diff options
author | June McEnroe <june@causal.agency> | 2021-07-04 13:35:07 -0400 |
---|---|---|
committer | June McEnroe <june@causal.agency> | 2021-07-04 19:46:01 -0400 |
commit | 871df6b47e9d31a7e5c38541730ac5c4a85f6931 (patch) | |
tree | 2f3b568b1513296742ffc41cfe1e06345d38031d | |
parent | Attempt to keep "security" in README accurate (diff) | |
download | catgirl-871df6b47e9d31a7e5c38541730ac5c4a85f6931.tar.gz catgirl-871df6b47e9d31a7e5c38541730ac5c4a85f6931.zip |
Clear private key data after handshake
Alternative to a patch by Klemens Nanni creating an ircHandshake() function to explicitly handshake and clear key data.
Diffstat (limited to '')
-rw-r--r-- | irc.c | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/irc.c b/irc.c index 5f14c9e..8856030 100644 --- a/irc.c +++ b/irc.c @@ -43,12 +43,13 @@ #include "chat.h" -struct tls *client; +static struct tls_config *config; +static struct tls *client; void ircConfig( bool insecure, const char *trust, const char *cert, const char *priv ) { - struct tls_config *config = tls_config_new(); + config = tls_config_new(); if (!config) errx(EX_SOFTWARE, "tls_config_new"); int error; @@ -103,7 +104,6 @@ void ircConfig( error = tls_configure(client, config); if (error) errx(EX_SOFTWARE, "tls_configure: %s", tls_error(client)); - tls_config_free(config); } int ircConnect(const char *bindHost, const char *host, const char *port) { @@ -201,6 +201,14 @@ void ircSend(const char *ptr, size_t len) { ptr += ret; len -= ret; } + + // Private key data isn't needed anymore after the first write causes the + // handshake, but client will keep a reference to config. + if (config) { + tls_config_clear_keys(config); + tls_config_free(config); + config = NULL; + } } void ircFormat(const char *format, ...) { |