From 1e4a25b3f7dd1c6ee7926ed6d9c38f135198caec Mon Sep 17 00:00:00 2001 From: Attila Molnar Date: Thu, 5 Mar 2015 16:40:51 +0100 Subject: m_ssl_gnutls Replace ISSL_HANDSHAKING_READ/WRITE with a single state --- src/modules/extra/m_ssl_gnutls.cpp | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) (limited to 'src/modules/extra') diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp index ad182e826..a684e5916 100644 --- a/src/modules/extra/m_ssl_gnutls.cpp +++ b/src/modules/extra/m_ssl_gnutls.cpp @@ -70,7 +70,7 @@ typedef gnutls_certificate_credentials_t gnutls_certificate_credentials; typedef gnutls_dh_params_t gnutls_dh_params; #endif -enum issl_status { ISSL_NONE, ISSL_HANDSHAKING_READ, ISSL_HANDSHAKING_WRITE, ISSL_HANDSHAKEN, ISSL_CLOSING, ISSL_CLOSED }; +enum issl_status { ISSL_NONE, ISSL_HANDSHAKING, ISSL_HANDSHAKEN, ISSL_CLOSING, ISSL_CLOSED }; #if INSPIRCD_GNUTLS_HAS_VERSION(2, 12, 0) #define GNUTLS_NEW_CERT_CALLBACK_API @@ -637,17 +637,16 @@ class GnuTLSIOHook : public SSLIOHook if(ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED) { // Handshake needs resuming later, read() or write() would have blocked. + this->status = ISSL_HANDSHAKING; if (gnutls_record_get_direction(this->sess) == 0) { // gnutls_handshake() wants to read() again. - this->status = ISSL_HANDSHAKING_READ; SocketEngine::ChangeEventMask(user, FD_WANT_POLL_READ | FD_WANT_NO_WRITE); } else { // gnutls_handshake() wants to write() again. - this->status = ISSL_HANDSHAKING_WRITE; SocketEngine::ChangeEventMask(user, FD_WANT_NO_READ | FD_WANT_SINGLE_WRITE); } } @@ -881,7 +880,7 @@ info_done_dealloc: return -1; } - if (this->status == ISSL_HANDSHAKING_READ || this->status == ISSL_HANDSHAKING_WRITE) + if (this->status == ISSL_HANDSHAKING) { // The handshake isn't finished, try to finish it. @@ -936,7 +935,7 @@ info_done_dealloc: return -1; } - if (this->status == ISSL_HANDSHAKING_WRITE || this->status == ISSL_HANDSHAKING_READ) + if (this->status == ISSL_HANDSHAKING) { // The handshake isn't finished, try to finish it. Handshake(user); -- cgit v1.2.3 From e9b021cc990deaf3028cb09efa3db0040b0d62a9 Mon Sep 17 00:00:00 2001 From: Attila Molnar Date: Thu, 5 Mar 2015 16:45:22 +0100 Subject: m_ssl_gnutls, m_ssl_openssl Simplify Handshake() result handling --- src/modules/extra/m_ssl_gnutls.cpp | 27 ++++++++++++--------------- src/modules/extra/m_ssl_openssl.cpp | 34 +++++++++++++--------------------- 2 files changed, 25 insertions(+), 36 deletions(-) (limited to 'src/modules/extra') diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp index a684e5916..0b22788fd 100644 --- a/src/modules/extra/m_ssl_gnutls.cpp +++ b/src/modules/extra/m_ssl_gnutls.cpp @@ -628,7 +628,8 @@ class GnuTLSIOHook : public SSLIOHook status = ISSL_NONE; } - bool Handshake(StreamSocket* user) + // Returns 1 if handshake succeeded, 0 if it is still in progress, -1 if it failed + int Handshake(StreamSocket* user) { int ret = gnutls_handshake(this->sess); @@ -649,15 +650,16 @@ class GnuTLSIOHook : public SSLIOHook // gnutls_handshake() wants to write() again. SocketEngine::ChangeEventMask(user, FD_WANT_NO_READ | FD_WANT_SINGLE_WRITE); } + + return 0; } else { user->SetError("Handshake Failed - " + std::string(gnutls_strerror(ret))); CloseSession(); this->status = ISSL_CLOSING; + return -1; } - - return false; } else { @@ -669,7 +671,7 @@ class GnuTLSIOHook : public SSLIOHook // Finish writing, if any left SocketEngine::ChangeEventMask(user, FD_WANT_POLL_READ | FD_WANT_NO_WRITE | FD_ADD_TRIAL_WRITE); - return true; + return 1; } } @@ -883,13 +885,9 @@ info_done_dealloc: if (this->status == ISSL_HANDSHAKING) { // The