From: Martin Johansson Date: Tue, 4 Aug 2015 08:41:36 +0000 (+0200) Subject: Merge branch 'master' of github.com:fatbob313/umurmur X-Git-Url: http://git.code-monkey.de/?p=umurmur.git;a=commitdiff_plain;h=ae418f7371164782194a73d2daa6873cd62f8440;hp=7363653d0b389d7c4b2e429418afc290efa35af7 Merge branch 'master' of github.com:fatbob313/umurmur --- diff --git a/CMakeLists.txt b/CMakeLists.txt index 1c2130f..2b666e3 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -8,6 +8,10 @@ set(CMAKE_INSTALL_RPATH_USE_LINK_PATH true) set(UMURMUR_ROOT_PATH "${CMAKE_CURRENT_LIST_DIR}") set(UMURMUR_BINARY_DIR ${CMAKE_BINARY_DIR}) +if(NOT CMAKE_BUILD_TYPE) + set(CMAKE_BUILD_TYPE Release CACHE STRING "The type of build product that should be produced.") +endif(NOT CMAKE_BUILD_TYPE) + option(USE_POLARSSL_TESTCERT "Link to the PolarSSL test certificate and key." OFF) option(USE_POLARSSL_HAVEGE "Use the PolarSSL HAVEGE random generator key." OFF) @@ -34,6 +38,11 @@ if("${SSL}" STREQUAL "openssl") set(SSLIMP_LIBRARIES ${OPENSSL_LIBRARIES}) set(SSLIMP_INCLUDE_DIR ${OPENSSL_INCLUDE_DIR}) set(SSLIMP_LIBRARY_DIR ${OPENSSL_LIB_DIR}) + + if(${CMAKE_SYSTEM_NAME} MATCHES "Darwin") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-deprecated-declarations") + endif(${CMAKE_SYSTEM_NAME} MATCHES "Darwin") + endif(OPENSSL_FOUND) elseif("${SSL}" STREQUAL "polarssl") find_package(PolarSSL REQUIRED) diff --git a/ChangeLog b/ChangeLog index 84dd2cc..eddfee3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +0.2.16a: +[FIX] Crash in SHM API during update (doctaweeks) +[FIX] Failure to detect missing IPv6 support in FreeBSD jails (marcusball) +[FIX] Compile-time check for availability of version_get_string (fatbob313) + 0.2.16: [FIX] Reworked timestamping code (fatbob313) [FIX] Banning works again when using IPv6 (fatbob313 and fmorgner) diff --git a/README.md b/README.md index 828b061..e037d59 100644 --- a/README.md +++ b/README.md @@ -1,34 +1,10 @@ -uMurmur - minimalistic Mumble server -==================================== -Project page on [GoogleCode](http://code.google.com/p/umurmur/) +#About uMurmur uMurmur is a minimalistic Mumble server primarily targeted to run on embedded computers, like routers, with an open OS like e.g. OpenWRT. The server part of Mumble is called Murmur, hence the name uMurmur. It is available as a precompiled package for quite a lot distributions. Check your distribution's package repository. Instructions for building from source ------------------------------------- -1. Requirements - * [OpenSSL](http://www.openssl.org/) or [PolarSSL](http://polarssl.org/) library. For PolarSSL version 1.0.0 and above is required. - * [libconfig](http://www.hyperrealm.com/libconfig/) - * [libprotoc-c](http://code.google.com/p/protobuf-c/) version 1.0.0 (use --disable-protoc option in its ./configure to build only the library). If you for some reason have to run an earlier version you need to recompile the protocol file `Mumble.proto` using the protobuf compiler for the corresponding version. - * [CMake](http://cmake.org) (optional) - -2. Build - CMake - * Create a build folder and cd into it - * `cmake ../` to use default settings (polarssl, no test-cert and /dev/urandom as source for randomness). - * `make` - -2. Build - Autotools - * Run `./autogen.sh` - * Run `./configure` for default settings - * `make` - -3. Install - * `make install` - * Edit the umurmur.conf found in the 