Mercurial > pidgin.yaz
annotate src/ssl-nss.c @ 6759:f9efcba2d02f
[gaim-migrate @ 7291]
Added input watchers for the Mozilla NSS support. Should work.
committer: Tailor Script <tailor@pidgin.im>
| author | Christian Hammond <chipx86@chipx86.com> |
|---|---|
| date | Sat, 06 Sep 2003 01:08:55 +0000 |
| parents | 82348b5ab87e |
| children | 6d0d4e9149b9 |
| rev | line source |
|---|---|
| 6738 | 1 /** |
| 2 * @file ssl-nss.c SSL Operations for Mozilla NSS | |
| 3 * @ingroup core | |
| 4 * | |
| 5 * gaim | |
| 6 * | |
| 7 * Copyright (C) 2003 Christian Hammond <chipx86@gnupdate.org> | |
| 8 * | |
| 9 * This program is free software; you can redistribute it and/or modify | |
| 10 * it under the terms of the GNU General Public License as published by | |
| 11 * the Free Software Foundation; either version 2 of the License, or | |
| 12 * (at your option) any later version. | |
| 13 * | |
| 14 * This program is distributed in the hope that it will be useful, | |
| 15 * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
| 17 * GNU General Public License for more details. | |
| 18 * | |
| 19 * You should have received a copy of the GNU General Public License | |
| 20 * along with this program; if not, write to the Free Software | |
| 21 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA | |
| 22 */ | |
|
6747
82348b5ab87e
[gaim-migrate @ 7279]
Christian Hammond <chipx86@chipx86.com>
parents:
6738
diff
changeset
|
23 #include "internal.h" |
|
82348b5ab87e
[gaim-migrate @ 7279]
Christian Hammond <chipx86@chipx86.com>
parents:
6738
diff
changeset
|
24 |
|
82348b5ab87e
[gaim-migrate @ 7279]
Christian Hammond <chipx86@chipx86.com>
parents:
6738
diff
changeset
|
25 #ifdef HAVE_NSS |
|
82348b5ab87e
[gaim-migrate @ 7279]
Christian Hammond <chipx86@chipx86.com>
parents:
6738
diff
changeset
|
26 |
| 6738 | 27 #include "debug.h" |
| 28 #include "sslconn.h" | |
| 29 | |
| 30 #include <nspr.h> | |
| 31 #include <nss.h> | |
| 32 #include <pk11func.h> | |
| 33 #include <prio.h> | |
| 34 #include <secerr.h> | |
| 35 #include <secmod.h> | |
| 36 #include <ssl.h> | |
| 37 #include <sslerr.h> | |
| 38 #include <sslproto.h> | |
| 39 | |
| 40 typedef struct | |
| 41 { | |
| 42 PRFileDesc *fd; | |
| 43 PRFileDesc *in; | |
| 44 | |
| 45 } GaimSslNssData; | |
| 46 | |
| 47 #define GAIM_SSL_NSS_DATA(gsc) ((GaimSslNssData *)gsc->private_data) | |
| 48 | |
| 49 static const PRIOMethods *_nss_methods = NULL; | |
| 50 static PRDescIdentity _identity; | |
| 51 | |
| 52 static SECStatus | |
| 53 ssl_auth_cert(void *arg, PRFileDesc *socket, PRBool checksig, | |
| 54 PRBool is_server) | |
| 55 { | |
| 56 return SECSuccess; | |
| 57 | |
| 58 #if 0 | |
| 59 CERTCertificate *cert; | |
| 60 void *pinArg; | |
| 61 SECStatus status; | |
| 62 | |
| 63 cert = SSL_PeerCertificate(socket); | |
| 64 pinArg = SSL_RevealPinArg(socket); | |
| 65 | |
| 66 status = CERT_VerifyCertNow((CERTCertDBHandle *)arg, cert, checksig, | |
| 67 certUsageSSLClient, pinArg); | |
| 68 | |
| 69 if (status != SECSuccess) { | |
| 70 gaim_debug_error("nss", "CERT_VerifyCertNow failed\n"); | |
| 71 CERT_DestroyCertificate(cert); | |
| 72 return status; | |
| 73 } | |
| 74 | |
| 75 CERT_DestroyCertificate(cert); | |
| 76 return SECSuccess; | |
| 77 #endif | |
| 78 } | |
| 79 | |
| 80 SECStatus | |
| 81 ssl_bad_cert(void *arg, PRFileDesc *socket) | |
| 82 { | |