handshake isn't finished, try to finish it. - - if (!Handshake(user)) - { - if (this->status != ISSL_CLOSING) - return 0; - return -1; - } + int ret = Handshake(user); + if (ret <= 0) + return ret; } // If we resumed the handshake then this->status will be ISSL_HANDSHAKEN. @@ -938,10 +936,9 @@ info_done_dealloc: if (this->status == ISSL_HANDSHAKING) { // The handshake isn't finished, try to finish it. - Handshake(user); - if (this->status != ISSL_CLOSING) - return 0; - return -1; + int ret = Handshake(user); + if (ret <= 0) + return ret; } int ret = 0; diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp index c1a3bf41a..21227fe6d 100644 --- a/src/modules/extra/m_ssl_openssl.cpp +++ b/src/modules/extra/m_ssl_openssl.cpp @@ -354,7 +354,8 @@ class OpenSSLIOHook : public SSLIOHook bool data_to_write; reference profile; - bool Handshake(StreamSocket* user) + // Returns 1 if handshake succeeded, 0 if it is still in progress, -1 if it failed + int Handshake(StreamSocket* user) { int ret; @@ -372,20 +373,19 @@ class OpenSSLIOHook : public SSLIOHook { SocketEngine::ChangeEventMask(user, FD_WANT_POLL_READ | FD_WANT_NO_WRITE); this->status = ISSL_HANDSHAKING; - return true; + return 0; } else if (err == SSL_ERROR_WANT_WRITE) { SocketEngine::ChangeEventMask(user, FD_WANT_NO_READ | FD_WANT_SINGLE_WRITE); this->status = ISSL_HANDSHAKING; - return true; + return 0; } else { CloseSession(); + return -1; } - - return false; } else if (ret > 0) { @@ -396,13 +396,13 @@ class OpenSSLIOHook : public SSLIOHook SocketEngine::ChangeEventMask(user, FD_WANT_POLL_READ | FD_WANT_NO_WRITE | FD_ADD_TRIAL_WRITE); - return true; + return 1; } else if (ret == 0) { CloseSession(); } - return false; + return -1; } void CloseSession() @@ -540,13 +540,9 @@ class OpenSSLIOHook : public SSLIOHook if (status == ISSL_HANDSHAKING) { // The handshake isn't finished and it wants to read, try to finish it. - if (!Handshake(user)) - { - // Couldn't resume handshake. - if (status == ISSL_NONE) - return -1; - return 0; - } + int ret = Handshake(user); + if (ret <= 0) + return ret; } // If we resumed the handshake then this->status will be ISSL_OPEN @@ -614,13 +610,9 @@ class OpenSSLIOHook : public SSLIOHook if (status == ISSL_HANDSHAKING) { - if (!Handshake(user)) - { - // Couldn't resume handshake. - if (status == ISSL_NONE) - return -1; - return 0; - } + int ret = Handshake(user); + if (ret <= 0) + return ret; } if (status == ISSL_OPEN) -- cgit v1.2.3 From bbbd6c9ac46c040b9769c227f0f3ffbfcd43b0e7 Mon Sep 17 00:00:00 2001 From: Attila Molnar Date: Thu, 5 Mar 2015 16:52:06 +0100 Subject: m_ssl_gnutls, m_ssl_openssl Simplify status handling in IOHook read/write handlers Remove states ISSL_CLOSING and ISSL_CLOSED from m_ssl_gnutls --- src/modules/extra/m_ssl_gnutls.cpp | 13 ++----------- src/modules/extra/m_ssl_openssl.cpp | 11 +++-------- 2 files changed, 5 insertions(+), 19 deletions(-) (limited to 'src/modules/extra') diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp index 0b22788fd..30b54ff8b 100644 --- a/src/modules/extra/m_ssl_gnutls.cpp +++ b/src/modules/extra/m_ssl_gnutls.cpp @@ -70,7 +70,7 @@ typedef gnutls_certificate_credentials_t gnutls_certificate_credentials; typedef gnutls_dh_params_t gnutls_dh_params; #endif -enum issl_status { ISSL_NONE, ISSL_HANDSHAKING, ISSL_HANDSHAKEN, ISSL_CLOSING, ISSL_CLOSED }; +enum issl_status { ISSL_NONE, ISSL_HANDSHAKING, ISSL_HANDSHAKEN }; #if INSPIRCD_GNUTLS_HAS_VERSION(2, 12, 0) #define GNUTLS_NEW_CERT_CALLBACK_API @@ -657,7 +657,6 @@ class GnuTLSIOHook : public SSLIOHook { user->SetError("Handshake Failed - " + std::string(gnutls_strerror(ret))); CloseSession(); - this->status = ISSL_CLOSING; return -1; } } @@ -891,8 +890,6 @@ info_done_dealloc: } // If we resumed the handshake then this->status will be ISSL_HANDSHAKEN. - - if (this->status == ISSL_HANDSHAKEN) { GnuTLS::DataReader reader(sess); int ret = reader.ret(); @@ -918,10 +915,6 @@ info_done_dealloc: return -1; } } - else if (this->status == ISSL_CLOSING) - return -1; - - return 0; } int OnStreamSocketWrite(StreamSocket* user, std::string& sendq) CXX11_OVERRIDE @@ -941,9 +934,9 @@ info_done_dealloc: return ret; } + // Session is ready for transferring application data int ret = 0; - if (this->status == ISSL_HANDSHAKEN) { ret = gnutls_record_send(this->sess, sendq.data(), sendq.length()); @@ -970,8 +963,6 @@ info_done_dealloc: return -1; } } - - return 0; } void TellCiphersAndFingerprint(LocalUser* user) diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp index 21227fe6d..c0ab862d2 100644 --- a/src/modules/extra/m_ssl_openssl.cpp +++ b/src/modules/extra/m_ssl_openssl.cpp @@ -546,8 +546,6 @@ class OpenSSLIOHook : public SSLIOHook } // If we resumed the handshake then this->status will be ISSL_OPEN - - if (status == ISSL_OPEN) { ERR_clear_error(); char* buffer = ServerInstance->GetReadBuffer(); @@ -573,7 +571,7 @@ class OpenSSLIOHook : public SSLIOHook user->SetError("Connection closed"); return -1; } - else if (ret < 0) + else // if (ret < 0) { int err = SSL_get_error(sess, ret); @@ -594,8 +592,6 @@ class OpenSSLIOHook : public SSLIOHook } } } - - return 0; } int OnStreamSocketWrite(StreamSocket* user, std::string& buffer) CXX11_OVERRIDE @@ -615,7 +611,7 @@ class OpenSSLIOHook : public SSLIOHook return ret; } - if (status == ISSL_OPEN) + // Session is ready for transferring application data { ERR_clear_error(); int ret = SSL_write(sess, buffer.data(), buffer.size()); @@ -642,7 +638,7 @@ class OpenSSLIOHook : public SSLIOHook CloseSession(); return -1; } - else if (ret < 0) + else // if (ret < 0) { int err = SSL_get_error(sess, ret); @@ -663,7 +659,6 @@ class OpenSSLIOHook : public SSLIOHook } } } - return 0; } void TellCiphersAndFingerprint(LocalUser* user) -- cgit v1.2.3 From 2972f1ec3fbecb70f7ad7f4f605fb5b9264e8816 Mon Sep 17 00:00:00 2001 From: Attila Molnar Date: Thu, 5 Mar 2015 17:12:34 +0100 Subject: m_ssl_gnutls, m_ssl_openssl Deduplicate Handshake() calling code --- src/modules/extra/m_ssl_gnutls.cpp | 52 +++++++++++++++++-------------------- src/modules/extra/m_ssl_openssl.cpp | 48 ++++++++++++++++------------------ 2 files changed, 47 insertions(+), 53 deletions(-) (limited to 'src/modules/extra') diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp index 30b54ff8b..f8dc85659 100644 --- a/src/modules/extra/m_ssl_gnutls.cpp +++ b/src/modules/extra/m_ssl_gnutls.cpp @@ -778,6 +778,22 @@ info_done_dealloc: gnutls_x509_crt_deinit(cert); } + // Returns 1 if application I/O should proceed, 0 if it must wait for the underlying protocol to progress, -1 on fatal error + int PrepareIO(StreamSocket* sock) + { + if (status == ISSL_HANDSHAKEN) + return 1; + else if (status == ISSL_HANDSHAKING) + { + // The handshake isn't finished, try to finish it + return Handshake(sock); + } + + CloseSession(); + sock->SetError("No SSL session"); + return -1; + } + static const char* UnknownIfNULL(const char* str) { return str ? str : "UNKNOWN"; @@ -874,20 +890,10 @@ info_done_dealloc: int OnStreamSocketRead(StreamSocket* user, std::string& recvq) CXX11_OVERRIDE { - if (!this->sess) - { - CloseSession(); - user->SetError("No SSL session"); - return -1; - } - - if (this->status == ISSL_HANDSHAKING) - { - // The handshake isn't finished, try