Update to latest Csocket

This gets rid of some openssl-related warnings from valgrind's memcheck and adds Csock::GetPeerFingerprint(). git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1905 726aef4b-f618-498e-8847-2d620e286838
2026-03-28 17:42:41 +01:00 · 2010-04-11 19:00:30 +00:00
parent 48148d6a30
commit e77adef048
2 changed files with 39 additions and 3 deletions
--- a/Csocket.cpp
+++ b/Csocket.cpp
@@ -28,7 +28,7 @@
 * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 *
-* $Revision: 1.134 $
+* $Revision: 1.135 $
 */

 #include "Csocket.h"
@@ -36,6 +36,11 @@
 #include <sys/param.h>
 #endif /* __NetBSD__ */

+#ifdef HAVE_LIBSSL
+#include <openssl/conf.h>
+#include <openssl/engine.h>
+#endif /* HAVE_LIBSSL */
+
 #include <list>

 #define CS_SRANDBUFFER 128
@@ -404,7 +409,12 @@ bool InitCsocket()
 void ShutdownCsocket()
 {
 #ifdef HAVE_LIBSSL
+	ERR_remove_state(0);
+	ENGINE_cleanup();
+	CONF_modules_unload(1);
 	ERR_free_strings();
+	EVP_cleanup();
+	CRYPTO_cleanup_all_ex_data();
 #endif /* HAVE_LIBSSL */
 #ifdef HAVE_C_ARES
 #if ARES_VERSION >= CREATE_ARES_VER( 1, 6, 1 )
@@ -2029,6 +2039,29 @@ CS_STRING Csock::GetPeerPubKey()
 	}
 	return( sKey );
 }
+int Csock::GetPeerFingerprint( CS_STRING & sFP )
+{
+	sFP.clear();
+
+	if ( !GetSSL() )
+		return 0;
+
+	X509* pCert = getX509();
+
+	// Inspired by charybdis
+	if ( pCert )
+	{
+		for (int i = 0; i < SHA_DIGEST_LENGTH; i++)
+		{
+			char buf[3];
+			snprintf(buf, 3, "%02x", pCert->sha1_hash[i]);
+			sFP += buf;
+		}
+		X509_free(pCert);
+	}
+
+	return SSL_get_verify_result(m_ssl);
+}
 unsigned int Csock::GetRequireClientCertFlags() { return( m_iRequireClientCertFlags ); }
 void Csock::SetRequiresClientCert( bool bRequiresCert ) { m_iRequireClientCertFlags = ( bRequiresCert ? SSL_VERIFY_FAIL_IF_NO_PEER_CERT|SSL_VERIFY_PEER : 0 ); }