Mercurial > pidgin.yaz
annotate src/ssl-nss.c @ 6837:f098765ac919
[gaim-migrate @ 7382]
The pounces subsystem now registers signal callbacks for all the pounce
types. The calls to pounce code in server.c, and therefore in all the rest
of gaim, have been removed. The pounce code is now more like its own
separate island.
committer: Tailor Script <tailor@pidgin.im>
author | Christian Hammond <chipx86@chipx86.com> |
---|---|
date | Sun, 14 Sep 2003 21:05:11 +0000 |
parents | 40ba19133882 |
children | 1f39a46b1dd4 |
rev | line source |
---|---|
6738 | 1 /** |
2 * @file ssl-nss.c SSL Operations for Mozilla NSS | |
3 * @ingroup core | |
4 * | |
5 * gaim | |
6 * | |
7 * Copyright (C) 2003 Christian Hammond <chipx86@gnupdate.org> | |
8 * | |
9 * This program is free software; you can redistribute it and/or modify | |
10 * it under the terms of the GNU General Public License as published by | |
11 * the Free Software Foundation; either version 2 of the License, or | |
12 * (at your option) any later version. | |
13 * | |
14 * This program is distributed in the hope that it will be useful, | |
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
17 * GNU General Public License for more details. | |
18 * | |
19 * You should have received a copy of the GNU General Public License | |
20 * along with this program; if not, write to the Free Software | |
21 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA | |
22 */ | |
6747
82348b5ab87e
[gaim-migrate @ 7279]
Christian Hammond <chipx86@chipx86.com>
parents:
6738
diff
changeset
|
23 #include "internal.h" |
82348b5ab87e
[gaim-migrate @ 7279]
Christian Hammond <chipx86@chipx86.com>
parents:
6738
diff
changeset
|
24 |
82348b5ab87e
[gaim-migrate @ 7279]
Christian Hammond <chipx86@chipx86.com>
parents:
6738
diff
changeset
|
25 #ifdef HAVE_NSS |
82348b5ab87e
[gaim-migrate @ 7279]
Christian Hammond <chipx86@chipx86.com>
parents:
6738
diff
changeset
|
26 |
6738 | 27 #include "debug.h" |
28 #include "sslconn.h" | |
29 | |
30 #include <nspr.h> | |
6770
efef00de3f09
[gaim-migrate @ 7307]
Christian Hammond <chipx86@chipx86.com>
parents:
6764
diff
changeset
|
31 #include <private/pprio.h> |
6738 | 32 #include <nss.h> |
33 #include <pk11func.h> | |
34 #include <prio.h> | |
35 #include <secerr.h> | |
36 #include <secmod.h> | |
37 #include <ssl.h> | |
38 #include <sslerr.h> | |
39 #include <sslproto.h> | |
40 | |
41 typedef struct | |
42 { | |
43 PRFileDesc *fd; | |
44 PRFileDesc *in; | |
45 | |
46 } GaimSslNssData; | |
47 | |
48 #define GAIM_SSL_NSS_DATA(gsc) ((GaimSslNssData *)gsc->private_data) | |
49 | |
50 static const PRIOMethods *_nss_methods = NULL; | |
51 static PRDescIdentity _identity; | |
52 | |
53 static SECStatus | |
54 ssl_auth_cert(void *arg, PRFileDesc *socket, PRBool checksig, | |
55 PRBool is_server) | |
56 { | |
57 return SECSuccess; | |
58 | |
59 #if 0 | |
60 CERTCertificate *cert; | |
61 void *pinArg; | |
62 SECStatus status; | |
63 | |
64 cert = SSL_PeerCertificate(socket); | |
65 pinArg = SSL_RevealPinArg(socket); | |
66 | |
67 status = CERT_VerifyCertNow((CERTCertDBHandle *)arg, cert, checksig, | |
