From b6388eb7fe35325fdbe528fa3b369f1848ca0f05 Mon Sep 17 00:00:00 2001 From: LoaD Accumulator Date: Tue, 3 Oct 2023 16:56:39 +0200 Subject: [PATCH 1/3] [FIX] Fix issue related to TLS The Makefile didn't properly set TLS_IMPL, effectively causing no TLS implementation to be put in. --- configure | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configure b/configure index 65df084..3f05817 100755 --- a/configure +++ b/configure @@ -37,11 +37,11 @@ echo "Ran with arguments: $SCRIPT_ARGS" for arg in $SCRIPT_ARGS; do case "$arg" in --with-openssl) - TLS_IMPL="OPENSSL" + TLS_IMPL="TLS_OPENSSL" TLS_LIBS="-lcrypto -lssl" ;; --with-libressl) - TLS_IMPL="LIBRESSL" + TLS_IMPL="TLS_LIBRESSL" TLS_LIBS="-ltls -lcrypto -lssl" ;; --disable-tls) -- 2.45.2 From 5dc1ec49eb777e3887014ad0d682bad664068ce6 Mon Sep 17 00:00:00 2001 From: LDA Date: Wed, 19 Jun 2024 17:40:06 +0200 Subject: [PATCH 2/3] [FIX] Actually set fd. I *should* have seen that one coming, oops! --- src/Tls/TlsOpenSSL.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/Tls/TlsOpenSSL.c b/src/Tls/TlsOpenSSL.c index 07b7bd5..8020ec1 100644 --- a/src/Tls/TlsOpenSSL.c +++ b/src/Tls/TlsOpenSSL.c @@ -89,6 +89,7 @@ TlsInitClient(int fd, const char *serverName) cookie->method = TLS_client_method(); cookie->ctx = SSL_CTX_new(cookie->method); + coolie->fd = fd; if (!cookie->ctx) { goto error; -- 2.45.2 From d7faff734cfc2066ccb820fc4344491077630cb9 Mon Sep 17 00:00:00 2001 From: LDA Date: Sun, 23 Jun 2024 07:52:32 +0200 Subject: [PATCH 3/3] [FIX] Actually apply serverName As it turns out, it *was* odd. Not doing that will cause *someone* to spend several hours fixing a SSL problem around a bridge they're making, which needs to download media from a server and can't from *some* for an undiscernable reason, causing said person to start going insane before realising that Cytoplasm didn't set the server name properly. --- src/Tls/TlsOpenSSL.c | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/src/Tls/TlsOpenSSL.c b/src/Tls/TlsOpenSSL.c index 8020ec1..a956d2a 100644 --- a/src/Tls/TlsOpenSSL.c +++ b/src/Tls/TlsOpenSSL.c @@ -71,14 +71,6 @@ TlsInitClient(int fd, const char *serverName) OpenSSLCookie *cookie; char errorStr[256]; - /* - * TODO: Seems odd that this isn't needed to make the - * connection... we should figure out how to verify the - * certificate matches the server we think we're - * connecting to. - */ - (void) serverName; - cookie = Malloc(sizeof(OpenSSLCookie)); if (!cookie) { @@ -96,6 +88,7 @@ TlsInitClient(int fd, const char *serverName) } cookie->ssl = SSL_new(cookie->ctx); + SSL_set_tlsext_host_name(cookie->ssl, serverName); if (!cookie->ssl) { goto error; -- 2.45.2