From 07e14084eb8988320eb74723d4f22e238ee5024b Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 13 Dec 2010 22:58:09 -0600 Subject: [PATCH] libratbox: Use the server SSL certificate on outgoing connections. --- libratbox/src/gnutls.c | 2 ++ libratbox/src/openssl.c | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/libratbox/src/gnutls.c b/libratbox/src/gnutls.c index 7d1a879dc..a2cb65229 100644 --- a/libratbox/src/gnutls.c +++ b/libratbox/src/gnutls.c @@ -417,6 +417,7 @@ rb_ssl_tryconn(rb_fde_t *F, int status, void *data) F->ssl = rb_malloc(sizeof(gnutls_session_t)); gnutls_init(F->ssl, GNUTLS_CLIENT); gnutls_set_default_priority(SSL_P(F)); + gnutls_credentials_set(SSL_P(F), GNUTLS_CRD_CERTIFICATE, x509); gnutls_dh_set_prime_bits(SSL_P(F), 1024); gnutls_transport_set_ptr(SSL_P(F), (gnutls_transport_ptr_t) (long int)F->fd); @@ -461,6 +462,7 @@ rb_ssl_start_connected(rb_fde_t *F, CNCB * callback, void *data, int timeout) gnutls_init(F->ssl, GNUTLS_CLIENT); gnutls_set_default_priority(SSL_P(F)); + gnutls_credentials_set(SSL_P(F), GNUTLS_CRD_CERTIFICATE, x509); gnutls_dh_set_prime_bits(SSL_P(F), 1024); gnutls_transport_set_ptr(SSL_P(F), (gnutls_transport_ptr_t) (long int)F->fd); diff --git a/libratbox/src/openssl.c b/libratbox/src/openssl.c index 86df0b5d5..eee3f8dc4 100644 --- a/libratbox/src/openssl.c +++ b/libratbox/src/openssl.c @@ -337,7 +337,7 @@ rb_setup_ssl_server(const char *cert, const char *keyfile, const char *dhfile) rb_lib_log("rb_setup_ssl_server: No certificate file"); return 0; } - if(!SSL_CTX_use_certificate_chain_file(ssl_server_ctx, cert)) + if(!SSL_CTX_use_certificate_chain_file(ssl_server_ctx, cert) || !SSL_CTX_use_certificate_chain_file(ssl_client_ctx, cert)) { err = ERR_get_error(); rb_lib_log("rb_setup_ssl_server: Error loading certificate file [%s]: %s", cert, @@ -352,7 +352,7 @@ rb_setup_ssl_server(const char *cert, const char *keyfile, const char *dhfile) } - if(!SSL_CTX_use_PrivateKey_file(ssl_server_ctx, keyfile, SSL_FILETYPE_PEM)) + if(!SSL_CTX_use_PrivateKey_file(ssl_server_ctx, keyfile, SSL_FILETYPE_PEM) || !SSL_CTX_use_PrivateKey_file(ssl_client_ctx, keyfile, SSL_FILETYPE_PEM)) { err = ERR_get_error(); rb_lib_log("rb_setup_ssl_server: Error loading keyfile [%s]: %s", keyfile,