Menu
▾
▴
[Dcplusplus-commit] SF.net SVN: dcplusplus: [625] dcplusplus/trunk
|
From: <arn...@us...> - 2006-07-08 17:02:20
|
Revision: 625 Author: arnetheduck Date: 2006-07-08 10:01:15 -0700 (Sat, 08 Jul 2006) ViewCVS: http://svn.sourceforge.net/dcplusplus/?rev=625&view=rev Log Message: ----------- SSL fixes Modified Paths: -------------- dcplusplus/trunk/DCPlusPlus.rc dcplusplus/trunk/Example.xml dcplusplus/trunk/changelog.txt dcplusplus/trunk/client/BufferedSocket.cpp dcplusplus/trunk/client/BufferedSocket.h dcplusplus/trunk/client/Client.cpp dcplusplus/trunk/client/CryptoManager.cpp dcplusplus/trunk/client/CryptoManager.h dcplusplus/trunk/client/HttpConnection.cpp dcplusplus/trunk/client/SSLSocket.cpp dcplusplus/trunk/client/SettingsManager.cpp dcplusplus/trunk/client/ShareManager.cpp dcplusplus/trunk/client/StringDefs.cpp dcplusplus/trunk/client/StringDefs.h dcplusplus/trunk/client/UserConnection.cpp dcplusplus/trunk/client/Util.cpp dcplusplus/trunk/windows/CertificatesPage.cpp dcplusplus/trunk/windows/CertificatesPage.h dcplusplus/trunk/windows/resource.h dcplusplus/trunk/yassl/src/ssl.cpp Modified: dcplusplus/trunk/DCPlusPlus.rc =================================================================== --- dcplusplus/trunk/DCPlusPlus.rc 2006-07-02 20:59:53 UTC (rev 624) +++ dcplusplus/trunk/DCPlusPlus.rc 2006-07-08 17:01:15 UTC (rev 625) @@ -681,9 +681,9 @@ CAPTION "Security Certificates" FONT 8, "MS Shell Dlg", 0, 0, 0x0 BEGIN - EDITTEXT IDC_TLS_PRIVATE_KEY_FILE,102,7,166,14,ES_AUTOHSCROLL - EDITTEXT IDC_TLS_CERTIFICATE_FILE,102,24,166,14,ES_AUTOHSCROLL - EDITTEXT IDC_TLS_TRUSTED_CERTIFICATES_PATH,102,42,166,14, + EDITTEXT IDC_TLS_PRIVATE_KEY_FILE,102,7,141,14,ES_AUTOHSCROLL + EDITTEXT IDC_TLS_CERTIFICATE_FILE,102,24,141,14,ES_AUTOHSCROLL + EDITTEXT IDC_TLS_TRUSTED_CERTIFICATES_PATH,102,42,141,14, ES_AUTOHSCROLL LTEXT "Private key file",IDC_STATIC,50,10,48,8 LTEXT "Own certificate file",IDC_STATIC,37,27,61,8 @@ -694,7 +694,11 @@ IDC_STATIC,7,201,200,8 CONTROL "",IDC_TLS_OPTIONS,"SysListView32",LVS_REPORT | LVS_SINGLESEL | LVS_ALIGNLEFT | LVS_NOCOLUMNHEADER | - LVS_NOSORTHEADER | WS_BORDER | WS_TABSTOP,15,72,243,90 + LVS_NOSORTHEADER | WS_BORDER | WS_TABSTOP,7,89,261,90 + PUSHBUTTON "Generate certificates",IDC_GENERATE_CERTS,184,62,84,14 + PUSHBUTTON "...",IDC_BROWSE_PRIVATE_KEY,247,7,21,14 + PUSHBUTTON "...",IDC_BROWSE_CERTIFICATE,247,24,21,14 + PUSHBUTTON "...",IDC_BROWSE_TRUSTED_PATH,248,42,20,14 END Modified: dcplusplus/trunk/Example.xml =================================================================== --- dcplusplus/trunk/Example.xml 2006-07-02 20:59:53 UTC (rev 624) +++ dcplusplus/trunk/Example.xml 2006-07-08 17:01:15 UTC (rev 625) @@ -41,6 +41,7 @@ <String Name="BrowseAccel">&Browse...</String> <String Name="BrowseFileList">Browse file list</String> <String Name="CertificateNotTrusted">Certificate not trusted, unable to connect</String> + <String Name="CertificateGenerationFailed">TLS disabled, failed to generate certificate: </String> <String Name="ChooseFolder">Choose folder</String> <String Name="Cid">CID</String> <String Name="Close">Close</String> @@ -117,6 +118,8 @@ <String Name="ErrorSavingHash">Error saving hash data: </String> <String Name="ExactSize">Exact size</String> <String Name="Executable">Executable</String> + <String Name="FailedToLoadCertificate">Failed to load certificate file</String> + <String Name="FailedToLoadPrivateKey">Failed to load private key</String> <String Name="FavJoinShowingOff">Join/part of favorite users showing off</String> <String Name="FavJoinShowingOn">Join/part of favorite users showing on</String> <String Name="FavoriteDirName">Favorite name</String> @@ -288,14 +291,15 @@ <String Name="Nick">Nick</String> <String Name="NickTaken">Your nick was already taken, please change to something else!</String> <String Name="NickUnknown"> (Nick unknown)</String> + <String Name="NoCertificateFileSet">TLS disabled, no certificate file set</String> <String Name="NoCrc32Match"> not shared; calculated CRC32 does not match the one found in SFV file.