diff -Nur ./configure.orig ./configure --- ./configure.orig Fri Oct 6 06:00:46 2000 +++ ./configure Wed Dec 12 11:03:35 2001 @@ -13,7 +13,12 @@ ac_help= ac_default_prefix=/usr/local # Any additions from configure.in: - +ac_help="$ac_help + --enable-openssl Enable OpenSSL support [default=yes]" +ac_help="$ac_help + --with-openssl-inc=PATH include path for OpenSSL headers" +ac_help="$ac_help + --with-openssl-lib=PATH library path for OpenSSL libraries" # Initialize some variables set by options. # The variables have the same names as the options, with # dashes changed to underlines. @@ -2003,6 +2008,206 @@ echo "$ac_t""Solaris 2.x" 1>&6 ;; *) echo "$ac_t""nothing special required" 1>&6 ;; esac + + + + + +echo $ac_n "checking if OpenSSL support is desired""... $ac_c" 1>&6 +echo "configure:2017: checking if OpenSSL support is desired" >&5 + +# Check whether --enable-openssl or --disable-openssl was given. +if test "${enable_openssl+set}" = set; then + enableval="$enable_openssl" + WITH_OPENSSL="$enableval" +else + WITH_OPENSSL="no" +fi + +# Check whether --with-openssl-inc or --without-openssl-inc was given. +if test "${with_openssl_inc+set}" = set; then + withval="$with_openssl_inc" + openssl_incdir="$withval" +else + openssl_incdir="no" +fi + + +# Check whether --with-openssl-lib or --without-openssl-lib was given. +if test "${with_openssl_lib+set}" = set; then + withval="$with_openssl_lib" + openssl_libdir="$withval" +else + openssl_libdir="no" +fi + + + if test "$WITH_OPENSSL" = "no"; then + echo "$ac_t""no" 1>&6 + else + echo "$ac_t""yes" 1>&6 + + temp=$CPPFLAGS + if test "$openssl_incdir" != "no"; then + CPPFLAGS="$CPPFLAGS -I$openssl_incdir" + fi + ac_safe=`echo "openssl/ssl.h" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for openssl/ssl.h""... $ac_c" 1>&6 +echo "configure:2056: checking for openssl/ssl.h" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2066: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + WITH_OPENSSL="yes" +else + echo "$ac_t""no" 1>&6 +WITH_OPENSSL="no" +fi + + if test "$WITH_OPENSSL" = "no"; then + CPPFLAGS="$temp" + fi + + if test "$WITH_OPENSSL" = "yes"; then + temp="$LIBS" + if test "$openssl_libdir" != "no"; then + LIBS="$LIBS -L$openssl_libdir" + fi + echo $ac_n "checking for DH_free in -lcrypto""... $ac_c" 1>&6 +echo "configure:2098: checking for DH_free in -lcrypto" >&5 +ac_lib_var=`echo crypto'_'DH_free | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lcrypto $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_lib=HAVE_LIB`echo crypto | sed -e 's/[^a-zA-Z0-9_]/_/g' \ + -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'` + cat >> confdefs.h <&6 +fi + + if test "$ac_cv_lib_crypto_DH_free" = "yes"; then + echo $ac_n "checking for SSL_new in -lssl""... $ac_c" 1>&6 +echo "configure:2146: checking for SSL_new in -lssl" >&5 +ac_lib_var=`echo ssl'_'SSL_new | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lssl $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + WITH_OPENSSL="yes" +else + echo "$ac_t""no" 1>&6 +WITH_OPENSSL="no" +fi + + else + WITH_OPENSSL="no" + fi + if test "$WITH_OPENSSL" = "no"; then + LIBS="$temp" + else + LIBS="-lssl $LIBS" + fi + fi + + echo $ac_n "checking if OpenSSL support can be enabled""... $ac_c" 1>&6 +echo "configure:2197: checking if OpenSSL support can be enabled" >&5 + if test "$WITH_OPENSSL" = "yes"; then + cat >> confdefs.h <<\EOF +#define ALLOW_SSL +EOF + + echo "$ac_t""yes" 1>&6 + else + echo "$ac_t""no" 1>&6 + fi + fi + + + trap '' 1 2 15 cat > confcache <<\EOF diff -Nur ./include/client.h.orig ./include/client.h --- ./include/client.h.orig Thu Oct 25 12:25:06 2001 +++ ./include/client.h Wed Dec 12 11:42:28 2001 @@ -133,6 +133,10 @@ struct Client* servptr; /* Points to server this Client is on */ struct Client* from; /* == self, if Local Client, *NEVER* NULL! */ +#ifdef ALLOW_SSL + struct SSL_comm_t *ssl; +#endif + struct Whowas* whowas; /* Pointers to whowas structs */ time_t lasttime; /* ...should be only LOCAL clients? --msa */ time_t firsttime; /* time client was created */ diff -Nur ./include/config.h.orig ./include/config.h --- ./include/config.h.orig Sat Nov 17 19:48:03 2001 +++ ./include/config.h Thu Dec 13 18:37:47 2001 @@ -1169,4 +1169,7 @@ #define CONFIG_H_LEVEL_6 +/* Define this in case of SSL support and if u don't want your server to act as SSL client */ +#undef NOT_SSLCLIENT + #endif /* INCLUDED_config_h */ diff -Nur ./include/listener.h.orig ./include/listener.h --- ./include/listener.h.orig Thu Jul 29 10:06:47 1999 +++ ./include/listener.h Wed Dec 12 15:56:15 2001 @@ -32,6 +32,10 @@ #include "ircd_defs.h" /* HOSTLEN */ #endif +#ifdef ALLOW_SSL +#include "ssl.h" +#endif + struct Client; struct Listener { @@ -39,6 +43,9 @@ const char* name; /* listener name */ int fd; /* file descriptor */ int port; /* listener IP port */ +#ifdef ALLOW_SSL + u8 port_type; /* listener IP port type - maybe Plain/SSL/Mixed */ +#endif int ref_count; /* number of connection references */ int active; /* current state of listener */ int index; /* index into poll array */ @@ -50,7 +57,11 @@ extern struct Listener* ListenerPollList; /* GLOBAL - listener list */ extern void accept_connection(struct Listener* listener); +#ifdef ALLOW_SSL +extern void add_listener(int port, const char* vaddr_ip, u8 port_type); +#else extern void add_listener(int port, const char* vaddr_ip); +#endif extern void close_listener(struct Listener* listener); extern void close_listeners(void); extern const char* get_listener_name(const struct Listener* listener); diff -Nur ./include/s_conf.h.orig ./include/s_conf.h --- ./include/s_conf.h.orig Thu Oct 25 03:28:17 2001 +++ ./include/s_conf.h Wed Dec 12 16:08:49 2001 @@ -224,6 +224,7 @@ time_t hold; /* Hold action until this time (calendar time) */ struct Class* c_class; /* Class of connection */ int dns_pending; /* 1 if dns query pending, 0 otherwise */ + unsigned int cnftype; }; typedef struct QlineItem { diff -Nur ./include/s_serv.h.orig ./include/s_serv.h --- ./include/s_serv.h.orig Wed Apr 25 01:31:43 2001 +++ ./include/s_serv.h Thu Dec 13 11:42:46 2001 @@ -45,6 +45,7 @@ #define CAP_EX 0x00000008 /* Can do channel +e exemptions */ #define CAP_CHW 0x00000010 /* Can do channel wall @# */ #define CAP_DE 0x00000020 /* Can do channel +d (regex deny) */ +#define CAP_SSL 0x00000040 /* SSL