fix yatb with openssl 1.1.1

Author: Hujer

Makefile

@@ -4,9 +4,6 @@ CPPFLAGS = -W -Wall -O2 -I/usr/local/ssl/include -Iinclude
 .cc.o   :
 	 g++ -c $(CPPFLAGS) $< -o $@
 
-include/tls_dh.h :
-	openssl dhparam -noout -C 2048 >>include/tls_dh.h
-	
 all:
 	@echo "To compile yatb type"
 	@echo "  - 'make linux' (linux-debug,linux-static,linux-debug-static) to compile under linux"
@@ -15,6 +12,9 @@ all:
 	@echo "  - or 'make solaris' (solaris-debug,solaris-static,solaris-debug-static) to compile under solaris"
 	@echo "  - or 'make clean'"
 
+include/tls_dh.h :
+	openssl dhparam -noout -C 2048 >>include/tls_dh.h
+
 linux: include/tls_dh.h src/fpwhitelist.o src/whitelist.o src/iplist.o src/yatb.o src/forward.o src/counter.o src/controlthread.o src/datathread.o src/config.o src/tls.o src/stringlist.o src/tools.o src/lock.o src/blowcrypt.o src/bnccheck.o src/getfp.o
 	g++ src/fpwhitelist.o src/whitelist.o src/iplist.o src/yatb.o src/forward.o src/counter.o src/config.o src/controlthread.o src/datathread.o src/tls.o src/stringlist.o src/tools.o src/lock.o -lssl -lpthread -lcrypto -o bin/yatb; strip bin/yatb
 	g++ src/blowcrypt.o src/config.o src/lock.o src/counter.o src/tools.o -o bin/blowcrypt -lssl -lcrypto -lpthread; strip bin/blowcrypt

README.md

@@ -20,8 +20,6 @@ _____
 
 Now copy a cert file (ftpd-dsa.pem) to bin directory
 Also copy yatb.conf.dist to bin dir
-If you have a rsa cert, you will need a dh file
-(can be generated with 'openssl dhparam -out dh1024.pem -2 1024')
 
 Encrypting config file
 ______________________

include/controlthread.h

@@ -36,6 +36,7 @@ class CControlThread
 	void mainloop(void);
 
 	int Read(int ,SSL *,string &);
+	int TryRead(int ,SSL *,string &);
 	int Write(int ,string ,SSL *);
 
 	int trytls(void);

simple.conf

@@ -1,8 +1,22 @@
+[ Debug ]
+#debug=1;
+#log_to_screen=1;
+#debug_logfile=log.txt;
+#command_logfile=clog.txt;
+#syslog=0;
+
 [ Connection ]
-listen_port=31000;
-site_ip=192.168.1.254;
-site_port=11000;
+listen_ip=127.0.0.1;
+listen_port=2222;
+site_ip=127.0.0.1;
+site_port=3333;
 traffic_bnc=1;
 
 [ SSL ]
-cert_path=dsa.pem;
+cert_path=ecdsa.pem;
+
+[ Advanced ]
+#add_to_passive_port=5;
+#port_range_start=28001;
+#port_range_end=30000;
+#use_port_range=1;

src/config.cc

@@ -29,7 +29,7 @@ CConfig::CConfig()
     month_limit = 0;
 
 	// section [SSL]
-	cert_path = "ftpd-dsa.pem";
+	cert_path = "ftpd-rsa.pem";
 	crypted_cert = 0;
 	enforce_tls = 0;
 	enforce_tls_fxp = 0;	

src/controlthread.cc

@@ -174,7 +174,9 @@ CControlThread::~CControlThread()
 		}
 
 		debugmsg(username, "[controlthread] free ssl error queue");
+#if (OPENSSL_VERSION_NUMBER <  0x10100000)
 		ERR_remove_state(0);
+#endif
 	}
 
 
@@ -521,7 +523,9 @@ void CControlThread::mainloop(void)
 		{
 			debugmsg(username, "[controlthread] start read from site");	
 			string s;
-			if(!Read(site_sock,sitessl,s))
+			int res = TryRead(site_sock,sitessl,s);
+			if (res==2) {debugmsg(username, "[controlthread] start read from site - empty"); continue;}
+			if(!res)
 			{					
 				return;
 			}
@@ -917,7 +921,9 @@ void CControlThread::mainloop(void)
 		{
 			debugmsg(username, "[controlthread] start read from client");		
 			string s;
-			if(!Read(client_sock,clientssl,s))
+			int res=TryRead(client_sock,clientssl,s);
+			if (res == 2) continue;
+			if(!res)
 			{
 				return;
 			}
@@ -2326,6 +2332,49 @@ int CControlThread::Read(int sock,SSL *ssl,string &s)
 	return 1;
 }
 
