# HG changeset patch
# User hallski <hallski>
# Date 1057967782 0
# Node ID 1ff2f81867e14aa5238a5d0a80b4e0fb47216adc
# Parent  c8f776121420b63b8fade516b15979662ae38664
2003-07-12  Mikael Hallendal  <micke@imendio.com>

	* configure.in:
	- Added SSL support, patch from Bartosz Zapalowski. THIS GUY ROCKS!
	* docs/reference/loudmouth-sections.txt:
	- added lm_connection_supports_ssl.
	* loudmouth/lm-connection.c: Added support for SSL.
	* loudmouth/test-lm.c: (main): Use SSL if it's compiled in.

diff -r c8f776121420 -r 1ff2f81867e1 .cvsignore
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/.cvsignore	Fri Jul 11 23:56:22 2003 +0000
@@ -0,0 +1,13 @@
+Makefile
+Makefile.in
+aclocal.m4
+autom4te*
+config.h*
+config.log
+config.status
+configure
+libtool
+*.tar.gz
+loudmouth.spec
+stamp-h1
+loudmouth-1.0.pc
diff -r c8f776121420 -r 1ff2f81867e1 ChangeLog
--- a/ChangeLog	Mon Jul 07 16:33:53 2003 +0000
+++ b/ChangeLog	Fri Jul 11 23:56:22 2003 +0000
@@ -1,3 +1,12 @@
+2003-07-12  Mikael Hallendal  <micke@imendio.com>
+
+	* configure.in: 
+	- Added SSL support, patch from Bartosz Zapalowski. THIS GUY ROCKS!
+	* docs/reference/loudmouth-sections.txt: 
+	- added lm_connection_supports_ssl.
+	* loudmouth/lm-connection.c: Added support for SSL.
+	* loudmouth/test-lm.c: (main): Use SSL if it's compiled in.
+
 2003-07-07  Mikael Hallendal  <micke@imendio.com>
 
         * Release 0.10.1
diff -r c8f776121420 -r 1ff2f81867e1 configure.in
--- a/configure.in	Mon Jul 07 16:33:53 2003 +0000
+++ b/configure.in	Fri Jul 11 23:56:22 2003 +0000
@@ -88,6 +88,30 @@
 AC_CHECK_LIB(nsl,gethostbyname)
 AC_CHECK_LIB(socket,socket)
 
+dnl +--------------------------------------------------------+
+dnl | Checking for SSL (through GnuTLS) support              |
+dnl +--------------------------------------------------------+
+AC_MSG_CHECKING([for GnuTLS support])
+
+AC_ARG_WITH(ssl, [  --without-ssl           disable ssl support],
+	    ac_ssl=$withval,
+	    ac_ssl=yes
+	    )
+
+if test x$ac_ssl != xno; then
+  GNUTLS_CFLAGS=`libgnutls-config --cflags`
+  if test "x$GNUTLS_CFLAGS" = "x"; then
+    AC_MSG_RESULT(no)
+  else
+    AC_MSG_RESULT(yes)
+    GNUTLS_LDFLAGS=`libgnutls-config --libs`
+    CFLAGS="$CFLAGS $GNUTLS_CFLAGS"
+    LDFLAGS="$LDFLAGS $GNUTLS_LDFLAGS"
+    AC_DEFINE(HAVE_GNUTLS, 1, [whether to use GnuTSL support.])
+  fi
+else
+  AC_MSG_RESULT(no)
+fi
 
 dnl +-------------+
 dnl | Build Flags |--------------------------------------------
@@ -115,6 +139,8 @@
 	echo "Debugging enabled"
 fi
 
+
+
 AC_SUBST(LOUDMOUTH_CFLAGS)
 AC_SUBST(LOUDMOUTH_LIBS)
 