'etc' folder in the prefix (eg. /usr/local) you installed to. - -4. Run `umurmurd -c -p -r`. For other switches and their meaning run `umurmurd -h` - -A startup script can easily be created if you want to. Just copy an existing script and edit it to your liking. +[Build instructions](https://github.com/umurmur/umurmur/wiki/Building) can be found in the [wiki](https://github.com/umurmur/umurmur/wiki). Contributors ------------ @@ -48,6 +24,6 @@ Hope I didn't forget anyone... Please just send me a mail if you feel this is th Support/Contact/Documentation ----------------------------- -See the project page, link above. +Please consult the [wiki](https://github.com/umurmur/umurmur/wiki) and use the [issue tracker](https://github.com/umurmur/umurmur/issues) to report problems with uMurmur or to submit feature requests. Have fun! diff --git a/configure.ac b/configure.ac index 72e6083..245bccd 100644 --- a/configure.ac +++ b/configure.ac @@ -32,9 +32,10 @@ AC_PREREQ([2.63]) AC_INIT([umurmur], [0.2.16], [https://github.com/umurmur/umurmur/issues/new], [umurmur], [http://github.com/umurmur/umurmur]) AC_CONFIG_SRCDIR([src/client.h]) -AC_CONFIG_HEADERS([src/config.h]) +AC_CONFIG_HEADERS([src/config.h:config.h.in]) AM_INIT_AUTOMAKE AC_CANONICAL_HOST +AM_SILENT_RULES([yes]) # Configure options. AC_ARG_WITH([ssl], [AC_HELP_STRING([--with-ssl=@<:@LIB@:>@], [SSL library (openssl|polarssl|gnutls) @<:@default=polarssl@:>@])], [], [with_ssl=polarssl]) @@ -53,6 +54,7 @@ AC_CHECK_LIB([config], [config_init], [], [AC_MSG_ERROR([could not find libconfi case $host_os in darwin* ) AC_CHECK_FUNC([clock_get_time], [], [AC_MSG_ERROR([could not find clock_get_time()])]) + CFLAGS+=" -Wno-deprecated-declarations" ;; * ) AC_CHECK_FUNC([clock_gettime], [], [AC_CHECK_LIB([rt], [clock_gettime], [], [AC_MSG_ERROR([could not find clock_gettime() in librt])])]) @@ -111,8 +113,6 @@ AS_IF([test "x$enable_shmapi" != xno], AM_CONDITIONAL(USE_SHAREDMEMORY_API, false) ]) - - AC_DEFINE([DEFAULT_CONFIG], ["/etc/umurmur.conf"], [Default config]) # Checks for header files. diff --git a/src/channel.c b/src/channel.c index 3a5fac0..fdf4e82 100644 --- a/src/channel.c +++ b/src/channel.c @@ -221,8 +221,10 @@ void Chan_init() chlink.destination); else ch_dst = ch_itr; - + chl = malloc(sizeof(channellist_t)); + if(!chl) + Log_fatal("Out of memory"); chl->chan = ch_dst; init_list_entry(&chl->node); list_add_tail(&chl->node, &ch_src->channel_links); @@ -381,6 +383,8 @@ void Chan_buildTreeList(channel_t *ch, struct dlist *head) channel_t *sub; chl = malloc(sizeof(channellist_t)); + if(!chl) + Log_fatal("Out of memory"); chl->chan = ch; init_list_entry(&chl->node); list_add_tail(&chl->node, head); diff --git a/src/log.h b/src/log.h index 8be37b0..eb7f5c8 100644 --- a/src/log.h +++ b/src/log.h @@ -53,7 +53,7 @@ void Log_debug(const char *logstring, ...); void Log_warn(const char *logstring, ...); void Log_info(const char *logstring, ...); void Log_info_client(client_t *client, const char *logstring, ...); -void Log_fatal(const char *logstring, ...); +void Log_fatal(const char *logstring, ...) __attribute__((__noreturn__)); void Log_init(bool_t terminal); void Log_reset(); diff --git a/src/messagehandler.c b/src/messagehandler.c index 6adcf77..e93afb9 100644 --- a/src/messagehandler.c +++ b/src/messagehandler.c @@ -285,6 +285,9 @@ void Mh_handle_message(client_t *client, message_t *msg) sendmsg->payload.channelState->n_links = ch_itr->linkcount; links = (uint32_t *)malloc(ch_itr->linkcount * sizeof(uint32_t)); + if(!links) + Log_fatal("Out of memory"); + list_iterate(itr, &ch_itr->channel_links) { /* Iterate links */ channellist_t *chl; channel_t *ch; diff --git a/src/server.c b/src/server.c index e83a68a..8aa356c 100644 --- a/src/server.c +++ b/src/server.c @@ -67,11 +67,11 @@ void checkIPversions() int testsocket = -1; testsocket = socket(PF_INET, SOCK_STREAM, 0); - hasv4 = (errno == EAFNOSUPPORT) ? false : true; + hasv4 = (errno == EAFNOSUPPORT || errno == EPROTONOSUPPORT) ? false : true; if (!(testsocket < 0)) close(testsocket); testsocket = socket(PF_INET6, SOCK_STREAM, 0); - hasv6 = (errno == EAFNOSUPPORT) ? false : true; + hasv6 = (errno == EAFNOSUPPORT || errno == EPROTONOSUPPORT) ? false : true; if (!(testsocket < 0)) close(testsocket); if(!hasv4) @@ -85,7 +85,6 @@ void checkIPversions() Log_info("IPv6 is not supported by this system"); nofServerSocks -= 2; } - if(nofServerSocks == 0) { Log_fatal("Neither IPv4 nor IPv6 are supported by this system"); @@ -96,10 +95,17 @@ void checkIPversions() struct sockaddr_storage** Server_setupAddressesAndPorts() { struct sockaddr_storage** addresses = calloc(2, sizeof(void*)); + if(!addresses) + Log_fatal("Not enough memory to allocate addresses"); struct sockaddr_storage* v4address = calloc(1, sizeof(struct sockaddr_storage)); + if(!v4address) + Log_fatal("Not enough memory to allocate IPv4 address"); v4address->ss_family = AF_INET; + struct sockaddr_storage* v6address = calloc(1, sizeof(struct sockaddr_storage)); + if(!v6address) + Log_fatal("Not enough memory to allocate IPv6 address"); v6address->ss_family = AF_INET6; #if defined(__NetBSD__) || defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__APPLE__) diff --git a/src/sharedmemory.c b/src/sharedmemory.c index c08e4e8..67c9fa5 100644 --- a/src/sharedmemory.c +++ b/src/sharedmemory.c @@ -1,124 +1,124 @@ -#include "sharedmemory.h" - -int shm_fd; -shm_t *shmptr = NULL; -char shm_file_name[128]; - -void Sharedmemory_init( int bindport, int bindport6 ) -{ - - int server_max_clients = getIntConf(MAX_CLIENTS); - int shmtotal_size = sizeof( shm_t ) + (sizeof( shmclient_t ) * server_max_clients); - - if( !bindport ) - { - bindport = getIntConf(BINDPORT); - } - - sprintf( shm_file_name, "/umurmurd:%i", bindport ); - Log_info("SHM_API: shm_fd=\"%s\"", shm_file_name ); - - shm_fd = shm_open( shm_file_name, O_CREAT | O_RDWR, 0660 ); - if(shm_fd == -1) - { - Log_fatal( "SHM_API: Open failed:%s\n", strerror(errno)); - exit(EXIT_FAILURE); - } - - if( ftruncate( shm_fd, shmtotal_size ) == -1 ) - { - Sharedmemory_deinit(); - Log_fatal( "SHM_API: ftruncate : %s\n", strerror(errno)); - exit(EXIT_FAILURE); - } - - shmptr = mmap( 0, shmtotal_size, PROT_READ | PROT_WRITE, MAP_SHARED, shm_fd, 0 ); - if (shmptr == MAP_FAILED) - { - Log_fatal( "SHM_API: mmap failed : %s\n", strerror(errno)); - exit(EXIT_FAILURE); - } - - memset( shmptr, 0, shmtotal_size ); - - shmptr->umurmurd_pid = getpid(); - shmptr->server_max_clients = server_max_clients; - shmptr->shmtotal_size = shmtotal_size; - shmptr->shmclient_size = sizeof( shmclient_t ) * shmptr->server_max_clients; - -} - -void Sharedmemory_update(void) -{ - - uint64_t now; - unsigned int cc = 0; - client_t *client_itr = NULL; - - memset( &shmptr->client[0], 0, shmptr->shmclient_size ); - shmptr->clientcount = Client_count(); - - if( shmptr->clientcount ) - { - Timer_init( &now ); - while( Client_iterate(&client_itr) != NULL ) - { - if( client_itr->authenticated ) - { - channel_t *channel = client_itr->channel; - - char* clientAddressString = Util_clientAddressToString( client_itr ); - - strncpy( shmptr->client[cc].username, client_itr->username, 120 ); - strncpy( shmptr->client[cc].ipaddress, clientAddressString, INET6_ADDRSTRLEN - 1 ); - strncpy( shmptr->client[cc].channel, channel->name, 120 ); - - strncpy( shmptr->client[cc].os, client_itr->os, 120 ); - strncpy( shmptr->client[cc].release, client_itr->release, 120 ); - strncpy( shmptr->client[cc].os_version, client_itr->os_version, 120 ); - - shmptr->client[cc].tcp_port = Util_clientAddressToPortTCP( client_itr ); - shmptr->client[cc].udp_port = Util_clientAddressToPortUDP( client_itr ); - - shmptr->client[cc].online_secs = ( now - client_itr->connectTime ) / 1000000LL; - shmptr->client[cc].idle_secs = ( now - client_itr->idleTime ) / 1000000LL; - - shmptr->client[cc].bUDP = client_itr->bUDP; - shmptr->client[cc].deaf = client_itr->deaf; - shmptr->client[cc].mute = client_itr->mute; - shmptr->client[cc].bOpus = client_itr->bOpus; - shmptr->client[cc].self_deaf = client_itr->self_deaf; - shmptr->client[cc].self_mute = client_itr->self_mute; - shmptr->client[cc].recording = client_itr->recording; - shmptr->client[cc].authenticated = client_itr->authenticated; - - shmptr->client[cc].availableBandwidth = client_itr->availableBandwidth; - - shmptr->client[cc].UDPPingAvg = client_itr->UDPPingAvg; - shmptr->client[cc].UDPPingVar = client_itr->UDPPingVar; - shmptr->client[cc].TCPPingAvg = client_itr->TCPPingAvg; - shmptr->client[cc].TCPPingVar = client_itr->TCPPingVar; - - shmptr->client[cc].isAdmin = client_itr->isAdmin; - shmptr->client[cc].isSuppressed = client_itr->isSuppressed; - - shmptr->client[cc].UDPPackets = client_itr->UDPPackets; - shmptr->client[cc].TCPPackets = client_itr->TCPPackets; - - free(clientAddressString); - } - cc++; - } - } -} -void Sharedmemory_alivetick(void) -{ - shmptr->alive++; -} - -void Sharedmemory_deinit(void) -{ - close( shm_fd ); - shm_unlink( shm_file_name ); - shmptr->umurmurd_pid = 0; -} +#include "sharedmemory.h" + +int shm_fd; +shm_t *shmptr = NULL; +char shm_file_name[128]; + +void Sharedmemory_init( int bindport, int bindport6 ) +{ + + int server_max_clients = getIntConf(MAX_CLIENTS); + int shmtotal_size = sizeof( shm_t ) + (sizeof( shmclient_t ) * server_max_clients); + + if( !bindport ) + { + bindport = getIntConf(BINDPORT); + } + + sprintf( shm_file_name, "/umurmurd:%i", bindport ); + Log_info("SHM_API: shm_fd=\"%s\"", shm_file_name ); + + shm_fd = shm_open( shm_file_name, O_CREAT | O_RDWR, 0660 ); + if(shm_fd == -1) + { + Log_fatal( "SHM_API: Open failed:%s\n", strerror(errno)); + exit(EXIT_FAILURE); + } + + if( ftruncate( shm_fd, shmtotal_size ) == -1 ) + { + Sharedmemory_deinit(); + Log_fatal( "SHM_API: ftruncate : %s\n", strerror(errno)); + exit(EXIT_FAILURE); + } + + shmptr = mmap( 0, shmtotal_size, PROT_READ | PROT_WRITE, MAP_SHARED, shm_fd, 0 ); + if (shmptr == MAP_FAILED) + { + Log_fatal( "SHM_API: mmap failed : %s\n", strerror(errno)); + exit(EXIT_FAILURE); + } + + memset( shmptr, 0, shmtotal_size ); + + shmptr->umurmurd_pid = getpid(); + shmptr->server_max_clients = server_max_clients; + shmptr->shmtotal_size = shmtotal_size; + shmptr->shmclient_size = sizeof( shmclient_t ) * shmptr->server_max_clients; + +} + +void