moparisthebest
/
hexchat
mirror of https://github.com/moparisthebest/hexchat
1
0
Fork 0
Code Issues Releases Wiki Activity

ssl: Don't use global openssl context 

Fixes #789
This commit is contained in:
TingPing 2014-10-22 05:24:29 -04:00
parent f83d78dd28
commit 4b6215051f
3 changed files with 13 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/common/hexchat.c
View File

@ -55,11 +55,6 @@
#include <glib-object.h> /* for g_type_init() */ #include <glib-object.h> /* for g_type_init() */
#endif #endif
#ifdef USE_OPENSSL
#include <openssl/ssl.h> /* SSL_() */
#include "ssl.h"
#endif
#ifdef USE_MSPROXY #ifdef USE_MSPROXY
#include "msproxy.h" #include "msproxy.h"
#endif #endif
@ -118,10 +113,6 @@ struct session *current_tab;
struct session *current_sess = 0; struct session *current_sess = 0;
struct hexchatprefs prefs; struct hexchatprefs prefs;
#ifdef USE_OPENSSL
SSL_CTX *ctx = NULL;
#endif
#ifdef USE_LIBPROXY #ifdef USE_LIBPROXY
pxProxyFactory *libproxy_factory; pxProxyFactory *libproxy_factory;
#endif #endif
@ -1114,11 +1105,6 @@ main (int argc, char *argv[])
px_proxy_factory_free(libproxy_factory); px_proxy_factory_free(libproxy_factory);
#endif #endif
#ifdef USE_OPENSSL
if (ctx)
_SSL_context_free (ctx);
#endif
#ifdef WIN32 #ifdef WIN32
WSACleanup (); WSACleanup ();
#endif #endif

1
src/common/hexchat.h
View File

@ -502,6 +502,7 @@ typedef struct server
struct msproxy_state_t msp_state; struct msproxy_state_t msp_state;
int id; /* unique ID number (for plugin API) */ int id; /* unique ID number (for plugin API) */
#ifdef USE_OPENSSL #ifdef USE_OPENSSL
SSL_CTX *ctx;
SSL *ssl; SSL *ssl;
int ssl_do_connect_tag; int ssl_do_connect_tag;
#else #else

21
src/common/server.c
View File

@ -76,7 +76,6 @@
#endif #endif
#ifdef USE_OPENSSL #ifdef USE_OPENSSL
extern SSL_CTX *ctx; /* hexchat.c */
/* local variables */ /* local variables */
static struct session *g_sess = NULL; static struct session *g_sess = NULL;
#endif #endif
@ -861,8 +860,8 @@ server_connect_success (server *serv)
/* it'll be a memory leak, if connection isn't terminated by /* it'll be a memory leak, if connection isn't terminated by
server_cleanup() */ server_cleanup() */
serv->ssl = _SSL_socket (ctx, serv->sok); serv->ssl = _SSL_socket (serv->ctx, serv->sok);
if ((err = _SSL_set_verify (ctx, ssl_cb_verify, NULL))) if ((err = _SSL_set_verify (serv->ctx, ssl_cb_verify, NULL)))
{ {
EMIT_SIGNAL (XP_TE_CONNFAIL, serv->server_session, err, NULL, EMIT_SIGNAL (XP_TE_CONNFAIL, serv->server_session, err, NULL,
NULL, NULL, 0); NULL, NULL, 0);
@ -1666,9 +1665,9 @@ server_connect (server *serv, char *hostname, int port, int no_login)
session *sess = serv->server_session; session *sess = serv->server_session;
#ifdef USE_OPENSSL #ifdef USE_OPENSSL
if (!ctx && serv->use_ssl) if (!serv->ctx && serv->use_ssl)
{ {
if (!(ctx = _SSL_context_init (ssl_cb_info, FALSE))) if (!(serv->ctx = _SSL_context_init (ssl_cb_info, FALSE)))
{ {
fprintf (stderr, "_SSL_context_init failed\n"); fprintf (stderr, "_SSL_context_init failed\n");
exit (1); exit (1);
@ -1711,18 +1710,18 @@ server_connect (server *serv, char *hostname, int port, int no_login)
/* first try network specific cert/key */ /* first try network specific cert/key */
cert_file = g_strdup_printf ("%s" G_DIR_SEPARATOR_S "certs" G_DIR_SEPARATOR_S "%s.pem", cert_file = g_strdup_printf ("%s" G_DIR_SEPARATOR_S "certs" G_DIR_SEPARATOR_S "%s.pem",
get_xdir (), server_get_network (serv, TRUE)); get_xdir (), server_get_network (serv, TRUE));
if (SSL_CTX_use_certificate_file (ctx, cert_file, SSL_FILETYPE_PEM) == 1) if (SSL_CTX_use_certificate_file (serv->ctx, cert_file, SSL_FILETYPE_PEM) == 1)
{ {
if (SSL_CTX_use_PrivateKey_file (ctx, cert_file, SSL_FILETYPE_PEM) == 1) if (SSL_CTX_use_PrivateKey_file (serv->ctx, cert_file, SSL_FILETYPE_PEM) == 1)
serv->have_cert = TRUE; serv->have_cert = TRUE;
} }
else else
{ {
/* if that doesn't exist, try <config>/certs/client.pem */ /* if that doesn't exist, try <config>/certs/client.pem */
cert_file = g_build_filename (get_xdir (), "certs", "client.pem", NULL); cert_file = g_build_filename (get_xdir (), "certs", "client.pem", NULL);
if (SSL_CTX_use_certificate_file (ctx, cert_file, SSL_FILETYPE_PEM) == 1) if (SSL_CTX_use_certificate_file (serv->ctx, cert_file, SSL_FILETYPE_PEM) == 1)
{ {
if (SSL_CTX_use_PrivateKey_file (ctx, cert_file, SSL_FILETYPE_PEM) == 1) if (SSL_CTX_use_PrivateKey_file (serv->ctx, cert_file, SSL_FILETYPE_PEM) == 1)
serv->have_cert = TRUE; serv->have_cert = TRUE;
} }
} }
@ -2047,6 +2046,10 @@ server_free (server *serv)
free (serv->encoding); free (serv->encoding);
if (serv->favlist) if (serv->favlist)
g_slist_free_full (serv->favlist, (GDestroyNotify) servlist_favchan_free); g_slist_free_full (serv->favlist, (GDestroyNotify) servlist_favchan_free);
#ifdef USE_OPENSSL
if (serv->ctx)
_SSL_context_free (serv->ctx);
#endif
fe_server_callback (serv); fe_server_callback (serv);