</String> - <String Name="NoStr">No</String> <String Name="NoDirectorySpecified">No directory specified</String> <String Name="NoDownloadsFromSelf">You're trying to download from yourself!</String> <String Name="NoDownloadsFromPassive">Can't download from passive users when you're passive</String> <String Name="NoErrors">No errors</String> <String Name="NoMatches">No matches</String> <String Name="NoSlotsAvailable">No slots available</String> + <String Name="NoStr">No</String> <String Name="NoUsers">No users</String> <String Name="NoUsersToDownloadFrom">No users to download from</String> <String Name="Normal">Normal</String> @@ -372,7 +376,7 @@ <String Name="SettingsAdvanced3">Advanced\Experts only</String> <String Name="SettingsAdvancedResume">Advanced resume using TTH</String> <String Name="SettingsAdvancedSettings">Advanced settings</String> - <String Name="SettingsAllowUntrustedClients">Allow TLS connections to hubs without trusted certificate</String> + <String Name="SettingsAllowUntrustedClients">Allow TLS connections to clients without trusted certificate</String> <String Name="SettingsAllowUntrustedHubs">Allow TLS connections to hubs without trusted certificate</String> <String Name="SettingsAntiFrag">Use antifragmentation method for downloads</String> <String Name="SettingsAppearance">Appearance</String> Modified: dcplusplus/trunk/changelog.txt =================================================================== --- dcplusplus/trunk/changelog.txt 2006-07-02 20:59:53 UTC (rev 624) +++ dcplusplus/trunk/changelog.txt 2006-07-08 17:01:15 UTC (rev 625) @@ -31,6 +31,8 @@ * Added protection from hubs/clients sending junk data resulting in high memory usage / crash * Updated to yaSSL 1.3.7 * Added a few TLS options; [U] in transfer status means untrusted TLS (encrypted but certificate not validated) +* Added certificate generation, OpenSSL must be installed and in PATH for this to work +* [bug 996] Fixed an issue where directories that are hard to delete were created -- 0.691 2006-06-03 -- * Links to bugzilla in html changelog Modified: dcplusplus/trunk/client/BufferedSocket.cpp =================================================================== --- dcplusplus/trunk/client/BufferedSocket.cpp 2006-07-02 20:59:53 UTC (rev 624) +++ dcplusplus/trunk/client/BufferedSocket.cpp 2006-07-08 17:01:15 UTC (rev 625) @@ -72,11 +72,11 @@ } } -void BufferedSocket::accept(const Socket& srv, bool secure) throw(SocketException, ThreadException) { +void BufferedSocket::accept(const Socket& srv, bool secure, bool allowUntrusted) throw(SocketException, ThreadException) { dcassert(!sock); dcdebug("BufferedSocket::accept() %p\n", (void*)this); - sock = secure ? CryptoManager::getInstance()->getClientSocket() : new Socket; + sock = secure ? CryptoManager::getInstance()->getServerSocket(allowUntrusted) : new Socket; sock->accept(srv); if(SETTING(SOCKET_IN_BUFFER) > 0) @@ -100,11 +100,11 @@ addTask(ACCEPTED, 0); } -void BufferedSocket::connect(const string& aAddress, short aPort, bool secure, bool proxy) throw(SocketException, ThreadException) { +void BufferedSocket::connect(const string& aAddress, short aPort, bool secure, bool allowUntrusted, bool proxy) throw(SocketException, ThreadException) { dcassert(!sock); dcdebug("BufferedSocket::connect() %p\n", (void*)this); - sock = secure ? CryptoManager::getInstance()->getClientSocket() : new Socket; + sock = secure ? CryptoManager::getInstance()->getClientSocket(allowUntrusted) : new Socket; sock->create(); if(SETTING(SOCKET_IN_BUFFER) >= 1024) Modified: dcplusplus/trunk/client/BufferedSocket.h =================================================================== --- dcplusplus/trunk/client/BufferedSocket.h 2006-07-02 20:59:53 UTC (rev 624) +++ dcplusplus/trunk/client/BufferedSocket.h 2006-07-08 17:01:15 UTC (rev 625) @@ -86,8 +86,8 @@ Thread::sleep(100); } - void accept(const Socket& srv, bool secure) throw(SocketException, ThreadException); - void connect(const string& aAddress, short aPort, bool secure, bool