diff --git a/src/TLSClient.cpp b/src/TLSClient.cpp index 1a9927daf..5516f4188 100644 --- a/src/TLSClient.cpp +++ b/src/TLSClient.cpp @@ -62,17 +62,17 @@ static void gnutls_log_function (int level, const char* message) //////////////////////////////////////////////////////////////////////////////// static int verify_certificate_callback (gnutls_session_t session) { - const TLSClient* client = (TLSClient*) gnutls_session_get_ptr (session); + const TLSClient* client = (TLSClient*) gnutls_session_get_ptr (session); // All return client->verify_certificate (); } //////////////////////////////////////////////////////////////////////////////// TLSClient::~TLSClient () { - gnutls_deinit (_session); - gnutls_certificate_free_credentials (_credentials); + gnutls_deinit (_session); // All + gnutls_certificate_free_credentials (_credentials); // All #if GNUTLS_VERSION_NUMBER < 0x030300 - gnutls_global_deinit (); + gnutls_global_deinit (); // All #endif if (_socket) @@ -96,8 +96,8 @@ void TLSClient::debug (int level) if (level) _debug = true; - gnutls_global_set_log_function (gnutls_log_function); - gnutls_global_set_log_level (level); + gnutls_global_set_log_function (gnutls_log_function); // All + gnutls_global_set_log_level (level); // All } //////////////////////////////////////////////////////////////////////////////// @@ -133,23 +133,23 @@ void TLSClient::init ( int ret; #if GNUTLS_VERSION_NUMBER < 0x030300 - ret = gnutls_global_init (); + ret = gnutls_global_init (); // All if (ret < 0) - throw format ("TLS init error. {1}", gnutls_strerror (ret)); + throw format ("TLS init error. {1}", gnutls_strerror (ret)); // All #endif - ret = gnutls_certificate_allocate_credentials (&_credentials); + ret = gnutls_certificate_allocate_credentials (&_credentials); // All if (ret < 0) - throw format ("TLS allocation error. {1}", gnutls_strerror (ret)); + throw format ("TLS allocation error. {1}", gnutls_strerror (ret)); // All if (_ca != "" && - (ret = gnutls_certificate_set_x509_trust_file (_credentials, _ca.c_str (), GNUTLS_X509_FMT_PEM)) < 0) - throw format ("Bad CA file. {1}", gnutls_strerror (ret)); + (ret = gnutls_certificate_set_x509_trust_file (_credentials, _ca.c_str (), GNUTLS_X509_FMT_PEM)) < 0) // All + throw format ("Bad CA file. {1}", gnutls_strerror (ret)); // All if (_cert != "" && _key != "" && - (ret = gnutls_certificate_set_x509_key_file (_credentials, _cert.c_str (), _key.c_str (), GNUTLS_X509_FMT_PEM)) < 0) - throw format ("Bad CERT file. {1}", gnutls_strerror (ret)); + (ret = gnutls_certificate_set_x509_key_file (_credentials, _cert.c_str (), _key.c_str (), GNUTLS_X509_FMT_PEM)) < 0) // 3.1.11 + throw format ("Bad CERT file. {1}", gnutls_strerror (ret)); // All #if GNUTLS_VERSION_NUMBER >= 0x02090a // The automatic verification for the server certificate with @@ -158,28 +158,28 @@ void TLSClient::init ( // manually after the gnutls handshake. gnutls_certificate_set_verify_function (_credentials, verify_certificate_callback); #endif - ret = gnutls_init (&_session, GNUTLS_CLIENT); + ret = gnutls_init (&_session, GNUTLS_CLIENT); // All if (ret < 0) - throw format ("TLS client init error. {1}", gnutls_strerror (ret)); + throw format ("TLS client init error. {1}", gnutls_strerror (ret)); // All // Use default priorities unless overridden. if (_ciphers == "") _ciphers = "NORMAL"; const char *err; - ret = gnutls_priority_set_direct (_session, _ciphers.c_str (), &err); + ret = gnutls_priority_set_direct (_session, _ciphers.c_str (), &err); // All if (ret < 0) { if (_debug && ret == GNUTLS_E_INVALID_REQUEST) std::cout << "c: ERROR Priority error at: " << err << '\n'; - throw format (STRING_TLS_INIT_FAIL, gnutls_strerror (ret)); + throw format (STRING_TLS_INIT_FAIL, gnutls_strerror (ret)); // All } // Apply the x509 credentials to the current session. - ret = gnutls_credentials_set (_session, GNUTLS_CRD_CERTIFICATE, _credentials); + ret = gnutls_credentials_set (_session, GNUTLS_CRD_CERTIFICATE, _credentials); // All if (ret < 0) - throw format ("TLS credentials error. {1}", gnutls_strerror (ret)); + throw format ("TLS credentials error. {1}", gnutls_strerror (ret)); // All } //////////////////////////////////////////////////////////////////////////////// @@ -190,7 +190,7 @@ void TLSClient::connect (const std::string& host, const std::string& port) // Store the TLSClient instance, so that the verification callback can access // it during the handshake below and call the verifcation method. - gnutls_session_set_ptr (_session, (void*) this); + gnutls_session_set_ptr (_session, (void*) this); // All // use IPv4 or IPv6, does not matter. struct addrinfo hints {}; @@ -233,17 +233,18 @@ void TLSClient::connect (const std::string& host, const std::string& port) throw format (STRING_CMD_SYNC_CONNECT, host, port); #if GNUTLS_VERSION_NUMBER >= 0x030109 - gnutls_transport_set_int (_session, _socket); + gnutls_transport_set_int (_session, _socket); // 3.1.9 #else - gnutls_transport_set_ptr (_session, (gnutls_transport_ptr_t) (intptr_t) _socket); + gnutls_transport_set_ptr (_session, (gnutls_transport_ptr_t) (intptr_t) _socket); // All #endif // Perform the TLS handshake do { - ret = gnutls_handshake (_session); + ret = gnutls_handshake (_session); // All } - while (ret < 0 && gnutls_error_is_fatal (ret) == 0); + while (ret < 0 && gnutls_error_is_fatal (ret) == 0); // All + if (ret < 0) throw format (STRING_CMD_SYNC_HANDSHAKE, gnutls_strerror (ret)); @@ -257,14 +258,14 @@ void TLSClient::connect (const std::string& host, const std::string& port) { if (_debug) std::cout << "c: ERROR Certificate verification failed.\n"; - throw format (STRING_TLS_INIT_FAIL, gnutls_strerror (ret)); + throw format (STRING_TLS_INIT_FAIL, gnutls_strerror (ret)); // All } #endif if (_debug) { #if GNUTLS_VERSION_NUMBER >= 0x03010a - char* desc = gnutls_session_get_desc (_session); + char* desc = gnutls_session_get_desc (_session); // 3.1.10 std::cout << "c: INFO Handshake was completed: " << desc << '\n'; gnutls_free (desc); #else @@ -276,7 +277,7 @@ void TLSClient::connect (const std::string& host, const std::string& port) //////////////////////////////////////////////////////////////////////////////// void TLSClient::bye () { - gnutls_bye (_session, GNUTLS_SHUT_RDWR); + gnutls_bye (_session, GNUTLS_SHUT_RDWR); // All } //////////////////////////////////////////////////////////////////////////////// @@ -296,11 +297,11 @@ int TLSClient::verify_certificate () const if (_trust == TLSClient::ignore_hostname) hostname = NULL; - int ret = gnutls_certificate_verify_peers3 (_session, hostname, &status); + int ret = gnutls_certificate_verify_peers3 (_session, hostname, &status); // 3.1.4 if (ret < 0) { if (_debug) - std::cout << "c: ERROR Certificate verification peers3 failed. " << gnutls_strerror (ret) << '\n'; + std::cout << "c: ERROR Certificate verification peers3 failed. " << gnutls_strerror (ret) << '\n'; // All return GNUTLS_E_CERTIFICATE_ERROR; } @@ -312,11 +313,11 @@ int TLSClient::verify_certificate () const if (_debug && status) std::cout << "c: ERROR Certificate status=" << status << '\n'; #else - int ret = gnutls_certificate_verify_peers2 (_session, &status); + int ret = gnutls_certificate_verify_peers2 (_session, &status); // All if (ret < 0) { if (_debug) - std::cout << "c: ERROR Certificate verification peers2 failed. " << gnutls_strerror (ret) << '\n'; + std::cout << "c: ERROR Certificate verification peers2 failed. " << gnutls_strerror (ret) << '\n'; // All return GNUTLS_E_CERTIFICATE_ERROR; } @@ -325,41 +326,41 @@ int TLSClient::verify_certificate () const if ((status == 0) && (_trust != TLSClient::ignore_hostname)) { - if (gnutls_certificate_type_get (_session) == GNUTLS_CRT_X509) + if (gnutls_certificate_type_get (_session) == GNUTLS_CRT_X509) // All { const gnutls_datum* cert_list; unsigned int cert_list_size; gnutls_x509_crt cert; - cert_list = gnutls_certificate_get_peers (_session, &cert_list_size); + cert_list = gnutls_certificate_get_peers (_session, &cert_list_size); // All if (cert_list_size == 0) { if (_debug) - std::cout << "c: ERROR Certificate get peers failed. " << gnutls_strerror (ret) << '\n'; + std::cout << "c: ERROR Certificate get peers failed. " << gnutls_strerror (ret) << '\n'; // All return GNUTLS_E_CERTIFICATE_ERROR; } - ret = gnutls_x509_crt_init (&cert); + ret = gnutls_x509_crt_init (&cert); // All if (ret < 0) { if (_debug) - std::cout << "c: ERROR x509 init failed. " << gnutls_strerror (ret) << '\n'; + std::cout << "c: ERROR x509 init failed. " << gnutls_strerror (ret) << '\n'; // All return GNUTLS_E_CERTIFICATE_ERROR; } - ret = gnutls_x509_crt_import (cert, &cert_list[0], GNUTLS_X509_FMT_DER); + ret = gnutls_x509_crt_import (cert, &cert_list[0], GNUTLS_X509_FMT_DER); // All if (ret < 0) { if (_debug) - std::cout << "c: ERROR x509 cert import. " << gnutls_strerror (ret) << '\n'; - gnutls_x509_crt_deinit(cert); + std::cout << "c: ERROR x509 cert import. " << gnutls_strerror (ret) << '\n'; // All + gnutls_x509_crt_deinit(cert); // All return GNUTLS_E_CERTIFICATE_ERROR; } - if (gnutls_x509_crt_check_hostname (cert, hostname) == 0) + if (gnutls_x509_crt_check_hostname (cert, hostname) == 0) // All { if (_debug) - std::cout << "c: ERROR x509 cert check hostname. " << gnutls_strerror (ret) << '\n'; + std::cout << "c: ERROR x509 cert check hostname. " << gnutls_strerror (ret) << '\n'; // All gnutls_x509_crt_deinit(cert); return GNUTLS_E_CERTIFICATE_ERROR; } @@ -370,13 +371,13 @@ int TLSClient::verify_certificate () const #endif #if GNUTLS_VERSION_NUMBER >= 0x030104 - gnutls_certificate_type_t type = gnutls_certificate_type_get (_session); + gnutls_certificate_type_t type = gnutls_certificate_type_get (_session); // All gnutls_datum_t out; - ret = gnutls_certificate_verification_status_print (status, type, &out, 0); + ret = gnutls_certificate_verification_status_print (status, type, &out, 0); // 3.1.4 if (ret < 0) { if (_debug) - std::cout << "c: ERROR certificate verification status. " << gnutls_strerror (ret) << '\n'; + std::cout << "c: ERROR certificate verification status. " << gnutls_strerror (ret) << '\n'; // All return GNUTLS_E_CERTIFICATE_ERROR; } @@ -412,7 +413,7 @@ void TLSClient::send (const std::string& data) int status; do { - status = gnutls_record_send (_session, packet.c_str () + total, remaining); + status = gnutls_record_send (_session, packet.c_str () + total, remaining); // All } while (errno == GNUTLS_E_INTERRUPTED || errno == GNUTLS_E_AGAIN); @@ -441,7 +442,7 @@ void TLSClient::recv (std::string& data) unsigned char header[4] {}; do { - received = gnutls_record_recv (_session, header, 4); + received = gnutls_record_recv (_session, header, 4); // All } while (received > 0 && (errno == GNUTLS_E_INTERRUPTED || @@ -469,7 +470,7 @@ void TLSClient::recv (std::string& data) { do { - received = gnutls_record_recv (_session, buffer, MAX_BUF - 1); + received = gnutls_record_recv (_session, buffer, MAX_BUF - 1); // All } while (received > 0 && (errno == GNUTLS_E_INTERRUPTED || @@ -484,13 +485,13 @@ void TLSClient::recv (std::string& data) } // Something happened. - if (received < 0 && gnutls_error_is_fatal (received) == 0) + if (received < 0 && gnutls_error_is_fatal (received) == 0) // All { if (_debug) - std::cout << "c: WARNING " << gnutls_strerror (received) << '\n'; + std::cout << "c: WARNING " << gnutls_strerror (received) << '\n'; // All } else if (received < 0) - throw std::string (gnutls_strerror (received)); + throw std::string (gnutls_strerror (received)); // All buffer [received] = '\0'; data += buffer;