From aeb047260fefa187f5b2c5c740280c81b9ccb8f4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?P=C5=99emysl=20Janouch?= Date: Wed, 9 Dec 2015 00:53:56 +0100 Subject: Bump liberty, enable TLS SNI Involves some rewrites to fit the new APIs. SNI has been implemented Mostly just because we can, I don't think it's widely in use and kike doesn't support this feature of the protocol either. --- degesch.c | 48 ++++++++++++++++++------------------------------ 1 file changed, 18 insertions(+), 30 deletions(-) (limited to 'degesch.c') diff --git a/degesch.c b/degesch.c index 59a60a0..7163098 100644 --- a/degesch.c +++ b/degesch.c @@ -1150,7 +1150,7 @@ enum transport_io_result struct transport { /// Initialize the transport - bool (*init) (struct server *s, struct error **e); + bool (*init) (struct server *s, const char *hostname, struct error **e); /// Destroy the user data pointer void (*cleanup) (struct server *s); @@ -4492,7 +4492,7 @@ transport_tls_init_cert (struct server *s, SSL *ssl, struct error **e) } static bool -transport_tls_init (struct server *s, struct error **e) +transport_tls_init (struct server *s, const char *hostname, struct error **e) { ERR_clear_error (); @@ -4519,6 +4519,12 @@ transport_tls_init (struct server *s, struct error **e) if (!SSL_set_fd (ssl, s->socket)) goto error_ssl_3; + // Enable SNI, FWIW; literal IP addresses aren't allowed + struct in6_addr dummy; + if (!inet_pton (AF_INET, hostname, &dummy) + && !inet_pton (AF_INET6, hostname, &dummy)) + SSL_set_tlsext_host_name (ssl, hostname); + struct transport_tls_data *data = xcalloc (1, sizeof *data); data->ssl_ctx = ssl_ctx; data->ssl = ssl; @@ -4749,7 +4755,7 @@ irc_register (struct server *s) } static void -irc_finish_connection (struct server *s, int socket) +irc_finish_connection (struct server *s, int socket, const char *hostname) { struct app_context *ctx = s->ctx; @@ -4766,7 +4772,7 @@ irc_finish_connection (struct server *s, int socket) : &g_transport_plain; struct error *e = NULL; - if (s->transport->init && !s->transport->init (s, &e)) + if (s->transport->init && !s->transport->init (s, hostname, &e)) { log_server_error (s, s->buffer, "Connection failed: #s", e->message); error_free (e); @@ -4837,16 +4843,17 @@ irc_on_connector_failure (void *user_data) } static void -irc_on_connector_connected (void *user_data, int socket) +irc_on_connector_connected (void *user_data, int socket, const char *hostname) { struct server *s = user_data; + char *hostname_copy = xstrdup (hostname); irc_destroy_connector (s); - irc_finish_connection (s, socket); + irc_finish_connection (s, socket, hostname_copy); + free (hostname_copy); } -static bool -irc_setup_connector (struct server *s, - const struct str_vector *addresses, struct error **e) +static void +irc_setup_connector (struct server *s, const struct str_vector *addresses) { struct connector *connector = xmalloc (sizeof *connector); connector_init (connector, &s->ctx->poller); @@ -4858,31 +4865,12 @@ irc_setup_connector (struct server *s, connector->on_connected = irc_on_connector_connected; connector->on_failure = irc_on_connector_failure; - bool at_least_one_address_succeeded = false; for (size_t i = 0; i < addresses->len; i++) { char *host, *port; irc_split_host_port (addresses->vector[i], &host, &port); - - struct error *error = NULL; - if (connector_add_target (connector, host, port, &error)) - at_least_one_address_succeeded = true; - else - { - log_server_error (s, s->buffer, - "Address resolution failed for #&s: #s", - format_host_port_pair (host, port), error->message); - error_free (error); - } - } - if (!at_least_one_address_succeeded) - { - error_set (e, "No address to connect to"); - return false; + connector_add_target (connector, host, port); } - - connector_step (connector); - return true; } // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -4963,7 +4951,7 @@ irc_initiate_connect (struct server *s) struct error *e = NULL; if (!irc_setup_connector_socks (s, &servers, &e) && !e) - irc_setup_connector (s, &servers, &e); + irc_setup_connector (s, &servers); str_vector_free (&servers); -- cgit v1.2.3