proxy) throw(SocketException, ThreadException); + void accept(const Socket& srv, bool secure, bool allowUntrusted) throw(SocketException, ThreadException); + void connect(const string& aAddress, short aPort, bool secure, bool allowUntrusted, bool proxy) throw(SocketException, ThreadException); /** Sets data mode for aBytes bytes. Must be called within onLine. */ void setDataMode(int64_t aBytes = -1) { mode = MODE_DATA; dataBytes = aBytes; } Modified: dcplusplus/trunk/client/Client.cpp =================================================================== --- dcplusplus/trunk/client/Client.cpp 2006-07-02 20:59:53 UTC (rev 624) +++ dcplusplus/trunk/client/Client.cpp 2006-07-08 17:01:15 UTC (rev 625) @@ -97,7 +97,7 @@ try { socket = BufferedSocket::getSocket(separator); socket->addListener(this); - socket->connect(address, port, secure, true); + socket->connect(address, port, secure, BOOLSETTING(ALLOW_UNTRUSTED_HUBS), true); } catch(const Exception& e) { if(socket) { BufferedSocket::putSocket(socket); @@ -109,12 +109,6 @@ } void Client::on(Connected) throw() { - if(socket->isSecure() && !socket->isTrusted() && !BOOLSETTING(ALLOW_UNTRUSTED_HUBS)) { - fire(ClientListener::StatusMessage(), this, STRING(CERTIFICATE_NOT_TRUSTED)); - disconnect(true); - return; - } - updateActivity(); ip = socket->getIp(); fire(ClientListener::Connected(), this); Modified: dcplusplus/trunk/client/CryptoManager.cpp =================================================================== --- dcplusplus/trunk/client/CryptoManager.cpp 2006-07-02 20:59:53 UTC (rev 624) +++ dcplusplus/trunk/client/CryptoManager.cpp 2006-07-08 17:01:15 UTC (rev 625) @@ -25,6 +25,7 @@ #include "BitOutputStream.h" #include "ResourceManager.h" #include "LogManager.h" +#include "ClientManager.h" #include <openssl/ssl.h> @@ -38,6 +39,8 @@ : clientContext(SSL_CTX_new(TLSv1_client_method())), serverContext(SSL_CTX_new(TLSv1_server_method())), + clientVerContext(SSL_CTX_new(TLSv1_client_method())), + serverVerContext(SSL_CTX_new(TLSv1_server_method())), dh(DH_new()), certsLoaded(false), lock("EXTENDEDPROTOCOLABCABCABCABCABCABC"), @@ -84,64 +87,103 @@ return BOOLSETTING(USE_TLS) && certsLoaded; } -bool CryptoManager::generateCertificate() throw() { +void CryptoManager::generateCertificate() throw(CryptoException) { #ifdef _WIN32 // Generate certificate using OpenSSL if(SETTING(TLS_PRIVATE_KEY_FILE).empty()) { - return false; + throw CryptoException("No private key file chosen"); } - wstring cmd = L"openssl.exe -out \"" + Text::utf8ToWide(SETTING(TLS_PRIVATE_KEY_FILE)) + L"\" 2048"; + if(SETTING(TLS_CERTIFICATE_FILE).empty()) { + throw CryptoException("No certificate file chosen"); + } + wstring cmd = L"openssl.exe genrsa -out \"" + Text::utf8ToWide(SETTING(TLS_PRIVATE_KEY_FILE)) + L"\" 2048"; PROCESS_INFORMATION pi = { 0 }; STARTUPINFO si = { 0 }; si.cb = sizeof(si); - if(!CreateProcess(L"openssl.exe", const_cast<wchar_t*>(cmd.c_str()), 0, 0, FALSE, 0, 0, 0, 0, &pi)) { - return false; + if(!CreateProcess(0, const_cast<wchar_t*>(cmd.c_str()), 0, 0, FALSE, 0, 0, 0, &si, &pi)) { + throw CryptoException(Util::translateError(::GetLastError())); } WaitForSingleObject(pi.hProcess, INFINITE); CloseHandle(pi.hThread); CloseHandle(pi.hProcess); - cmd = L"openssl.exe x509 -x509 -new -batch -key \"" + Text::utf8ToWide(SETTING(TLS_PRIVATE_KEY_FILE)) + - L"\" -out \"" + Text::utf8ToWide(SETTING(TLS_CERTIFICATE_FILE)) + L"\""; + cmd = L"openssl.exe req -x509 -new -batch -days 3650 -key \"" + Text::utf8ToWide(SETTING(TLS_PRIVATE_KEY_FILE)) + + L"\" -out \"" + Text::utf8ToWide(SETTING(TLS_CERTIFICATE_FILE)) + L"\" -subj \"/CN=" + + Text::utf8ToWide(ClientManager::getInstance()->getMyCID().toBase32()) + L"\""; - if(!CreateProcess(L"openssl.exe", const_cast<wchar_t*>(cmd.c_str()), 0, 0, FALSE, 0, 0, 0, 0, &pi)) { - return false; + if(!CreateProcess(0, const_cast<wchar_t*>(cmd.c_str()), 0, 0, FALSE, 0, 0, 0, &si, &pi)) { + throw CryptoException(Util::translateError(::GetLastError())); } WaitForSingleObject(pi.hProcess, INFINITE); CloseHandle(pi.hThread); CloseHandle(pi.hProcess); #endif - return true; } void CryptoManager::loadCertificates() throw() { + if(!BOOLSETTING(USE_TLS)) + return; + SSL_CTX_set_verify(serverContext, SSL_VERIFY_NONE, 0); SSL_CTX_set_verify(clientContext, SSL_VERIFY_NONE, 0); + SSL_CTX_set_verify(clientVerContext, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0); + SSL_CTX_set_verify(serverVerContext, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0); - if(!SETTING(TLS_CERTIFICATE_FILE).empty()) { - if(SSL_CTX_use_certificate_file(serverContext, SETTING(TLS_CERTIFICATE_FILE).c_str(), SSL_FILETYPE_PEM) != SSL_SUCCESS) { - LogManager::getInstance()->message("Failed to load certificate file"); - return; - } - if(SSL_CTX_use_certificate_file(clientContext, SETTING(TLS_CERTIFICATE_FILE).c_str(), SSL_FILETYPE_PEM) != SSL_SUCCESS) { - LogManager::getInstance()->message("Failed to load certificate file"); - return; - } + const string& cert = SETTING(TLS_CERTIFICATE_FILE); + const string& key = SETTING(TLS_PRIVATE_KEY_FILE); + + if(cert.empty() || key.empty()) { + LogManager::getInstance()->message(STRING(NO_CERTIFICATE_FILE_SET)); + return; } - if(!SETTING(TLS_PRIVATE_KEY_FILE).empty()) { - if(SSL_CTX_use_PrivateKey_file(serverContext, SETTING(TLS_PRIVATE_KEY_FILE).c_str(), SSL_FILETYPE_PEM) != SSL_SUCCESS) { - LogManager::getInstance()->message("Failed to load private key"); - return; + if(File::getSize(cert) == -1 || File::getSize(key) == -1) { + // Try to generate them... + try { + generateCertificate(); + } catch(const CryptoException& e) { + LogManager::getInstance()->message(STRING(CERTIFICATE_GENERATION_FAILED) + e.getError()); } - if(SSL_CTX_use_PrivateKey_file(clientContext, SETTING(TLS_PRIVATE_KEY_FILE).c_str(), SSL_FILETYPE_PEM) != SSL_SUCCESS) { - LogManager::getInstance()->message("Failed to load private key"); - return; - } } + if(SSL_CTX_use_certificate_file(serverContext, SETTING(TLS_CERTIFICATE_FILE).c_str(), SSL_FILETYPE_PEM) != SSL_SUCCESS) { + LogManager::getInstance()->message(STRING(FAILED_TO_LOAD_CERTIFICATE)); + return; + } + if(SSL_CTX_use_certificate_file(clientContext, SETTING(TLS_CERTIFICATE_FILE).c_str(), SSL_FILETYPE_PEM) != SSL_SUCCESS) { + LogManager::getInstance()->message(STRING(FAILED_TO_LOAD_CERTIFICATE)); + return; + } + + if(SSL_CTX_use_certificate_file(serverVerContext, SETTING(TLS_CERTIFICATE_FILE).c_str(), SSL_FILETYPE_PEM) != SSL_SUCCESS) { + LogManager::getInstance()->message(STRING(FAILED_TO_LOAD_CERTIFICATE)); + return; + } + if(SSL_CTX_use_certificate_file(clientVerContext, SETTING(TLS_CERTIFICATE_FILE).c_str(), SSL_FILETYPE_PEM) != SSL_SUCCESS) { + LogManager::getInstance()->message(STRING(FAILED_TO_LOAD_CERTIFICATE)); + return; + } + + if(SSL_CTX_use_PrivateKey_file(serverContext, SETTING(TLS_PRIVATE_KEY_FILE).c_str(), SSL_FILETYPE_PEM) != SSL_SUCCESS) { + LogManager::getInstance()->message(STRING(FAILED_TO_LOAD_PRIVATE_KEY)); + return; + } + if(SSL_CTX_use_PrivateKey_file(clientContext, SETTING(TLS_PRIVATE_KEY_FILE).c_str(), SSL_FILETYPE_PEM) != SSL_SUCCESS) { + LogManager::getInstance()->message(STRING(FAILED_TO_LOAD_PRIVATE_KEY)); + return; + } + + if(SSL_CTX_use_PrivateKey_file(serverVerContext, SETTING(TLS_PRIVATE_KEY_FILE).c_str(), SSL_FILETYPE_PEM) != SSL_SUCCESS) { + LogManager::getInstance()->message(STRING(FAILED_TO_LOAD_PRIVATE_KEY)); + return; + } + if(SSL_CTX_use_PrivateKey_file(clientVerContext, SETTING(TLS_PRIVATE_KEY_FILE).c_str(), SSL_FILETYPE_PEM) != SSL_SUCCESS) { + LogManager::getInstance()->message(STRING(FAILED_TO_LOAD_PRIVATE_KEY)); + return; + } + #ifdef _WIN32 WIN32_FIND_DATA data; HANDLE hFind; @@ -163,11 +205,11 @@ } -SSLSocket* CryptoManager::getClientSocket() throw(SocketException) { - return new SSLSocket(clientContext); +SSLSocket* CryptoManager::getClientSocket(bool allowUntrusted) throw(SocketException) { + return new SSLSocket(allowUntrusted ? clientContext : clientVerContext); } -SSLSocket* CryptoManager::getServerSocket() throw(SocketException) { - return new