diff -r c8f776121420 -r 1ff2f81867e1 docs/.cvsignore
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/docs/.cvsignore	Fri Jul 11 23:56:22 2003 +0000
@@ -0,0 +1,2 @@
+Makefile
+Makefile.in
diff -r c8f776121420 -r 1ff2f81867e1 docs/reference/.cvsignore
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/docs/reference/.cvsignore	Fri Jul 11 23:56:22 2003 +0000
@@ -0,0 +1,14 @@
+Makefile
+Makefile.in
+*.stamp
+html
+loudmouth-decl-list.txt
+loudmouth-decl.txt
+loudmouth-undocumented.txt
+loudmouth-unused.txt
+loudmouth.args
+loudmouth.hierarchy
+loudmouth.interfaces
+loudmouth.prerequisites
+loudmouth.signals
+xml
diff -r c8f776121420 -r 1ff2f81867e1 docs/reference/loudmouth-sections.txt
--- a/docs/reference/loudmouth-sections.txt	Mon Jul 07 16:33:53 2003 +0000
+++ b/docs/reference/loudmouth-sections.txt	Fri Jul 11 23:56:22 2003 +0000
@@ -21,6 +21,7 @@
 lm_connection_set_server
 lm_connection_get_port
 lm_connection_set_port
+lm_connection_supports_ssl
 lm_connection_get_use_ssl
 lm_connection_set_use_ssl
 lm_connection_send
diff -r c8f776121420 -r 1ff2f81867e1 loudmouth/.cvsignore
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/loudmouth/.cvsignore	Fri Jul 11 23:56:22 2003 +0000
@@ -0,0 +1,3 @@
+Makefile
+Makefile.in
+test-lm
diff -r c8f776121420 -r 1ff2f81867e1 loudmouth/lm-connection.c
--- a/loudmouth/lm-connection.c	Mon Jul 07 16:33:53 2003 +0000
+++ b/loudmouth/lm-connection.c	Fri Jul 11 23:56:22 2003 +0000
@@ -21,6 +21,10 @@
 
 #include <config.h>
 
+#ifdef HAVE_GNUTLS
+#include <gnutls/gnutls.h>
+#endif
+
 #include <string.h>
 #include <unistd.h>
 #include <sys/types.h>
@@ -54,10 +58,15 @@
 
 struct _LmConnection {
 	/* Parameters */
-	gchar      *server;
-	guint       port;
-	gboolean    use_ssl;
+	gchar          *server;
+	guint           port;
+	gboolean        use_ssl;
 
+#ifdef HAVE_GNUTLS
+	gnutls_session  gnutls_session;
+	gnutls_certificate_client_credentials gnutls_xcred;
+#endif
+	
 	gboolean    is_open;
 	gboolean    is_authenticated;
 	
@@ -226,20 +235,58 @@
 
         haddr = ((struct in_addr *) (he->h_addr_list)[0]);
 
-        fd = socket(AF_INET, SOCK_STREAM, 0);
-        memset(&saddr, 0, sizeof(saddr));
-        memcpy(&saddr.sin_addr, haddr, sizeof(struct in_addr));
-        saddr.sin_family = AF_INET;
-        saddr.sin_port = htons (connection->port);
- 
+#ifdef HAVE_GNUTLS
+	if (connection->use_ssl) {
+		gnutls_global_init ();
+		gnutls_certificate_allocate_credentials(&connection->gnutls_xcred);
+	}
+#endif
+
+	fd = socket(AF_INET, SOCK_STREAM, 0);
+	memset(&saddr, 0, sizeof(saddr));
+	memcpy(&saddr.sin_addr, haddr, sizeof(struct in_addr));
+	saddr.sin_family = AF_INET;
+	saddr.sin_port = htons (connection->port);
+
         if (connect(fd, (struct sockaddr *)&saddr, sizeof(saddr)) < 0) {
- 		g_set_error (error,
+		g_set_error (error,
  			     LM_ERROR,           
  			     LM_ERROR_CONNECTION_OPEN,
  			     "connect() failed");
 		close (fd);
 		return FALSE;
         }
+
+#ifdef HAVE_GNUTLS
+	if (connection->use_ssl) {
+		int ret;
+		const int cert_type_priority[2] =
+		{ GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP };
+
+		gnutls_init (&connection->gnutls_session, GNUTLS_CLIENT);
+		gnutls_set_default_priority (connection->gnutls_session);
+		gnutls_certificate_type_set_priority (connection->gnutls_session,
+						      cert_type_priority);
+		gnutls_credentials_set (connection->gnutls_session,
+					GNUTLS_CRD_CERTIFICATE,
+					connection->gnutls_xcred);
+		
+		gnutls_transport_set_ptr (connection->gnutls_session, 
+					  (gnutls_transport_ptr) fd);
+
+		ret = gnutls_handshake (connection->gnutls_session);
+		
+		if (ret < 0) {
+			gnutls_perror (ret);
+			shutdown (fd, SHUT_RDWR);
+			close (fd);
+			connection_do_close (connection);
+			g_set_error (error, LM_ERROR, LM_ERROR_CONNECTION_OPEN,
+				     "*** GNUTLS handshake failed");
+			return FALSE;
+		}
+	}
+#endif
 	
 	connection->io_channel = g_io_channel_unix_new (fd);
 	g_io_channel_set_close_on_unref (connection->io_channel, TRUE);
@@ -281,6 +328,14 @@
 
 	connection->io_channel = NULL;
 	connection->is_open = FALSE;
+
+#ifdef HAVE_GNUTLS
+	if (connection->use_ssl) {
+		gnutls_deinit (connection->gnutls_session);
+		gnutls_certificate_free_credentials (connection->gnutls_xcred);
+		gnutls_global_deinit ();
+	}
+#endif
 }
 
