diff options
| author | Luke Bratch <luke@bratch.co.uk> | 2026-04-02 21:13:20 +0200 |
|---|---|---|
| committer | Luke Bratch <luke@bratch.co.uk> | 2026-04-02 21:13:20 +0200 |
| commit | 6404663b4588d606adfc06dbceeca24a4c748122 (patch) | |
| tree | 41b6e2ea4eb126020553b261353faf0ad6f1b53d | |
| parent | 4a51c367fa192adba69fac4bf0305ed38290ef19 (diff) | |
Remove/update deprecated OpenSSL functions, change certificate PEM loading to allow loading a chain rather than just a single certificate.
| -rw-r--r-- | blabouncer.conf.example | 6 | ||||
| -rw-r--r-- | config.c | 6 | ||||
| -rw-r--r-- | sockets.c | 8 |
3 files changed, 11 insertions, 9 deletions
diff --git a/blabouncer.conf.example b/blabouncer.conf.example index f5007c4..3694f35 100644 --- a/blabouncer.conf.example +++ b/blabouncer.conf.example @@ -86,11 +86,13 @@ ircserverport = "6697" # Things such as the logs directory will be placed below this #basedir = "/home/foo/.blabouncer/" -# Certificate file (defaults to <basedir>/cert.pem) +# Certificate chain PEM file (defaults to <basedir>/cert.pem) +# Can contain either a single certificate, or a chain of certificates starting with the subject and +# ending with the root issuer # If clienttls = "0" then this need not be set #certfile = "/home/foo/.blabouncer/cert.pem" -# Certificate key file (defaults to <basedir>/key.pem) +# Private key PEM file (defaults to <basedir>/key.pem) # If clienttls = "0" then this need not be set #keyfile = "/home/foo/.blabouncer/key.pem" @@ -398,11 +398,13 @@ int createconfigfile(char *filename) { "# Things such as the logs directory will be placed below this\n" "#basedir = \"/home/foo/.blabouncer/\"\n" "\n" - "# Certificate file (defaults to <basedir>/cert.pem)\n" + "# Certificate chain PEM file (defaults to <basedir>/cert.pem)\n" + "# Can contain either a single certificate, or a chain of certificates starting with the subject and\n" + "# ending with the root issuer\n" "# If clienttls = \"0\" then this need not be set\n" "#certfile = \"/home/foo/.blabouncer/cert.pem\"\n" "\n" - "# Certificate key file (defaults to <basedir>/key.pem)\n" + "# Private key PEM file (defaults to <basedir>/key.pem)\n" "# If clienttls = \"0\" then this need not be set\n" "#keyfile = \"/home/foo/.blabouncer/key.pem\"\n" "\n" @@ -173,9 +173,9 @@ SSL_CTX *create_openssl_context(int type) { SSL_CTX *ctx; if (type == 0) { - method = SSLv23_client_method(); + method = TLS_client_method(); } else { - method = SSLv23_server_method(); + method = TLS_server_method(); } ctx = SSL_CTX_new(method); @@ -192,15 +192,13 @@ SSL_CTX *create_openssl_context(int type) { // Configure OpenSSL context, with certfile and keyfile provided if // IRC server-side or set to NULL if bouncer client-side void configure_openssl_context(SSL_CTX *ctx, char *certfile, char *keyfile) { - SSL_CTX_set_ecdh_auto(ctx, 1); - /* Set the key and cert if set or return if not */ if (certfile == NULL || keyfile == NULL) { return; } - if (SSL_CTX_use_certificate_file(ctx, certfile, SSL_FILETYPE_PEM) <= 0) { + if (SSL_CTX_use_certificate_chain_file(ctx, certfile) <= 0) { ERR_print_errors_fp(stderr); printf("Couldn't load certificate file '%s'. Hint: You can generate your own with OpenSSL. Once created, set its location in blabouncer.conf which by default is in ~/.blabouncer/.\n", certfile); debugprint(DEBUG_CRIT, "Couldn't load certificate file '%s'. Hint: You can generate your own with OpenSSL. Once created, set its location in blabouncer.conf which by default is in ~/.blabouncer/.\n", certfile); |