pidgin.yaz: libpurple/plugins/ssl/ssl-gnutls.c annotate

annotate libpurple/plugins/ssl/ssl-gnutls.c @ 31301:16ab805406d1

Get rid of the offset field in the SlpMessage in favor of the one in the Header.

author	masca@cpw.pidgin.im
date	Thu, 05 Aug 2010 21:58:13 +0000
parents	df9de37e0274
children	43af903bd816

rev	line source
15374 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1 /**
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	2 * @file ssl-gnutls.c GNUTLS SSL plugin.
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	3 *
15823 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15785 diff changeset	4 * purple
15374 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	5 *
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	6 * Copyright (C) 2003 Christian Hammond <chipx86@gnupdate.org>
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	7 *
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	8 * This program is free software; you can redistribute it and/or modify
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	9 * it under the terms of the GNU General Public License as published by
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	10 * the Free Software Foundation; either version 2 of the License, or
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	11 * (at your option) any later version.
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	12 *
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	13 * This program is distributed in the hope that it will be useful,
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	16 * GNU General Public License for more details.
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	17 *
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	18 * You should have received a copy of the GNU General Public License
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	19 * along with this program; if not, write to the Free Software
19680 44b4e8bd759b The FSF changed its address a while ago; our files were out of date. John Bailey <rekkanoryo@rekkanoryo.org> parents: 19648 diff changeset	20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA
15374 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	21 */
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	22 #include "internal.h"
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	23 #include "debug.h"
17641 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	24 #include "certificate.h"
15374 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	25 #include "plugin.h"
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	26 #include "sslconn.h"
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	27 #include "version.h"
17413 fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17309 diff changeset	28 #include "util.h"
15374 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	29
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	30 #define SSL_GNUTLS_PLUGIN_ID "ssl-gnutls"
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	31
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	32 #include <gnutls/gnutls.h>
17413 fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17309 diff changeset	33 #include <gnutls/x509.h>
15374 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	34
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	35 typedef struct
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	36 {
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	37 gnutls_session session;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	38 guint handshake_handler;
30064 df9de37e0274 gnutls/nss: Don't call the handshake functions synchronously. Fixes #11525 Paul Aurich <paul@darkrain42.org> parents: 30062 diff changeset	39 guint handshake_timer;
15823 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15785 diff changeset	40 } PurpleSslGnutlsData;
15374 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	41
15823 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15785 diff changeset	42 #define PURPLE_SSL_GNUTLS_DATA(gsc) ((PurpleSslGnutlsData *)gsc->private_data)
15374 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	43
30061 9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	44 static gnutls_certificate_client_credentials xcred = NULL;
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	45
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	46 #ifdef HAVE_GNUTLS_PRIORITY_FUNCS
30062 1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 30061 diff changeset	47 /* Priority strings. The default one is, well, the default (and is always
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 30061 diff changeset	48 * set). The hash table is of the form hostname => priority (both
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 30061 diff changeset	49 * char *).
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 30061 diff changeset	50 *
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 30061 diff changeset	51 * We only use a gnutls_priority_t for the default on the assumption that
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 30061 diff changeset	52 * that's the more common case. Improvement patches (like matching on
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 30061 diff changeset	53 * subdomains) welcome.
30061 9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	54 */
30062 1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 30061 diff changeset	55 static gnutls_priority_t default_priority = NULL;
30061 9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	56 static GHashTable *host_priorities = NULL;
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	57 #endif
15374 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	58
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	59 static void
27265 e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27195 diff changeset	60 ssl_gnutls_log(int level, const char *str)
e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27195 diff changeset	61 {
e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27195 diff changeset	62 /* GnuTLS log messages include the '\n' */
e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27195 diff changeset	63 purple_debug_misc("gnutls", "lvl %d: %s", level, str);
e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27195 diff changeset	64 }
e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27195 diff changeset	65
e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27195 diff changeset	66 static void
15374 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	67 ssl_gnutls_init_gnutls(void)
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	68 {
27265 e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27195 diff changeset	69 const char *debug_level;
30061 9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	70 const char *host_priorities_str;
27265 e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27195 diff changeset	71
17639 91feef6cbede - GnuTLS uses glib memory mgmt William Ehlhardt <williamehlhardt@gmail.com> parents: 17509 diff changeset	72 /* Configure GnuTLS to use glib memory management */
91feef6cbede - GnuTLS uses glib memory mgmt William Ehlhardt <williamehlhardt@gmail.com> parents: 17509 diff changeset	73 /* I expect that this isn't really necessary, but it may prevent
91feef6cbede - GnuTLS uses glib memory mgmt William Ehlhardt <williamehlhardt@gmail.com> parents: 17509 diff changeset	74 some bugs */
17641 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	75 /* TODO: It may be necessary to wrap this allocators for GnuTLS.
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	76 If there are strange bugs, perhaps look here (yes, I am a
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	77 hypocrite) */
17639 91feef6cbede - GnuTLS uses glib memory mgmt William Ehlhardt <williamehlhardt@gmail.com> parents: 17509 diff changeset	78 gnutls_global_set_mem_functions(
23278 b87ce62751a2 I can't think of any reason we would need to use the zero versions of Mark Doliner <mark@kingant.net> parents: 21678 diff changeset	79 (gnutls_alloc_function) g_malloc, /* malloc */
b87ce62751a2 I can't think of any reason we would need to use the zero versions of Mark Doliner <mark@kingant.net> parents: 21678 diff changeset	80 (gnutls_alloc_function) g_malloc, /* secure malloc */
17639 91feef6cbede - GnuTLS uses glib memory mgmt William Ehlhardt <williamehlhardt@gmail.com> parents: 17509 diff changeset	81 NULL, /* mem_is_secure */
17641 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	82 (gnutls_realloc_function) g_realloc, /* realloc */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	83 (gnutls_free_function) g_free /* free */
17639 91feef6cbede - GnuTLS uses glib memory mgmt William Ehlhardt <williamehlhardt@gmail.com> parents: 17509 diff changeset	84 );
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	85
27265 e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27195 diff changeset	86 debug_level = g_getenv("PURPLE_GNUTLS_DEBUG");
e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27195 diff changeset	87 if (debug_level) {
e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27195 diff changeset	88 int level = atoi(debug_level);
e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27195 diff changeset	89 if (level < 0) {
e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27195 diff changeset	90 purple_debug_warning("gnutls", "Assuming log level 0 instead of %d\n",
e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27195 diff changeset	91 level);
e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27195 diff changeset	92 level = 0;
e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27195 diff changeset	93 }
e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27195 diff changeset	94
e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27195 diff changeset	95 /* "The level is an integer between 0 and 9. Higher values mean more verbosity." */
e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27195 diff changeset	96 gnutls_global_set_log_level(level);
e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27195 diff changeset	97 gnutls_global_set_log_function(ssl_gnutls_log);
e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27195 diff changeset	98 }
e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27195 diff changeset	99
30061 9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	100 /* Expected format: host=priority;host2=priority;*=priority
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	101 * where "*" is used to override the default priority string for
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	102 * libpurple.
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	103 */
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	104 host_priorities_str = g_getenv("PURPLE_GNUTLS_PRIORITIES");
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	105 if (host_priorities_str) {
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	106 #ifndef HAVE_GNUTLS_PRIORITY_FUNCS
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	107 purple_debug_warning("gnutls", "Warning, PURPLE_GNUTLS_PRIORITIES "
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	108 "environment variable set, but we were built "
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	109 "against an older GnuTLS that doesn't support "
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	110 "this. :-(");
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	111 #else /* HAVE_GNUTLS_PRIORITY_FUNCS */
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	112 char **entries = g_strsplit(host_priorities_str, ";", -1);
30062 1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 30061 diff changeset	113 char *default_priority_str = NULL;
30061 9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	114 guint i;
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	115
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	116 host_priorities = g_hash_table_new_full(g_str_hash, g_str_equal,
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	117 g_free, g_free);
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	118
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	119 for (i = 0; entries[i]; ++i) {
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	120 char *host = entries[i];
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	121 char *equals = strchr(host, '=');
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	122 char *prio_str;
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	123
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	124 if (equals) {
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	125 *equals = '\0';
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	126 prio_str = equals + 1;
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	127
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	128 /* Empty? */
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	129 if (*prio_str == '\0') {
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	130 purple_debug_warning("gnutls", "Ignoring empty priority "
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	131 "string for %s\n", host);
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	132 } else {
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	133 /* TODO: Validate each of these and complain */
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	134 if (g_str_equal(host, "*")) {
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	135 /* Override the default priority */
30062 1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 30061 diff changeset	136 g_free(default_priority_str);
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 30061 diff changeset	137 default_priority_str = g_strdup(prio_str);
30061 9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	138 } else
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	139 g_hash_table_insert(host_priorities, g_strdup(host),
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	140 g_strdup(prio_str));
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	141 }
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	142 }
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	143 }
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	144
30062 1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 30061 diff changeset	145 if (default_priority_str) {
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 30061 diff changeset	146 if (gnutls_priority_init(&default_priority, default_priority_str, NULL)) {
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 30061 diff changeset	147 purple_debug_warning("gnutls", "Unable to set default priority to %s\n",
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 30061 diff changeset	148 default_priority_str);
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 30061 diff changeset	149 /* Versions of GnuTLS as of 2.8.6 (2010-03-31) don't free/NULL
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 30061 diff changeset	150 * this on error.
