From e77adef0481b428390969a3e06c42f1816ec75fa Mon Sep 17 00:00:00 2001
From: psychon <psychon@726aef4b-f618-498e-8847-2d620e286838>
Date: Sun, 11 Apr 2010 19:00:30 +0000
Subject: [PATCH] Update to latest Csocket

This gets rid of some openssl-related warnings from valgrind's memcheck and adds
Csock::GetPeerFingerprint().


git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1905 726aef4b-f618-498e-8847-2d620e286838
---
 Csocket.cpp | 35 ++++++++++++++++++++++++++++++++++-
 Csocket.h   |  7 +++++--
 2 files changed, 39 insertions(+), 3 deletions(-)

diff --git a/Csocket.cpp b/Csocket.cpp
index c8c89b5b..a5e18cbb 100644
--- a/Csocket.cpp
+++ b/Csocket.cpp
@@ -28,7 +28,7 @@
 * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 *
-* $Revision: 1.134 $
+* $Revision: 1.135 $
 */
 
 #include "Csocket.h"
@@ -36,6 +36,11 @@
 #include <sys/param.h>
 #endif /* __NetBSD__ */
 
+#ifdef HAVE_LIBSSL
+#include <openssl/conf.h>
+#include <openssl/engine.h>
+#endif /* HAVE_LIBSSL */
+
 #include <list>
 
 #define CS_SRANDBUFFER 128
@@ -404,7 +409,12 @@ bool InitCsocket()
 void ShutdownCsocket()
 {
 #ifdef HAVE_LIBSSL
+	ERR_remove_state(0);
+	ENGINE_cleanup();
+	CONF_modules_unload(1);
 	ERR_free_strings();
+	EVP_cleanup();
+	CRYPTO_cleanup_all_ex_data();
 #endif /* HAVE_LIBSSL */
 #ifdef HAVE_C_ARES
 #if ARES_VERSION >= CREATE_ARES_VER( 1, 6, 1 )
@@ -2029,6 +2039,29 @@ CS_STRING Csock::GetPeerPubKey()
 	}
 	return( sKey );
 }
+int Csock::GetPeerFingerprint( CS_STRING & sFP )
+{
+	sFP.clear();
+
+	if ( !GetSSL() )
+		return 0;
+
+	X509* pCert = getX509();
+
+	// Inspired by charybdis
+	if ( pCert )
+	{
+		for (int i = 0; i < SHA_DIGEST_LENGTH; i++)
+		{
+			char buf[3];
+			snprintf(buf, 3, "%02x", pCert->sha1_hash[i]);
+			sFP += buf;
+		}
+		X509_free(pCert);
+	}
+
+	return SSL_get_verify_result(m_ssl);
+}
 unsigned int Csock::GetRequireClientCertFlags() { return( m_iRequireClientCertFlags ); }
 void Csock::SetRequiresClientCert( bool bRequiresCert ) { m_iRequireClientCertFlags = ( bRequiresCert ? SSL_VERIFY_FAIL_IF_NO_PEER_CERT|SSL_VERIFY_PEER : 0 ); }
 
diff --git a/Csocket.h b/Csocket.h
index 2799005e..3e5ccca8 100644
--- a/Csocket.h
+++ b/Csocket.h
@@ -28,7 +28,7 @@
 * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 *
-* $Revision: 1.227 $
+* $Revision: 1.228 $
 */
 
 // note to compile with win32 need to link to winsock2, using gcc its -lws2_32
@@ -765,8 +765,11 @@ public:
 #ifdef HAVE_LIBSSL
 	X509 *getX509();
 
-	//! Returns The Peers Public Key
+	//! Returns the peer's public key
 	CS_STRING GetPeerPubKey();
+	//! Returns the peer's certificate finger print
+	int GetPeerFingerprint( CS_STRING & sFP);
+
 	unsigned int GetRequireClientCertFlags();
 	//! legacy, deprecated @see SetRequireClientCertFlags
 	void SetRequiresClientCert( bool bRequiresCert );