7016
|
1 /**
|
|
2 * @file ssl-nss.c Mozilla NSS SSL plugin.
|
|
3 *
|
|
4 * gaim
|
|
5 *
|
|
6 * Copyright (C) 2003 Christian Hammond <chipx86@gnupdate.org>
|
|
7 *
|
|
8 * This program is free software; you can redistribute it and/or modify
|
|
9 * it under the terms of the GNU General Public License as published by
|
|
10 * the Free Software Foundation; either version 2 of the License, or
|
|
11 * (at your option) any later version.
|
|
12 *
|
|
13 * This program is distributed in the hope that it will be useful,
|
|
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
16 * GNU General Public License for more details.
|
|
17 *
|
|
18 * You should have received a copy of the GNU General Public License
|
|
19 * along with this program; if not, write to the Free Software
|
|
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
21 */
|
|
22 #include "internal.h"
|
|
23 #include "plugin.h"
|
|
24
|
|
25 #define SSL_GNUTLS_PLUGIN_ID "ssl-gnutls"
|
|
26
|
|
27 #ifdef HAVE_NSS
|
|
28
|
|
29 #include "debug.h"
|
|
30 #include "sslconn.h"
|
|
31
|
|
32 #include <nspr.h>
|
|
33 #include <private/pprio.h>
|
|
34 #include <nss.h>
|
|
35 #include <pk11func.h>
|
|
36 #include <prio.h>
|
|
37 #include <secerr.h>
|
|
38 #include <secmod.h>
|
|
39 #include <ssl.h>
|
|
40 #include <sslerr.h>
|
|
41 #include <sslproto.h>
|
|
42
|
|
43 typedef struct
|
|
44 {
|
|
45 PRFileDesc *fd;
|
|
46 PRFileDesc *in;
|
|
47
|
|
48 } GaimSslNssData;
|
|
49
|
|
50 #define GAIM_SSL_NSS_DATA(gsc) ((GaimSslNssData *)gsc->private_data)
|
|
51
|
|
52 static const PRIOMethods *_nss_methods = NULL;
|
|
53 static PRDescIdentity _identity;
|
|
54
|
|
55 static SECStatus
|
|
56 ssl_auth_cert(void *arg, PRFileDesc *socket, PRBool checksig,
|
|
57 PRBool is_server)
|
|
58 {
|
|
59 return SECSuccess;
|
|
60
|
|
61 #if 0
|
|
62 CERTCertificate *cert;
|
|
63 void *pinArg;
|
|
64 SECStatus status;
|
|
65
|
|
66 cert = SSL_PeerCertificate(socket);
|
|
67 pinArg = SSL_RevealPinArg(socket);
|
|
68
|
|
69 status = CERT_VerifyCertNow((CERTCertDBHandle *)arg, cert, checksig,
|
|
70 certUsageSSLClient, pinArg);
|
|
71
|
|
72 if (status != SECSuccess) {
|
|
73 gaim_debug_error("nss", "CERT_VerifyCertNow failed\n");
|
|
74 CERT_DestroyCertificate(cert);
|
|
75 return status;
|
|
76 }
|
|
77
|
|
78 CERT_DestroyCertificate(cert);
|
|
79 return SECSuccess;
|
|
80 #endif
|
|
81 }
|
|
82
|
|
83 static SECStatus
|
|
84 ssl_bad_cert(void *arg, PRFileDesc *socket)
|
|
85 {
|
|
86 SECStatus status = SECFailure;
|
|
87 PRErrorCode err;
|
|
88
|
|
89 if (arg == NULL)
|
|
90 return status;
|
|
91
|
|
92 *(PRErrorCode *)arg = err = PORT_GetError();
|
|
93
|
|
94 switch (err)
|
|
95 {
|
|
96 case SEC_ERROR_INVALID_AVA:
|
|
97 case SEC_ERROR_INVALID_TIME:
|
|
98 case SEC_ERROR_BAD_SIGNATURE:
|
|
99 case SEC_ERROR_EXPIRED_CERTIFICATE:
|
|
100 case SEC_ERROR_UNKNOWN_ISSUER:
|
|
101 case SEC_ERROR_UNTRUSTED_CERT:
|
|
102 case SEC_ERROR_CERT_VALID:
|
|
103 case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
|
|
104 case SEC_ERROR_CRL_EXPIRED:
|
|
105 case SEC_ERROR_CRL_BAD_SIGNATURE:
|
|
106 case SEC_ERROR_EXTENSION_VALUE_INVALID:
|
|
107 case SEC_ERROR_CA_CERT_INVALID:
|
|
108 case SEC_ERROR_CERT_USAGES_INVALID:
|
|
109 case SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION:
|
|
110 status = SECSuccess;
|
|
111 break;
|
|
112
|
|
113 default:
|
|
114 status = SECFailure;
|
|
115 break;
|
|
116 }
|
|
117
|
|
118 gaim_debug_error("nss", "Bad certificate: %d\n");
|
|
119
|
|
120 return status;
|
|
121 }
|
|
122
|
|
123 static gboolean
|
|
124 ssl_nss_init(void)
|
|
125 {
|
|
126 PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
|
|
127 NSS_NoDB_Init(NULL);
|
|
128
|
|
129 /* TODO: Fix this so autoconf does the work trying to find this lib. */
|
|
130 SECMOD_AddNewModule("Builtins",
|
|
131 #ifndef _WIN32
|
|
132 LIBDIR "/libnssckbi.so",
|
|
133 #else
|
|
134 "nssckbi.dll",
|
|
135 #endif
|
|
136 0, 0);
|
|
137 NSS_SetDomesticPolicy();
|
|
138
|
|
139 _identity = PR_GetUniqueIdentity("Gaim");
|
|
140 _nss_methods = PR_GetDefaultIOMethods();
|
|
141
|
|
142 return TRUE;
|
|
143 }
|
|
144
|
|
145 static void
|
|
146 ssl_nss_uninit(void)
|
|
147 {
|
|
148 PR_Cleanup();
|
|
149
|
|
150 _nss_methods = NULL;
|
|
151 }
|
|
152
|
|
153 static void
|
|
154 ssl_nss_connect_cb(gpointer data, gint source, GaimInputCondition cond)
|
|
155 {
|
|
156 GaimSslConnection *gsc = (GaimSslConnection *)data;
|
|
157 GaimSslNssData *nss_data = g_new0(GaimSslNssData, 1);
|
|
158 PRSocketOptionData socket_opt;
|
|
159
|
|
160 gsc->private_data = nss_data;
|
|
161
|
|
162 gsc->fd = source;
|
|
163
|
|
164 nss_data->fd = PR_ImportTCPSocket(gsc->fd);
|
|
165
|
|
166 if (nss_data->fd == NULL)
|
|
167 {
|
|
168 gaim_debug_error("nss", "nss_data->fd == NULL!\n");
|
|
169
|
|
170 gaim_ssl_close((GaimSslConnection *)gsc);
|
|
171
|
|
172 return;
|
|
173 }
|
|
174
|
|
175 socket_opt.option = PR_SockOpt_Nonblocking;
|
|
176 socket_opt.value.non_blocking = PR_FALSE;
|
|
177
|
|
178 PR_SetSocketOption(nss_data->fd, &socket_opt);
|
|
179
|
|
180 nss_data->in = SSL_ImportFD(NULL, nss_data->fd);
|
|
181
|
|
182 if (nss_data->in == NULL)
|
|
183 {
|
|
184 gaim_debug_error("nss", "nss_data->in == NUL!\n");
|
|
185
|
|
186 gaim_ssl_close((GaimSslConnection *)gsc);
|
|
187
|
|
188 return;
|
|
189 }
|
|
190
|
|
191 SSL_OptionSet(nss_data->in, SSL_SECURITY, PR_TRUE);
|
|
192 SSL_OptionSet(nss_data->in, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE);
|
|
193
|
|
194 SSL_AuthCertificateHook(nss_data->in,
|
|
195 (SSLAuthCertificate)ssl_auth_cert,
|
|
196 (void *)CERT_GetDefaultCertDB());
|
|