SSLSocket(serverContext); +SSLSocket* CryptoManager::getServerSocket(bool allowUntrusted) throw(SocketException) { + return new SSLSocket(allowUntrusted ? serverContext : serverVerContext); } Modified: dcplusplus/trunk/client/CryptoManager.h =================================================================== --- dcplusplus/trunk/client/CryptoManager.h 2006-07-02 20:59:53 UTC (rev 624) +++ dcplusplus/trunk/client/CryptoManager.h 2006-07-08 17:01:15 UTC (rev 625) @@ -81,11 +81,11 @@ void decodeHuffman(const u_int8_t* /*is*/, string& /*os*/, const size_t /*len*/) throw(CryptoException); void decodeBZ2(const u_int8_t* is, size_t sz, string& os) throw(CryptoException); - SSLSocket* getClientSocket() throw(SocketException); - SSLSocket* getServerSocket() throw(SocketException); + SSLSocket* getClientSocket(bool allowUntrusted) throw(SocketException); + SSLSocket* getServerSocket(bool allowUntrusted) throw(SocketException); void loadCertificates() throw(); - bool generateCertificate() throw(); + void generateCertificate() throw(CryptoException); bool TLSOk() const throw(); private: @@ -118,7 +118,10 @@ }; SSL_CTX* clientContext; + SSL_CTX* clientVerContext; SSL_CTX* serverContext; + SSL_CTX* serverVerContext; + DH* dh; bool certsLoaded; Modified: dcplusplus/trunk/client/HttpConnection.cpp =================================================================== --- dcplusplus/trunk/client/HttpConnection.cpp 2006-07-02 20:59:53 UTC (rev 624) +++ dcplusplus/trunk/client/HttpConnection.cpp 2006-07-08 17:01:15 UTC (rev 625) @@ -68,7 +68,7 @@ } socket->addListener(this); try { - socket->connect(server, port, false, false); + socket->connect(server, port, false, false, false); } catch(const Exception& e) { fire(HttpConnectionListener::Failed(), this, e.getError() + " (" + currentUrl + ")"); } Modified: dcplusplus/trunk/client/SSLSocket.cpp =================================================================== --- dcplusplus/trunk/client/SSLSocket.cpp 2006-07-02 20:59:53 UTC (rev 624) +++ dcplusplus/trunk/client/SSLSocket.cpp 2006-07-08 17:01:15 UTC (rev 625) @@ -114,9 +114,9 @@ int SSLSocket::wait(u_int32_t millis, int waitFor) throw(SocketException) { if(ssl && (waitFor & Socket::WAIT_READ)) { /** @todo Take writing into account as well if reading is possible? */ -// if(SSL_pending(ssl) > 0) -// return WAIT_READ; - // doesn't work in yassl...sigh... + char c; + if(SSL_peek(ssl, &c, 1) > 0) + return WAIT_READ; } return Socket::wait(millis, waitFor); } Modified: dcplusplus/trunk/client/SettingsManager.cpp =================================================================== --- dcplusplus/trunk/client/SettingsManager.cpp 2006-07-02 20:59:53 UTC (rev 624) +++ dcplusplus/trunk/client/SettingsManager.cpp 2006-07-08 17:01:15 UTC (rev 625) @@ -44,7 +44,7 @@ "FinishedULWidths", "FinishedULOrder", "CID", "SpyFrameWidths", "SpyFrameOrder", "LogFileMainChat", "LogFilePrivateChat", "LogFileStatus", "LogFileUpload", "LogFileDownload", "LogFileSystem", "LogFormatSystem", "LogFormatStatus", "DirectoryListingFrameOrder", "DirectoryListingFrameWidths", - "SslPrivateKeyFile", "SslCertificateFile", "SslTrustedCertificatesPath", + "TLSPrivateKeyFile", "TLSCertificateFile", "TLSTrustedCertificatesPath", "SENTRY", // Ints "IncomingConnections", "InPort", "Slots", "Rollback", "AutoFollow", "ClearSearch", @@ -73,8 +73,9 @@ "NoIpOverride", "SearchOnlyFreeSlots", "LastSearchType", "BoldFinishedDownloads", "BoldFinishedUploads", "BoldQueue", "BoldHub", "BoldPm", "BoldSearch", "SocketInBuffer", "SocketOutBuffer", "OnlyDlTthFiles", "OpenWaitingUsers", "BoldWaitingUsers", "OpenSystemLog", "BoldSystemLog", "AutoRefreshTime", - "UseSsl", "AutoSearchLimit", "AltSortOrder", "AutoKickNoFavs", "PromptPassword", "SpyFrameIgnoreTthSearches", + "UseTLS", "AutoSearchLimit", "AltSortOrder", "AutoKickNoFavs", "PromptPassword", "SpyFrameIgnoreTthSearches", "DontDlAlreadyQueued", "MaxCommandLength", "AllowUntrustedHubs", "AllowUntrustedClients", + "TLSPort", "SENTRY", // Int64 "TotalUpload", "TotalDownload", @@ -244,6 +245,8 @@ setDefault(OPEN_WAITING_USERS, false); setDefault(OPEN_SYSTEM_LOG, true); setDefault(TLS_TRUSTED_CERTIFICATES_PATH, Util::getConfigPath() + "Certificates" PATH_SEPARATOR_STR); + setDefault(TLS_PRIVATE_KEY_FILE, Util::getConfigPath() + "Certificates" PATH_SEPARATOR_STR "client.key"); + setDefault(TLS_CERTIFICATE_FILE, Util::getConfigPath() + "Certificates" PATH_SEPARATOR_STR "client.crt"); setDefault(BOLD_FINISHED_DOWNLOADS, true); setDefault(BOLD_FINISHED_UPLOADS, true); setDefault(BOLD_QUEUE, true); @@ -361,6 +364,8 @@ set(PRIVATE_ID, CID::generate().toBase32()); #endif setDefault(UDP_PORT, SETTING(TCP_PORT)); + + File::ensureDirectory(SETTING(TLS_TRUSTED_CERTIFICATES_PATH)); fire(SettingsManagerListener::Load(), &xml); Modified: dcplusplus/trunk/client/ShareManager.cpp =================================================================== --- dcplusplus/trunk/client/ShareManager.cpp 2006-07-02 20:59:53 UTC (rev 624) +++ dcplusplus/trunk/client/ShareManager.cpp 2006-07-08 17:01:15 UTC (rev 625) @@ -695,6 +695,9 @@ int64_t size = i->getSize(); string fileName = aName + name; + if(Util::stricmp(fileName, SETTING(TLS_PRIVATE_KEY_FILE)) == 0) { + continue; + } try { if(HashManager::getInstance()->checkTTH(fileName, size, i->getLastWriteTime())) lastFileIter = dir->files.insert(lastFileIter, Directory::File(name, size, dir, HashManager::getInstance()->getTTH(fileName, size))); Modified: dcplusplus/trunk/client/StringDefs.cpp =================================================================== --- dcplusplus/trunk/client/StringDefs.cpp 2006-07-02 20:59:53 UTC (rev 624) +++ dcplusplus/trunk/client/StringDefs.cpp 2006-07-08 17:01:15 UTC (rev 625) @@ -42,6 +42,7 @@ "&Browse...", "Browse file list", "Certificate not trusted, unable to connect", +"TLS disabled, failed to generate certificate: ", "Choose folder", "CID", "Close", @@ -118,6 +119,8 @@ "Error saving hash data: ", "Exact size", "Executable", +"Failed to load certificate file", +"Failed to load private key", "Join/part of favorite users showing off", "Join/part of favorite users showing on", "Favorite name", @@ -289,14 +292,15 @@ "Nick", "Your nick was already taken, please change to something else!", " (Nick unknown)", +"TLS disabled, no certificate file set", " not shared; calculated CRC32 does not match the one found in SFV file.", -"No", "No directory specified", "You're trying to download from yourself!", "Can't download from passive users when you're passive", "No errors", "No matches", "No slots available", +"No", "No users", "No users to download from", "Normal", @@ -373,8 +377,8 @@ "Advanced\\Experts only", "Advanced resume using TTH", "Advanced settings", +"Allow TLS connections to clients without trusted certificate", "Allow TLS connections to hubs without trusted certificate", -"Allow TLS connections to hubs without trusted certificate", "Use antifragmentation method for downloads", "Appearance", "Appearance\\Colors and sounds", @@ -659,6 +663,7 @@ "BrowseAccel", "BrowseFileList", "CertificateNotTrusted", +"CertificateGenerationFailed", "ChooseFolder", "Cid", "Close", @@ -735,6 +740,8 @@ "ErrorSavingHash", "ExactSize", "Executable", +"FailedToLoadCertificate", +"FailedToLoadPrivateKey", "FavJoinShowingOff", "FavJoinShowingOn", "FavoriteDirName", @@ -906,14 +913,15 @@ "Nick", "NickTaken", "NickUnknown", +"NoCertificateFileSet", "NoCrc32Match", -"NoStr", "NoDirectorySpecified", "NoDownloadsFromSelf", "NoDownloadsFromPassive", "NoErrors", "NoMatches", "NoSlotsAvailable", +"NoStr", "NoUsers", "NoUsersToDownloadFrom", "Normal", Modified: dcplusplus/trunk/client/StringDefs.h =================================================================== --- dcplusplus/trunk/client/StringDefs.h 2006-07-02 20:59:53 UTC (rev 624) +++ dcplusplus/trunk/client/StringDefs.h 2006-07-08 17:01:15 UTC (rev 625) @@ -45,6 +45,7 @@ BROWSE_ACCEL, // "&Browse..." BROWSE_FILE_LIST, // "Browse file list" CERTIFICATE_NOT_TRUSTED, // "Certificate not trusted, unable to connect" + CERTIFICATE_GENERATION_FAILED, // "TLS disabled, failed to generate