/kike.c b/kike.c
index bcbc4c6..bd1dab9 100644
--- a/kike.c
+++ b/kike.c
@@ -44,11 +44,11 @@ static struct config_item g_config_table[] =
{ "bind_host", NULL, "Address of the IRC server" },
{ "bind_port", "6667", "Port of the IRC server" },
- { "ssl_cert", NULL, "Server SSL certificate (PEM)" },
- { "ssl_key", NULL, "Server SSL private key (PEM)" },
+ { "ssl_cert", NULL, "Server TLS certificate (PEM)" },
+ { "ssl_key", NULL, "Server TLS private key (PEM)" },
{ "ssl_ciphers", DEFAULT_CIPHERS, "OpenSSL cipher list" },
- { "operators", NULL, "IRCop SSL cert. fingerprints" },
+ { "operators", NULL, "IRCop TLS cert. fingerprints" },
{ "max_connections", "0", "Global connection limit" },
{ "ping_interval", "180", "Interval between PING's (sec)" },
@@ -624,7 +624,7 @@ struct server_context
unsigned max_connections; ///< Max. connections allowed or 0
struct str_vector motd; ///< MOTD (none if empty)
nl_catd catalog; ///< Message catalog for server msgs
- struct str_map operators; ///< SSL cert. fingerprints for IRCops
+ struct str_map operators; ///< TLS cert. fingerprints for IRCops
};
static void
@@ -1206,7 +1206,7 @@ irc_try_finish_registration (struct client *c)
hard_assert (c->ssl_cert_fingerprint == NULL);
if ((c->ssl_cert_fingerprint = client_get_ssl_cert_fingerprint (c)))
client_send (c, ":%s NOTICE %s :"
- "Your SSL client certificate fingerprint is %s",
+ "Your TLS client certificate fingerprint is %s",
ctx->server_name, c->nickname, c->ssl_cert_fingerprint);
str_map_set (&ctx->whowas, c->nickname, NULL);
@@ -1394,7 +1394,7 @@ irc_handle_pass (const struct irc_message *msg, struct client *c)
else if (msg->params.len < 1)
irc_send_reply (c, IRC_ERR_NEEDMOREPARAMS, msg->command);
- // We have SSL client certificates for this purpose; ignoring
+ // We have TLS client certificates for this purpose; ignoring
}
static void
@@ -1653,7 +1653,7 @@ irc_handle_user_mode_change (struct client *c, const char *mode_string)
&& str_map_find (&c->ctx->operators, c->ssl_cert_fingerprint))
new_mode |= IRC_USER_MODE_OPERATOR;
else
- client_send (c, ":%s NOTICE %s :Either you're not using an SSL"
+ client_send (c, ":%s NOTICE %s :Either you're not using an TLS"
" client certificate, or the fingerprint doesn't match",
c->ctx->server_name, c->nickname);
break;
@@ -3256,26 +3256,28 @@ client_initialize_ssl (struct client *c)
const char *error_info = NULL;
if (!c->ctx->ssl_ctx)
{
- error_info = "SSL support disabled";
+ error_info = "TLS support disabled";
goto error_ssl_1;
}
+ ERR_clear_error ();
+
c->ssl = SSL_new (c->ctx->ssl_ctx);
if (!c->ssl)
- goto error_ssl_1;
- if (!SSL_set_fd (c->ssl, c->socket_fd))
goto error_ssl_2;
+ if (!SSL_set_fd (c->ssl, c->socket_fd))
+ goto error_ssl_3;
SSL_set_accept_state (c->ssl);
return true;
-error_ssl_2:
+error_ssl_3:
SSL_free (c->ssl);
c->ssl = NULL;
+error_ssl_2:
+ error_info = ERR_reason_error_string (ERR_get_error ());
error_ssl_1:
- if (!error_info)
- error_info = ERR_reason_error_string (ERR_get_error ());
- print_debug ("could not initialize SSL for %s: %s", c->address, error_info);
+ print_debug ("could not initialize TLS for %s: %s", c->address, error_info);
return false;
}
@@ -3480,10 +3482,12 @@ static bool
irc_initialize_ssl_ctx (struct server_context *ctx,
const char *cert_path, const char *key_path, struct error **e)
{
+ ERR_clear_error ();
+
ctx->ssl_ctx = SSL_CTX_new (SSLv23_server_method ());
if (!ctx->ssl_ctx)
{
- error_set (e, "%s: %s", "could not initialize SSL",
+ error_set (e, "%s: %s", "could not initialize TLS",
ERR_reason_error_string (ERR_get_error ()));
return false;
}
@@ -3510,11 +3514,11 @@ irc_initialize_ssl_ctx (struct server_context *ctx,
if (!SSL_CTX_set_cipher_list (ctx->ssl_ctx, ciphers))
error_set (e, "failed to select any cipher from the cipher list");
else if (!SSL_CTX_use_certificate_chain_file (ctx->ssl_ctx, cert_path))
- error_set (e, "%s: %s", "setting the SSL client certificate failed",
+ error_set (e, "%s: %s", "setting the TLS certificate failed",
ERR_reason_error_string (ERR_get_error ()));
else if (!SSL_CTX_use_PrivateKey_file
(ctx->ssl_ctx, key_path, SSL_FILETYPE_PEM))
- error_set (e, "%s: %s", "setting the SSL private key failed",
+ error_set (e, "%s: %s", "setting the TLS private key failed",
ERR_reason_error_string (ERR_get_error ()));
else
// TODO: SSL_CTX_check_private_key()? It has probably already been
@@ -3538,9 +3542,9 @@ irc_initialize_ssl (struct server_context *ctx, struct error **e)
return true;
if (!ssl_cert)
- error_set (e, "no SSL certificate set");
+ error_set (e, "no TLS certificate set");
else if (!ssl_key)
- error_set (e, "no SSL private key set");
+ error_set (e, "no TLS private key set");
if (!ssl_cert || !ssl_key)
return false;