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 30061 diff changeset	151 */
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 30061 diff changeset	152 gnutls_free(default_priority);
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 30061 diff changeset	153 default_priority = NULL;
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 30061 diff changeset	154 }
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 30061 diff changeset	155
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 30061 diff changeset	156 g_free(default_priority_str);
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 30061 diff changeset	157 }
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 30061 diff changeset	158
30061 9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	159 g_strfreev(entries);
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	160 #endif /* HAVE_GNUTLS_PRIORITY_FUNCS */
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	161 }
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	162
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	163 #ifdef HAVE_GNUTLS_PRIORITY_FUNCS
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	164 /* Make sure we set have a default priority! */
30062 1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 30061 diff changeset	165 if (!default_priority) {
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 30061 diff changeset	166 if (gnutls_priority_init(&default_priority, "NORMAL:%SSL3_RECORD_VERSION", NULL)) {
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 30061 diff changeset	167 /* See comment above about memory leak */
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 30061 diff changeset	168 gnutls_free(default_priority);
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 30061 diff changeset	169 gnutls_priority_init(&default_priority, "NORMAL", NULL);
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 30061 diff changeset	170 }
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 30061 diff changeset	171 }
30061 9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	172 #endif /* HAVE_GNUTLS_PRIORITY_FUNCS */
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	173
15374 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	174 gnutls_global_init();
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	175
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	176 gnutls_certificate_allocate_credentials(&xcred);
17641 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	177
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	178 /* TODO: I can likely remove this */
17497 3ce170204ef0 disapproval of revision '38e35430b0f7a8b7d764fca702732e7f1c652d02' William Ehlhardt <williamehlhardt@gmail.com> parents: 17496 diff changeset	179 gnutls_certificate_set_x509_trust_file(xcred, "ca.pem",
3ce170204ef0 disapproval of revision '38e35430b0f7a8b7d764fca702732e7f1c652d02' William Ehlhardt <williamehlhardt@gmail.com> parents: 17496 diff changeset	180 GNUTLS_X509_FMT_PEM);
15374 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	181 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	182
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	183 static gboolean
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	184 ssl_gnutls_init(void)
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	185 {
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	186 return TRUE;
15374 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	187 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	188
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	189 static void
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	190 ssl_gnutls_uninit(void)
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	191 {
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	192 gnutls_global_deinit();
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	193
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	194 gnutls_certificate_free_credentials(xcred);
30061 9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	195 xcred = NULL;
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	196
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	197 #ifdef HAVE_GNUTLS_PRIORITY_FUNCS
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	198 if (host_priorities) {
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	199 g_hash_table_destroy(host_priorities);
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	200 host_priorities = NULL;
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	201 }
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	202
30062 1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 30061 diff changeset	203 gnutls_priority_deinit(default_priority);
30061 9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	204 default_priority = NULL;
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	205 #endif
15374 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	206 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	207
18955 f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	208 static void
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	209 ssl_gnutls_verified_cb(PurpleCertificateVerificationStatus st,
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	210 gpointer userdata)
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	211 {
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	212 PurpleSslConnection gsc = (PurpleSslConnection ) userdata;
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	213
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	214 if (st == PURPLE_CERTIFICATE_VALID) {
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	215 /* Certificate valid? Good! Do the connection! */
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	216 gsc->connect_cb(gsc->connect_cb_data, gsc, PURPLE_INPUT_READ);
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	217 } else {
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	218 /* Otherwise, signal an error */
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	219 if(gsc->error_cb != NULL)
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	220 gsc->error_cb(gsc, PURPLE_SSL_CERTIFICATE_INVALID,
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	221 gsc->connect_cb_data);
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	222 purple_ssl_close(gsc);
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	223 }
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	224 }
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	225
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	226
15374 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	227
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	228 static void ssl_gnutls_handshake_cb(gpointer data, gint source,
15823 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15785 diff changeset	229 PurpleInputCondition cond)
15374 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	230 {
15823 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15785 diff changeset	231 PurpleSslConnection *gsc = data;
32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15785 diff changeset	232 PurpleSslGnutlsData *gnutls_data = PURPLE_SSL_GNUTLS_DATA(gsc);
15374 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	233 ssize_t ret;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	234
20255 07c103ac3795 applied changes from 5252885d793a4d288d92856d511d721bf5bb87ef Richard Laager <rlaager@wiktel.com> parents: 19680 diff changeset	235 /purple_debug_info("gnutls", "Handshaking with %s\n", gsc->host);/
15374 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	236 ret = gnutls_handshake(gnutls_data->session);
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	237
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	238 if(ret == GNUTLS_E_AGAIN \|\| ret == GNUTLS_E_INTERRUPTED)
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	239 return;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	240
15823 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15785 diff changeset	241 purple_input_remove(gnutls_data->handshake_handler);
15374 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	242 gnutls_data->handshake_handler = 0;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	243
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	244 if(ret != 0) {
15823 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15785 diff changeset	245 purple_debug_error("gnutls", "Handshake failed. Error %s\n",
15785 eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15374 diff changeset	246 gnutls_strerror(ret));
15374 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	247
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	248 if(gsc->error_cb != NULL)
15823 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15785 diff changeset	249 gsc->error_cb(gsc, PURPLE_SSL_HANDSHAKE_FAILED,
15374 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	250 gsc->connect_cb_data);
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	251
15823 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15785 diff changeset	252 purple_ssl_close(gsc);
15374 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	253 } else {
18938 f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	254 /* Now we are cooking with gas! */
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	255 PurpleSslOps *ops = purple_ssl_get_ops();
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	256 GList * peers = ops->get_peer_certificates(gsc);
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	257
18938 f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	258 PurpleCertificateScheme *x509 =
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	259 purple_certificate_find_scheme("x509");
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	260
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	261 GList * l;
19549 5f4100c7dd00 Fix compiler warnings about having a variable declaration after some Mark Doliner <mark@kingant.net> parents: 19498 diff changeset	262
5f4100c7dd00 Fix compiler warnings about having a variable declaration after some Mark Doliner <mark@kingant.net> parents: 19498 diff changeset	263 /* TODO: Remove all this debugging babble */
5f4100c7dd00 Fix compiler warnings about having a variable declaration after some Mark Doliner <mark@kingant.net> parents: 19498 diff changeset	264 purple_debug_info("gnutls", "Handshake complete\n");
5f4100c7dd00 Fix compiler warnings about having a variable declaration after some Mark Doliner <mark@kingant.net> parents: 19498 diff changeset	265
18938 f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	266 for (l=peers; l; l = l->next) {
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	267 PurpleCertificate *crt = l->data;
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	268 GByteArray *z =
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	269 x509->get_fingerprint_sha1(crt);
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	270 gchar * fpr =
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	271 purple_base16_encode_chunked(z->data,
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	272 z->len);
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	273
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	274 purple_debug_info("gnutls/x509",
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	275 "Key print: %s\n",
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	276 fpr);
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	277
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	278 /* Kill the cert! */
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	279 x509->destroy_certificate(crt);
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	280
18938 f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	281 g_free(fpr);
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	282 g_byte_array_free(z, TRUE);
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	283 }
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	284 g_list_free(peers);
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	285
17413 fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17309 diff changeset	286 {
20282 62b83cebbb59 applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e Richard Laager <rlaager@wiktel.com> parents: 20255 diff changeset	287 const gnutls_datum *cert_list;
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	288 unsigned int cert_list_size = 0;
20282 62b83cebbb59 applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e Richard Laager <rlaager@wiktel.com> parents: 20255 diff changeset	289 gnutls_session session=gnutls_data->session;
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	290 int i;
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	291
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	292 cert_list =
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	293 gnutls_certificate_get_peers(session, &cert_list_size);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	294
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	295 purple_debug_info("gnutls",
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	296 "Peer provided %d certs\n",
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	297 cert_list_size);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	298 for (i=0; i<cert_list_size; i++)
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	299 {
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	300 gchar fpr_bin[256];
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	301 gsize fpr_bin_sz = sizeof(fpr_bin);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	302 gchar * fpr_asc = NULL;
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	303 gchar tbuf[256];
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	304 gsize tsz=sizeof(tbuf);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	305 gchar * tasc = NULL;
20282 62b83cebbb59 applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e Richard Laager <rlaager@wiktel.com> parents: 20255 diff changeset	306 gnutls_x509_crt cert;
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	307
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	308 gnutls_x509_crt_init(&cert);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	309 gnutls_x509_crt_import (cert, &cert_list[i],
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	310 GNUTLS_X509_FMT_DER);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	311
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	312 gnutls_x509_crt_get_fingerprint(cert, GNUTLS_MAC_SHA,
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	313 fpr_bin, &fpr_bin_sz);
17413 fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17309 diff changeset	314
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	315 fpr_asc =
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	316 purple_base16_encode_chunked((const guchar *)fpr_bin, fpr_bin_sz);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	317
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	318 purple_debug_info("gnutls",
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	319 "Lvl %d SHA1 fingerprint: %s\n",
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	320 i, fpr_asc);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	321
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	322 tsz=sizeof(tbuf);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	323 gnutls_x509_crt_get_serial(cert,tbuf,&tsz);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	324 tasc=purple_base16_encode_chunked((const guchar *)tbuf, tsz);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	325 purple_debug_info("gnutls",
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	326 "Serial: %s\n",
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	327 tasc);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	328 g_free(tasc);
17413 fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17309 diff changeset	329
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	330 tsz=sizeof(tbuf);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	331 gnutls_x509_crt_get_dn (cert, tbuf, &tsz);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	332 purple_debug_info("gnutls",
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	333 "Cert DN: %s\n",
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	334 tbuf);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	335 tsz=sizeof(tbuf);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	336 gnutls_x509_crt_get_issuer_dn (cert, tbuf, &tsz);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	337 purple_debug_info("gnutls",
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	338 "Cert Issuer DN: %s\n",
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	339 tbuf);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	340
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	341 g_free(fpr_asc);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	342 fpr_asc = NULL;
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	343 gnutls_x509_crt_deinit(cert);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	344 }
17497 3ce170204ef0 disapproval of revision '38e35430b0f7a8b7d764fca702732e7f1c652d02' William Ehlhardt <williamehlhardt@gmail.com> parents: 17496 diff changeset	345 }
18955 f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	346
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	347 /* TODO: The following logic should really be in libpurple */
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	348 /* If a Verifier was given, hand control over to it */
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	349 if (gsc->verifier) {
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	350 GList *peers;
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	351 /* First, get the peer cert chain */