support */ #define DoesCAP(x) ((x)->caps) diff -Nur ./include/setup.h.in.orig ./include/setup.h.in --- ./include/setup.h.in.orig Fri Oct 6 06:00:57 2000 +++ ./include/setup.h.in Wed Dec 12 11:03:56 2001 @@ -70,3 +70,6 @@ /* Define if you have the socket library (-lsocket). */ #undef HAVE_LIBSOCKET + +/* Define if your system have got OpenSSL support */ +#undef ALLOW_SSL diff -Nur /dev/null ./include/ssl.h --- /dev/null Thu Jan 1 02:00:00 1970 +++ ./include/ssl.h Thu Dec 13 17:45:01 2001 @@ -0,0 +1,80 @@ +#ifndef __HAVE_SSL_H +#define __HAVE_SSL_H + +#include + +#define u8 u_int8_t +#define u16 u_int16_t +#define u32 u_int32_t + +#ifndef HOME +#define HOME "./" +#endif +#define CERTF HOME "server-cert.pem" +#define KEYF HOME "server-key.pem" + +#include +#include +#include +#include +#include +#include + +#define SSL_EXPECTED 0x80 +#define SSL_USESSL 0x40 +#define SSL_CONNECTED 0x20 +#define SSL_SOCKDOWN 0x10 +#define SSL_PACKETLOST 0x08 + +#define SSLIsExpected(x) (((x)->status) & SSL_EXPECTED) +#define SSLIsUsed(x) (((x)->status) & SSL_USESSL) +#define SSLIsConn(x) (((x)->status) & SSL_CONNECTED) +#define SSLSetExpected(x) ((x)->status) |= SSL_EXPECTED +#define SSLSetUsed(x) ((x)->status) |= SSL_USESSL +#define SSLSetConn(x) ((x)->status) |= SSL_CONNECTED +#define SSLSetAll(x) ((x)->status) |= SSL_EXPECTED|SSL_USESSL|SSL_CONNECTED +#define SSLUnsetExpected(x) ((x)->status) &= ~SSL_EXPECTED +#define SSLUnsetUsed(x) ((x)->status) &= ~SSL_USESSL +#define SSLUnsetConn(x) ((x)->status) &= ~SSL_CONNECTED +#define SSLUnsetAll(x) ((x)->status) &= ~(SSL_EXPECTED|SSL_USESSL|SSL_CONNECTED|SSL_SOCKDOWN|SSL_PACKETLOST) + +#define SSLSetDown(x) ((x)->status) |= SSL_SOCKDOWN +#define SSLMustDown(x) (((x)->status) & SSL_SOCKDOWN) + +#define SSLIsPackLost(x) (((x)->status) & SSL_PACKETLOST) +#define SSLSetPackLost(x) ((x)->status) |= SSL_PACKETLOST +#define SSLUnsetPackLost(x) ((x)->status) &= ~SSL_PACKETLOST + +#define CHK_NULL(x) ((x) == NULL) +#define CHK_ERR(x) { \ + char errbuff[256]; \ + unsigned long sslerr = ERR_get_error (); \ + if (sslerr) { \ + ERR_error_string (sslerr, errbuff); \ + log ((x), "SSL error >>> %s", errbuff); \ + } \ +} + +#define PORT_PLAIN 0x80 +#define PORT_SSL 0x40 +#define PORT_MIXED (PORT_PLAIN|PORT_SSL) + +#define PORTIsPlain(x) (((x)->port_type) & PORT_PLAIN) +#define PORTIsSSL(x) (((x)->port_type) & PORT_SSL) +#define PORTIsMixed(x) (((x)->port_type) & PORT_MIXED) +#define PORTPlain(x) !(((x)->port_type) ^ PORT_PLAIN) +#define PORTSSL(x) !(((x)->port_type) ^ PORT_SSL) +#define PORTMixed(x) !(((x)->port_type) ^ PORT_MIXED) + + +struct SSL_comm_t { + u8 status; + SSL_CTX *ctx; + SSL *ssl; + X509 *cert; + SSL_METHOD *meth; +}; + +extern struct SSL_comm_t SSL_serv; + +#endif diff -Nur ./src/client.c.orig ./src/client.c --- ./src/client.c.orig Wed Apr 25 14:55:40 2001 +++ ./src/client.c Thu Dec 13 17:52:47 2001 @@ -54,6 +54,9 @@ #include #include +#ifdef ALLOW_SSL +#include "ssl.h" +#endif /* * Number of struct Client structures to preallocate at a time @@ -182,6 +185,14 @@ cptr->fludees = NULL; #endif #endif /* NULL_POINTER_NOT_ZERO */ + +#ifdef ALLOW_SSL + if ((cptr->ssl = (struct