certificate: " CHOOSE_FOLDER, // "Choose folder" CID, // "CID" CLOSE, // "Close" @@ -121,6 +122,8 @@ ERROR_SAVING_HASH, // "Error saving hash data: " EXACT_SIZE, // "Exact size" EXECUTABLE, // "Executable" + FAILED_TO_LOAD_CERTIFICATE, // "Failed to load certificate file" + FAILED_TO_LOAD_PRIVATE_KEY, // "Failed to load private key" FAV_JOIN_SHOWING_OFF, // "Join/part of favorite users showing off" FAV_JOIN_SHOWING_ON, // "Join/part of favorite users showing on" FAVORITE_DIR_NAME, // "Favorite name" @@ -292,14 +295,15 @@ NICK, // "Nick" NICK_TAKEN, // "Your nick was already taken, please change to something else!" NICK_UNKNOWN, // " (Nick unknown)" + NO_CERTIFICATE_FILE_SET, // "TLS disabled, no certificate file set" NO_CRC32_MATCH, // " not shared; calculated CRC32 does not match the one found in SFV file." - NO_STR, // "No" NO_DIRECTORY_SPECIFIED, // "No directory specified" NO_DOWNLOADS_FROM_SELF, // "You're trying to download from yourself!" NO_DOWNLOADS_FROM_PASSIVE, // "Can't download from passive users when you're passive" NO_ERRORS, // "No errors" NO_MATCHES, // "No matches" NO_SLOTS_AVAILABLE, // "No slots available" + NO_STR, // "No" NO_USERS, // "No users" NO_USERS_TO_DOWNLOAD_FROM, // "No users to download from" NORMAL, // "Normal" @@ -376,7 +380,7 @@ SETTINGS_ADVANCED3, // "Advanced\\Experts only" SETTINGS_ADVANCED_RESUME, // "Advanced resume using TTH" SETTINGS_ADVANCED_SETTINGS, // "Advanced settings" - SETTINGS_ALLOW_UNTRUSTED_CLIENTS, // "Allow TLS connections to hubs without trusted certificate" + SETTINGS_ALLOW_UNTRUSTED_CLIENTS, // "Allow TLS connections to clients without trusted certificate" SETTINGS_ALLOW_UNTRUSTED_HUBS, // "Allow TLS connections to hubs without trusted certificate" SETTINGS_ANTI_FRAG, // "Use antifragmentation method for downloads" SETTINGS_APPEARANCE, // "Appearance" Modified: dcplusplus/trunk/client/UserConnection.cpp =================================================================== --- dcplusplus/trunk/client/UserConnection.cpp 2006-07-02 20:59:53 UTC (rev 624) +++ dcplusplus/trunk/client/UserConnection.cpp 2006-07-08 17:01:15 UTC (rev 625) @@ -181,14 +181,14 @@ socket = BufferedSocket::getSocket(0); socket->addListener(this); - socket->connect(aServer, aPort, secure, true); + socket->connect(aServer, aPort, secure, BOOLSETTING(ALLOW_UNTRUSTED_CLIENTS), true); } void UserConnection::accept(const Socket& aServer) throw(SocketException, ThreadException) { dcassert(!socket); socket = BufferedSocket::getSocket(0); socket->addListener(this); - socket->accept(aServer, secure); + socket->accept(aServer, secure, BOOLSETTING(ALLOW_UNTRUSTED_CLIENTS)); } void UserConnection::inf(bool withToken) { Modified: dcplusplus/trunk/client/Util.cpp =================================================================== --- dcplusplus/trunk/client/Util.cpp 2006-07-02 20:59:53 UTC (rev 624) +++ dcplusplus/trunk/client/Util.cpp 2006-07-08 17:01:15 UTC (rev 625) @@ -248,6 +248,19 @@ i += 2; } + // Dots at the end of path names aren't popular + i = 0; + while( ((i = tmp.find(".\\", i)) != string::npos) ) { + tmp[i] = '_'; + i += 1; + } + i = 0; + while( ((i = tmp.find("./", i)) != string::npos) ) { + tmp[i] = '_'; + i += 1; + } + + return tmp; } Modified: dcplusplus/trunk/windows/CertificatesPage.cpp =================================================================== --- dcplusplus/trunk/windows/CertificatesPage.cpp 2006-07-02 20:59:53 UTC (rev 624) +++ dcplusplus/trunk/windows/CertificatesPage.cpp 2006-07-08 17:01:15 UTC (rev 625) @@ -25,6 +25,7 @@ #include "../client/SettingsManager.h" #include "../client/FavoriteManager.h" +#include "../client/CryptoManager.h" #include "WinUtil.h" @@ -67,3 +68,42 @@ HtmlHelp(m_hWnd, WinUtil::getHelpFile().c_str(), HH_HELP_CONTEXT, IDD_CERTIFICATESPAGE); return 0; } + +LRESULT CertificatesPage::onBrowsePrivateKey(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/) { + tstring target = Text::toT(SETTING(TLS_PRIVATE_KEY_FILE)); + CEdit