1
0
mirror of https://github.com/Tha14/toxic.git synced 2024-11-23 02:23:02 +01:00

Use a specified TLS cipher list for https name lookups

This commit is contained in:
Jfreegman 2015-10-29 15:13:42 -04:00
parent fea317ee24
commit 368a1465ec
No known key found for this signature in database
GPG Key ID: 3627F3144076AE63
2 changed files with 12 additions and 4 deletions

View File

@ -1,4 +1,3 @@
# Toxic [![Build Status](https://travis-ci.org/JFreegman/toxic.png?branch=master)](https://travis-ci.org/JFreegman/toxic)
Toxic is a [Tox](https://tox.chat)-based instant messenging client which formerly resided in the [Tox core repository](https://github.com/irungentoo/toxcore), and is now available as a standalone application. Toxic is a [Tox](https://tox.chat)-based instant messenging client which formerly resided in the [Tox core repository](https://github.com/irungentoo/toxcore), and is now available as a standalone application.
[![Toxic Screenshot](https://i.imgur.com/san99Z2.png "Home Screen")](https://i.imgur.com/san99Z2.png) [![Toxic Screenshot](https://i.imgur.com/san99Z2.png "Home Screen")](https://i.imgur.com/san99Z2.png)

View File

@ -41,6 +41,9 @@ extern struct Winthread Winthread;;
#define MAX_DOMAIN_SIZE 32 #define MAX_DOMAIN_SIZE 32
#define MAX_SERVER_LINE MAX_DOMAIN_SIZE + (SERVER_KEY_SIZE * 2) + 3 #define MAX_SERVER_LINE MAX_DOMAIN_SIZE + (SERVER_KEY_SIZE * 2) + 3
/* List based on Mozilla's recommended configurations for modern browsers */
#define TLS_CIPHER_SUITE_LIST "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK"
struct Nameservers { struct Nameservers {
int lines; int lines;
char names[MAX_SERVERS][MAX_DOMAIN_SIZE]; char names[MAX_SERVERS][MAX_DOMAIN_SIZE];
@ -282,8 +285,9 @@ void *lookup_thread_func(void *data)
curl_easy_setopt(c_handle, CURLOPT_USERAGENT, "libcurl-agent/1.0"); curl_easy_setopt(c_handle, CURLOPT_USERAGENT, "libcurl-agent/1.0");
curl_easy_setopt(c_handle, CURLOPT_POSTFIELDS, post_data); curl_easy_setopt(c_handle, CURLOPT_POSTFIELDS, post_data);
if (curl_easy_setopt(c_handle, CURLOPT_USE_SSL, CURLUSESSL_ALL) != CURLE_OK) { if (curl_easy_setopt(c_handle, CURLOPT_USE_SSL, CURLUSESSL_ALL) != CURLE_OK) {
lookup_error(self, "Failed to enable TLS."); lookup_error(self, "TLS could not be enabled.");
goto on_exit; goto on_exit;
} }
@ -292,13 +296,18 @@ void *lookup_thread_func(void *data)
goto on_exit; goto on_exit;
} }
if (curl_easy_setopt(c_handle, CURLOPT_SSL_CIPHER_LIST, TLS_CIPHER_SUITE_LIST) != CURLE_OK) {
lookup_error(self, "Failed to set TLS cipher list.");
goto on_exit;
}
if (curl_easy_perform(c_handle) != CURLE_OK) { if (curl_easy_perform(c_handle) != CURLE_OK) {
lookup_error(self, "curl lookup error."); lookup_error(self, "https lookup error.");
goto on_exit; goto on_exit;
} }
if (process_response(&recv_data) == -1) { if (process_response(&recv_data) == -1) {
lookup_error(self, "parsing error."); lookup_error(self, "Name lookup failed.");
goto on_exit; goto on_exit;
} }