SSL_comm_t *) malloc (sizeof (*cptr->ssl))) == NULL) + goto finish; + SSLUnsetAll (cptr->ssl); + SSLSetExpected (cptr->ssl); +finish: +#endif return cptr; } diff -Nur ./src/listener.c.orig ./src/listener.c --- ./src/listener.c.orig Sun Oct 10 06:43:01 1999 +++ ./src/listener.c Wed Dec 12 13:32:46 2001 @@ -218,7 +218,11 @@ * vhost_ip - if non-null must contain a valid IP address string in * the format "255.255.255.255" */ +#ifdef ALLOW_SSL +void add_listener(int port, const char* vhost_ip, u8 port_type) +#else void add_listener(int port, const char* vhost_ip) +#endif { struct Listener* listener; struct in_addr vaddr; @@ -246,6 +250,9 @@ if (inetport(listener)) { listener->active = 1; +#ifdef ALLOW_SSL + listener->port_type = port_type; +#endif listener->next = ListenerPollList; ListenerPollList = listener; } diff -Nur ./src/m_capab.c.orig ./src/m_capab.c --- ./src/m_capab.c.orig Wed Jul 28 09:57:56 1999 +++ ./src/m_capab.c Thu Dec 13 13:29:53 2001 @@ -29,6 +29,10 @@ #include +#ifdef ALLOW_SSL +#include "ssl.h" +#endif + /* * m_functions execute protocol messages on this server: * @@ -104,6 +108,11 @@ return exit_client(cptr, cptr, cptr, "CAPAB received twice"); else cptr->caps |= CAP_CAP; + +#ifdef ALLOW_SSL + if (cptr->ssl && SSLIsConn (cptr->ssl)) + SetCapable (cptr, CAP_SSL); +#endif for (s = strtoken(&p, parv[1], " "); s; s = strtoken(&p, NULL, " ")) { diff -Nur ./src/m_whois.c.orig ./src/m_whois.c --- ./src/m_whois.c.orig Thu Oct 25 10:19:39 2001 +++ ./src/m_whois.c Wed Dec 12 16:13:56 2001 @@ -37,6 +37,10 @@ #include +#ifdef ALLOW_SSL +#include "ssl.h" +#endif + static char buf[BUFSIZE]; /* @@ -278,6 +282,12 @@ sendto_one(sptr, form_str(RPL_WHOISCHANNELS), me.name, parv[0], name, buf); +#ifdef ALLOW_SSL + if (SSLIsUsed (acptr->ssl) && SSLIsConn (acptr->ssl)) + sendto_one(sptr, ":%s 293 %s %s :Uses secured connection", + me.name, parv[0], name); +#endif + #ifdef SERVICES if (IsNSId(acptr)) sendto_one(sptr, form_str(RPL_NS_ID), @@ -438,6 +448,12 @@ if (buf[0] != '\0') sendto_one(sptr, form_str(RPL_WHOISCHANNELS), me.name, parv[0], name, buf); + +#ifdef ALLOW_SSL + if (SSLIsUsed (acptr->ssl) && SSLIsConn (acptr->ssl)) + sendto_one(sptr, ":%s 293 %s %s :Uses secured connection", + me.name, parv[0], name); +#endif #ifdef SERVICES if (IsNSId(acptr)) diff -Nur ./src/s_auth.c.orig ./src/s_auth.c --- ./src/s_auth.c.orig Tue Oct 17 09:20:51 2000 +++ ./src/s_auth.c Thu Dec 13 11:31:01 2001 @@ -52,6 +52,10 @@ #include #include +#ifdef ALLOW_SSL +#include "ssl.h" +#endif + /* * a bit different approach * this replaces the original sendheader macros @@ -83,8 +87,16 @@ REPORT_IP_MISMATCH } ReportType; +#ifndef ALLOW_SSL #define sendheader(c, r) \ send((c)->fd, HeaderMessages[(r)].message, HeaderMessages[(r)].length, 0) +#else +#define sendheader(c, r) \ + if (((c)->ssl) && SSLIsConn (((c)->ssl))) \ + SSL_write((SSL *) (((c)->ssl)->ssl), HeaderMessages[(r)].message, HeaderMessages[(r)].length); \ + else \ + send((c)->fd, HeaderMessages[(r)].message, HeaderMessages[(r)].length, 0); +#endif struct AuthRequest* AuthPollList = 0; /* GLOBAL - auth queries pending io */ @@ -187,8 +199,8 @@ sizeof(struct in_addr)) == 