ConnSSL_InitLibrary(): Code cleanup

[ngircd-alex.git] / src / ngircd / conn-ssl.c

diff --git a/src/ngircd/conn-ssl.c b/src/ngircd/conn-ssl.c
index 4156fb192a0b990c644f014c30848ab5d433db75..595cb615e6e78ed192f154a016c5ea5d3778e2d2 100644 (file)
--- a/src/ngircd/conn-ssl.c
+++ b/src/ngircd/conn-ssl.c
@@ -61,7 +61,7 @@ static gnutls_dh_params_t dh_params;
 static bool ConnSSL_LoadServerKey_gnutls PARAMS(( void ));
 #endif
 
-#define CERTFP_LEN     (20 * 2 + 1)
+#define SHA1_STRING_LEN        (20 * 2 + 1)
 
 static bool ConnSSL_Init_SSL PARAMS(( CONNECTION *c ));
 static int ConnectAccept PARAMS(( CONNECTION *c, bool connect ));
@@ -285,8 +285,10 @@ ConnSSL_InitLibrary( void )
        if (!RAND_status()) {
                Log(LOG_ERR, "OpenSSL PRNG not seeded: /dev/urandom missing?");
                /*
-                * it is probably best to fail and let the user install EGD or a similar program if no kernel random device is available.
-                * According to OpenSSL RAND_egd(3): "The automatic query of /var/run/egd-pool et al was added in OpenSSL 0.9.7";
+                * it is probably best to fail and let the user install EGD or
+                * a similar program if no kernel random device is available.
+                * According to OpenSSL RAND_egd(3): "The automatic query of
+                * /var/run/egd-pool et al was added in OpenSSL 0.9.7";
                 * so it makes little sense to deal with PRNGD seeding ourselves.
                 */
                array_free(&Conf_SSLOptions.ListenPorts);
@@ -305,7 +307,8 @@ ConnSSL_InitLibrary( void )
 
        SSL_CTX_set_options(newctx, SSL_OP_SINGLE_DH_USE|SSL_OP_NO_SSLv2);
        SSL_CTX_set_mode(newctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
-       SSL_CTX_set_verify(newctx, SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE, Verify_openssl);
+       SSL_CTX_set_verify(newctx, SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,
+                          Verify_openssl);
        SSL_CTX_free(ssl_ctx);
        ssl_ctx = newctx;
        Log(LOG_INFO, "%s initialized.", SSLeay_version(SSLEAY_VERSION));
@@ -318,12 +321,17 @@ out:
 #ifdef HAVE_LIBGNUTLS
        int err;
        static bool initialized;
-       if (initialized) /* TODO: cannot reload gnutls keys: can't simply free x509 context -- it may still be in use */
+
+       if (initialized) {
+               /* TODO: cannot reload gnutls keys: can't simply free x509
+                * context -- it may still be in use */
                return false;
+       }
 
        err = gnutls_global_init();
        if (err) {
-               Log(LOG_ERR, "Failed to initialize GnuTLS: %s", gnutls_strerror(err));
+               Log(LOG_ERR, "Failed to initialize GnuTLS: %s",
+                   gnutls_strerror(err));
                array_free(&Conf_SSLOptions.ListenPorts);
                return false;
        }
@@ -723,7 +731,7 @@ ConnSSL_InitCertFp( CONNECTION *c )
 
        assert(c->ssl_state.fingerprint == NULL);
 
-       c->ssl_state.fingerprint = malloc(CERTFP_LEN);
+       c->ssl_state.fingerprint = malloc(SHA1_STRING_LEN);
        if (!c->ssl_state.fingerprint)
                return 0;
 
@@ -858,7 +866,7 @@ bool
 ConnSSL_SetCertFp(CONNECTION *c, const char *fingerprint)
 {
        assert (c != NULL);
-       c->ssl_state.fingerprint = strdup(fingerprint);
+       c->ssl_state.fingerprint = strndup(fingerprint, SHA1_STRING_LEN - 1);
        return c->ssl_state.fingerprint != NULL;
 }
 #else