X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?a=blobdiff_plain;ds=sidebyside;f=src%2Fngircd%2Fconn-ssl.c;h=595cb615e6e78ed192f154a016c5ea5d3778e2d2;hb=849f85a05c17828c592bed26bd99707f211fad1c;hp=4156fb192a0b990c644f014c30848ab5d433db75;hpb=a919e02ba1670277fd5a501e8c112b7c5e9771ac;p=ngircd-alex.git diff --git a/src/ngircd/conn-ssl.c b/src/ngircd/conn-ssl.c index 4156fb19..595cb615 100644 --- a/src/ngircd/conn-ssl.c +++ b/src/ngircd/conn-ssl.c @@ -61,7 +61,7 @@ static gnutls_dh_params_t dh_params; static bool ConnSSL_LoadServerKey_gnutls PARAMS(( void )); #endif -#define CERTFP_LEN (20 * 2 + 1) +#define SHA1_STRING_LEN (20 * 2 + 1) static bool ConnSSL_Init_SSL PARAMS(( CONNECTION *c )); static int ConnectAccept PARAMS(( CONNECTION *c, bool connect )); @@ -285,8 +285,10 @@ ConnSSL_InitLibrary( void ) if (!RAND_status()) { Log(LOG_ERR, "OpenSSL PRNG not seeded: /dev/urandom missing?"); /* - * it is probably best to fail and let the user install EGD or a similar program if no kernel random device is available. - * According to OpenSSL RAND_egd(3): "The automatic query of /var/run/egd-pool et al was added in OpenSSL 0.9.7"; + * it is probably best to fail and let the user install EGD or + * a similar program if no kernel random device is available. + * According to OpenSSL RAND_egd(3): "The automatic query of + * /var/run/egd-pool et al was added in OpenSSL 0.9.7"; * so it makes little sense to deal with PRNGD seeding ourselves. */ array_free(&Conf_SSLOptions.ListenPorts); @@ -305,7 +307,8 @@ ConnSSL_InitLibrary( void ) SSL_CTX_set_options(newctx, SSL_OP_SINGLE_DH_USE|SSL_OP_NO_SSLv2); SSL_CTX_set_mode(newctx, SSL_MODE_ENABLE_PARTIAL_WRITE); - SSL_CTX_set_verify(newctx, SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE, Verify_openssl); + SSL_CTX_set_verify(newctx, SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE, + Verify_openssl); SSL_CTX_free(ssl_ctx); ssl_ctx = newctx; Log(LOG_INFO, "%s initialized.", SSLeay_version(SSLEAY_VERSION)); @@ -318,12 +321,17 @@ out: #ifdef HAVE_LIBGNUTLS int err; static bool initialized; - if (initialized) /* TODO: cannot reload gnutls keys: can't simply free x509 context -- it may still be in use */ + + if (initialized) { + /* TODO: cannot reload gnutls keys: can't simply free x509 + * context -- it may still be in use */ return false; + } err = gnutls_global_init(); if (err) { - Log(LOG_ERR, "Failed to initialize GnuTLS: %s", gnutls_strerror(err)); + Log(LOG_ERR, "Failed to initialize GnuTLS: %s", + gnutls_strerror(err)); array_free(&Conf_SSLOptions.ListenPorts); return false; } @@ -723,7 +731,7 @@ ConnSSL_InitCertFp( CONNECTION *c ) assert(c->ssl_state.fingerprint == NULL); - c->ssl_state.fingerprint = malloc(CERTFP_LEN); + c->ssl_state.fingerprint = malloc(SHA1_STRING_LEN); if (!c->ssl_state.fingerprint) return 0; @@ -858,7 +866,7 @@ bool ConnSSL_SetCertFp(CONNECTION *c, const char *fingerprint) { assert (c != NULL); - c->ssl_state.fingerprint = strdup(fingerprint); + c->ssl_state.fingerprint = strndup(fingerprint, SHA1_STRING_LEN - 1); return c->ssl_state.fingerprint != NULL; } #else