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	352 peers = purple_ssl_get_peer_certificates(gsc);
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	353
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	354 /* Now kick off the verification process */
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	355 purple_certificate_verify(gsc->verifier,
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	356 gsc->host,
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	357 peers,
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	358 ssl_gnutls_verified_cb,
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	359 gsc);
19021 fcca10d0ac7d - purple_certificate_verify no longer takes possession of the William Ehlhardt <williamehlhardt@gmail.com> parents: 19019 diff changeset	360
fcca10d0ac7d - purple_certificate_verify no longer takes possession of the William Ehlhardt <williamehlhardt@gmail.com> parents: 19019 diff changeset	361 purple_certificate_destroy_list(peers);
18955 f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	362 } else {
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	363 /* Otherwise, just call the "connection complete"
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	364 callback */
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	365 gsc->connect_cb(gsc->connect_cb_data, gsc, cond);
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	366 }
15374 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	367 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	368
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	369 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	370
30064 df9de37e0274 gnutls/nss: Don't call the handshake functions synchronously. Fixes #11525 Paul Aurich <paul@darkrain42.org> parents: 30062 diff changeset	371 static gboolean
df9de37e0274 gnutls/nss: Don't call the handshake functions synchronously. Fixes #11525 Paul Aurich <paul@darkrain42.org> parents: 30062 diff changeset	372 start_handshake_cb(gpointer data)
df9de37e0274 gnutls/nss: Don't call the handshake functions synchronously. Fixes #11525 Paul Aurich <paul@darkrain42.org> parents: 30062 diff changeset	373 {
df9de37e0274 gnutls/nss: Don't call the handshake functions synchronously. Fixes #11525 Paul Aurich <paul@darkrain42.org> parents: 30062 diff changeset	374 PurpleSslConnection *gsc = data;
df9de37e0274 gnutls/nss: Don't call the handshake functions synchronously. Fixes #11525 Paul Aurich <paul@darkrain42.org> parents: 30062 diff changeset	375 PurpleSslGnutlsData *gnutls_data = PURPLE_SSL_GNUTLS_DATA(gsc);
df9de37e0274 gnutls/nss: Don't call the handshake functions synchronously. Fixes #11525 Paul Aurich <paul@darkrain42.org> parents: 30062 diff changeset	376
df9de37e0274 gnutls/nss: Don't call the handshake functions synchronously. Fixes #11525 Paul Aurich <paul@darkrain42.org> parents: 30062 diff changeset	377 purple_debug_info("gnutls", "Starting handshake with %s\n", gsc->host);
df9de37e0274 gnutls/nss: Don't call the handshake functions synchronously. Fixes #11525 Paul Aurich <paul@darkrain42.org> parents: 30062 diff changeset	378
df9de37e0274 gnutls/nss: Don't call the handshake functions synchronously. Fixes #11525 Paul Aurich <paul@darkrain42.org> parents: 30062 diff changeset	379 gnutls_data->handshake_timer = 0;
df9de37e0274 gnutls/nss: Don't call the handshake functions synchronously. Fixes #11525 Paul Aurich <paul@darkrain42.org> parents: 30062 diff changeset	380
df9de37e0274 gnutls/nss: Don't call the handshake functions synchronously. Fixes #11525 Paul Aurich <paul@darkrain42.org> parents: 30062 diff changeset	381 ssl_gnutls_handshake_cb(gsc, gsc->fd, PURPLE_INPUT_READ);
df9de37e0274 gnutls/nss: Don't call the handshake functions synchronously. Fixes #11525 Paul Aurich <paul@darkrain42.org> parents: 30062 diff changeset	382 return FALSE;
df9de37e0274 gnutls/nss: Don't call the handshake functions synchronously. Fixes #11525 Paul Aurich <paul@darkrain42.org> parents: 30062 diff changeset	383 }
15374 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	384
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	385 static void
15823 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15785 diff changeset	386 ssl_gnutls_connect(PurpleSslConnection *gsc)
15374 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	387 {
15823 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15785 diff changeset	388 PurpleSslGnutlsData *gnutls_data;
15374 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	389 static const int cert_type_priority[2] = { GNUTLS_CRT_X509, 0 };
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	390
15823 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15785 diff changeset	391 gnutls_data = g_new0(PurpleSslGnutlsData, 1);
15374 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	392 gsc->private_data = gnutls_data;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	393
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	394 gnutls_init(&gnutls_data->session, GNUTLS_CLIENT);
25133 309f6dca369a Use _set_default_priority on gnutls versions lacking _priority_set_direct. Ethan Blanton <elb@pidgin.im> parents: 25132 diff changeset	395 #ifdef HAVE_GNUTLS_PRIORITY_FUNCS
30061 9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	396 {
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	397 const char *prio_str = NULL;
30062 1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 30061 diff changeset	398 gboolean set = FALSE;
30061 9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	399
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	400 /* Let's see if someone has specified a specific priority */
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	401 if (gsc->host && host_priorities)
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	402 prio_str = g_hash_table_lookup(host_priorities, gsc->host);
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	403
30062 1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 30061 diff changeset	404 if (prio_str)
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 30061 diff changeset	405 set = (GNUTLS_E_SUCCESS ==
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 30061 diff changeset	406 gnutls_priority_set_direct(gnutls_data->session, prio_str,
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 30061 diff changeset	407 NULL));
30061 9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	408
30062 1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 30061 diff changeset	409 if (!set)
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 30061 diff changeset	410 gnutls_priority_set(gnutls_data->session, default_priority);
30061 9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 30050 diff changeset	411 }
25133 309f6dca369a Use _set_default_priority on gnutls versions lacking _priority_set_direct. Ethan Blanton <elb@pidgin.im> parents: 25132 diff changeset	412 #else
309f6dca369a Use _set_default_priority on gnutls versions lacking _priority_set_direct. Ethan Blanton <elb@pidgin.im> parents: 25132 diff changeset	413 gnutls_set_default_priority(gnutls_data->session);
309f6dca369a Use _set_default_priority on gnutls versions lacking _priority_set_direct. Ethan Blanton <elb@pidgin.im> parents: 25132 diff changeset	414 #endif
15374 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	415
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	416 gnutls_certificate_type_set_priority(gnutls_data->session,
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	417 cert_type_priority);
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	418
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	419 gnutls_credentials_set(gnutls_data->session, GNUTLS_CRD_CERTIFICATE,
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	420 xcred);
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	421
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	422 gnutls_transport_set_ptr(gnutls_data->session, GINT_TO_POINTER(gsc->fd));
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	423
15823 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15785 diff changeset	424 gnutls_data->handshake_handler = purple_input_add(gsc->fd,
32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15785 diff changeset	425 PURPLE_INPUT_READ, ssl_gnutls_handshake_cb, gsc);
15374 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	426
17309 a2edef5eb1b1 - Document some weird-looking logic in the GnuTLS plugin. William Ehlhardt <williamehlhardt@gmail.com> parents: 16673 diff changeset	427 /* Orborde asks: Why are we configuring a callback, then
30064 df9de37e0274 gnutls/nss: Don't call the handshake functions synchronously. Fixes #11525 Paul Aurich <paul@darkrain42.org> parents: 30062 diff changeset	428 (almost) immediately calling it?
17309 a2edef5eb1b1 - Document some weird-looking logic in the GnuTLS plugin. William Ehlhardt <williamehlhardt@gmail.com> parents: 16673 diff changeset	429
a2edef5eb1b1 - Document some weird-looking logic in the GnuTLS plugin. William Ehlhardt <williamehlhardt@gmail.com> parents: 16673 diff changeset	430 Answer: gnutls_handshake (up in handshake_cb) needs to be called
a2edef5eb1b1 - Document some weird-looking logic in the GnuTLS plugin. William Ehlhardt <williamehlhardt@gmail.com> parents: 16673 diff changeset	431 once in order to get the ball rolling on the SSL connection.
a2edef5eb1b1 - Document some weird-looking logic in the GnuTLS plugin. William Ehlhardt <williamehlhardt@gmail.com> parents: 16673 diff changeset	432 Once it has done so, only then will the server reply, triggering
a2edef5eb1b1 - Document some weird-looking logic in the GnuTLS plugin. William Ehlhardt <williamehlhardt@gmail.com> parents: 16673 diff changeset	433 the callback.
a2edef5eb1b1 - Document some weird-looking logic in the GnuTLS plugin. William Ehlhardt <williamehlhardt@gmail.com> parents: 16673 diff changeset	434
a2edef5eb1b1 - Document some weird-looking logic in the GnuTLS plugin. William Ehlhardt <williamehlhardt@gmail.com> parents: 16673 diff changeset	435 Since the logic driving gnutls_handshake is the same with the first
a2edef5eb1b1 - Document some weird-looking logic in the GnuTLS plugin. William Ehlhardt <williamehlhardt@gmail.com> parents: 16673 diff changeset	436 and subsequent calls, we'll just fire the callback immediately to
a2edef5eb1b1 - Document some weird-looking logic in the GnuTLS plugin. William Ehlhardt <williamehlhardt@gmail.com> parents: 16673 diff changeset	437 accomplish this.
a2edef5eb1b1 - Document some weird-looking logic in the GnuTLS plugin. William Ehlhardt <williamehlhardt@gmail.com> parents: 16673 diff changeset	438 */
30064 df9de37e0274 gnutls/nss: Don't call the handshake functions synchronously. Fixes #11525 Paul Aurich <paul@darkrain42.org> parents: 30062 diff changeset	439 gnutls_data->handshake_timer = purple_timeout_add(0, start_handshake_cb,
df9de37e0274 gnutls/nss: Don't call the handshake functions synchronously. Fixes #11525 Paul Aurich <paul@darkrain42.org> parents: 30062 diff changeset	440 gsc);
15374 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	441 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	442
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	443 static void
15823 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15785 diff changeset	444 ssl_gnutls_close(PurpleSslConnection *gsc)
15374 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	445 {
15823 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15785 diff changeset	446 PurpleSslGnutlsData *gnutls_data = PURPLE_SSL_GNUTLS_DATA(gsc);
15374 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	447
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	448 if(!gnutls_data)
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	449 return;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	450
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	451 if(gnutls_data->handshake_handler)
15823 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15785 diff changeset	452 purple_input_remove(gnutls_data->handshake_handler);
30064 df9de37e0274 gnutls/nss: Don't call the handshake functions synchronously. Fixes #11525 Paul Aurich <paul@darkrain42.org> parents: 30062 diff changeset	453 if (gnutls_data->handshake_timer)
df9de37e0274 gnutls/nss: Don't call the handshake functions synchronously. Fixes #11525 Paul Aurich <paul@darkrain42.org> parents: 30062 diff changeset	454 purple_timeout_remove(gnutls_data->handshake_timer);
15374 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	455
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	456 gnutls_bye(gnutls_data->session, GNUTLS_SHUT_RDWR);
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	457
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	458 gnutls_deinit(gnutls_data->session);
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	459
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	460 g_free(gnutls_data);
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	461 gsc->private_data = NULL;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	462 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	463
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	464 static size_t
15823 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15785 diff changeset	465 ssl_gnutls_read(PurpleSslConnection gsc, void data, size_t len)
15374 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	466 {
15823 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15785 diff changeset	467 PurpleSslGnutlsData *gnutls_data = PURPLE_SSL_GNUTLS_DATA(gsc);
15374 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	468 ssize_t s;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	469
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	470 s = gnutls_record_recv(gnutls_data->session, data, len);
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	471
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	472 if(s == GNUTLS_E_AGAIN \|\| s == GNUTLS_E_INTERRUPTED) {
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	473 s = -1;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	474 errno = EAGAIN;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	475 } else if(s < 0) {
15823 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15785 diff changeset	476 purple_debug_error("gnutls", "receive failed: %s\n",
15785 eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15374 diff changeset	477 gnutls_strerror(s));
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15374 diff changeset	478 s = -1;
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15374 diff changeset	479 /*
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15374 diff changeset	480 * TODO: Set errno to something more appropriate. Or even
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15374 diff changeset	481 * better: allow ssl plugins to keep track of their
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15374 diff changeset	482 * own error message, then add a new ssl_ops function
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15374 diff changeset	483 * that returns the error message.
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15374 diff changeset	484 */
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15374 diff changeset	485 errno = EIO;
15374 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	486 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	487
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	488 return s;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	489 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	490
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	491 static size_t
15823 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15785 diff changeset	492 ssl_gnutls_write(PurpleSslConnection gsc, const void data, size_t len)
15374 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	493 {
15823 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15785 diff changeset	494 PurpleSslGnutlsData *gnutls_data = PURPLE_SSL_GNUTLS_DATA(gsc);
15374 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	495 ssize_t s = 0;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	496
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	497 /* XXX: when will gnutls_data be NULL? */
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	498 if(gnutls_data)
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	499 s = gnutls_record_send(gnutls_data->session, data, len);
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	500
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	501 if(s == GNUTLS_E_AGAIN \|\| s == GNUTLS_E_INTERRUPTED) {
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	502 s = -1;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	503 errno = EAGAIN;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	504 } else if(s < 0) {
15823 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15785 diff changeset	505 purple_debug_error("gnutls", "send failed: %s\n",
15785 eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15374 diff changeset	506 gnutls_strerror(s));
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15374 diff changeset	507 s = -1;
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15374 diff changeset	508 /*
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15374 diff changeset	509 * TODO: Set errno to something more appropriate. Or even
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15374 diff changeset	510 * better: allow ssl plugins to keep track of their
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15374 diff changeset	511 * own error message, then add a new ssl_ops function
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15374 diff changeset	512 * that returns the error message.
