/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/*
* Copyright (C) 2003-2006 Imendio AB
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this program; if not, see <https://www.gnu.org/licenses>
*/
#include "lm-debug.h"
#include "lm-ssl-base.h"
#include "lm-ssl-internals.h"
void
_lm_ssl_base_init (LmSSLBase *base,
const gchar *expected_fingerprint,
LmSSLFunction ssl_function,
gpointer user_data,
GDestroyNotify notify)
{
base->ref_count = 1;
base->func = ssl_function;
base->func_data = user_data;
base->data_notify = notify;
base->fingerprint[0] = '\0';
base->cipher_list = NULL;
if (expected_fingerprint) {
if (!g_str_has_prefix(expected_fingerprint, LM_FINGERPRINT_PREFIX)) {
/* let's set a bogus hash because the user tries to use a hash
we don't support now */
expected_fingerprint = "wrong_hash_format";
g_log (LM_LOG_DOMAIN, LM_LOG_LEVEL_SSL, "Wrong hash format, use "
LM_FINGERPRINT_PREFIX"$hash");
}
base->expected_fingerprint = g_strndup(expected_fingerprint,
LM_FINGERPRINT_LENGTH);
} else {
base->expected_fingerprint = NULL;
}
if (!base->func) {
/* If user didn't provide an SSL func the default will be used
* this function will always tell the connection to continue.
*/
base->func = _lm_ssl_func_always_continue;
}
}
void
_lm_ssl_base_set_cipher_list (LmSSLBase *base,
const gchar *cipher_list)
{
if (base->cipher_list)
g_free (base->cipher_list);
base->cipher_list = g_strdup (cipher_list);
}
void
_lm_ssl_base_set_ca_path (LmSSLBase *base,
const gchar *ca_path)
{
if (base->ca_path)
g_free (base->ca_path);
base->ca_path = g_strdup (ca_path);
}
void
_lm_ssl_base_set_fingerprint (LmSSLBase *base,
const guchar *digest,
unsigned int digest_len)
{
gchar hex[LM_FINGERPRINT_LENGTH];
gchar *p;
int i;
g_assert(LM_FINGERPRINT_PREFIX != NULL);
g_assert(digest != NULL);
g_assert(digest_len > 0);
g_assert(LM_FINGERPRINT_LENGTH >=
(sizeof(LM_FINGERPRINT_PREFIX) + digest_len*2));
for (p = hex, i = 0; i < digest_len ; i++, p+=2) {
g_snprintf(p, 3, "%02x", digest[i]);
}
g_snprintf(base->fingerprint, LM_FINGERPRINT_LENGTH,
"%s%s",
LM_FINGERPRINT_PREFIX,
hex);
}
int _lm_ssl_base_check_fingerprint( LmSSLBase *base)
{
if (base->expected_fingerprint == NULL) {
return 0;
}
return g_ascii_strcasecmp(base->expected_fingerprint, base->fingerprint);
}
void
_lm_ssl_base_free_fields (LmSSLBase *base)
{
g_free (base->expected_fingerprint);
g_free (base->cipher_list);
g_free (base->ca_path);
}