irc: add server option ssl_password for SSL certificate private key password (closes #115)
Simmo Saan
Sébastien Helleu
parent
5398f5d566
commit
116150c2fc
|
|
@ -4756,6 +4756,14 @@ irc_command_display_server (struct t_irc_server *server, int with_detail)
|
|||
weechat_printf (NULL, " ssl_cert . . . . . . : %s'%s'",
|
||||
IRC_COLOR_CHAT_VALUE,
|
||||
weechat_config_string (server->options[IRC_SERVER_OPTION_SSL_CERT]));
|
||||
/* ssl_password */
|
||||
if (weechat_config_option_is_null (server->options[IRC_SERVER_OPTION_SSL_PASSWORD]))
|
||||
weechat_printf (NULL, " ssl_password . . . . : %s",
|
||||
_("(hidden)"));
|
||||
else
|
||||
weechat_printf (NULL, " ssl_password . . . . : %s%s",
|
||||
IRC_COLOR_CHAT_VALUE,
|
||||
_("(hidden)"));
|
||||
/* ssl_priorities */
|
||||
if (weechat_config_option_is_null (server->options[IRC_SERVER_OPTION_SSL_PRIORITIES]))
|
||||
weechat_printf (NULL, " ssl_priorities . . . : ('%s')",
|
||||
|
|
|
|||
|
|
@ -1700,6 +1700,25 @@ irc_config_server_new_option (struct t_config_file *config_file,
|
|||
callback_change_data,
|
||||
NULL, NULL, NULL);
|
||||
break;
|
||||
case IRC_SERVER_OPTION_SSL_PASSWORD:
|
||||
new_option = weechat_config_new_option (
|
||||
config_file, section,
|
||||
option_name, "string",
|
||||
N_("password for SSL certificate's private key "
|
||||
"(note: content is evaluated, see /help eval; server "
|
||||
"options are evaluated with ${irc_server.xxx} and "
|
||||
"${server} is replaced by the server name)"),
|
||||
NULL, 0, 0,
|
||||
default_value, value,
|
||||
null_value_allowed,
|
||||
callback_check_value,
|
||||
callback_check_value_pointer,
|
||||
callback_check_value_data,
|
||||
callback_change,
|
||||
callback_change_pointer,
|
||||
callback_change_data,
|
||||
NULL, NULL, NULL);
|
||||
break;
|
||||
case IRC_SERVER_OPTION_SSL_PRIORITIES:
|
||||
new_option = weechat_config_new_option (
|
||||
config_file, section,
|
||||
|
|
|
|||
|
|
@ -83,6 +83,7 @@ char *irc_server_options[IRC_SERVER_NUM_OPTIONS][2] =
|
|||
{ "ipv6", "on" },
|
||||
{ "ssl", "off" },
|
||||
{ "ssl_cert", "" },
|
||||
{ "ssl_password", "" },
|
||||
{ "ssl_priorities", "NORMAL:-VERS-SSL3.0" },
|
||||
{ "ssl_dhkey_size", "2048" },
|
||||
{ "ssl_fingerprint", "" },
|
||||
|
|
@ -4431,7 +4432,7 @@ irc_server_gnutls_callback (const void *pointer, void *data,
|
|||
unsigned int i, cert_list_len, status;
|
||||
time_t cert_time;
|
||||
char *cert_path0, *cert_path1, *cert_path2, *cert_str, *fingerprint_eval;
|
||||
char *weechat_dir;
|
||||
char *weechat_dir, *ssl_password;
|
||||
const char *ptr_fingerprint;
|
||||
int rc, ret, fingerprint_match, hostname_match, cert_temp_init;
|
||||
#if LIBGNUTLS_VERSION_NUMBER >= 0x010706 /* 1.7.6 */
|
||||
|
|
@ -4701,18 +4702,26 @@ irc_server_gnutls_callback (const void *pointer, void *data,
|
|||
gnutls_x509_crt_import (server->tls_cert, &filedatum,