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15374 diff changeset	513 */
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15374 diff changeset	514 errno = EIO;
15374 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	515 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	516
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	517 return s;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	518 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	519
19491 4f472eef762c - TODO-whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19218 diff changeset	520 /* Forward declarations are fun! */
18189 030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	521 static PurpleCertificate *
20282 62b83cebbb59 applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e Richard Laager <rlaager@wiktel.com> parents: 20255 diff changeset	522 x509_import_from_datum(const gnutls_datum dt, gnutls_x509_crt_fmt mode);
17642 2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17641 diff changeset	523
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17641 diff changeset	524 static GList *
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17641 diff changeset	525 ssl_gnutls_get_peer_certificates(PurpleSslConnection * gsc)
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17641 diff changeset	526 {
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17641 diff changeset	527 PurpleSslGnutlsData *gnutls_data = PURPLE_SSL_GNUTLS_DATA(gsc);
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17641 diff changeset	528
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17641 diff changeset	529 /* List of Certificate instances to return */
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17641 diff changeset	530 GList * peer_certs = NULL;
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17641 diff changeset	531
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17641 diff changeset	532 /* List of raw certificates as given by GnuTLS */
20282 62b83cebbb59 applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e Richard Laager <rlaager@wiktel.com> parents: 20255 diff changeset	533 const gnutls_datum *cert_list;
17642 2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17641 diff changeset	534 unsigned int cert_list_size = 0;
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17641 diff changeset	535
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17641 diff changeset	536 unsigned int i;
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	537
17642 2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17641 diff changeset	538 /* This should never, ever happen. */
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17641 diff changeset	539 g_return_val_if_fail( gnutls_certificate_type_get (gnutls_data->session) == GNUTLS_CRT_X509, NULL);
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17641 diff changeset	540
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17641 diff changeset	541 /* Get the certificate list from GnuTLS */
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17641 diff changeset	542 /* TODO: I am _pretty sure_ this doesn't block or do other exciting things */
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17641 diff changeset	543 cert_list = gnutls_certificate_get_peers(gnutls_data->session,
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17641 diff changeset	544 &cert_list_size);
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17641 diff changeset	545
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17641 diff changeset	546 /* Convert each certificate to a Certificate and append it to the list */
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17641 diff changeset	547 for (i = 0; i < cert_list_size; i++) {
18189 030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	548 PurpleCertificate * newcrt = x509_import_from_datum(cert_list[i],
18186 80c909c5bb7a - Add a mode switch to allow DER or PEM imports (necessary because SSL certs William Ehlhardt <williamehlhardt@gmail.com> parents: 17642 diff changeset	549 GNUTLS_X509_FMT_DER);
17642 2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17641 diff changeset	550 /* Append is somewhat inefficient on linked lists, but is easy
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17641 diff changeset	551 to read. If someone complains, I'll change it.
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17641 diff changeset	552 TODO: Is anyone complaining? (Maybe elb?) */
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17641 diff changeset	553 peer_certs = g_list_append(peer_certs, newcrt);
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17641 diff changeset	554 }
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17641 diff changeset	555
19491 4f472eef762c - TODO-whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19218 diff changeset	556 /* cert_list doesn't need free()-ing */
17642 2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17641 diff changeset	557
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17641 diff changeset	558 return peer_certs;
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17641 diff changeset	559 }
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17641 diff changeset	560
17641 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	561 /************************************************************************/
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	562 /* X.509 functionality */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	563 /************************************************************************/
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	564 const gchar * SCHEME_NAME = "x509";
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	565
18189 030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	566 static PurpleCertificateScheme x509_gnutls;
17641 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	567
19017 e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	568 /** Refcounted GnuTLS certificate data instance */
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	569 typedef struct {
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	570 gint refcount;
20282 62b83cebbb59 applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e Richard Laager <rlaager@wiktel.com> parents: 20255 diff changeset	571 gnutls_x509_crt crt;
19017 e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	572 } x509_crtdata_t;
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	573
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	574 /** Helper functions for reference counting */
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	575 static x509_crtdata_t *
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	576 x509_crtdata_addref(x509_crtdata_t *cd)
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	577 {
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	578 (cd->refcount)++;
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	579 return cd;
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	580 }
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	581
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	582 static void
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	583 x509_crtdata_delref(x509_crtdata_t *cd)
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	584 {
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	585 (cd->refcount)--;
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	586
19552 c35c3c3fc4cf refcount of 0 is normal Mark Doliner <mark@kingant.net> parents: 19551 diff changeset	587 if (cd->refcount < 0)
19551 ce3dec442fec Replace a call to g_assert() with a logging statement Mark Doliner <mark@kingant.net> parents: 19550 diff changeset	588 g_critical("Refcount of x509_crtdata_t is %d, which is less "
ce3dec442fec Replace a call to g_assert() with a logging statement Mark Doliner <mark@kingant.net> parents: 19550 diff changeset	589 "than zero!\n", cd->refcount);
ce3dec442fec Replace a call to g_assert() with a logging statement Mark Doliner <mark@kingant.net> parents: 19550 diff changeset	590
19017 e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	591 /* If the refcount reaches zero, kill the structure */
19551 ce3dec442fec Replace a call to g_assert() with a logging statement Mark Doliner <mark@kingant.net> parents: 19550 diff changeset	592 if (cd->refcount <= 0) {
19017 e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	593 /* Kill the internal data */
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	594 gnutls_x509_crt_deinit( cd->crt );
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	595 /* And kill the struct */
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	596 g_free( cd );
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	597 }
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	598 }
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	599
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	600 /** Helper macro to retrieve the GnuTLS crt_t from a PurpleCertificate */
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	601 #define X509_GET_GNUTLS_DATA(pcrt) ( ((x509_crtdata_t *) (pcrt->data))->crt)
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	602
20282 62b83cebbb59 applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e Richard Laager <rlaager@wiktel.com> parents: 20255 diff changeset	603 /** Transforms a gnutls_datum containing an X.509 certificate into a Certificate instance under the x509_gnutls scheme
17642 2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17641 diff changeset	604 *
18186 80c909c5bb7a - Add a mode switch to allow DER or PEM imports (necessary because SSL certs William Ehlhardt <williamehlhardt@gmail.com> parents: 17642 diff changeset	605 * @param dt Datum to transform
80c909c5bb7a - Add a mode switch to allow DER or PEM imports (necessary because SSL certs William Ehlhardt <williamehlhardt@gmail.com> parents: 17642 diff changeset	606 * @param mode GnuTLS certificate format specifier (GNUTLS_X509_FMT_PEM for
80c909c5bb7a - Add a mode switch to allow DER or PEM imports (necessary because SSL certs William Ehlhardt <williamehlhardt@gmail.com> parents: 17642 diff changeset	607 * reading from files, and GNUTLS_X509_FMT_DER for converting
80c909c5bb7a - Add a mode switch to allow DER or PEM imports (necessary because SSL certs William Ehlhardt <williamehlhardt@gmail.com> parents: 17642 diff changeset	608 * "over the wire" certs for SSL)
17642 2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17641 diff changeset	609 *
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17641 diff changeset	610 * @return A newly allocated Certificate structure of the x509_gnutls scheme
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17641 diff changeset	611 */
18189 030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	612 static PurpleCertificate *
20282 62b83cebbb59 applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e Richard Laager <rlaager@wiktel.com> parents: 20255 diff changeset	613 x509_import_from_datum(const gnutls_datum dt, gnutls_x509_crt_fmt mode)
17642 2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17641 diff changeset	614 {
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17641 diff changeset	615 /* Internal certificate data structure */
19017 e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	616 x509_crtdata_t *certdat;
17642 2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17641 diff changeset	617 /* New certificate to return */
18189 030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	618 PurpleCertificate * crt;
17642 2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17641 diff changeset	619
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17641 diff changeset	620 /* Allocate and prepare the internal certificate data */
19017 e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	621 certdat = g_new0(x509_crtdata_t, 1);
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	622 gnutls_x509_crt_init(&(certdat->crt));
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	623 certdat->refcount = 0;
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	624
17642 2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17641 diff changeset	625 /* Perform the actual certificate parse */
19017 e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	626 /* Yes, certdat->crt should be passed as-is */
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	627 gnutls_x509_crt_import(certdat->crt, &dt, mode);
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	628
17642 2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17641 diff changeset	629 /* Allocate the certificate and load it with data */
18961 fa138dbacff5 - More g_new0 instead of g_new William Ehlhardt <williamehlhardt@gmail.com> parents: 18955 diff changeset	630 crt = g_new0(PurpleCertificate, 1);
17642 2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17641 diff changeset	631 crt->scheme = &x509_gnutls;
19017 e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	632 crt->data = x509_crtdata_addref(certdat);
17642 2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17641 diff changeset	633
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17641 diff changeset	634 return crt;
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17641 diff changeset	635 }
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17641 diff changeset	636
17641 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	637 /** Imports a PEM-formatted X.509 certificate from the specified file.
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	638 * @param filename Filename to import from. Format is PEM
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	639 *
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	640 * @return A newly allocated Certificate structure of the x509_gnutls scheme
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	641 */
18189 030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	642 static PurpleCertificate *
17641 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	643 x509_import_from_file(const gchar * filename)
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	644 {
18189 030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	645 PurpleCertificate crt; / Certificate being constructed */
17641 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	646 gchar buf; / Used to load the raw file data */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	647 gsize buf_sz; /* Size of the above */
20282 62b83cebbb59 applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e Richard Laager <rlaager@wiktel.com> parents: 20255 diff changeset	648 gnutls_datum dt; /* Struct to pass down to GnuTLS */
17641 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	649
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	650 purple_debug_info("gnutls",
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	651 "Attempting to load X.509 certificate from %s\n",
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	652 filename);
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	653
17641 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	654 /* Next, we'll simply yank the entire contents of the file
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	655 into memory */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	656 /* TODO: Should I worry about very large files here? */
19491 4f472eef762c - TODO-whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19218 diff changeset	657 g_return_val_if_fail(
4f472eef762c - TODO-whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19218 diff changeset	658 g_file_get_contents(filename,
17641 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	659 &buf,
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	660 &buf_sz,
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	661 NULL /* No error checking for now */
19491 4f472eef762c - TODO-whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19218 diff changeset	662 ),
4f472eef762c - TODO-whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19218 diff changeset	663 NULL);
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	664
17641 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	665 /* Load the datum struct */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	666 dt.data = (unsigned char *) buf;
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	667 dt.size = buf_sz;
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	668
21678 a890a1574703 Boo for C99 in the core Ethan Blanton <elb@pidgin.im> parents: 21030 diff changeset	669 /* Perform the conversion; files should be in PEM format */
a890a1574703 Boo for C99 in the core Ethan Blanton <elb@pidgin.im> parents: 21030 diff changeset	670 crt = x509_import_from_datum(dt, GNUTLS_X509_FMT_PEM);
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	671
17641 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	672 /* Cleanup */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	673 g_free(buf);
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	674
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	675 return crt;
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	676 }
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	677
30050 c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28725 diff changeset	678 /** Imports a number of PEM-formatted X.509 certificates from the specified file.
