Chapril/xmpp.chapril.org-ejabberd
25
1
Fork 0
mirror of https://github.com/processone/ejabberd.git synced 2024-11-24 16:23:40 +01:00
Code Releases Activity

* src/tls/tls_drv.c: Added a flag to avoid certificate validation

Browse Source 
* src/tls/tls.erl: Likewise
* src/ejabberd_c2s.erl: Likewise

SVN Revision: 1774
This commit is contained in:
Alexey Shchepin 2009-01-05 17:21:10 +00:00
parent 91a7110941
commit b1252f837f
4 changed files with 27 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -1,3 +1,9 @@
2009-01-05 Alexey Shchepin <alexey@process-one.net>
* src/tls/tls_drv.c: Added a flag to avoid certificate validation
* src/tls/tls.erl: Likewise
* src/ejabberd_c2s.erl: Likewise
2009-01-03 Badlop <badlop@process-one.net> 2009-01-03 Badlop <badlop@process-one.net>
* src/*.erl: Fix EDoc comments * src/*.erl: Fix EDoc comments

4
src/ejabberd_c2s.erl
View File

@ -176,9 +176,11 @@ init([{SockMod, Socket}, Opts]) ->
StartTLSRequired = lists:member(starttls_required, Opts), StartTLSRequired = lists:member(starttls_required, Opts),
TLSEnabled = lists:member(tls, Opts), TLSEnabled = lists:member(tls, Opts),
TLS = StartTLS orelse StartTLSRequired orelse TLSEnabled, TLS = StartTLS orelse StartTLSRequired orelse TLSEnabled,
TLSOpts = lists:filter(fun({certfile, _}) -> true; TLSOpts1 =
lists:filter(fun({certfile, _}) -> true;
(_) -> false (_) -> false
end, Opts), end, Opts),
TLSOpts = [verify_none | TLSOpts1],
Zlib = lists:member(zlib, Opts) andalso (not StartTLSRequired), Zlib = lists:member(zlib, Opts) andalso (not StartTLSRequired),
IP = peerip(SockMod, Socket), IP = peerip(SockMod, Socket),
%% Check if IP is blacklisted: %% Check if IP is blacklisted:

10
src/tls/tls.erl
View File

@ -59,6 +59,7 @@
-define(GET_DECRYPTED_INPUT, 6). -define(GET_DECRYPTED_INPUT, 6).
-define(GET_PEER_CERTIFICATE, 7). -define(GET_PEER_CERTIFICATE, 7).
-define(GET_VERIFY_RESULT, 8). -define(GET_VERIFY_RESULT, 8).
-define(VERIFY_NONE, 16#10000).
-record(tlssock, {tcpsock, tlsport}). -record(tlssock, {tcpsock, tlsport}).
@ -120,13 +121,20 @@ tcp_to_tls(TCPSocket, Options) ->
{error, already_loaded} -> ok {error, already_loaded} -> ok
end, end,
Port = open_port({spawn, tls_drv}, [binary]), Port = open_port({spawn, tls_drv}, [binary]),
Flags =
case lists:member(verify_none, Options) of
true ->
?VERIFY_NONE;
false ->
0
end,
Command = case lists:member(connect, Options) of Command = case lists:member(connect, Options) of
true -> true ->
?SET_CERTIFICATE_FILE_CONNECT; ?SET_CERTIFICATE_FILE_CONNECT;
false -> false ->
?SET_CERTIFICATE_FILE_ACCEPT ?SET_CERTIFICATE_FILE_ACCEPT
end, end,
case port_control(Port, Command, CertFile ++ [0]) of case port_control(Port, Command bor Flags, CertFile ++ [0]) of
<<0>> -> <<0>> ->
{ok, #tlssock{tcpsock = TCPSocket, tlsport = Port}}; {ok, #tlssock{tcpsock = TCPSocket, tlsport = Port}};
<<1, Error/binary>> -> <<1, Error/binary>> ->

7
src/tls/tls_drv.c
View File

@ -272,6 +272,7 @@ static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
#define GET_DECRYPTED_INPUT 6 #define GET_DECRYPTED_INPUT 6
#define GET_PEER_CERTIFICATE 7 #define GET_PEER_CERTIFICATE 7
#define GET_VERIFY_RESULT 8 #define GET_VERIFY_RESULT 8
#define VERIFY_NONE 0x10000
#define die_unless(cond, errstr) \ #define die_unless(cond, errstr) \
@ -312,6 +313,9 @@ static int tls_drv_control(ErlDrvData handle,
int size; int size;
ErlDrvBinary *b; ErlDrvBinary *b;
X509 *cert; X509 *cert;
unsigned int flags = command;
command &= 0xffff;
ERR_clear_error(); ERR_clear_error();
switch (command) switch (command)
@ -354,6 +358,9 @@ static int tls_drv_control(ErlDrvData handle,
d->ssl = SSL_new(ssl_ctx); d->ssl = SSL_new(ssl_ctx);
die_unless(d->ssl, "SSL_new failed"); die_unless(d->ssl, "SSL_new failed");
if (flags & VERIFY_NONE)
SSL_set_verify(d->ssl, SSL_VERIFY_NONE, verify_callback);
d->bio_read = BIO_new(BIO_s_mem()); d->bio_read = BIO_new(BIO_s_mem());
d->bio_write = BIO_new(BIO_s_mem()); d->bio_write = BIO_new(BIO_s_mem());