to finish it. - int ret = Handshake(user); - if (ret <= 0) - return ret; - } + // Finish handshake if needed + int prepret = PrepareIO(user); + if (prepret <= 0) + return prepret; // If we resumed the handshake then this->status will be ISSL_HANDSHAKEN. { @@ -919,20 +925,10 @@ info_done_dealloc: int OnStreamSocketWrite(StreamSocket* user, std::string& sendq) CXX11_OVERRIDE { - if (!this->sess) - { - CloseSession(); - user->SetError("No SSL session"); - return -1; - } - - if (this->status == ISSL_HANDSHAKING) - { - // The handshake isn't finished, try to finish it. - int ret = Handshake(user); - if (ret <= 0) - return ret; - } + // Finish handshake if needed + int prepret = PrepareIO(user); + if (prepret <= 0) + return prepret; // Session is ready for transferring application data int ret = 0; diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp index c0ab862d2..8540ab41f 100644 --- a/src/modules/extra/m_ssl_openssl.cpp +++ b/src/modules/extra/m_ssl_openssl.cpp @@ -502,6 +502,21 @@ class OpenSSLIOHook : public SSLIOHook } #endif + // Returns 1 if application I/O should proceed, 0 if it must wait for the underlying protocol to progress, -1 on fatal error + int PrepareIO(StreamSocket* sock) + { + if (status == ISSL_OPEN) + return 1; + else if (status == ISSL_HANDSHAKING) + { + // The handshake isn't finished, try to finish it + return Handshake(sock); + } + + CloseSession(); + return -1; + } + // Calls our private SSLInfoCallback() friend void StaticSSLInfoCallback(const SSL* ssl, int where, int rc); @@ -531,19 +546,10 @@ class OpenSSLIOHook : public SSLIOHook int OnStreamSocketRead(StreamSocket* user, std::string& recvq) CXX11_OVERRIDE { - if (!sess) - { - CloseSession(); - return -1; - } - - if (status == ISSL_HANDSHAKING) - { - // The handshake isn't finished and it wants to read, try to finish it. - int ret = Handshake(user); - if (ret <= 0) - return ret; - } + // Finish handshake if needed + int prepret = PrepareIO(user); + if (prepret <= 0) + return prepret; // If we resumed the handshake then this->status will be ISSL_OPEN { @@ -596,21 +602,13 @@ class OpenSSLIOHook : public SSLIOHook int OnStreamSocketWrite(StreamSocket* user, std::string& buffer) CXX11_OVERRIDE { - if (!sess) - { - CloseSession(); - return -1; - } + // Finish handshake if needed + int prepret = PrepareIO(user); + if (prepret <= 0) + return prepret; data_to_write = true; - if (status == ISSL_HANDSHAKING) - { - int ret = Handshake(user); - if (ret <= 0) - return ret; - } - // Session is ready for transferring application data { ERR_clear_error(); -- cgit v1.2.3 From ece5c62d5733fd2355657962859cded0758a2dac Mon Sep 17 00:00:00 2001 From: Attila Molnar Date: Thu, 5 Mar 2015 17:17:19 +0100 Subject: m_ssl_gnutls Move GnuTLSIOHook::InitSession() code to constructor and GnuTLS::Profile::SetupSession() --- src/modules/extra/m_ssl_gnutls.cpp | 23 +++++++++-------------- 1 file changed, 9 insertions(+), 14 deletions(-) (limited to 'src/modules/extra') diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp index f8dc85659..7faa8976d 100644 --- a/src/modules/extra/m_ssl_gnutls.cpp +++ b/src/modules/extra/m_ssl_gnutls.cpp @@ -588,6 +588,9 @@ namespace GnuTLS priority.SetupSession(sess); x509cred.SetupSession(sess); gnutls_dh_set_prime_bits(sess, min_dh_bits); + + // Request client certificate if we are a server, no-op if we're a client + gnutls_certificate_server_set_request(sess, GNUTLS_CERT_REQUEST); } const std::string& GetName() const { return name; } @@ -603,19 +606,6 @@ class GnuTLSIOHook : public SSLIOHook issl_status status; reference profile; - void InitSession(StreamSocket* user, bool