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28725 diff changeset	679 * @param filename Filename to import from. Format is PEM
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28725 diff changeset	680 *
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28725 diff changeset	681 * @return A newly allocated GSList of Certificate structures of the x509_gnutls scheme
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28725 diff changeset	682 */
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28725 diff changeset	683 static GSList *
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28725 diff changeset	684 x509_importcerts_from_file(const gchar * filename)
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28725 diff changeset	685 {
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28725 diff changeset	686 PurpleCertificate crt; / Certificate being constructed */
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28725 diff changeset	687 gchar buf; / Used to load the raw file data */
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28725 diff changeset	688 gchar begin, end;
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28725 diff changeset	689 GSList *crts = NULL;
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28725 diff changeset	690 gsize buf_sz; /* Size of the above */
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28725 diff changeset	691 gnutls_datum dt; /* Struct to pass down to GnuTLS */
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28725 diff changeset	692
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28725 diff changeset	693 purple_debug_info("gnutls",
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28725 diff changeset	694 "Attempting to load X.509 certificates from %s\n",
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28725 diff changeset	695 filename);
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28725 diff changeset	696
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28725 diff changeset	697 /* Next, we'll simply yank the entire contents of the file
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28725 diff changeset	698 into memory */
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28725 diff changeset	699 /* TODO: Should I worry about very large files here? */
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28725 diff changeset	700 g_return_val_if_fail(
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28725 diff changeset	701 g_file_get_contents(filename,
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28725 diff changeset	702 &buf,
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28725 diff changeset	703 &buf_sz,
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28725 diff changeset	704 NULL /* No error checking for now */
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28725 diff changeset	705 ),
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28725 diff changeset	706 NULL);
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28725 diff changeset	707
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28725 diff changeset	708 begin = buf;
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28725 diff changeset	709 while((end = strstr(begin, "-----END CERTIFICATE-----")) != NULL) {
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28725 diff changeset	710 end += sizeof("-----END CERTIFICATE-----")-1;
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28725 diff changeset	711 /* Load the datum struct */
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28725 diff changeset	712 dt.data = (unsigned char *) begin;
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28725 diff changeset	713 dt.size = (end-begin);
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28725 diff changeset	714
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28725 diff changeset	715 /* Perform the conversion; files should be in PEM format */
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28725 diff changeset	716 crt = x509_import_from_datum(dt, GNUTLS_X509_FMT_PEM);
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28725 diff changeset	717 crts = g_slist_prepend(crts, crt);
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28725 diff changeset	718 begin = end;
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28725 diff changeset	719 }
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28725 diff changeset	720
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28725 diff changeset	721 /* Cleanup */
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28725 diff changeset	722 g_free(buf);
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28725 diff changeset	723
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28725 diff changeset	724 return crts;
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28725 diff changeset	725 }
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28725 diff changeset	726
18977 31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	727 /**
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	728 * Exports a PEM-formatted X.509 certificate to the specified file.
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	729 * @param filename Filename to export to. Format will be PEM
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	730 * @param crt Certificate to export
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	731 *
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	732 * @return TRUE if success, otherwise FALSE
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	733 */
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	734 static gboolean
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	735 x509_export_certificate(const gchar filename, PurpleCertificate crt)
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	736 {
20282 62b83cebbb59 applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e Richard Laager <rlaager@wiktel.com> parents: 20255 diff changeset	737 gnutls_x509_crt crt_dat; /* GnuTLS cert struct */
18977 31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	738 int ret;
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	739 gchar * out_buf; /* Data to output */
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	740 size_t out_size; /* Output size */
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	741 gboolean success = FALSE;
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	742
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	743 /* Paranoia paranoia paranoia! */
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	744 g_return_val_if_fail(filename, FALSE);
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	745 g_return_val_if_fail(crt, FALSE);
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	746 g_return_val_if_fail(crt->scheme == &x509_gnutls, FALSE);
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	747 g_return_val_if_fail(crt->data, FALSE);
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	748
19017 e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	749 crt_dat = X509_GET_GNUTLS_DATA(crt);
18977 31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	750
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	751 /* Obtain the output size required */
19004 d4065b26dcac - Fix intermittent crash due to uninitialized variable William Ehlhardt <williamehlhardt@gmail.com> parents: 19003 diff changeset	752 out_size = 0;
18977 31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	753 ret = gnutls_x509_crt_export(crt_dat, GNUTLS_X509_FMT_PEM,
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	754 NULL, /* Provide no buffer yet */
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	755 &out_size /* Put size here */
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	756 );
19002 daeca1b9ebdb - Fix an incorrect assertion in GnuTLS plugin William Ehlhardt <williamehlhardt@gmail.com> parents: 18977 diff changeset	757 g_return_val_if_fail(ret == GNUTLS_E_SHORT_MEMORY_BUFFER, FALSE);
18977 31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	758
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	759 /* Now allocate a buffer and really export it */
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	760 out_buf = g_new0(gchar, out_size);
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	761 ret = gnutls_x509_crt_export(crt_dat, GNUTLS_X509_FMT_PEM,
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	762 out_buf, /* Export to our new buffer */
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	763 &out_size /* Put size here */
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	764 );
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	765 if (ret != 0) {
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	766 purple_debug_error("gnutls/x509",
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	767 "Failed to export cert to buffer with code %d\n",
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	768 ret);
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	769 g_free(out_buf);
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	770 return FALSE;
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	771 }
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	772
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	773 /* Write it out to an actual file */
19498 7589b218f89a - Add purple_util_write_data_to_file_absolute; glib's William Ehlhardt <williamehlhardt@gmail.com> parents: 19494 diff changeset	774 success = purple_util_write_data_to_file_absolute(filename,
7589b218f89a - Add purple_util_write_data_to_file_absolute; glib's William Ehlhardt <williamehlhardt@gmail.com> parents: 19494 diff changeset	775 out_buf, out_size);
18977 31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	776
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	777 g_free(out_buf);
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	778 return success;
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	779 }
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	780
19019 e179e7e6ded7 - Add GnuTLS X.509 cert copy operator William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	781 static PurpleCertificate *
e179e7e6ded7 - Add GnuTLS X.509 cert copy operator William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	782 x509_copy_certificate(PurpleCertificate *crt)
e179e7e6ded7 - Add GnuTLS X.509 cert copy operator William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	783 {
e179e7e6ded7 - Add GnuTLS X.509 cert copy operator William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	784 x509_crtdata_t *crtdat;
e179e7e6ded7 - Add GnuTLS X.509 cert copy operator William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	785 PurpleCertificate *newcrt;
e179e7e6ded7 - Add GnuTLS X.509 cert copy operator William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	786
e179e7e6ded7 - Add GnuTLS X.509 cert copy operator William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	787 g_return_val_if_fail(crt, NULL);
e179e7e6ded7 - Add GnuTLS X.509 cert copy operator William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	788 g_return_val_if_fail(crt->scheme == &x509_gnutls, NULL);
e179e7e6ded7 - Add GnuTLS X.509 cert copy operator William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	789
e179e7e6ded7 - Add GnuTLS X.509 cert copy operator William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	790 crtdat = (x509_crtdata_t *) crt->data;
e179e7e6ded7 - Add GnuTLS X.509 cert copy operator William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	791
e179e7e6ded7 - Add GnuTLS X.509 cert copy operator William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	792 newcrt = g_new0(PurpleCertificate, 1);
e179e7e6ded7 - Add GnuTLS X.509 cert copy operator William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	793 newcrt->scheme = &x509_gnutls;
e179e7e6ded7 - Add GnuTLS X.509 cert copy operator William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	794 newcrt->data = x509_crtdata_addref(crtdat);
e179e7e6ded7 - Add GnuTLS X.509 cert copy operator William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	795
e179e7e6ded7 - Add GnuTLS X.509 cert copy operator William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	796 return newcrt;
e179e7e6ded7 - Add GnuTLS X.509 cert copy operator William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	797 }
17641 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	798 /** Frees a Certificate
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	799 *
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	800 * Destroys a Certificate's internal data structures and frees the pointer
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	801 * given.
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	802 * @param crt Certificate instance to be destroyed. It WILL NOT be destroyed
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	803 * if it is not of the correct CertificateScheme. Can be NULL
17641 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	804 *
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	805 */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	806 static void
18189 030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	807 x509_destroy_certificate(PurpleCertificate * crt)
17641 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	808 {
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	809 if (NULL == crt) return;
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	810
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	811 /* Check that the scheme is x509_gnutls */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	812 if ( crt->scheme != &x509_gnutls ) {
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	813 purple_debug_error("gnutls",
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	814 "destroy_certificate attempted on certificate of wrong scheme (scheme was %s, expected %s)\n",
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	815 crt->scheme->name,
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	816 SCHEME_NAME);
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	817 return;
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	818 }
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	819
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	820 g_return_if_fail(crt->data != NULL);
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	821 g_return_if_fail(crt->scheme != NULL);
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	822
19017 e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	823 /* Use the reference counting system to free (or not) the
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	824 underlying data */
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	825 x509_crtdata_delref((x509_crtdata_t *)crt->data);
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	826
17641 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	827 /* Kill the structure itself */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	828 g_free(crt);
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	829 }
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17639 diff changeset	830
18191 a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	831 /** Determines whether one certificate has been issued and signed by another
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	832 *
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	833 * @param crt Certificate to check the signature of
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	834 * @param issuer Issuer's certificate
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	835 *
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	836 * @return TRUE if crt was signed and issued by issuer, otherwise FALSE
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	837 * @TODO Modify this function to return a reason for invalidity?
