From 216f6a152333b38a8563c570eb237c27585deedb Mon Sep 17 00:00:00 2001
From: Luke Bratch <luke@bratch.co.uk>
Date: Mon, 13 May 2019 00:07:15 +0100
Subject: Implement optional TLS for the server side.

---
 sockets.c | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

(limited to 'sockets.c')

diff --git a/sockets.c b/sockets.c
index c5ea41f..943b15c 100644
--- a/sockets.c
+++ b/sockets.c
@@ -135,11 +135,17 @@ void cleanup_openssl() {
   EVP_cleanup();
 }
 
-SSL_CTX *create_context() {
+// Create OpenSSL context, type = 0 for IRC server-side (OpenSSL client)
+// or type = 1 for bouncer client-side (OpenSSL server)
+SSL_CTX *create_openssl_context(int type) {
   const SSL_METHOD *method;
   SSL_CTX *ctx;
 
-  method = SSLv23_server_method();
+  if (type == 0) {
+    method = SSLv23_client_method();
+  } else {
+    method = SSLv23_server_method();
+  }
 
   ctx = SSL_CTX_new(method);
   if (!ctx) {
@@ -151,10 +157,17 @@ SSL_CTX *create_context() {
   return ctx;
 }
 
-void configure_context(SSL_CTX *ctx, char *certfile, char *keyfile) {
+// Configure OpenSSL context, with certfile and keyfile provided if
+// IRC server-side or set to NULL if bouncer client-side
+void configure_openssl_context(SSL_CTX *ctx, char *certfile, char *keyfile) {
   SSL_CTX_set_ecdh_auto(ctx, 1);
 
-  /* Set the key and cert */
+  /* Set the key and cert if set or return if not */
+
+  if (certfile == NULL || keyfile == NULL) {
+    return;
+  }
+
   if (SSL_CTX_use_certificate_file(ctx, certfile, SSL_FILETYPE_PEM) <= 0) {
     ERR_print_errors_fp(stderr);
     exit(EXIT_FAILURE);
-- 
cgit v1.2.3