summaryrefslogtreecommitdiff
path: root/sockets.c
diff options
context:
space:
mode:
authorLuke Bratch <luke@bratch.co.uk>2019-05-13 00:07:15 +0100
committerLuke Bratch <luke@bratch.co.uk>2019-05-13 00:07:15 +0100
commit216f6a152333b38a8563c570eb237c27585deedb (patch)
tree1d376e9c40dcea8d1ed09213ebe820a8e761ea13 /sockets.c
parent8869477885718844d368b48774f926489385e3b3 (diff)
Implement optional TLS for the server side.
Diffstat (limited to 'sockets.c')
-rw-r--r--sockets.c21
1 files changed, 17 insertions, 4 deletions
diff --git a/sockets.c b/sockets.c
index c5ea41f..943b15c 100644
--- a/sockets.c
+++ b/sockets.c
@@ -135,11 +135,17 @@ void cleanup_openssl() {
EVP_cleanup();
}
-SSL_CTX *create_context() {
+// Create OpenSSL context, type = 0 for IRC server-side (OpenSSL client)
+// or type = 1 for bouncer client-side (OpenSSL server)
+SSL_CTX *create_openssl_context(int type) {
const SSL_METHOD *method;
SSL_CTX *ctx;
- method = SSLv23_server_method();
+ if (type == 0) {
+ method = SSLv23_client_method();
+ } else {
+ method = SSLv23_server_method();
+ }
ctx = SSL_CTX_new(method);
if (!ctx) {
@@ -151,10 +157,17 @@ SSL_CTX *create_context() {
return ctx;
}
-void configure_context(SSL_CTX *ctx, char *certfile, char *keyfile) {
+// Configure OpenSSL context, with certfile and keyfile provided if
+// IRC server-side or set to NULL if bouncer client-side
+void configure_openssl_context(SSL_CTX *ctx, char *certfile, char *keyfile) {
SSL_CTX_set_ecdh_auto(ctx, 1);
- /* Set the key and cert */
+ /* Set the key and cert if set or return if not */
+
+ if (certfile == NULL || keyfile == NULL) {
+ return;
+ }
+
if (SSL_CTX_use_certificate_file(ctx, certfile, SSL_FILETYPE_PEM) <= 0) {
ERR_print_errors_fp(stderr);
exit(EXIT_FAILURE);