| 83 SECStatus status = SECFailure; | |
| 84 PRErrorCode err; | |
| 85 | |
| 86 if (arg == NULL) | |
| 87 return status; | |
| 88 | |
| 89 *(PRErrorCode *)arg = err = PORT_GetError(); | |
| 90 | |
| 91 switch (err) | |
| 92 { | |
| 93 case SEC_ERROR_INVALID_AVA: | |
| 94 case SEC_ERROR_INVALID_TIME: | |
| 95 case SEC_ERROR_BAD_SIGNATURE: | |
| 96 case SEC_ERROR_EXPIRED_CERTIFICATE: | |
| 97 case SEC_ERROR_UNKNOWN_ISSUER: | |
| 98 case SEC_ERROR_UNTRUSTED_CERT: | |
| 99 case SEC_ERROR_CERT_VALID: | |
| 100 case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE: | |
| 101 case SEC_ERROR_CRL_EXPIRED: | |
| 102 case SEC_ERROR_CRL_BAD_SIGNATURE: | |
| 103 case SEC_ERROR_EXTENSION_VALUE_INVALID: | |
| 104 case SEC_ERROR_CA_CERT_INVALID: | |
| 105 case SEC_ERROR_CERT_USAGES_INVALID: | |
| 106 case SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION: | |
| 107 status = SECSuccess; | |
| 108 break; | |
| 109 | |
| 110 default: | |
| 111 status = SECFailure; | |
| 112 break; | |
| 113 } | |
| 114 | |
| 115 gaim_debug_error("nss", "Bad certificate: %d\n"); | |
| 116 | |
| 117 return status; | |
| 118 } | |
| 119 | |
| 120 static void | |
| 121 input_func(gpointer data, gint source, GaimInputCondition cond) | |
| 122 { | |
| 123 GaimSslConnection *gsc = (GaimSslConnection *)data; | |
|
6759
f9efcba2d02f
[gaim-migrate @ 7291]
Christian Hammond <chipx86@chipx86.com>
parents:
6747
diff
changeset
|
124 #if 0 |
| 6738 | 125 GaimSslNssData *nss_data = GAIM_SSL_NSS_DATA(gsc); |
| 126 char *cp, *ip, *sp; | |
| 127 int op, kp0, kp1; | |
| 128 int result; | |
| 129 | |
| 130 result = SSL_SecurityStatus(nss_data->in, &op, &cp, &kp0, | |
| 131 &kp1, &ip, &sp); | |
| 132 | |
| 133 gaim_debug_misc("nss", | |
| 134 "bulk cipher %s, %d secret key bits, %d key bits, status: %d\n" | |
| 135 "subject DN: %s\n" | |
| 136 "issuer DN: %s\n", | |
| 137 cp, kp1, kp0, op, sp, ip); | |
| 138 | |
| 139 PR_Free(cp); | |
| 140 PR_Free(ip); | |
| 141 PR_Free(sp); | |
|
6759
f9efcba2d02f
[gaim-migrate @ 7291]
Christian Hammond <chipx86@chipx86.com>
parents:
6747
diff
changeset
|
142 #endif |
| 6738 | 143 |
| 144 gsc->input_func(gsc->user_data, gsc, cond); | |
| 145 } | |
| 146 | |
| 147 static gboolean | |
| 148 ssl_nss_init(void) | |
| 149 { | |
| 150 PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); | |
| 151 NSS_NoDB_Init(NULL); | |
| 152 | |
| 153 /* TODO: Fix this so autoconf does the work trying to find this lib. */ | |
| 154 SECMOD_AddNewModule("Builtins", LIBDIR "/libnssckbi.so", 0, 0); | |
| 155 NSS_SetDomesticPolicy(); | |
| 156 | |
| 157 _identity = PR_GetUniqueIdentity("Gaim"); | |
| 158 _nss_methods = PR_GetDefaultIOMethods(); | |
| 159 | |
| 160 return TRUE; | |
| 161 } | |
| 162 | |
| 163 static void | |
| 164 ssl_nss_uninit(void) | |
| 165 { | |
| 166 PR_Cleanup(); | |
| 167 | |
| 168 _nss_methods = NULL; | |
| 169 } | |
| 170 | |
| 171 static void | |
| 172 ssl_nss_connect_cb(gpointer data, gint source, GaimInputCondition cond) | |
| 173 { | |
| 174 GaimSslConnection *gsc = (GaimSslConnection *)data; | |
| 175 GaimSslNssData *nss_data = g_new0(GaimSslNssData, 1); | |
| 176 PRSocketOptionData socket_opt; | |
| 177 | |
| 178 gsc->private_data = nss_data; | |
| 179 | |
| 180 gsc->fd = source; | |
| 181 | |
| 182 nss_data->fd = PR_ImportTCPSocket(gsc->fd); | |
| 183 | |
| 184 if (nss_data->fd == NULL) | |
| 185 { | |