Sharedmemory_update(void) +{ + + uint64_t now; + unsigned int cc = 0; + client_t *client_itr = NULL; + + memset( &shmptr->client[0], 0, shmptr->shmclient_size ); + shmptr->clientcount = Client_count(); + + if( shmptr->clientcount ) + { + Timer_init( &now ); + while( Client_iterate(&client_itr) != NULL ) + { + if( client_itr->authenticated && !client_itr->shutdown_wait ) + { + channel_t *channel = client_itr->channel; + + char* clientAddressString = Util_clientAddressToString( client_itr ); + + strncpy( shmptr->client[cc].username, client_itr->username, 120 ); + strncpy( shmptr->client[cc].ipaddress, clientAddressString, INET6_ADDRSTRLEN - 1 ); + strncpy( shmptr->client[cc].channel, channel->name, 120 ); + + strncpy( shmptr->client[cc].os, client_itr->os, 120 ); + strncpy( shmptr->client[cc].release, client_itr->release, 120 ); + strncpy( shmptr->client[cc].os_version, client_itr->os_version, 120 ); + + shmptr->client[cc].tcp_port = Util_clientAddressToPortTCP( client_itr ); + shmptr->client[cc].udp_port = Util_clientAddressToPortUDP( client_itr ); + + shmptr->client[cc].online_secs = ( now - client_itr->connectTime ) / 1000000LL; + shmptr->client[cc].idle_secs = ( now - client_itr->idleTime ) / 1000000LL; + + shmptr->client[cc].bUDP = client_itr->bUDP; + shmptr->client[cc].deaf = client_itr->deaf; + shmptr->client[cc].mute = client_itr->mute; + shmptr->client[cc].bOpus = client_itr->bOpus; + shmptr->client[cc].self_deaf = client_itr->self_deaf; + shmptr->client[cc].self_mute = client_itr->self_mute; + shmptr->client[cc].recording = client_itr->recording; + shmptr->client[cc].authenticated = client_itr->authenticated; + + shmptr->client[cc].availableBandwidth = client_itr->availableBandwidth; + + shmptr->client[cc].UDPPingAvg = client_itr->UDPPingAvg; + shmptr->client[cc].UDPPingVar = client_itr->UDPPingVar; + shmptr->client[cc].TCPPingAvg = client_itr->TCPPingAvg; + shmptr->client[cc].TCPPingVar = client_itr->TCPPingVar; + + shmptr->client[cc].isAdmin = client_itr->isAdmin; + shmptr->client[cc].isSuppressed = client_itr->isSuppressed; + + shmptr->client[cc].UDPPackets = client_itr->UDPPackets; + shmptr->client[cc].TCPPackets = client_itr->TCPPackets; + + free(clientAddressString); + } + cc++; + } + } +} +void Sharedmemory_alivetick(void) +{ + shmptr->alive++; +} + +void Sharedmemory_deinit(void) +{ + close( shm_fd ); + shm_unlink( shm_file_name ); + shmptr->umurmurd_pid = 0; +} diff --git a/src/sharedmemory.h b/src/sharedmemory.h index b668c32..52618a7 100644 --- a/src/sharedmemory.h +++ b/src/sharedmemory.h @@ -1,23 +1,23 @@ -#ifndef SHAREDMEMORY_H_777736932196 -#define SHAREDMEMORY_H_777736932196 - -#include -#include - -#include /* For O_* constants */ -#include -#include - -#include -#include "util.h" -#include "conf.h" -#include "client.h" -#include "channel.h" -#include "sharedmemory_struct.h" - -void Sharedmemory_init( int bindport, int bindport6 ); -void Sharedmemory_update(void); -void Sharedmemory_alivetick(void); -void Sharedmemory_deinit(void); - -#endif // SHAREDMEMORY_H_777736932196 \ No newline at end of file +#ifndef SHAREDMEMORY_H_777736932196 +#define SHAREDMEMORY_H_777736932196 + +#include +#include + +#include /* For O_* constants */ +#include +#include + +#include +#include "util.h" +#include "conf.h" +#include "client.h" +#include "channel.h" +#include "sharedmemory_struct.h" + +void Sharedmemory_init( int bindport, int