0) break; } - if (!hp->h_addr_list[i]) - sendheader(auth->client, REPORT_IP_MISMATCH); + if (!hp->h_addr_list[i]) { + sendheader(auth->client, REPORT_IP_MISMATCH); } else { ++reply->ref_count; auth->client->dns_reply = reply; diff -Nur ./src/s_bsd.c.orig ./src/s_bsd.c --- ./src/s_bsd.c.orig Sun Dec 31 02:12:01 2000 +++ ./src/s_bsd.c Thu Dec 13 18:43:51 2001 @@ -79,6 +79,12 @@ #define INADDR_NONE ((unsigned int) 0xffffffff) #endif +#ifdef ALLOW_SSL +#include "ssl.h" + +struct SSL_comm_t SSL_serv; +#endif + extern struct sockaddr_in vserv; /* defined in s_conf.c */ const char* const NONB_ERROR_MSG = "set_non_blocking failed for %s:%s"; @@ -116,6 +122,31 @@ void init_netio(void) { +#ifdef ALLOW_SSL + int err; + + SSLUnsetAll (&SSL_serv); + SSLSetUsed (&SSL_serv); + SSL_load_error_strings(); + SSLeay_add_ssl_algorithms(); + SSL_serv.meth = SSLv23_server_method(); + SSL_serv.ctx = SSL_CTX_new (SSL_serv.meth); + CHK_ERR (L_NOTICE); + if (err == -1 || CHK_NULL(SSL_serv.ctx)) + SSLUnsetUsed (&SSL_serv); + SSL_CTX_use_certificate_file (SSL_serv.ctx, CERTF, SSL_FILETYPE_PEM); + CHK_ERR (L_NOTICE); + if (err == -1) + SSLUnsetUsed (&SSL_serv); + SSL_CTX_use_PrivateKey_file (SSL_serv.ctx, KEYF, SSL_FILETYPE_PEM); + CHK_ERR (L_NOTICE); + if (err == -1) + SSLUnsetUsed (&SSL_serv); + SSL_CTX_check_private_key (SSL_serv.ctx); + CHK_ERR (L_NOTICE); + if (err == -1) + SSLUnsetUsed (&SSL_serv); +#endif #ifndef USE_POLL read_set = &readSet; write_set = &writeSet; @@ -279,6 +310,11 @@ { int retval; +#ifdef ALLOW_SSL + if (SSLIsConn (cptr->ssl)) + retval = SSL_write((SSL *)cptr->ssl->ssl, str, len); + else +#endif retval = send(cptr->fd, str, len, 0); /* ** Convert WOULDBLOCK to a return of "0 bytes moved". This @@ -374,6 +410,35 @@ SetHandshake(cptr); +#ifdef ALLOW_SSL +#ifdef NOT_SSLCLIENT + SSLUnsetExpected (cptr->ssl); +#endif + if (SSLIsExpected (cptr->ssl)) { + int err; + log (L_DEBUG, "SSLconnection to a server - neogotiating..."); + cptr->ssl->meth = SSLv23_client_method(); + cptr->ssl->ctx = SSL_CTX_new (cptr->ssl->meth); + if (CHK_NULL (cptr->ssl->ctx)) + goto finhs; + cptr->ssl->ssl = (SSL *) SSL_new (cptr->ssl->ctx); + if (err == -1) + goto finhs; + SSL_set_fd ((SSL *) cptr->ssl->ssl, cptr->fd); + SSLSetUsed (cptr->ssl); + err = SSL_connect ((SSL *) cptr->ssl->ssl); + if (err == -1) { + SSL_shutdown (cptr->ssl->ssl); + SSLUnsetUsed (cptr->ssl); + goto finhs; + } + SSLSetConn (cptr->ssl); + log (L_DEBUG, "SSLconnection to a server - succesful"); + } +finhs: + CHK_ERR (L_DEBUG); +#endif + if (!EmptyString(c_conf->passwd)) sendto_one(cptr, "PASS %s :TS", c_conf->passwd); @@ -766,11 +831,41 @@ new_client->listener = listener; ++listener->ref_count; +#ifdef ALLOW_SSL + if (new_client->listener && SSLIsExpected (new_client->ssl) && + SSLIsUsed (&SSL_serv) && PORTIsSSL (new_client->listener)) { + struct SSL_comm_t *cssl = new_client->ssl; + int err; + SSLUnsetPackLost (cssl); + log (L_DEBUG, "SSL accepting connection from a client..."); + cssl->meth = SSL_serv.meth; + cssl->ctx = SSL_serv.ctx; + cssl->ssl = (SSL *) SSL_new (cssl->ctx); + if (CHK_NULL (cssl->ssl)) + goto finlist; + SSLSetUsed (cssl); + SSL_set_fd ((SSL *) cssl->ssl, new_client->fd); + err = SSL_accept ((SSL *) cssl->ssl); + if (err == -1) { + SSL_shutdown (cssl->ssl); + SSLSetPackLost (cssl); + goto finlist; + } + SSLSetConn (cssl); + log (L_DEBUG, "SSL connection accepted from a client"); + } +finlist: + if (PORTSSL (new_client->listener) && !SSLIsConn (new_client->ssl)) + SSLSetDown (new_client->ssl); + CHK_ERR (L_DEBUG); +#endif + if (!set_non_blocking(new_client->fd)) report_error(NONB_ERROR_MSG, get_client_name(new_client, TRUE), errno); if (!disable_sock_options(new_client->fd)) report_error(OPT_ERROR_MSG, get_client_name(new_client, TRUE), errno); start_auth(new_client); + } /* @@ -833,8 +928,30 @@ int done; if (!(IsPerson(cptr) && DBufLength(&cptr->recvQ) > SBSD_MAX_CLIENT)) { - errno = 0; +#ifdef ALLOW_SSL + if (SSLIsConn (cptr->ssl)) + length = SSL_read ((SSL *)cptr->ssl->ssl, readBuf, READBUF_SIZE); + else +#endif length = recv(cptr->fd, readBuf, READBUF_SIZE, 0); + errno = 0; +#ifdef ALLOW_SSL + if (SSLIsPackLost (cptr->ssl) && length >= 1) { + char tmpbuff[READBUF_SIZE]; + SSL *cssl = cptr->ssl->ssl; + u16 tmpblen = 0; + SSLUnsetPackLost (cptr->ssl); + memset (tmpbuff, 0, READBUF_SIZE); + memcpy (tmpbuff, cssl->packet, cssl->packet_length); + tmpblen = cssl->packet_length; + if (READBUF_SIZE < (cssl->packet_length + length)) + length = READBUF_SIZE - cssl->packet_length; + tmpblen += length; + memcpy (tmpbuff + cssl->packet_length, readBuf, length); + length = (int) tmpblen; + memcpy (readBuf, tmpbuff, tmpblen); + } +#endif /* * If not ready, fake it so it isnt closed */ @@ -881,6 +998,10 @@ * it on the end of the receive queue and do it when its * turn comes around. */ +#ifdef ALLOW_SSL + if (SSLMustDown (cptr->ssl)) + return exit_client(cptr, cptr, cptr, "Unsecured connection"); +#endif if (!dbuf_put(&cptr->recvQ, readBuf, length)) return exit_client(cptr, cptr, cptr, "dbuf_put fail"); diff -Nur ./src/s_conf.c.orig ./src/s_conf.c --- ./src/s_conf.c.orig Sat Nov 17 19:34:56 2001 +++ ./src/s_conf.c Thu Dec 13 11:30:50 2001 @@ -2071,6 +2071,19 @@ case 'P': /* listen port line */ case 'p': aconf->status = CONF_LISTEN_PORT; +#ifdef ALLOW_SSL + aconf->cnftype = PORT_MIXED; + break; + case 'Z': + case 'z': + aconf->status = CONF_LISTEN_PORT; + aconf->cnftype = PORT_SSL; + break; + case 'F': + case 'f': + aconf->status = CONF_LISTEN_PORT; + aconf->cnftype = PORT_PLAIN; +#endif break; #ifdef DCCFILECHECK case 'R': /* rejected filetypes */ @@ -2255,9 +2268,15 @@ { dontadd = 1; if((aconf->passwd[0] == '\0') || (aconf->passwd[0] == '*')) +#ifdef ALLOW_SSL + add_listener(aconf->port, NULL, (u8) aconf->cnftype); + else + add_listener(aconf->port, (const char *)aconf->passwd, (u8) aconf->cnftype); +#else add_listener(aconf->port, NULL ); else add_listener(aconf->port, (const char *)aconf->passwd); +#endif } else if(aconf->status & CONF_CLIENT_MASK) { diff -Nur ./src/s_serv.c.orig ./src/s_serv.c --- ./src/s_serv.c.orig Wed Apr 25 01:32:12 2001 +++ ./src/s_serv.c Thu Dec 13 11:42:43 2001 @@ -75,6 +75,9 @@ #ifdef ZIP_LINKS { "ZIP", CAP_ZIP }, #endif +#ifdef ALLOW_SSL + { "SSL", CAP_SSL }, +#endif { "QS", CAP_QS }, { "EX", CAP_EX }, { "CHW", CAP_CHW },