X-Git-Url: https://jfr.im/git/solanum.git/blobdiff_plain/909346edb743113184be4ea48930a1ab635df43a..f831e92603a86c1997e980927bbad5fe444cdeb8:/ssld/ssld.c diff --git a/ssld/ssld.c b/ssld/ssld.c index 226ee8fa..93491004 100644 --- a/ssld/ssld.c +++ b/ssld/ssld.c @@ -152,7 +152,7 @@ static void conn_plain_read_shutdown_cb(rb_fde_t *fd, void *data); static void mod_cmd_write_queue(mod_ctl_t * ctl, const void *data, size_t len); static const char *remote_closed = "Remote host closed the connection"; static bool ssld_ssl_ok; -static int certfp_method = RB_SSL_CERTFP_METH_SHA1; +static int certfp_method = RB_SSL_CERTFP_METH_CERT_SHA1; #ifdef HAVE_LIBZ static bool zlib_ok = true; #else @@ -686,17 +686,28 @@ ssl_send_cipher(conn_t *conn) static void ssl_send_certfp(conn_t *conn) { - uint8_t buf[9 + RB_SSL_CERTFP_LEN]; + uint8_t buf[13 + RB_SSL_CERTFP_LEN]; - int len = rb_get_ssl_certfp(conn->mod_fd, &buf[9], certfp_method); + int len = rb_get_ssl_certfp(conn->mod_fd, &buf[13], certfp_method); if (!len) return; lrb_assert(len <= RB_SSL_CERTFP_LEN); buf[0] = 'F'; uint32_to_buf(&buf[1], conn->id); - uint32_to_buf(&buf[5], len); - mod_cmd_write_queue(conn->ctl, buf, 9 + len); + uint32_to_buf(&buf[5], certfp_method); + uint32_to_buf(&buf[9], len); + mod_cmd_write_queue(conn->ctl, buf, 13 + len); +} + +static void +ssl_send_open(conn_t *conn) +{ + uint8_t buf[5]; + + buf[0] = 'O'; + uint32_to_buf(&buf[1], conn->id); + mod_cmd_write_queue(conn->ctl, buf, 5); } static void @@ -706,10 +717,11 @@ ssl_process_accept_cb(rb_fde_t *F, int status, struct sockaddr *addr, rb_socklen if(status == RB_OK) { - conn_mod_read_cb(conn->mod_fd, conn); - conn_plain_read_cb(conn->plain_fd, conn); ssl_send_cipher(conn); ssl_send_certfp(conn); + ssl_send_open(conn); + conn_mod_read_cb(conn->mod_fd, conn); + conn_plain_read_cb(conn->plain_fd, conn); return; } /* ircd doesn't care about the reason for this */ @@ -724,10 +736,11 @@ ssl_process_connect_cb(rb_fde_t *F, int status, void *data) if(status == RB_OK) { - conn_mod_read_cb(conn->mod_fd, conn); - conn_plain_read_cb(conn->plain_fd, conn); ssl_send_cipher(conn); ssl_send_certfp(conn); + ssl_send_open(conn); + conn_mod_read_cb(conn->mod_fd, conn); + conn_plain_read_cb(conn->plain_fd, conn); } else if(status == RB_ERR_TIMEOUT) close_conn(conn, WAIT_PLAIN, "SSL handshake timed out"); @@ -883,18 +896,6 @@ zlib_process(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb) } #endif -static void -init_prng(mod_ctl_t * ctl, mod_ctl_buf_t * ctl_buf) -{ - char *path; - prng_seed_t seed_type; - - seed_type = (prng_seed_t) ctl_buf->buf[1]; - path = (char *) &ctl_buf->buf[2]; - rb_init_prng(path, seed_type); -} - - static void ssl_new_keys(mod_ctl_t * ctl, mod_ctl_buf_t * ctl_buf) { @@ -907,10 +908,10 @@ ssl_new_keys(mod_ctl_t * ctl, mod_ctl_buf_t * ctl_buf) key = buf; buf += strlen(key) + 1; dhparam = buf; - if(strlen(dhparam) == 0) - dhparam = NULL; buf += strlen(dhparam) + 1; cipher_list = buf; + if(strlen(dhparam) == 0) + dhparam = NULL; if(strlen(cipher_list) == 0) cipher_list = NULL; @@ -1000,7 +1001,7 @@ mod_process_cmd_recv(mod_ctl_t * ctl) } case 'C': { - if (ctl_buf->nfds != 2 || ctl_buf->buflen != 5) + if (ctl_buf->buflen != 5) { cleanup_bad_message(ctl, ctl_buf); break; @@ -1016,7 +1017,7 @@ mod_process_cmd_recv(mod_ctl_t * ctl) } case 'F': { - if (ctl_buf->nfds != 2 || ctl_buf->buflen != 5) + if (ctl_buf->buflen != 5) { cleanup_bad_message(ctl, ctl_buf); break; @@ -1034,9 +1035,6 @@ mod_process_cmd_recv(mod_ctl_t * ctl) ssl_new_keys(ctl, ctl_buf); break; } - case 'I': - init_prng(ctl, ctl_buf); - break; case 'S': { process_stats(ctl, ctl_buf); @@ -1207,6 +1205,7 @@ main(int argc, char **argv) setup_signals(); rb_lib_init(NULL, NULL, NULL, 0, maxfd, 1024, 4096); rb_init_rawbuffers(1024); + rb_init_prng(NULL, RB_PRNG_DEFAULT); ssld_ssl_ok = rb_supports_ssl(); mod_ctl = rb_malloc(sizeof(mod_ctl_t)); mod_ctl->F = rb_open(ctlfd, RB_FD_SOCKET, "ircd control socket");