68 certUsageSSLClient, pinArg); | |
69 | |
70 if (status != SECSuccess) { | |
71 gaim_debug_error("nss", "CERT_VerifyCertNow failed\n"); | |
72 CERT_DestroyCertificate(cert); | |
73 return status; | |
74 } | |
75 | |
76 CERT_DestroyCertificate(cert); | |
77 return SECSuccess; | |
78 #endif | |
79 } | |
80 | |
81 SECStatus | |
82 ssl_bad_cert(void *arg, PRFileDesc *socket) | |
83 { | |
84 SECStatus status = SECFailure; | |
85 PRErrorCode err; | |
86 | |
87 if (arg == NULL) | |
88 return status; | |
89 | |
90 *(PRErrorCode *)arg = err = PORT_GetError(); | |
91 | |
92 switch (err) | |
93 { | |
94 case SEC_ERROR_INVALID_AVA: | |
95 case SEC_ERROR_INVALID_TIME: | |
96 case SEC_ERROR_BAD_SIGNATURE: | |
97 case SEC_ERROR_EXPIRED_CERTIFICATE: | |
98 case SEC_ERROR_UNKNOWN_ISSUER: | |
99 case SEC_ERROR_UNTRUSTED_CERT: | |
100 case SEC_ERROR_CERT_VALID: | |
101 case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE: | |
102 case SEC_ERROR_CRL_EXPIRED: | |
103 case SEC_ERROR_CRL_BAD_SIGNATURE: | |
104 case SEC_ERROR_EXTENSION_VALUE_INVALID: | |
105 case SEC_ERROR_CA_CERT_INVALID: | |
106 case SEC_ERROR_CERT_USAGES_INVALID: | |
107 case SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION: | |
108 status = SECSuccess; | |
109 break; | |
110 | |
111 default: | |
112 status = SECFailure; | |
113 break; | |
114 } | |
115 | |
116 gaim_debug_error("nss", "Bad certificate: %d\n"); | |
117 | |
118 return status; | |
119 } | |
120 | |
121 static gboolean | |
122 ssl_nss_init(void) | |
123 { | |
124 PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); | |
125 NSS_NoDB_Init(NULL); | |
126 | |
127 /* TODO: Fix this so autoconf does the work trying to find this lib. */ | |
6795
40ba19133882
[gaim-migrate @ 7334]
Herman Bloggs <hermanator12002@yahoo.com>
parents:
6783
diff
changeset
|
128 SECMOD_AddNewModule("Builtins", |
40ba19133882
[gaim-migrate @ 7334]
Herman Bloggs <hermanator12002@yahoo.com>
parents:
6783
diff
changeset
|
129 #ifndef _WIN32 |
40ba19133882
[gaim-migrate @ 7334]
Herman Bloggs <hermanator12002@yahoo.com>
parents:
6783
diff
changeset
|
130 LIBDIR "/libnssckbi.so", |
40ba19133882
[gaim-migrate @ 7334]
Herman Bloggs <hermanator12002@yahoo.com>
parents:
6783
diff
changeset
|
131 #else |
40ba19133882
[gaim-migrate @ 7334]
Herman Bloggs <hermanator12002@yahoo.com>
parents:
6783
diff
changeset
|
132 "nssckbi.dll", |
40ba19133882
[gaim-migrate @ 7334]
Herman Bloggs <hermanator12002@yahoo.com>
parents:
6783
diff
changeset
|
133 #endif |
40ba19133882
[gaim-migrate @ 7334]
Herman Bloggs <hermanator12002@yahoo.com>
parents:
6783
diff
changeset
|
134 0, 0); |
6738 | 135 NSS_SetDomesticPolicy(); |
136 | |
137 _identity = PR_GetUniqueIdentity("Gaim"); | |
138 _nss_methods = PR_GetDefaultIOMethods(); | |
139 | |
140 return TRUE; | |
141 } | |
142 | |
143 static void | |
144 ssl_nss_uninit(void) | |
145 { | |
146 PR_Cleanup(); | |
147 | |
148 _nss_methods = NULL; | |
149 } | |
150 | |
151 static void | |
152 ssl_nss_connect_cb(gpointer data, gint source, GaimInputCondition cond) | |
153 { | |
154 GaimSslConnection *gsc = (GaimSslConnection *)data; | |