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	838 */
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	839 static gboolean
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	840 x509_certificate_signed_by(PurpleCertificate * crt,
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	841 PurpleCertificate * issuer)
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	842 {
20282 62b83cebbb59 applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e Richard Laager <rlaager@wiktel.com> parents: 20255 diff changeset	843 gnutls_x509_crt crt_dat;
62b83cebbb59 applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e Richard Laager <rlaager@wiktel.com> parents: 20255 diff changeset	844 gnutls_x509_crt issuer_dat;
19212 2c7c934bfb4e - Fix x509_signed_by. Apparently I can't read documentation. William Ehlhardt <williamehlhardt@gmail.com> parents: 19079 diff changeset	845 unsigned int verify; /* used to store result from GnuTLS verifier */
18191 a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	846 int ret;
27983 0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27265 diff changeset	847 gchar *crt_id = NULL;
0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27265 diff changeset	848 gchar *issuer_id = NULL;
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	849
18191 a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	850 g_return_val_if_fail(crt, FALSE);
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	851 g_return_val_if_fail(issuer, FALSE);
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	852
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	853 /* Verify that both certs are the correct scheme */
18963 146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	854 g_return_val_if_fail(crt->scheme == &x509_gnutls, FALSE);
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	855 g_return_val_if_fail(issuer->scheme == &x509_gnutls, FALSE);
18191 a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	856
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	857 /* TODO: check for more nullness? */
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	858
19017 e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	859 crt_dat = X509_GET_GNUTLS_DATA(crt);
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	860 issuer_dat = X509_GET_GNUTLS_DATA(issuer);
18191 a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	861
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	862 /* First, let's check that crt.issuer is actually issuer */
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	863 ret = gnutls_x509_crt_check_issuer(crt_dat, issuer_dat);
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	864 if (ret <= 0) {
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	865
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	866 if (ret < 0) {
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	867 purple_debug_error("gnutls/x509",
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	868 "GnuTLS error %d while checking certificate issuer match.",
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	869 ret);
19212 2c7c934bfb4e - Fix x509_signed_by. Apparently I can't read documentation. William Ehlhardt <williamehlhardt@gmail.com> parents: 19079 diff changeset	870 } else {
2c7c934bfb4e - Fix x509_signed_by. Apparently I can't read documentation. William Ehlhardt <williamehlhardt@gmail.com> parents: 19079 diff changeset	871 gchar crt_id, issuer_id, *crt_issuer_id;
2c7c934bfb4e - Fix x509_signed_by. Apparently I can't read documentation. William Ehlhardt <williamehlhardt@gmail.com> parents: 19079 diff changeset	872 crt_id = purple_certificate_get_unique_id(crt);
2c7c934bfb4e - Fix x509_signed_by. Apparently I can't read documentation. William Ehlhardt <williamehlhardt@gmail.com> parents: 19079 diff changeset	873 issuer_id = purple_certificate_get_unique_id(issuer);
2c7c934bfb4e - Fix x509_signed_by. Apparently I can't read documentation. William Ehlhardt <williamehlhardt@gmail.com> parents: 19079 diff changeset	874 crt_issuer_id =
2c7c934bfb4e - Fix x509_signed_by. Apparently I can't read documentation. William Ehlhardt <williamehlhardt@gmail.com> parents: 19079 diff changeset	875 purple_certificate_get_issuer_unique_id(crt);
2c7c934bfb4e - Fix x509_signed_by. Apparently I can't read documentation. William Ehlhardt <williamehlhardt@gmail.com> parents: 19079 diff changeset	876 purple_debug_info("gnutls/x509",
28725 401a00227615 ssl-gnutls: I think this error message makes a little more sense. Paul Aurich <paul@darkrain42.org> parents: 28722 diff changeset	877 "Certificate %s is issued by "
401a00227615 ssl-gnutls: I think this error message makes a little more sense. Paul Aurich <paul@darkrain42.org> parents: 28722 diff changeset	878 "%s, which does not match %s.\n",
20285 3b459f294dc1 applied changes from f143c30a12f30c53e017f1bfc22ccddee96036fc Richard Laager <rlaager@wiktel.com> parents: 20284 diff changeset	879 crt_id ? crt_id : "(null)",
3b459f294dc1 applied changes from f143c30a12f30c53e017f1bfc22ccddee96036fc Richard Laager <rlaager@wiktel.com> parents: 20284 diff changeset	880 crt_issuer_id ? crt_issuer_id : "(null)",
3b459f294dc1 applied changes from f143c30a12f30c53e017f1bfc22ccddee96036fc Richard Laager <rlaager@wiktel.com> parents: 20284 diff changeset	881 issuer_id ? issuer_id : "(null)");
19212 2c7c934bfb4e - Fix x509_signed_by. Apparently I can't read documentation. William Ehlhardt <williamehlhardt@gmail.com> parents: 19079 diff changeset	882 g_free(crt_id);
2c7c934bfb4e - Fix x509_signed_by. Apparently I can't read documentation. William Ehlhardt <williamehlhardt@gmail.com> parents: 19079 diff changeset	883 g_free(issuer_id);
2c7c934bfb4e - Fix x509_signed_by. Apparently I can't read documentation. William Ehlhardt <williamehlhardt@gmail.com> parents: 19079 diff changeset	884 g_free(crt_issuer_id);
18191 a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	885 }
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	886
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	887 /* The issuer is not correct, or there were errors */
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	888 return FALSE;
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	889 }
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	890
18191 a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	891 /* Now, check the signature */
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	892 /* The second argument is a ptr to an array of "trusted" issuer certs,
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	893 but we're only using one trusted one */
19218 0e17da726a8c - x509_signed_by now accepts a signature by an X.509 version 1 William Ehlhardt <williamehlhardt@gmail.com> parents: 19215 diff changeset	894 ret = gnutls_x509_crt_verify(crt_dat, &issuer_dat, 1,
0e17da726a8c - x509_signed_by now accepts a signature by an X.509 version 1 William Ehlhardt <williamehlhardt@gmail.com> parents: 19215 diff changeset	895 /* Permit signings by X.509v1 certs
0e17da726a8c - x509_signed_by now accepts a signature by an X.509 version 1 William Ehlhardt <williamehlhardt@gmail.com> parents: 19215 diff changeset	896 (Verisign and possibly others have
0e17da726a8c - x509_signed_by now accepts a signature by an X.509 version 1 William Ehlhardt <williamehlhardt@gmail.com> parents: 19215 diff changeset	897 root certificates that predate the
0e17da726a8c - x509_signed_by now accepts a signature by an X.509 version 1 William Ehlhardt <williamehlhardt@gmail.com> parents: 19215 diff changeset	898 current standard) */
0e17da726a8c - x509_signed_by now accepts a signature by an X.509 version 1 William Ehlhardt <williamehlhardt@gmail.com> parents: 19215 diff changeset	899 GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT,
0e17da726a8c - x509_signed_by now accepts a signature by an X.509 version 1 William Ehlhardt <williamehlhardt@gmail.com> parents: 19215 diff changeset	900 &verify);
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	901
19212 2c7c934bfb4e - Fix x509_signed_by. Apparently I can't read documentation. William Ehlhardt <williamehlhardt@gmail.com> parents: 19079 diff changeset	902 if (ret != 0) {
18191 a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	903 purple_debug_error("gnutls/x509",
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	904 "Attempted certificate verification caused a GnuTLS error code %d. I will just say the signature is bad, but you should look into this.\n", ret);
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	905 return FALSE;
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	906 }
19212 2c7c934bfb4e - Fix x509_signed_by. Apparently I can't read documentation. William Ehlhardt <williamehlhardt@gmail.com> parents: 19079 diff changeset	907
28722 13a229a062c6 Check the GnuTLS version before using a recent-ish flag. Fixes #10412. Paul Aurich <paul@darkrain42.org> parents: 27983 diff changeset	908 #ifdef HAVE_GNUTLS_CERT_INSECURE_ALGORITHM
27983 0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27265 diff changeset	909 if (verify & GNUTLS_CERT_INSECURE_ALGORITHM) {
0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27265 diff changeset	910 /*
0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27265 diff changeset	911 * A certificate in the chain is signed with an insecure
0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27265 diff changeset	912 * algorithm. Put a warning into the log to make this error
0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27265 diff changeset	913 * perfectly clear as soon as someone looks at the debug log is
0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27265 diff changeset	914 * generated.
0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27265 diff changeset	915 */
0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27265 diff changeset	916 crt_id = purple_certificate_get_unique_id(crt);
0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27265 diff changeset	917 issuer_id = purple_certificate_get_issuer_unique_id(crt);
0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27265 diff changeset	918 purple_debug_warning("gnutls/x509",
0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27265 diff changeset	919 "Insecure hash algorithm used by %s to sign %s\n",
0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27265 diff changeset	920 issuer_id, crt_id);
0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27265 diff changeset	921 }
28722 13a229a062c6 Check the GnuTLS version before using a recent-ish flag. Fixes #10412. Paul Aurich <paul@darkrain42.org> parents: 27983 diff changeset	922 #endif
27983 0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27265 diff changeset	923
19212 2c7c934bfb4e - Fix x509_signed_by. Apparently I can't read documentation. William Ehlhardt <williamehlhardt@gmail.com> parents: 19079 diff changeset	924 if (verify & GNUTLS_CERT_INVALID) {
18191 a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	925 /* Signature didn't check out, but at least
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	926 there were no errors*/
27983 0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27265 diff changeset	927 if (!crt_id)
0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27265 diff changeset	928 crt_id = purple_certificate_get_unique_id(crt);
0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27265 diff changeset	929 if (!issuer_id)
0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27265 diff changeset	930 issuer_id = purple_certificate_get_issuer_unique_id(crt);
0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27265 diff changeset	931 purple_debug_error("gnutls/x509",
0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27265 diff changeset	932 "Bad signature from %s on %s\n",
19212 2c7c934bfb4e - Fix x509_signed_by. Apparently I can't read documentation. William Ehlhardt <williamehlhardt@gmail.com> parents: 19079 diff changeset	933 issuer_id, crt_id);
2c7c934bfb4e - Fix x509_signed_by. Apparently I can't read documentation. William Ehlhardt <williamehlhardt@gmail.com> parents: 19079 diff changeset	934 g_free(crt_id);
2c7c934bfb4e - Fix x509_signed_by. Apparently I can't read documentation. William Ehlhardt <williamehlhardt@gmail.com> parents: 19079 diff changeset	935 g_free(issuer_id);
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	936
18191 a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	937 return FALSE;
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	938 } /* if (ret, etc.) */
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	939
19212 2c7c934bfb4e - Fix x509_signed_by. Apparently I can't read documentation. William Ehlhardt <williamehlhardt@gmail.com> parents: 19079 diff changeset	940 /* If we got here, the signature is good */
2c7c934bfb4e - Fix x509_signed_by. Apparently I can't read documentation. William Ehlhardt <williamehlhardt@gmail.com> parents: 19079 diff changeset	941 return TRUE;
18191 a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	942 }
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	943
18935 cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	944 static GByteArray *
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	945 x509_sha1sum(PurpleCertificate *crt)
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	946 {
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	947 size_t hashlen = 20; /* SHA1 hashes are 20 bytes */
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	948 size_t tmpsz = hashlen; /* Throw-away variable for GnuTLS to stomp on*/
20282 62b83cebbb59 applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e Richard Laager <rlaager@wiktel.com> parents: 20255 diff changeset	949 gnutls_x509_crt crt_dat;
18935 cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	950 GByteArray hash; /< Final hash container /
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	951 guchar hashbuf[hashlen]; /*< Temporary buffer to contain hash /
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	952
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	953 g_return_val_if_fail(crt, NULL);
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	954
19017 e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	955 crt_dat = X509_GET_GNUTLS_DATA(crt);
18935 cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	956
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	957 /* Extract the fingerprint */
19492 447470c8111a - More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19491 diff changeset	958 g_return_val_if_fail(
447470c8111a - More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19491 diff changeset	959 0 == gnutls_x509_crt_get_fingerprint(crt_dat, GNUTLS_MAC_SHA,
447470c8111a - More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19491 diff changeset	960 hashbuf, &tmpsz),
447470c8111a - More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19491 diff changeset	961 NULL);
18935 cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	962