bindport6 ); +void Sharedmemory_update(void); +void Sharedmemory_alivetick(void); +void Sharedmemory_deinit(void); + +#endif // SHAREDMEMORY_H_777736932196 diff --git a/src/sharedmemory_struct.h b/src/sharedmemory_struct.h index de356c4..e696948 100644 --- a/src/sharedmemory_struct.h +++ b/src/sharedmemory_struct.h @@ -1,32 +1,32 @@ -#include -#include -#include "types.h" - -typedef struct -{ - - char username[121]; - char ipaddress[INET6_ADDRSTRLEN]; - char channel[121]; - char os[121], release[121], os_version[121]; - int tcp_port, udp_port; - bool_t bUDP, authenticated, deaf, mute, self_deaf, self_mute, recording, bOpus; - int availableBandwidth; - uint32_t online_secs, idle_secs; - bool_t isAdmin; - bool_t isSuppressed; - float UDPPingAvg, UDPPingVar, TCPPingAvg, TCPPingVar; - uint32_t UDPPackets, TCPPackets; - -}shmclient_t; - -typedef struct -{ - - int shmtotal_size, shmclient_size; - int clientcount, server_max_clients; - unsigned int umurmurd_pid; - uint8_t alive; - shmclient_t client[]; - -}shm_t; +#include +#include +#include "types.h" + +typedef struct +{ + + char username[121]; + char ipaddress[INET6_ADDRSTRLEN]; + char channel[121]; + char os[121], release[121], os_version[121]; + int tcp_port, udp_port; + bool_t bUDP, authenticated, deaf, mute, self_deaf, self_mute, recording, bOpus; + int availableBandwidth; + uint32_t online_secs, idle_secs; + bool_t isAdmin; + bool_t isSuppressed; + float UDPPingAvg, UDPPingVar, TCPPingAvg, TCPPingVar; + uint32_t UDPPackets, TCPPackets; + +} shmclient_t; + +typedef struct +{ + + int shmtotal_size, shmclient_size; + int clientcount, server_max_clients; + unsigned int umurmurd_pid; + uint8_t alive; + shmclient_t client[]; + +} shm_t; diff --git a/src/ssli_openssl.c b/src/ssli_openssl.c index 0542bff..65a21de 100644 --- a/src/ssli_openssl.c +++ b/src/ssli_openssl.c @@ -154,100 +154,72 @@ static void SSL_writekey(char *keyfile, RSA *rsa) static void SSL_initializeCert() { - char *crt, *key, *pass; + char *crt = (char *)getStrConf(CERTIFICATE); + char *key = (char *)getStrConf(KEY); - crt = (char *)getStrConf(CERTIFICATE); - key = (char *)getStrConf(KEY); - pass = (char *)getStrConf(PASSPHRASE); + if (context) { + bool did_load_cert = SSL_CTX_use_certificate_chain_file(context, crt); + rsa = SSL_readprivatekey(key); - x509 = SSL_readcert(crt); - rsa = SSL_readprivatekey(key); - if (rsa != NULL) { - pkey = EVP_PKEY_new(); - EVP_PKEY_assign_RSA(pkey, rsa); - } - - -#if 0 - /* Later ... */ - if (key && !x509) { - qscCert = QSslCertificate(key); - if (! qscCert.isNull()) { - logthis("Using certificate from key."); - } - } - - if (! qscCert.isNull()) { - QSsl::KeyAlgorithm alg = qscCert.publicKey().algorithm(); - /* Fetch algorith from cert */ - if (! key.isEmpty()) { - /* get key */ - qskKey = QSslKey(key, alg, QSsl::Pem, QSsl::PrivateKey, pass); - if (qskKey.isNull()) { - logthis("Failed to parse key."); - } - } + if (!rsa || !did_load_cert) { + Log_info("Generating new server certificate."); - if (! crt.isEmpty() && qskKey.isNull()) { - /* get key from certificate */ - qskKey = QSslKey(crt, alg, QSsl::Pem, QSsl::PrivateKey, pass); - if (! qskKey.isNull()) { - logthis("Using key from certificate."); - } - } - } -#endif + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - if (!rsa || !x509) { - Log_info("Generating new server certificate."); + x509 = X509_new(); + pkey = EVP_PKEY_new(); + rsa = RSA_generate_key(4096,RSA_F4,NULL,NULL); + EVP_PKEY_assign_RSA(pkey, rsa); + X509_set_version(x509, 2); + ASN1_INTEGER_set(X509_get_serialNumber(x509),1); + X509_gmtime_adj(X509_get_notBefore(x509),0); + X509_gmtime_adj(X509_get_notAfter(x509),60*60*24*365); + X509_set_pubkey(x509, pkey); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + X509_NAME *name=X509_get_subject_name(x509); - x509 = X509_new(); - pkey = EVP_PKEY_new(); - rsa = RSA_generate_key(1024,RSA_F4,NULL,NULL); - EVP_PKEY_assign_RSA(pkey, rsa); + X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, (const uint8_t *)"Murmur Autogenerated Certificate v2", -1, -1, 0); + X509_set_issuer_name(x509, name); + SSL_add_ext(x509, NID_basic_constraints, "critical,CA:FALSE"); + SSL_add_ext(x509, NID_ext_key_usage, "serverAuth,clientAuth"); + SSL_add_ext(x509, NID_subject_key_identifier, "hash"); + SSL_add_ext(x509, NID_netscape_comment, "Generated from umurmur"); - X509_set_version(x509, 2); - ASN1_INTEGER_set(X509_get_serialNumber(x509),1); - X509_gmtime_adj(X509_get_notBefore(x509),0); - X509_gmtime_adj(X509_get_notAfter(x509),60*60*24*365); - X509_set_pubkey(x509, pkey); + X509_sign(x509, pkey, EVP_md5()); - X509_NAME *name=X509_get_subject_name(x509); + SSL_writecert(crt, x509); + SSL_writekey(key, rsa); - X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, (const uint8_t *)"Murmur Autogenerated Certificate v2", -1, -1, 0); - X509_set_issuer_name(x509, name); - SSL_add_ext(x509, NID_basic_constraints, "critical,CA:FALSE"); - SSL_add_ext(x509, NID_ext_key_usage, "serverAuth,clientAuth"); - SSL_add_ext(x509, NID_subject_key_identifier, "hash"); - SSL_add_ext(x509, NID_netscape_comment, "Generated from umurmur"); + SSL_CTX_use_certificate(context, x509); + } else { + pkey = EVP_PKEY_new(); + EVP_PKEY_assign_RSA(pkey, rsa); + } - X509_sign(x509, pkey, EVP_md5()); + SSL_CTX_use_PrivateKey(context, pkey); - SSL_writecert(crt, x509); - SSL_writekey(key, rsa); + } else { + Log_fatal("Failed to initialize TLS context."); } } void SSLi_init(void) { - SSL_METHOD *method; SSL *ssl; int i, offset = 0, cipherstringlen = 0; STACK_OF(SSL_CIPHER) *cipherlist = NULL, *cipherlist_new = NULL; SSL_CIPHER *cipher; - char *cipherstring, tempstring[128]; + char *cipherstring; SSL_library_init(); - OpenSSL_add_all_algorithms(); /* load & register all cryptos, etc. */ - SSL_load_error_strings(); /* load all error messages */ - ERR_load_crypto_strings(); /* load all error messages */ - method = SSLv23_server_method(); /* create new server-method instance */ - context = SSL_CTX_new(method); /* create new context from method */ + OpenSSL_add_all_algorithms(); + SSL_load_error_strings(); + ERR_load_crypto_strings(); + + context = SSL_CTX_new(SSLv23_server_method()); if (context == NULL) { ERR_print_errors_fp(stderr); @@ -261,12 +233,6 @@ void SSLi_init(void) } SSL_initializeCert(); - if (SSL_CTX_use_certificate(context, x509) <= 0) - Log_fatal("Failed to initialize cert"); - if (SSL_CTX_use_PrivateKey(context, pkey) <= 0) { - ERR_print_errors_fp(stderr); - Log_fatal("Failed to initialize private key"); - } /* Set cipher list */ ssl = SSL_new(context); diff --git a/src/version.h b/src/version.h index 5131356..00e2a16 100644 --- a/src/version.h +++ b/src/version.h @@ -1,7 +1,7 @@ #ifndef VERSION_H_989876 #define VERSION_H_989876 -#define UMURMUR_VERSION "0.2.16" +#define UMURMUR_VERSION "0.2.16a" #define UMURMUR_CODENAME "Agrajag" #endif