155 GaimSslNssData *nss_data = g_new0(GaimSslNssData, 1); | |
156 PRSocketOptionData socket_opt; | |
157 | |
158 gsc->private_data = nss_data; | |
159 | |
160 gsc->fd = source; | |
161 | |
162 nss_data->fd = PR_ImportTCPSocket(gsc->fd); | |
163 | |
164 if (nss_data->fd == NULL) | |
165 { | |
166 gaim_debug_error("nss", "nss_data->fd == NULL!\n"); | |
167 | |
168 gaim_ssl_close((GaimSslConnection *)gsc); | |
169 | |
170 return; | |
171 } | |
172 | |
173 socket_opt.option = PR_SockOpt_Nonblocking; | |
174 socket_opt.value.non_blocking = PR_FALSE; | |
175 | |
176 PR_SetSocketOption(nss_data->fd, &socket_opt); | |
177 | |
178 nss_data->in = SSL_ImportFD(NULL, nss_data->fd); | |
179 | |
180 if (nss_data->in == NULL) | |
181 { | |
182 gaim_debug_error("nss", "nss_data->in == NUL!\n"); | |
183 | |
184 gaim_ssl_close((GaimSslConnection *)gsc); | |
185 | |
186 return; | |
187 } | |
188 | |
189 SSL_OptionSet(nss_data->in, SSL_SECURITY, PR_TRUE); | |
190 SSL_OptionSet(nss_data->in, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE); | |
191 | |
192 SSL_AuthCertificateHook(nss_data->in, | |
193 (SSLAuthCertificate)ssl_auth_cert, | |
194 (void *)CERT_GetDefaultCertDB()); | |
195 SSL_BadCertHook(nss_data->in, (SSLBadCertHandler)ssl_bad_cert, NULL); | |
196 | |
197 SSL_SetURL(nss_data->in, gsc->host); | |
198 | |
199 SSL_ResetHandshake(nss_data->in, PR_FALSE); | |
200 | |
201 if (SSL_ForceHandshake(nss_data->in)) | |
202 { | |
203 gaim_debug_error("nss", "Handshake failed\n"); | |
204 | |
6759
f9efcba2d02f
[gaim-migrate @ 7291]
Christian Hammond <chipx86@chipx86.com>
parents:
6747
diff
changeset
|
205 gaim_ssl_close(gsc); |
6738 | 206 |
207 return; | |
208 } | |
209 | |
6764 | 210 gsc->connect_cb(gsc->connect_cb_data, gsc, cond); |
211 } | |
212 | |
213 static void | |
6738 | 214 ssl_nss_close(GaimSslConnection *gsc) |
215 { | |
216 GaimSslNssData *nss_data = GAIM_SSL_NSS_DATA(gsc); | |
217 | |
218 if (nss_data->in) PR_Close(nss_data->in); | |
219 if (nss_data->fd) PR_Close(nss_data->fd); | |
220 | |
221 g_free(nss_data); | |
222 } | |
223 | |
224 static size_t | |
225 ssl_nss_read(GaimSslConnection *gsc, void *data, size_t len) | |
226 { | |
227 GaimSslNssData *nss_data = GAIM_SSL_NSS_DATA(gsc); | |
228 | |
229 return PR_Read(nss_data->in, data, len); | |
230 } | |
231 | |
232 static size_t | |
233 ssl_nss_write(GaimSslConnection *gsc, const void *data, size_t len) | |
234 { | |
235 GaimSslNssData *nss_data = GAIM_SSL_NSS_DATA(gsc); | |
236 | |
237 return PR_Write(nss_data->in, data, len); | |
238 } | |
239 | |
240 static GaimSslOps ssl_ops = | |
241 { | |
242 ssl_nss_init, | |
243 ssl_nss_uninit, | |
244 ssl_nss_connect_cb, | |
245 ssl_nss_close, | |
246 ssl_nss_read, | |
247 ssl_nss_write | |
248 }; | |
249 | |
250 GaimSslOps * | |
251 gaim_ssl_nss_get_ops() | |
252 { | |
253 return &ssl_ops; | |
254 } | |
6747
82348b5ab87e
[gaim-migrate @ 7279]
Christian Hammond <chipx86@chipx86.com>
parents:
6738
diff
changeset
|
255 |
82348b5ab87e
[gaim-migrate @ 7279]
Christian Hammond <chipx86@chipx86.com>
parents:
6738
diff
changeset
|
256 #endif /* HAVE_NSS */ |