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	963 /* This shouldn't happen */
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	964 g_return_val_if_fail(tmpsz == hashlen, NULL);
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	965
18935 cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	966 /* Okay, now create and fill hash array */
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	967 hash = g_byte_array_new();
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	968 g_byte_array_append(hash, hashbuf, hashlen);
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	969
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	970 return hash;
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	971 }
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	972
18963 146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	973 static gchar *
19079 05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	974 x509_cert_dn (PurpleCertificate *crt)
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	975 {
20282 62b83cebbb59 applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e Richard Laager <rlaager@wiktel.com> parents: 20255 diff changeset	976 gnutls_x509_crt cert_dat;
19079 05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	977 gchar *dn = NULL;
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	978 size_t dn_size;
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	979
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	980 g_return_val_if_fail(crt, NULL);
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	981 g_return_val_if_fail(crt->scheme == &x509_gnutls, NULL);
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	982
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	983 cert_dat = X509_GET_GNUTLS_DATA(crt);
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	984
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	985 /* Figure out the length of the Distinguished Name */
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	986 /* Claim that the buffer is size 0 so GnuTLS just tells us how much
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	987 space it needs */
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	988 dn_size = 0;
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	989 gnutls_x509_crt_get_dn(cert_dat, dn, &dn_size);
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	990
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	991 /* Now allocate and get the Distinguished Name */
20283 5edb55b70108 applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971 Richard Laager <rlaager@wiktel.com> parents: 20282 diff changeset	992 /* Old versions of GnuTLS have an off-by-one error in reporting
5edb55b70108 applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971 Richard Laager <rlaager@wiktel.com> parents: 20282 diff changeset	993 the size of the needed buffer in some functions, so allocate
5edb55b70108 applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971 Richard Laager <rlaager@wiktel.com> parents: 20282 diff changeset	994 an extra byte */
5edb55b70108 applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971 Richard Laager <rlaager@wiktel.com> parents: 20282 diff changeset	995 dn = g_new0(gchar, ++dn_size);
19493 e147c3a821dd - Errorchecking in x509_cert_dn William Ehlhardt <williamehlhardt@gmail.com> parents: 19492 diff changeset	996 if (0 != gnutls_x509_crt_get_dn(cert_dat, dn, &dn_size)) {
e147c3a821dd - Errorchecking in x509_cert_dn William Ehlhardt <williamehlhardt@gmail.com> parents: 19492 diff changeset	997 purple_debug_error("gnutls/x509",
e147c3a821dd - Errorchecking in x509_cert_dn William Ehlhardt <williamehlhardt@gmail.com> parents: 19492 diff changeset	998 "Failed to get Distinguished Name\n");
e147c3a821dd - Errorchecking in x509_cert_dn William Ehlhardt <williamehlhardt@gmail.com> parents: 19492 diff changeset	999 g_free(dn);
e147c3a821dd - Errorchecking in x509_cert_dn William Ehlhardt <williamehlhardt@gmail.com> parents: 19492 diff changeset	1000 return NULL;
e147c3a821dd - Errorchecking in x509_cert_dn William Ehlhardt <williamehlhardt@gmail.com> parents: 19492 diff changeset	1001 }
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	1002
19079 05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1003 return dn;
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1004 }
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1005
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1006 static gchar *
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1007 x509_issuer_dn (PurpleCertificate *crt)
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1008 {
20282 62b83cebbb59 applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e Richard Laager <rlaager@wiktel.com> parents: 20255 diff changeset	1009 gnutls_x509_crt cert_dat;
19079 05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1010 gchar *dn = NULL;
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1011 size_t dn_size;
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1012
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1013 g_return_val_if_fail(crt, NULL);
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1014 g_return_val_if_fail(crt->scheme == &x509_gnutls, NULL);
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1015
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1016 cert_dat = X509_GET_GNUTLS_DATA(crt);
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1017
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1018 /* Figure out the length of the Distinguished Name */
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1019 /* Claim that the buffer is size 0 so GnuTLS just tells us how much
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1020 space it needs */
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1021 dn_size = 0;
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1022 gnutls_x509_crt_get_issuer_dn(cert_dat, dn, &dn_size);
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1023
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1024 /* Now allocate and get the Distinguished Name */
20283 5edb55b70108 applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971 Richard Laager <rlaager@wiktel.com> parents: 20282 diff changeset	1025 /* Old versions of GnuTLS have an off-by-one error in reporting
5edb55b70108 applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971 Richard Laager <rlaager@wiktel.com> parents: 20282 diff changeset	1026 the size of the needed buffer in some functions, so allocate
5edb55b70108 applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971 Richard Laager <rlaager@wiktel.com> parents: 20282 diff changeset	1027 an extra byte */
5edb55b70108 applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971 Richard Laager <rlaager@wiktel.com> parents: 20282 diff changeset	1028 dn = g_new0(gchar, ++dn_size);
19494 280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	1029 if (0 != gnutls_x509_crt_get_issuer_dn(cert_dat, dn, &dn_size)) {
280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	1030 purple_debug_error("gnutls/x509",
280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	1031 "Failed to get issuer's Distinguished "
280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	1032 "Name\n");
280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	1033 g_free(dn);
280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	1034 return NULL;
280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	1035 }
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	1036
19079 05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1037 return dn;
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1038 }
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1039
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1040 static gchar *
18963 146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1041 x509_common_name (PurpleCertificate *crt)
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1042 {
20282 62b83cebbb59 applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e Richard Laager <rlaager@wiktel.com> parents: 20255 diff changeset	1043 gnutls_x509_crt cert_dat;
18963 146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1044 gchar *cn = NULL;
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1045 size_t cn_size;
19494 280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	1046 int ret;
18963 146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1047
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1048 g_return_val_if_fail(crt, NULL);
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1049 g_return_val_if_fail(crt->scheme == &x509_gnutls, NULL);
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1050
19017 e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	1051 cert_dat = X509_GET_GNUTLS_DATA(crt);
18963 146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1052
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1053 /* Figure out the length of the Common Name */
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1054 /* Claim that the buffer is size 0 so GnuTLS just tells us how much
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1055 space it needs */
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1056 cn_size = 0;
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1057 gnutls_x509_crt_get_dn_by_oid(cert_dat,
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1058 GNUTLS_OID_X520_COMMON_NAME,
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1059 0, /* First CN found, please */
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1060 0, /* Not in raw mode */
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1061 cn, &cn_size);
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1062
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1063 /* Now allocate and get the Common Name */
20283 5edb55b70108 applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971 Richard Laager <rlaager@wiktel.com> parents: 20282 diff changeset	1064 /* Old versions of GnuTLS have an off-by-one error in reporting
5edb55b70108 applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971 Richard Laager <rlaager@wiktel.com> parents: 20282 diff changeset	1065 the size of the needed buffer in some functions, so allocate
5edb55b70108 applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971 Richard Laager <rlaager@wiktel.com> parents: 20282 diff changeset	1066 an extra byte */
5edb55b70108 applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971 Richard Laager <rlaager@wiktel.com> parents: 20282 diff changeset	1067 cn = g_new0(gchar, ++cn_size);
19494 280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	1068 ret = gnutls_x509_crt_get_dn_by_oid(cert_dat,
280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	1069 GNUTLS_OID_X520_COMMON_NAME,
280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	1070 0, /* First CN found, please */
280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	1071 0, /* Not in raw mode */
280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	1072 cn, &cn_size);
280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	1073 if (ret != 0) {
280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	1074 purple_debug_error("gnutls/x509",
280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	1075 "Failed to get Common Name\n");
280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	1076 g_free(cn);
280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	1077 return NULL;
280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	1078 }
280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	1079
18963 146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1080 return cn;
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1081 }
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1082
19008 7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	1083 static gboolean
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	1084 x509_check_name (PurpleCertificate crt, const gchar name)
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	1085 {
20282 62b83cebbb59 applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e Richard Laager <rlaager@wiktel.com> parents: 20255 diff changeset	1086 gnutls_x509_crt crt_dat;
19008 7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	1087
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	1088 g_return_val_if_fail(crt, FALSE);
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	1089 g_return_val_if_fail(crt->scheme == &x509_gnutls, FALSE);
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	1090 g_return_val_if_fail(name, FALSE);
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	1091
19017 e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	1092 crt_dat = X509_GET_GNUTLS_DATA(crt);
19008 7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	1093
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	1094 if (gnutls_x509_crt_check_hostname(crt_dat, name)) {
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	1095 return TRUE;
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	1096 } else {
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	1097 return FALSE;
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	1098 }
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	1099 }
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	1100
19067 6c0aad79c4c5 - Change the internal structure of activation/expiration times to match William Ehlhardt <williamehlhardt@gmail.com> parents: 19021 diff changeset	1101 static gboolean
6c0aad79c4c5 - Change the internal structure of activation/expiration times to match William Ehlhardt <williamehlhardt@gmail.com> parents: 19021 diff changeset	1102 x509_times (PurpleCertificate crt, time_t activation, time_t *expiration)
19013 5157ebe90b93 - Add activation/expiration time retrievers to GnuTLS plugin William Ehlhardt <williamehlhardt@gmail.com> parents: 19008 diff changeset	1103 {
20282 62b83cebbb59 applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e Richard Laager <rlaager@wiktel.com> parents: 20255 diff changeset	1104 gnutls_x509_crt crt_dat;
19067 6c0aad79c4c5 - Change the internal structure of activation/expiration times to match William Ehlhardt <williamehlhardt@gmail.com> parents: 19021 diff changeset	1105 /* GnuTLS time functions return this on error */
6c0aad79c4c5 - Change the internal structure of activation/expiration times to match William Ehlhardt <williamehlhardt@gmail.com> parents: 19021 diff changeset	1106 const time_t errval = (time_t) (-1);
20332 3a9709bfde65 applied changes from 4d50bf3b08569aa2108a9f5da47fb1548d0c7dd9 Luke Schierer <lschiere@pidgin.im> parents: 20285 diff changeset	1107 gboolean success = TRUE;
19067 6c0aad79c4c5 - Change the internal structure of activation/expiration times to match William Ehlhardt <williamehlhardt@gmail.com> parents: 19021 diff changeset	1108