|
||||
GNUTLS_X509_FMT_PEM);
|
||||
|
||||
/* key password */
|
||||
ssl_password = irc_server_eval_expression (
|
||||
server,
|
||||
IRC_SERVER_OPTION_STRING(server,
|
||||
IRC_SERVER_OPTION_SSL_PASSWORD));
|
||||
|
||||
/* key */
|
||||
gnutls_x509_privkey_init (&server->tls_cert_key);
|
||||
ret = gnutls_x509_privkey_import (server->tls_cert_key,
|
||||
&filedatum,
|
||||
GNUTLS_X509_FMT_PEM);
|
||||
ret = gnutls_x509_privkey_import2 (server->tls_cert_key,
|
||||
&filedatum,
|
||||
GNUTLS_X509_FMT_PEM,
|
||||
ssl_password,
|
||||
0);
|
||||
if (ret < 0)
|
||||
{
|
||||
ret = gnutls_x509_privkey_import_pkcs8 (
|
||||
server->tls_cert_key,
|
||||
&filedatum,
|
||||
GNUTLS_X509_FMT_PEM,
|
||||
NULL,
|
||||
ssl_password,
|
||||
GNUTLS_PKCS_PLAIN);
|
||||
}
|
||||
if (ret < 0)
|
||||
|
|
@ -4764,6 +4773,9 @@ irc_server_gnutls_callback (const void *pointer, void *data,
|
|||
memcpy (answer, &tls_struct, sizeof (tls_struct));
|
||||
free (cert_str);
|
||||
}
|
||||
|
||||
if (ssl_password)
|
||||
free (ssl_password);
|
||||
}
|
||||
else
|
||||
{
|
||||
|
|
@ -5822,6 +5834,9 @@ irc_server_add_to_infolist (struct t_infolist *infolist,
|
|||
if (!weechat_infolist_new_var_string (ptr_item, "ssl_cert",
|
||||
IRC_SERVER_OPTION_STRING(server, IRC_SERVER_OPTION_SSL_CERT)))
|
||||
return 0;
|
||||
if (!weechat_infolist_new_var_string (ptr_item, "ssl_password",
|
||||
IRC_SERVER_OPTION_STRING(server, IRC_SERVER_OPTION_SSL_PASSWORD)))
|
||||
return 0;
|
||||
if (!weechat_infolist_new_var_string (ptr_item, "ssl_priorities",
|
||||
IRC_SERVER_OPTION_STRING(server, IRC_SERVER_OPTION_SSL_PRIORITIES)))
|
||||
return 0;
|
||||
|
|
@ -6072,6 +6087,11 @@ irc_server_print_log ()
|
|||
else
|
||||
weechat_log_printf (" ssl_cert . . . . . . : '%s'",
|
||||
weechat_config_string (ptr_server->options[IRC_SERVER_OPTION_SSL_CERT]));
|
||||
/* ssl_password */
|
||||
if (weechat_config_option_is_null (ptr_server->options[IRC_SERVER_OPTION_SSL_PASSWORD]))
|
||||
weechat_log_printf (" ssl_password . . . . : null");
|
||||
else
|
||||
weechat_log_printf (" ssl_password . . . . : (hidden)");
|
||||
/* ssl_priorities */
|
||||
if (weechat_config_option_is_null (ptr_server->options[IRC_SERVER_OPTION_SSL_PRIORITIES]))
|
||||
weechat_log_printf (" ssl_priorities . . . : null ('%s')",
|
||||
|
|
|
|||
|
|
@ -56,6 +56,7 @@ enum t_irc_server_option
|
|||
IRC_SERVER_OPTION_IPV6, /* use IPv6 protocol */
|
||||
IRC_SERVER_OPTION_SSL, /* SSL protocol */
|
||||
IRC_SERVER_OPTION_SSL_CERT, /* client ssl certificate file */
|
||||
IRC_SERVER_OPTION_SSL_PASSWORD, /* client ssl certificate key password */
|
||||
IRC_SERVER_OPTION_SSL_PRIORITIES, /* gnutls priorities */
|
||||
IRC_SERVER_OPTION_SSL_DHKEY_SIZE, /* Diffie Hellman key size */
|
||||
IRC_SERVER_OPTION_SSL_FINGERPRINT, /* SHA1 fingerprint of certificate */
|
||||
|
|
|
|||
Loading…
Reference in New Issue