me_server) - { - gnutls_init(&sess, me_server ? GNUTLS_SERVER : GNUTLS_CLIENT); - - profile->SetupSession(sess); - gnutls_transport_set_ptr(sess, reinterpret_cast(user)); - gnutls_transport_set_push_function(sess, gnutls_push_wrapper); - gnutls_transport_set_pull_function(sess, gnutls_pull_wrapper); - - if (me_server) - gnutls_certificate_server_set_request(sess, GNUTLS_CERT_REQUEST); // Request client certificate if any. - } - void CloseSession() { if (this->sess) @@ -878,7 +868,12 @@ info_done_dealloc: , status(ISSL_NONE) , profile(sslprofile) { - InitSession(sock, outbound); + gnutls_init(&sess, outbound ? GNUTLS_SERVER : GNUTLS_CLIENT); + gnutls_transport_set_ptr(sess, reinterpret_cast(sock)); + gnutls_transport_set_push_function(sess, gnutls_push_wrapper); + gnutls_transport_set_pull_function(sess, gnutls_pull_wrapper); + profile->SetupSession(sess); + sock->AddIOHook(this); Handshake(sock); } -- cgit v1.2.3 From 24854545bdccea24d698772b1946d170af2197fb Mon Sep 17 00:00:00 2001 From: Attila Molnar Date: Thu, 5 Mar 2015 17:26:44 +0100 Subject: m_ssl_gnutls Add typedef for second parameter of gnutls_init() which changed in 2.99 --- src/modules/extra/m_ssl_gnutls.cpp | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'src/modules/extra') diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp index 7faa8976d..0bc7060b8 100644 --- a/src/modules/extra/m_ssl_gnutls.cpp +++ b/src/modules/extra/m_ssl_gnutls.cpp @@ -83,6 +83,14 @@ typedef gnutls_retr_st cert_cb_last_param_type; #define INSPIRCD_GNUTLS_HAS_RECV_PACKET #endif +#if INSPIRCD_GNUTLS_HAS_VERSION(2, 99, 0) +// The second parameter of gnutls_init() has changed in 2.99.0 from gnutls_connection_end_t to unsigned int +// (it became a general flags parameter) and the enum has been deprecated and generates a warning on use. +typedef unsigned int inspircd_gnutls_session_init_flags_t; +#else +typedef gnutls_connection_end_t inspircd_gnutls_session_init_flags_t; +#endif + class RandGen : public HandlerBase2 { public: -- cgit v1.2.3 From a881ff7a322aa8307dc8152206f27c4fd29281cd Mon Sep 17 00:00:00 2001 From: Attila Molnar Date: Thu, 5 Mar 2015 17:28:51 +0100 Subject: m_ssl_gnutls Pass client/server role to GnuTLSIOHook constructor as a GNUTLS_* constant --- src/modules/extra/m_ssl_gnutls.cpp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'src/modules/extra') diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp index 0bc7060b8..12a776b06 100644 --- a/src/modules/extra/m_ssl_gnutls.cpp +++ b/src/modules/extra/m_ssl_gnutls.cpp @@ -870,13 +870,13 @@ info_done_dealloc: } public: - GnuTLSIOHook(IOHookProvider* hookprov, StreamSocket* sock, bool outbound, const reference& sslprofile) + GnuTLSIOHook(IOHookProvider* hookprov, StreamSocket* sock, inspircd_gnutls_session_init_flags_t flags, const reference& sslprofile) : SSLIOHook(hookprov) , sess(NULL) , status(ISSL_NONE) , profile(sslprofile) { - gnutls_init(&sess, outbound ? GNUTLS_SERVER : GNUTLS_CLIENT); + gnutls_init(&sess, flags); gnutls_transport_set_ptr(sess, reinterpret_cast(sock)); gnutls_transport_set_push_function(sess, gnutls_push_wrapper); gnutls_transport_set_pull_function(sess, gnutls_pull_wrapper); @@ -1027,12 +1027,12 @@ class GnuTLSIOHookProvider : public refcountbase, public IOHookProvider void OnAccept(StreamSocket* sock, irc::sockets::sockaddrs* client, irc::sockets::sockaddrs* server) CXX11_OVERRIDE { - new GnuTLSIOHook(this, sock, true, profile); + new GnuTLSIOHook(this, sock, GNUTLS_SERVER, profile); } void OnConnect(StreamSocket* sock) CXX11_OVERRIDE { - new GnuTLSIOHook(this, sock, false, profile); + new