6c0aad79c4c5 - Change the internal structure of activation/expiration times to match William Ehlhardt <williamehlhardt@gmail.com> parents: 19021 diff changeset	1109 g_return_val_if_fail(crt, FALSE);
6c0aad79c4c5 - Change the internal structure of activation/expiration times to match William Ehlhardt <williamehlhardt@gmail.com> parents: 19021 diff changeset	1110 g_return_val_if_fail(crt->scheme == &x509_gnutls, FALSE);
19013 5157ebe90b93 - Add activation/expiration time retrievers to GnuTLS plugin William Ehlhardt <williamehlhardt@gmail.com> parents: 19008 diff changeset	1111
19017 e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	1112 crt_dat = X509_GET_GNUTLS_DATA(crt);
19013 5157ebe90b93 - Add activation/expiration time retrievers to GnuTLS plugin William Ehlhardt <williamehlhardt@gmail.com> parents: 19008 diff changeset	1113
19067 6c0aad79c4c5 - Change the internal structure of activation/expiration times to match William Ehlhardt <williamehlhardt@gmail.com> parents: 19021 diff changeset	1114 if (activation) {
6c0aad79c4c5 - Change the internal structure of activation/expiration times to match William Ehlhardt <williamehlhardt@gmail.com> parents: 19021 diff changeset	1115 *activation = gnutls_x509_crt_get_activation_time(crt_dat);
20332 3a9709bfde65 applied changes from 4d50bf3b08569aa2108a9f5da47fb1548d0c7dd9 Luke Schierer <lschiere@pidgin.im> parents: 20285 diff changeset	1116 if (*activation == errval)
3a9709bfde65 applied changes from 4d50bf3b08569aa2108a9f5da47fb1548d0c7dd9 Luke Schierer <lschiere@pidgin.im> parents: 20285 diff changeset	1117 success = FALSE;
19067 6c0aad79c4c5 - Change the internal structure of activation/expiration times to match William Ehlhardt <williamehlhardt@gmail.com> parents: 19021 diff changeset	1118 }
6c0aad79c4c5 - Change the internal structure of activation/expiration times to match William Ehlhardt <williamehlhardt@gmail.com> parents: 19021 diff changeset	1119 if (expiration) {
6c0aad79c4c5 - Change the internal structure of activation/expiration times to match William Ehlhardt <williamehlhardt@gmail.com> parents: 19021 diff changeset	1120 *expiration = gnutls_x509_crt_get_expiration_time(crt_dat);
20332 3a9709bfde65 applied changes from 4d50bf3b08569aa2108a9f5da47fb1548d0c7dd9 Luke Schierer <lschiere@pidgin.im> parents: 20285 diff changeset	1121 if (*expiration == errval)
3a9709bfde65 applied changes from 4d50bf3b08569aa2108a9f5da47fb1548d0c7dd9 Luke Schierer <lschiere@pidgin.im> parents: 20285 diff changeset	1122 success = FALSE;
19067 6c0aad79c4c5 - Change the internal structure of activation/expiration times to match William Ehlhardt <williamehlhardt@gmail.com> parents: 19021 diff changeset	1123 }
19013 5157ebe90b93 - Add activation/expiration time retrievers to GnuTLS plugin William Ehlhardt <williamehlhardt@gmail.com> parents: 19008 diff changeset	1124
20332 3a9709bfde65 applied changes from 4d50bf3b08569aa2108a9f5da47fb1548d0c7dd9 Luke Schierer <lschiere@pidgin.im> parents: 20285 diff changeset	1125 return success;
19013 5157ebe90b93 - Add activation/expiration time retrievers to GnuTLS plugin William Ehlhardt <williamehlhardt@gmail.com> parents: 19008 diff changeset	1126 }
5157ebe90b93 - Add activation/expiration time retrievers to GnuTLS plugin William Ehlhardt <williamehlhardt@gmail.com> parents: 19008 diff changeset	1127
18189 030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	1128 /* X.509 certificate operations provided by this plugin */
030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	1129 static PurpleCertificateScheme x509_gnutls = {
030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	1130 "x509", /* Scheme name */
030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	1131 N_("X.509 Certificates"), /* User-visible scheme name */
030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	1132 x509_import_from_file, /* Certificate import function */
18977 31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	1133 x509_export_certificate, /* Certificate export function */
19019 e179e7e6ded7 - Add GnuTLS X.509 cert copy operator William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	1134 x509_copy_certificate, /* Copy */
18934 04be1b885ef3 - Add more to the Certificate struct William Ehlhardt <williamehlhardt@gmail.com> parents: 18930 diff changeset	1135 x509_destroy_certificate, /* Destroy cert */
19076 daa68185a018 - Add purple_certificate_signed_by William Ehlhardt <williamehlhardt@gmail.com> parents: 19067 diff changeset	1136 x509_certificate_signed_by, /* Signature checker */
18935 cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	1137 x509_sha1sum, /* SHA1 fingerprint */
19079 05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1138 x509_cert_dn, /* Unique ID */
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1139 x509_issuer_dn, /* Issuer Unique ID */
19006 dc60287ce426 - Add get_activation_time and get_expiration_time to CertificateScheme William Ehlhardt <williamehlhardt@gmail.com> parents: 19004 diff changeset	1140 x509_common_name, /* Subject name */
19008 7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	1141 x509_check_name, /* Check subject name */
19648 450f4a3c4c0f - Add purple_reserved fields to various structures. William Ehlhardt <williamehlhardt@gmail.com> parents: 19552 diff changeset	1142 x509_times, /* Activation/Expiration time */
30050 c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28725 diff changeset	1143 x509_importcerts_from_file, /* Multiple certificates import function */
19648 450f4a3c4c0f - Add purple_reserved fields to various structures. William Ehlhardt <williamehlhardt@gmail.com> parents: 19552 diff changeset	1144
450f4a3c4c0f - Add purple_reserved fields to various structures. William Ehlhardt <williamehlhardt@gmail.com> parents: 19552 diff changeset	1145 NULL,
450f4a3c4c0f - Add purple_reserved fields to various structures. William Ehlhardt <williamehlhardt@gmail.com> parents: 19552 diff changeset	1146 NULL,
450f4a3c4c0f - Add purple_reserved fields to various structures. William Ehlhardt <williamehlhardt@gmail.com> parents: 19552 diff changeset	1147 NULL
450f4a3c4c0f - Add purple_reserved fields to various structures. William Ehlhardt <williamehlhardt@gmail.com> parents: 19552 diff changeset	1148
18189 030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	1149 };
030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	1150
15823 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15785 diff changeset	1151 static PurpleSslOps ssl_ops =
15374 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1152 {
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1153 ssl_gnutls_init,
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1154 ssl_gnutls_uninit,
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1155 ssl_gnutls_connect,
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1156 ssl_gnutls_close,
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1157 ssl_gnutls_read,
16673 6531f1a2e1d7 Added NULL pads to ssl stuff Gary Kramlich <grim@reaperworld.com> parents: 15823 diff changeset	1158 ssl_gnutls_write,
18187 33690062e8b3 - Expose get_peer_certificates in the SslOps struct, and modify gnutls William Ehlhardt <williamehlhardt@gmail.com> parents: 18186 diff changeset	1159 ssl_gnutls_get_peer_certificates,
16673 6531f1a2e1d7 Added NULL pads to ssl stuff Gary Kramlich <grim@reaperworld.com> parents: 15823 diff changeset	1160
6531f1a2e1d7 Added NULL pads to ssl stuff Gary Kramlich <grim@reaperworld.com> parents: 15823 diff changeset	1161 /* padding */
6531f1a2e1d7 Added NULL pads to ssl stuff Gary Kramlich <grim@reaperworld.com> parents: 15823 diff changeset	1162 NULL,
6531f1a2e1d7 Added NULL pads to ssl stuff Gary Kramlich <grim@reaperworld.com> parents: 15823 diff changeset	1163 NULL,
6531f1a2e1d7 Added NULL pads to ssl stuff Gary Kramlich <grim@reaperworld.com> parents: 15823 diff changeset	1164 NULL
15374 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1165 };
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1166
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1167 static gboolean
15823 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15785 diff changeset	1168 plugin_load(PurplePlugin *plugin)
15374 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1169 {
15823 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15785 diff changeset	1170 if(!purple_ssl_get_ops()) {
32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15785 diff changeset	1171 purple_ssl_set_ops(&ssl_ops);
15374 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1172 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1173
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1174 /* Init GNUTLS now so others can use it even if sslconn never does */
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1175 ssl_gnutls_init_gnutls();
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1176
19215 ab91044a914e - Move ssl-gnutls x509 registration until after GnuTLS itself is inited William Ehlhardt <williamehlhardt@gmail.com> parents: 19212 diff changeset	1177 /* Register that we're providing an X.509 CertScheme */
ab91044a914e - Move ssl-gnutls x509 registration until after GnuTLS itself is inited William Ehlhardt <williamehlhardt@gmail.com> parents: 19212 diff changeset	1178 purple_certificate_register_scheme( &x509_gnutls );
ab91044a914e - Move ssl-gnutls x509 registration until after GnuTLS itself is inited William Ehlhardt <williamehlhardt@gmail.com> parents: 19212 diff changeset	1179
15374 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1180 return TRUE;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1181 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1182
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1183 static gboolean
15823 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15785 diff changeset	1184 plugin_unload(PurplePlugin *plugin)
15374 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1185 {
15823 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15785 diff changeset	1186 if(purple_ssl_get_ops() == &ssl_ops) {
32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15785 diff changeset	1187 purple_ssl_set_ops(NULL);
15374 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1188 }
18927 9abc911c65aa - GnuTLS plugin registers an x509 certscheme now William Ehlhardt <williamehlhardt@gmail.com> parents: 18191 diff changeset	1189
9abc911c65aa - GnuTLS plugin registers an x509 certscheme now William Ehlhardt <williamehlhardt@gmail.com> parents: 18191 diff changeset	1190 purple_certificate_unregister_scheme( &x509_gnutls );
15374 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1191
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1192 return TRUE;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1193 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1194
15823 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15785 diff changeset	1195 static PurplePluginInfo info =
15374 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1196 {
15823 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15785 diff changeset	1197 PURPLE_PLUGIN_MAGIC,
32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15785 diff changeset	1198 PURPLE_MAJOR_VERSION,
32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15785 diff changeset	1199 PURPLE_MINOR_VERSION,
32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15785 diff changeset	1200 PURPLE_PLUGIN_STANDARD, /*< type /
15374 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1201 NULL, /*< ui_requirement /
15823 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15785 diff changeset	1202 PURPLE_PLUGIN_FLAG_INVISIBLE, /*< flags /
15374 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1203 NULL, /*< dependencies /
15823 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15785 diff changeset	1204 PURPLE_PRIORITY_DEFAULT, /*< priority /
15374 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1205
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1206 SSL_GNUTLS_PLUGIN_ID, /*< id /
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1207 N_("GNUTLS"), /*< name /
21030 3cc856ca2338 Add a --with-extraversion option to ./configure so packagers can fine tune Stu Tomlinson <stu@nosnilmot.com> parents: 20332 diff changeset	1208 DISPLAY_VERSION, /*< version /
15374 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1209 /** summary */
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1210 N_("Provides SSL support through GNUTLS."),
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1211 /** description */
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1212 N_("Provides SSL support through GNUTLS."),
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1213 "Christian Hammond <chipx86@gnupdate.org>",
15823 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15785 diff changeset	1214 PURPLE_WEBSITE, /*< homepage /
15374 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1215
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1216 plugin_load, /*< load /
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1217 plugin_unload, /*< unload /
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1218 NULL, /*< destroy /
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1219
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1220 NULL, /*< ui_info /
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1221 NULL, /*< extra_info /
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1222 NULL, /*< prefs_info /
16673 6531f1a2e1d7 Added NULL pads to ssl stuff Gary Kramlich <grim@reaperworld.com> parents: 15823 diff changeset	1223 NULL, /*< actions /
6531f1a2e1d7 Added NULL pads to ssl stuff Gary Kramlich <grim@reaperworld.com> parents: 15823 diff changeset	1224
6531f1a2e1d7 Added NULL pads to ssl stuff Gary Kramlich <grim@reaperworld.com> parents: 15823 diff changeset	1225 /* padding */
6531f1a2e1d7 Added NULL pads to ssl stuff Gary Kramlich <grim@reaperworld.com> parents: 15823 diff changeset	1226 NULL,
6531f1a2e1d7 Added NULL pads to ssl stuff Gary Kramlich <grim@reaperworld.com> parents: 15823 diff changeset	1227 NULL,
6531f1a2e1d7 Added NULL pads to ssl stuff Gary Kramlich <grim@reaperworld.com> parents: 15823 diff changeset	1228 NULL,
6531f1a2e1d7 Added NULL pads to ssl stuff Gary Kramlich <grim@reaperworld.com> parents: 15823 diff changeset	1229 NULL
15374 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1230 };
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1231
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1232 static void
15823 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15785 diff changeset	1233 init_plugin(PurplePlugin *plugin)
15374 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1234 {
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1235 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1236
15823 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15785 diff changeset	1237 PURPLE_INIT_PLUGIN(ssl_gnutls, init_plugin, info)

Mercurial > pidgin.yaz

annotate libpurple/plugins/ssl/ssl-gnutls.c @ 31301:16ab805406d1