+int CControlThread::TryRead(int sock,SSL *ssl,string &s)
+{
+	rwlock.Lock();
+	if(sock == client_sock)
+	{
+		debugmsg(username,"[TryControlRead] read from client");
+	}
+	else if(sock == site_sock)
+	{
+		debugmsg(username,"[TryControlRead] read from site");
+	}
+	
+	int res=control_read(sock ,ssl,s);
+	//nothing to read
+	if (res==2) {
+ 	 rwlock.UnLock();
+	 return 2;
+	}
+	if(!res)
+	{
+		debugmsg(username,"[TryControlRead] read failed");
+		rwlock.UnLock();
+		return 0;
+	}
+	if(sock == client_sock)
+	{
+		localcounter.addrecvd(s.length());
+		totalcounter.addrecvd(s.length());
+		daycounter.addrecvd(s.length());
+		weekcounter.addrecvd(s.length());
+		monthcounter.addrecvd(s.length());
+		debugmsg(username,"\n" + s);
+		cmddebugmsg(username,">> " + s);
+	}
+	else if(sock == site_sock)
+	{
+		debugmsg(username,"\n" + s);
+		cmddebugmsg(username,"<< " + s);
+	}
+	rwlock.UnLock();
+	return 1;
+}
+
 
 int CControlThread::Write(int sock,string s,SSL *ssl)
 {
@@ -2340,7 +2389,7 @@ int CControlThread::Write(int sock,string s,SSL *ssl)
 	}
 
 	//------------- hotfix start ---------------
-	if(sock == client_sock && config.traffic_bnc)
+	if(sock == client_sock && config.traffic_bnc && !config.debug)
 	{		
 		if(s.find(_site_ip,0) != string::npos)
 		{

src/datathread.cc

@@ -150,7 +150,9 @@ void CDataThread::closeconnection(void)
 		}
 
 		debugmsg(username, "[closeconnection] free ssl error queue");
+#if (OPENSSL_VERSION_NUMBER <  0x10100000)
 		ERR_remove_state(0);
+#endif
 	}
 	debugmsg(username, "[closeconnection] end");
 }

src/tls.cc

@@ -847,11 +847,11 @@ int ssl_setup()
 
 	SSL_CTX_set_default_verify_paths(connectsslctx);
 	SSL_CTX_set_options(connectsslctx,SSL_OP_ALL);
-	SSL_CTX_set_mode(connectsslctx,SSL_MODE_AUTO_RETRY);
+	SSL_CTX_clear_mode(connectsslctx,SSL_MODE_AUTO_RETRY);
 
 	SSL_CTX_set_default_verify_paths(clientsslctx);
 	SSL_CTX_set_options(clientsslctx, SSL_OP_SINGLE_DH_USE | SSL_OP_SINGLE_ECDH_USE | SSL_OP_CIPHER_SERVER_PREFERENCE | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 /*SSL_OP_ALL*/);
-	SSL_CTX_set_mode(clientsslctx,SSL_MODE_AUTO_RETRY);
+	SSL_CTX_clear_mode(clientsslctx,SSL_MODE_AUTO_RETRY);
 
 	string certfile = "certtmp";
 

src/tools.cc

@@ -1424,8 +1424,12 @@ int control_read(int sock,SSL *sslcon,string &str)
 					int err = SSL_get_error(sslcon,rc);
 
 					if (err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE || err == SSL_ERROR_WANT_X509_LOOKUP) 
-					{ 
-						debugmsg("CONTROLREAD","want read/write error");
+					{
+//						if (trying) {
+							delete [] buffer;
+							return 2; 
+//						}
+/*						debugmsg("CONTROLREAD","want read/write error");
 						fd_set data_writefds;
 						FD_ZERO(&data_writefds);
 						FD_SET(sock,&data_writefds);
@@ -1449,7 +1453,7 @@ int control_read(int sock,SSL *sslcon,string &str)
 							delete [] buffer;
 							return 0;
 						} 
-					}
+*/					}
 					else
 					{
 						debugmsg("CONTROLWRITE","SSL error",errno);
@@ -1529,7 +1533,7 @@ int SslConnect(int &sock,SSL **ssl,SSL_CTX **sslctx,int &shouldquit,string ciphe
 		}
 		SSL_CTX_set_default_verify_paths(*sslctx);
 		SSL_CTX_set_options(*sslctx,SSL_OP_ALL);
-		SSL_CTX_set_mode(*sslctx,SSL_MODE_AUTO_RETRY);
+		SSL_CTX_clear_mode(*sslctx,SSL_MODE_AUTO_RETRY);
 		SSL_CTX_set_session_cache_mode(*sslctx,SSL_SESS_CACHE_OFF);			
 	}
 	*ssl = SSL_new(*sslctx);

src/yatb.cc

@@ -12,7 +12,9 @@
 #include "fpwhitelist.h"
 
 #ifndef SOLARIS
-#define SOLARIS (defined(sun) && (defined(__svr4__) || defined(__SVR4)))
+#if (defined(sun) && (defined(__svr4__) || defined(__SVR4)))
+#define SOLARIS
+#endif
 #endif
 
 

yatb.conf.dist

@@ -113,4 +113,4 @@ retry_count=10;
 ssl_ascii_cache=0;
 disable_noop=0;
 speed_write=0;
-allow_noentry_connect=0;
+allow_noentry_connect=0;