GnuTLSIOHook(this, sock, GNUTLS_CLIENT, profile); } }; -- cgit v1.2.3 From 06eb88c10cb7a57ea800e0204b48277de9cb02ca Mon Sep 17 00:00:00 2001 From: Attila Molnar Date: Thu, 5 Mar 2015 17:35:17 +0100 Subject: m_ssl_openssl Specify TLS client/server role on session creation, switch to SSL_do_handshake() --- src/modules/extra/m_ssl_openssl.cpp | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) (limited to 'src/modules/extra') diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp index 8540ab41f..debc17953 100644 --- a/src/modules/extra/m_ssl_openssl.cpp +++ b/src/modules/extra/m_ssl_openssl.cpp @@ -196,9 +196,18 @@ namespace OpenSSL return SSL_CTX_clear_options(ctx, clearoptions); } - SSL* CreateSession() + SSL* CreateServerSession() { - return SSL_new(ctx); + SSL* sess = SSL_new(ctx); + SSL_set_accept_state(sess); // Act as server + return sess; + } + + SSL* CreateClientSession() + { + SSL* sess = SSL_new(ctx); + SSL_set_connect_state(sess); // Act as client + return sess; } }; @@ -324,8 +333,8 @@ namespace OpenSSL } const std::string& GetName() const { return name; } - SSL* CreateServerSession() { return ctx.CreateSession(); } - SSL* CreateClientSession() { return clictx.CreateSession(); } + SSL* CreateServerSession() { return ctx.CreateServerSession(); } + SSL* CreateClientSession() { return clictx.CreateClientSession(); } const EVP_MD* GetDigest() { return digest; } bool AllowRenegotiation() const { return allowrenego; } }; @@ -357,14 +366,8 @@ class OpenSSLIOHook : public SSLIOHook // Returns 1 if handshake succeeded, 0 if it is still in progress, -1 if it failed int Handshake(StreamSocket* user) { - int ret; - ERR_clear_error(); - if (outbound) - ret = SSL_connect(sess); - else - ret = SSL_accept(sess); - + int ret = SSL_do_handshake(sess); if (ret < 0) { int err = SSL_get_error(sess, ret); -- cgit v1.2.3 From b88cec3b943c08e37a4e9f32bdddaa195699268b Mon Sep 17 00:00:00 2001 From: Attila Molnar Date: Thu, 5 Mar 2015 17:36:46 +0100 Subject: m_ssl_openssl Remove OpenSSLIOHook::outbound and is_outbound constructor parameter --- src/modules/extra/m_ssl_openssl.cpp | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) (limited to 'src/modules/extra') diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp index debc17953..0fd4608be 100644 --- a/src/modules/extra/m_ssl_openssl.cpp +++ b/src/modules/extra/m_ssl_openssl.cpp @@ -359,7 +359,6 @@ class OpenSSLIOHook : public SSLIOHook private: SSL* sess; issl_status status; - const bool outbound; bool data_to_write; reference profile; @@ -524,11 +523,10 @@ class OpenSSLIOHook : public SSLIOHook friend void StaticSSLInfoCallback(const SSL* ssl, int where, int rc); public: - OpenSSLIOHook(IOHookProvider* hookprov, StreamSocket* sock, bool is_outbound, SSL* session, const reference& sslprofile) + OpenSSLIOHook(IOHookProvider* hookprov, StreamSocket* sock, SSL* session, const reference& sslprofile) : SSLIOHook(hookprov) , sess(session) , status(ISSL_NONE) - , outbound(is_outbound) , data_to_write(false) , profile(sslprofile) { @@ -711,12 +709,12 @@ class OpenSSLIOHookProvider : public refcountbase, public IOHookProvider void OnAccept(StreamSocket* sock, irc::sockets::sockaddrs* client, irc::sockets::sockaddrs* server) CXX11_OVERRIDE { - new OpenSSLIOHook(this, sock, false, profile->CreateServerSession(), profile); + new OpenSSLIOHook(this, sock, profile->CreateServerSession(), profile); } void OnConnect(StreamSocket* sock) CXX11_OVERRIDE { - new OpenSSLIOHook(this, sock, true, profile->CreateClientSession(), profile); + new OpenSSLIOHook(this, sock, profile->CreateClientSession(), profile); } }; -- cgit v1.2.3