1 /* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
2 /*
3 * Copyright (C) 2003-2006 Imendio AB
4 *
5 * This program is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Lesser General Public License as
7 * published by the Free Software Foundation; either version 2 of the
8 * License, or (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
14 *
15 * You should have received a copy of the GNU Lesser General Public
16 * License along with this program; if not, see <https://www.gnu.org/licenses>
17 */
18
19 #include "lm-debug.h"
20 #include "lm-ssl-base.h"
21 #include "lm-ssl-internals.h"
22
23 void
_lm_ssl_base_init(LmSSLBase * base,const gchar * expected_fingerprint,LmSSLFunction ssl_function,gpointer user_data,GDestroyNotify notify)24 _lm_ssl_base_init (LmSSLBase *base,
25 const gchar *expected_fingerprint,
26 LmSSLFunction ssl_function,
27 gpointer user_data,
28 GDestroyNotify notify)
29 {
30 base->ref_count = 1;
31 base->func = ssl_function;
32 base->func_data = user_data;
33 base->data_notify = notify;
34 base->fingerprint[0] = '\0';
35 base->cipher_list = NULL;
36
37 if (expected_fingerprint) {
38 if (!g_str_has_prefix(expected_fingerprint, LM_FINGERPRINT_PREFIX)) {
39 /* let's set a bogus hash because the user tries to use a hash
40 we don't support now */
41 expected_fingerprint = "wrong_hash_format";
42 g_log (LM_LOG_DOMAIN, LM_LOG_LEVEL_SSL, "Wrong hash format, use "
43 LM_FINGERPRINT_PREFIX"$hash");
44 }
45 base->expected_fingerprint = g_strndup(expected_fingerprint,
46 LM_FINGERPRINT_LENGTH);
47 } else {
48 base->expected_fingerprint = NULL;
49 }
50
51 if (!base->func) {
52 /* If user didn't provide an SSL func the default will be used
53 * this function will always tell the connection to continue.
54 */
55 base->func = _lm_ssl_func_always_continue;
56 }
57 }
58
59 void
_lm_ssl_base_set_cipher_list(LmSSLBase * base,const gchar * cipher_list)60 _lm_ssl_base_set_cipher_list (LmSSLBase *base,
61 const gchar *cipher_list)
62 {
63 if (base->cipher_list)
64 g_free (base->cipher_list);
65 base->cipher_list = g_strdup (cipher_list);
66 }
67
68 void
_lm_ssl_base_set_ca_path(LmSSLBase * base,const gchar * ca_path)69 _lm_ssl_base_set_ca_path (LmSSLBase *base,
70 const gchar *ca_path)
71 {
72 if (base->ca_path)
73 g_free (base->ca_path);
74 base->ca_path = g_strdup (ca_path);
75 }
76
77 void
_lm_ssl_base_set_fingerprint(LmSSLBase * base,const guchar * digest,unsigned int digest_len)78 _lm_ssl_base_set_fingerprint (LmSSLBase *base,
79 const guchar *digest,
80 unsigned int digest_len)
81 {
82 gchar hex[LM_FINGERPRINT_LENGTH];
83 gchar *p;
84 int i;
85
86 g_assert(LM_FINGERPRINT_PREFIX != NULL);
87 g_assert(digest != NULL);
88 g_assert(digest_len > 0);
89 g_assert(LM_FINGERPRINT_LENGTH >=
90 (sizeof(LM_FINGERPRINT_PREFIX) + digest_len*2));
91
92 for (p = hex, i = 0; i < digest_len ; i++, p+=2) {
93 g_snprintf(p, 3, "%02x", digest[i]);
94 }
95 g_snprintf(base->fingerprint, LM_FINGERPRINT_LENGTH,
96 "%s%s",
97 LM_FINGERPRINT_PREFIX,
98 hex);
99 }
100
_lm_ssl_base_check_fingerprint(LmSSLBase * base)101 int _lm_ssl_base_check_fingerprint( LmSSLBase *base)
102 {
103 if (base->expected_fingerprint == NULL) {
104 return 0;
105 }
106 return g_ascii_strcasecmp(base->expected_fingerprint, base->fingerprint);
107 }
108
109 void
_lm_ssl_base_free_fields(LmSSLBase * base)110 _lm_ssl_base_free_fields (LmSSLBase *base)
111 {
112 g_free (base->expected_fingerprint);
113 g_free (base->cipher_list);
114 g_free (base->ca_path);
115 }
116
117