1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
|
// TLS handler for HaxServ
//
// Written by: Test_User <hax@andrewyu.org>
//
// This is free and unencumbered software released into the public
// domain.
//
// Anyone is free to copy, modify, publish, use, compile, sell, or
// distribute this software, either in source code form or as a compiled
// binary, for any purpose, commercial or non-commercial, and by any
// means.
//
// In jurisdictions that recognize copyright laws, the author or authors
// of this software dedicate any and all copyright interest in the
// software to the public domain. We make this dedication for the benefit
// of the public at large and to the detriment of our heirs and
// successors. We intend this dedication to be an overt act of
// relinquishment in perpetuity of all present and future rights to this
// software under copyright law.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
// IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
// OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
// ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
// OTHER DEALINGS IN THE SOFTWARE.
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/x509v3.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <arpa/inet.h>
#include "network.h"
#include "config.h"
#include "types.h"
SSL *ssl;
SSL_CTX *ctx;
int fd;
int connect_tls(void) {
// TODO: free used things on failure
SSL_library_init();
SSL_load_error_strings();
const SSL_METHOD *method = TLS_client_method();
if (method == NULL)
return 1;
ctx = SSL_CTX_new(method);
if (ctx == NULL)
return 2;
SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION);
int success = SSL_CTX_load_verify_locations(ctx, X509_get_default_cert_file(), NULL);
success |= SSL_CTX_load_verify_locations(ctx, NULL, X509_get_default_cert_dir());
if (!success)
return 3;
fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if (fd == -1)
return 4;
ssl = SSL_new(ctx);
if (ssl == NULL)
return 5;
X509_VERIFY_PARAM *param = SSL_get0_param(ssl);
X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_WILDCARDS);
if (!X509_VERIFY_PARAM_set1_host(param, address.data, address.len))
return 6;
SSL_set_verify(ssl, SSL_VERIFY_PEER, NULL);
struct sockaddr sockaddr;
resolve(address.data, port.data, &sockaddr);
int ret = connect(fd, &sockaddr, sizeof(sockaddr));
if (ret != 0)
return 7;
if (SSL_set_fd(ssl, fd) != 1)
return 8;
ret = SSL_connect(ssl);
if (ret != 1)
return 9;
return 0;
}
|