diff options
author | Luke Bratch <luke@bratch.co.uk> | 2019-05-13 00:07:15 +0100 |
---|---|---|
committer | Luke Bratch <luke@bratch.co.uk> | 2019-05-13 00:07:15 +0100 |
commit | 216f6a152333b38a8563c570eb237c27585deedb (patch) | |
tree | 1d376e9c40dcea8d1ed09213ebe820a8e761ea13 /sockets.c | |
parent | 8869477885718844d368b48774f926489385e3b3 (diff) |
Implement optional TLS for the server side.
Diffstat (limited to 'sockets.c')
-rw-r--r-- | sockets.c | 21 |
1 files changed, 17 insertions, 4 deletions
@@ -135,11 +135,17 @@ void cleanup_openssl() { EVP_cleanup(); } -SSL_CTX *create_context() { +// Create OpenSSL context, type = 0 for IRC server-side (OpenSSL client) +// or type = 1 for bouncer client-side (OpenSSL server) +SSL_CTX *create_openssl_context(int type) { const SSL_METHOD *method; SSL_CTX *ctx; - method = SSLv23_server_method(); + if (type == 0) { + method = SSLv23_client_method(); + } else { + method = SSLv23_server_method(); + } ctx = SSL_CTX_new(method); if (!ctx) { @@ -151,10 +157,17 @@ SSL_CTX *create_context() { return ctx; } -void configure_context(SSL_CTX *ctx, char *certfile, char *keyfile) { +// Configure OpenSSL context, with certfile and keyfile provided if +// IRC server-side or set to NULL if bouncer client-side +void configure_openssl_context(SSL_CTX *ctx, char *certfile, char *keyfile) { SSL_CTX_set_ecdh_auto(ctx, 1); - /* Set the key and cert */ + /* Set the key and cert if set or return if not */ + + if (certfile == NULL || keyfile == NULL) { + return; + } + if (SSL_CTX_use_certificate_file(ctx, certfile, SSL_FILETYPE_PEM) <= 0) { ERR_print_errors_fp(stderr); exit(EXIT_FAILURE); |