197 SSL_BadCertHook(nss_data->in, (SSLBadCertHandler)ssl_bad_cert, NULL);
|
|
198
|
|
199 SSL_SetURL(nss_data->in, gsc->host);
|
|
200
|
|
201 SSL_ResetHandshake(nss_data->in, PR_FALSE);
|
|
202
|
|
203 if (SSL_ForceHandshake(nss_data->in))
|
|
204 {
|
|
205 gaim_debug_error("nss", "Handshake failed\n");
|
|
206
|
|
207 gaim_ssl_close(gsc);
|
|
208
|
|
209 return;
|
|
210 }
|
|
211
|
|
212 gsc->connect_cb(gsc->connect_cb_data, gsc, cond);
|
|
213 }
|
|
214
|
|
215 static void
|
|
216 ssl_nss_close(GaimSslConnection *gsc)
|
|
217 {
|
|
218 GaimSslNssData *nss_data = GAIM_SSL_NSS_DATA(gsc);
|
|
219
|
|
220 if (nss_data->in) PR_Close(nss_data->in);
|
|
221 /* if (nss_data->fd) PR_Close(nss_data->fd); */
|
|
222
|
|
223 g_free(nss_data);
|
|
224 }
|
|
225
|
|
226 static size_t
|
|
227 ssl_nss_read(GaimSslConnection *gsc, void *data, size_t len)
|
|
228 {
|
|
229 GaimSslNssData *nss_data = GAIM_SSL_NSS_DATA(gsc);
|
|
230
|
|
231 return PR_Read(nss_data->in, data, len);
|
|
232 }
|
|
233
|
|
234 static size_t
|
|
235 ssl_nss_write(GaimSslConnection *gsc, const void *data, size_t len)
|
|
236 {
|
|
237 GaimSslNssData *nss_data = GAIM_SSL_NSS_DATA(gsc);
|
|
238
|
|
239 return PR_Write(nss_data->in, data, len);
|
|
240 }
|
|
241
|
|
242 static GaimSslOps ssl_ops =
|
|
243 {
|
|
244 ssl_nss_init,
|
|
245 ssl_nss_uninit,
|
|
246 ssl_nss_connect_cb,
|
|
247 ssl_nss_close,
|
|
248 ssl_nss_read,
|
|
249 ssl_nss_write
|
|
250 };
|
|
251
|
|
252 #endif /* HAVE_NSS */
|
|
253
|
|
254
|
|
255 static gboolean
|
|
256 plugin_load(GaimPlugin *plugin)
|
|
257 {
|
|
258 #ifdef HAVE_NSS
|
|
259 gaim_ssl_set_ops(&ssl_ops);
|
|
260
|
|
261 return TRUE;
|
|
262 #else
|
|
263 return FALSE;
|
|
264 #endif
|
|
265 }
|
|
266
|
|
267 static gboolean
|
|
268 plugin_unload(GaimPlugin *plugin)
|
|
269 {
|
|
270 return TRUE;
|
|
271 }
|
|
272
|
|
273 static GaimPluginInfo info =
|
|
274 {
|
|
275 2, /**< api_version */
|
|
276 GAIM_PLUGIN_STANDARD, /**< type */
|
|
277 NULL, /**< ui_requirement */
|
|
278 GAIM_PLUGIN_FLAG_INVISIBLE, /**< flags */
|
|
279 NULL, /**< dependencies */
|
|
280 GAIM_PRIORITY_DEFAULT, /**< priority */
|
|
281
|
|
282 SSL_GNUTLS_PLUGIN_ID, /**< id */
|
|
283 N_("NSS"), /**< name */
|
|
284 VERSION, /**< version */
|
|
285 /** summary */
|
|
286 N_("Provides SSL support through Mozilla NSS."),
|
|
287 /** description */
|
|
288 N_("Provides SSL support through Mozilla NSS."),
|
|
289 "Christian Hammond <chipx86@gnupdate.org>",
|
|
290 GAIM_WEBSITE, /**< homepage */
|
|
291
|
|
292 plugin_load, /**< load */
|
|
293 plugin_unload, /**< unload */
|
|
294 NULL, /**< destroy */
|
|
295
|
|
296 NULL, /**< ui_info */
|
|
297 NULL /**< extra_info */
|
|
298 };
|
|
299
|
|
300 static void
|
|
301 init_plugin(GaimPlugin *plugin)
|
|
302 {
|
|
303 }
|
|
304
|
|
305 GAIM_INIT_PLUGIN(ssl_nss, init_plugin, info)
|