| 186 gaim_debug_error("nss", "nss_data->fd == NULL!\n"); | |
| 187 | |
| 188 gaim_ssl_close((GaimSslConnection *)gsc); | |
| 189 | |
| 190 return; | |
| 191 } | |
| 192 | |
| 193 socket_opt.option = PR_SockOpt_Nonblocking; | |
| 194 socket_opt.value.non_blocking = PR_FALSE; | |
| 195 | |
| 196 PR_SetSocketOption(nss_data->fd, &socket_opt); | |
| 197 | |
| 198 nss_data->in = SSL_ImportFD(NULL, nss_data->fd); | |
| 199 | |
| 200 if (nss_data->in == NULL) | |
| 201 { | |
| 202 gaim_debug_error("nss", "nss_data->in == NUL!\n"); | |
| 203 | |
| 204 gaim_ssl_close((GaimSslConnection *)gsc); | |
| 205 | |
| 206 return; | |
| 207 } | |
| 208 | |
| 209 SSL_OptionSet(nss_data->in, SSL_SECURITY, PR_TRUE); | |
| 210 SSL_OptionSet(nss_data->in, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE); | |
| 211 | |
| 212 SSL_AuthCertificateHook(nss_data->in, | |
| 213 (SSLAuthCertificate)ssl_auth_cert, | |
| 214 (void *)CERT_GetDefaultCertDB()); | |
| 215 SSL_BadCertHook(nss_data->in, (SSLBadCertHandler)ssl_bad_cert, NULL); | |
| 216 | |
| 217 SSL_SetURL(nss_data->in, gsc->host); | |
| 218 | |
| 219 SSL_ResetHandshake(nss_data->in, PR_FALSE); | |
| 220 | |
| 221 if (SSL_ForceHandshake(nss_data->in)) | |
| 222 { | |
| 223 gaim_debug_error("nss", "Handshake failed\n"); | |
| 224 | |
|
6759
f9efcba2d02f
[gaim-migrate @ 7291]
Christian Hammond <chipx86@chipx86.com>
parents:
6747
diff
changeset
|
225 gaim_ssl_close(gsc); |
| 6738 | 226 |
| 227 return; | |
| 228 } | |
| 229 | |
|
6759
f9efcba2d02f
[gaim-migrate @ 7291]
Christian Hammond <chipx86@chipx86.com>
parents:
6747
diff
changeset
|
230 gsc->inpa = gaim_input_add(gsc->fd, |
|
f9efcba2d02f
[gaim-migrate @ 7291]
Christian Hammond <chipx86@chipx86.com>
parents:
6747
diff
changeset
|
231 GAIM_INPUT_READ | GAIM_INPUT_WRITE, |
|
f9efcba2d02f
[gaim-migrate @ 7291]
Christian Hammond <chipx86@chipx86.com>
parents:
6747
diff
changeset
|
232 input_func, gsc); |
| 6738 | 233 } |
| 234 | |
| 235 static void | |
| 236 ssl_nss_close(GaimSslConnection *gsc) | |
| 237 { | |
| 238 GaimSslNssData *nss_data = GAIM_SSL_NSS_DATA(gsc); | |
| 239 | |
| 240 if (nss_data->in) PR_Close(nss_data->in); | |
| 241 if (nss_data->fd) PR_Close(nss_data->fd); | |
| 242 | |
| 243 g_free(nss_data); | |
| 244 } | |
| 245 | |
| 246 static size_t | |
| 247 ssl_nss_read(GaimSslConnection *gsc, void *data, size_t len) | |
| 248 { | |
| 249 GaimSslNssData *nss_data = GAIM_SSL_NSS_DATA(gsc); | |
| 250 | |
| 251 return PR_Read(nss_data->in, data, len); | |
| 252 } | |
| 253 | |
| 254 static size_t | |
| 255 ssl_nss_write(GaimSslConnection *gsc, const void *data, size_t len) | |
| 256 { | |
| 257 GaimSslNssData *nss_data = GAIM_SSL_NSS_DATA(gsc); | |
| 258 | |
| 259 return PR_Write(nss_data->in, data, len); | |
| 260 } | |
| 261 | |
| 262 static GaimSslOps ssl_ops = | |
| 263 { | |
| 264 ssl_nss_init, | |
| 265 ssl_nss_uninit, | |
| 266 ssl_nss_connect_cb, | |
| 267 ssl_nss_close, | |
| 268 ssl_nss_read, | |
| 269 ssl_nss_write | |
| 270 }; | |
| 271 | |
| 272 GaimSslOps * | |
| 273 gaim_ssl_nss_get_ops() | |
| 274 { | |
| 275 return &ssl_ops; | |
| 276 } | |
|
6747
82348b5ab87e
[gaim-migrate @ 7279]
Christian Hammond <chipx86@chipx86.com>
parents:
6738
diff
changeset
|
277 |
|
82348b5ab87e
[gaim-migrate @ 7279]
Christian Hammond <chipx86@chipx86.com>
parents:
6738
diff
changeset
|
278 #endif /* HAVE_NSS */ |