 
@@ -295,10 +350,25 @@
 	if (!connection->io_channel) {
 		return FALSE;
 	}
-	g_io_channel_read_chars (connection->io_channel,
-				 buf, IN_BUFFER_SIZE - 1,
-				 &bytes_read,
-				 NULL);
+#ifdef HAVE_GNUTLS
+	if (connection->use_ssl) {
+		bytes_read = gnutls_record_recv (connection->gnutls_session,
+						 buf,IN_BUFFER_SIZE - 1);
+		if (bytes_read <= 0) {
+			connection_error_event (connection->io_channel, 
+						G_IO_HUP,
+						connection);
+		}
+	} else {
+#endif
+	    g_io_channel_read_chars (connection->io_channel,
+				     buf, IN_BUFFER_SIZE - 1,
+				     &bytes_read,
+				     NULL);
+#ifdef HAVE_GNUTLS
+	}
+#endif
+
 	buf[bytes_read] = '\0';
 	g_log (LM_LOG_DOMAIN, LM_LOG_LEVEL_NET, "\nRECV:\n");
 	g_log (LM_LOG_DOMAIN, LM_LOG_LEVEL_NET, 
@@ -365,8 +435,23 @@
 	g_log (LM_LOG_DOMAIN, LM_LOG_LEVEL_NET, 
 	       "-----------------------------------\n");
 	
-	g_io_channel_write_chars (connection->io_channel, str, len, 
-				  &bytes_written, NULL);
+#ifdef HAVE_GNUTLS
+	if (connection->use_ssl) {
+		while ((bytes_written = gnutls_record_send (connection->gnutls_session, str, len)) < 0)
+			if (bytes_written != GNUTLS_E_INTERRUPTED &&
+			    bytes_written != GNUTLS_E_AGAIN)
+			{
+				connection_error_event (connection->io_channel, G_IO_HUP,
+							connection);
+			}
+		    
+	} else {
+#endif
+		g_io_channel_write_chars (connection->io_channel, str, len, 
+					  &bytes_written, NULL);
+#ifdef HAVE_GNUTLS
+	}
+#endif
 
 	return TRUE;
 }
@@ -992,6 +1077,23 @@
 }
 
 /**
+ * lm_connection_supports_ssl:
+ *
+ * Checks whether Loudmouth supports SSL or not
+ *
+ * Return value: #TRUE if this installation of Loudmouth supports SSL, otherwise returnes #FALSE.
+ **/
+gboolean
+lm_connection_supports_ssl (void)
+{
+#ifdef HAVE_GNUTLS
+	return TRUE;
+#else
+	return FALSE;
+#endif
+}
+
+/**
  * lm_connection_get_use_ssl:
  * @connection: an #LmConnection
  * 
diff -r c8f776121420 -r 1ff2f81867e1 loudmouth/lm-connection.h
--- a/loudmouth/lm-connection.h	Mon Jul 07 16:33:53 2003 +0000
+++ b/loudmouth/lm-connection.h	Fri Jul 11 23:56:22 2003 +0000
@@ -100,6 +100,7 @@
 guint         lm_connection_get_port          (LmConnection       *connection);
 void          lm_connection_set_port          (LmConnection       *connection,
 					       guint               port);
+gboolean      lm_connection_supports_ssl      (void);
 gboolean      lm_connection_get_use_ssl       (LmConnection       *connection);
 void          lm_connection_set_use_ssl       (LmConnection       *connection,
 					       gboolean            use_ssl);
@@ -136,5 +137,4 @@
 LmConnection* lm_connection_ref               (LmConnection       *connection);
 void          lm_connection_unref             (LmConnection       *connection);
 
-
 #endif /* __LM_CONNECTION_H__ */
diff -r c8f776121420 -r 1ff2f81867e1 loudmouth/test-lm.c
--- a/loudmouth/test-lm.c	Mon Jul 07 16:33:53 2003 +0000
+++ b/loudmouth/test-lm.c	Fri Jul 11 23:56:22 2003 +0000
@@ -123,6 +123,11 @@
 
         connection = lm_connection_new (argv[1]);
 
+	if (lm_connection_supports_ssl ()) {
+		lm_connection_set_port (connection, 5223);
+		lm_connection_set_use_ssl (connection, TRUE);
+	}
+
 	handler = lm_message_handler_new (handle_messages, NULL, NULL);
 	lm_connection_register_message_handler (connection, handler, 
 						LM_MESSAGE_TYPE_MESSAGE,