edt(GetDlgItem(IDC_TLS_PRIVATE_KEY_FILE)); + + if(WinUtil::browseFile(target, m_hWnd, false, target)) { + edt.SetWindowText(&target[0]); + } + return 0; +} + +LRESULT CertificatesPage::onBrowseCertificate(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/) { + tstring target = Text::toT(SETTING(TLS_CERTIFICATE_FILE)); + CEdit edt(GetDlgItem(IDC_TLS_CERTIFICATE_FILE)); + + if(WinUtil::browseFile(target, m_hWnd, false, target)) { + edt.SetWindowText(&target[0]); + } + return 0; +} + +LRESULT CertificatesPage::onBrowseTrustedPath(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/) { + tstring target = Text::toT(SETTING(TLS_TRUSTED_CERTIFICATES_PATH)); + CEdit edt(GetDlgItem(IDC_TLS_TRUSTED_CERTIFICATES_PATH)); + + if(WinUtil::browseDirectory(target, m_hWnd)) { + edt.SetWindowText(&target[0]); + } + return 0; +} + +LRESULT CertificatesPage::onGenerateCerts(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/) { + try { + CryptoManager::getInstance()->generateCertificate(); + } catch(const CryptoException& e) { + MessageBox(Text::toT(e.getError()).c_str(), L"Error generating certificate"); + } + return 0; +} Modified: dcplusplus/trunk/windows/CertificatesPage.h =================================================================== --- dcplusplus/trunk/windows/CertificatesPage.h 2006-07-02 20:59:53 UTC (rev 624) +++ dcplusplus/trunk/windows/CertificatesPage.h 2006-07-08 17:01:15 UTC (rev 625) @@ -39,10 +39,18 @@ BEGIN_MSG_MAP(CertificatesPage) MESSAGE_HANDLER(WM_INITDIALOG, onInitDialog) + COMMAND_ID_HANDLER(IDC_BROWSE_PRIVATE_KEY, onBrowsePrivateKey) + COMMAND_ID_HANDLER(IDC_BROWSE_CERTIFICATE, onBrowseCertificate) + COMMAND_ID_HANDLER(IDC_BROWSE_TRUSTED_PATH, onBrowseTrustedPath) + COMMAND_ID_HANDLER(IDC_GENERATE_CERTS, onGenerateCerts) NOTIFY_CODE_HANDLER_EX(PSN_HELP, onHelpInfo) MESSAGE_HANDLER(WM_HELP, onHelp) END_MSG_MAP() + LRESULT onBrowsePrivateKey(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/); + LRESULT onBrowseCertificate(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/); + LRESULT onBrowseTrustedPath(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/); + LRESULT onGenerateCerts(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/); LRESULT onInitDialog(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/); LRESULT onHelp(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/); LRESULT onHelpInfo(LPNMHDR /*pnmh*/); Modified: dcplusplus/trunk/windows/resource.h =================================================================== --- dcplusplus/trunk/windows/resource.h 2006-07-02 20:59:53 UTC (rev 624) +++ dcplusplus/trunk/windows/resource.h 2006-07-08 17:01:15 UTC (rev 625) @@ -417,12 +417,16 @@ #define IDC_AUTO_REFRESH_TIME 1419 #define IDC_SETTINGS_AUTO_REFRESH_TIME 1420 #define IDC_AUTO_SEARCH_LIMIT 1421 -#define IDC_SSL_OPTIONS 1421 #define IDC_TLS_OPTIONS 1421 #define IDC_SETTINGS_AUTO_SEARCH_LIMIT 1422 +#define IDC_GENERATE_CERTS 1422 #define IDC_CLOSE_ALL_PM 1423 +#define IDC_BROWSE_PRIVATE_KEY 1423 #define IDC_CLOSE_ALL_OFFLINE_PM 1424 +#define IDC_BROWSE_OWN_CERTIFICATE 1424 +#define IDC_BROWSE_CERTIFICATE 1424 #define IDC_CLOSE_ALL_DIR_LIST 1425 +#define IDC_BROWSE_TRUSTED_PATH 1425 #define IDC_CLOSE_ALL_SEARCH_FRAME 1426 #define IDC_BROWSELIST 3000 #define IDC_REMOVE_SOURCE 3500 @@ -465,7 +469,7 @@ #define _APS_3D_CONTROLS 1 #define _APS_NEXT_RESOURCE_VALUE 246 #define _APS_NEXT_COMMAND_VALUE 32789 -#define _APS_NEXT_CONTROL_VALUE 1422 +#define _APS_NEXT_CONTROL_VALUE 1426 #define _APS_NEXT_SYMED_VALUE 105 #endif #endif Modified: dcplusplus/trunk/yassl/src/ssl.cpp =================================================================== --- dcplusplus/trunk/yassl/src/ssl.cpp 2006-07-02 20:59:53 UTC (rev 624) +++ dcplusplus/trunk/yassl/src/ssl.cpp 2006-07-08 17:01:15 UTC (rev 625) @@ -1370,9 +1370,12 @@ } - int SSL_pending(SSL*) + int SSL_pending(SSL* ssl) { - return SSL_SUCCESS; // TODO: + // Just in case there's pending data that hasn't been processed yet... + char c; + SSL_peek(ssl, &c, 1); + return ssl->bufferedData(); } This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
