Mercurial > pidgin.yaz

comparison plugins/ssl/ssl-nss.c @ 7016:aa619031193b

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
[gaim-migrate @ 7579] SSL suport is now provided by invisible plugins that are auto-loaded when SSL is needed. committer: Tailor Script <tailor@pidgin.im>
author Christian Hammond <chipx86@chipx86.com>
date Mon, 29 Sep 2003 15:29:49 +0000
parents
children 15eb79b6e0ee
comparison
equal deleted inserted replaced
7015:dece74f05509 7016:aa619031193b
1 /**
2 * @file ssl-nss.c Mozilla NSS SSL plugin.
3 *
4 * gaim
5 *
6 * Copyright (C) 2003 Christian Hammond <chipx86@gnupdate.org>
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 */
22 #include "internal.h"
23 #include "plugin.h"
24
25 #define SSL_GNUTLS_PLUGIN_ID "ssl-gnutls"
26
27 #ifdef HAVE_NSS
28
29 #include "debug.h"
30 #include "sslconn.h"
31
32 #include <nspr.h>
33 #include <private/pprio.h>
34 #include <nss.h>
35 #include <pk11func.h>
36 #include <prio.h>
37 #include <secerr.h>
38 #include <secmod.h>
39 #include <ssl.h>
40 #include <sslerr.h>
41 #include <sslproto.h>
42
43 typedef struct
44 {
45 PRFileDesc *fd;
46 PRFileDesc *in;
47
48 } GaimSslNssData;
49
50 #define GAIM_SSL_NSS_DATA(gsc) ((GaimSslNssData *)gsc->private_data)
51
52 static const PRIOMethods *_nss_methods = NULL;
53 static PRDescIdentity _identity;
54
55 static SECStatus
56 ssl_auth_cert(void *arg, PRFileDesc *socket, PRBool checksig,
57 PRBool is_server)
58 {
59 return SECSuccess;
60
61 #if 0
62 CERTCertificate *cert;
63 void *pinArg;
64 SECStatus status;
65
66 cert = SSL_PeerCertificate(socket);
67 pinArg = SSL_RevealPinArg(socket);
68
69 status = CERT_VerifyCertNow((CERTCertDBHandle *)arg, cert, checksig,
70 certUsageSSLClient, pinArg);
71
72 if (status != SECSuccess) {
73 gaim_debug_error("nss", "CERT_VerifyCertNow failed\n");
74 CERT_DestroyCertificate(cert);
75 return status;
76 }
77
78 CERT_DestroyCertificate(cert);
79 return SECSuccess;
80 #endif
81 }
82
83 static SECStatus
84 ssl_bad_cert(void *arg, PRFileDesc *socket)
85 {
86 SECStatus status = SECFailure;
87 PRErrorCode err;
88
89 if (arg == NULL)
90 return status;
91
92 *(PRErrorCode *)arg = err = PORT_GetError();
93
94 switch (err)
95 {
96 case SEC_ERROR_INVALID_AVA:
97 case SEC_ERROR_INVALID_TIME:
98 case SEC_ERROR_BAD_SIGNATURE:
99 case SEC_ERROR_EXPIRED_CERTIFICATE:
100 case SEC_ERROR_UNKNOWN_ISSUER:
101 case SEC_ERROR_UNTRUSTED_CERT:
102 case SEC_ERROR_CERT_VALID:
103 case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
104 case SEC_ERROR_CRL_EXPIRED:
105 case SEC_ERROR_CRL_BAD_SIGNATURE:
106 case SEC_ERROR_EXTENSION_VALUE_INVALID:
107 case SEC_ERROR_CA_CERT_INVALID:
108 case SEC_ERROR_CERT_USAGES_INVALID:
109 case SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION:
110 status = SECSuccess;
111 break;
112
113 default:
114 status = SECFailure;
115 break;
116 }
117
118 gaim_debug_error("nss", "Bad certificate: %d\n");
119
120 return status;
121 }
122
123 static gboolean
124 ssl_nss_init(void)
125 {
126 PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
127 NSS_NoDB_Init(NULL);
128
129 /* TODO: Fix this so autoconf does the work trying to find this lib. */
130 SECMOD_AddNewModule("Builtins",
131 #ifndef _WIN32
132 LIBDIR "/libnssckbi.so",
133 #else
134 "nssckbi.dll",
135 #endif
136 0, 0);
137 NSS_SetDomesticPolicy();
138
139 _identity = PR_GetUniqueIdentity("Gaim");
140 _nss_methods = PR_GetDefaultIOMethods();
141
142 return TRUE;
143 }
144
145 static void
146 ssl_nss_uninit(void)
147 {
148 PR_Cleanup();
149
150 _nss_methods = NULL;
151 }
152
153 static void
154 ssl_nss_connect_cb(gpointer data, gint source, GaimInputCondition cond)
155 {
156 GaimSslConnection *gsc = (GaimSslConnection *)data;
157 GaimSslNssData *nss_data = g_new0(GaimSslNssData, 1);
158 PRSocketOptionData socket_opt;
159
160 gsc->private_data = nss_data;
161
162 gsc->fd = source;
163
164 nss_data->fd = PR_ImportTCPSocket(gsc->fd);
165
166 if (nss_data->fd == NULL)
167 {
168 gaim_debug_error("nss", "nss_data->fd == NULL!\n");
169
170 gaim_ssl_close((GaimSslConnection *)gsc);
171
172 return;
173 }
174
175 socket_opt.option = PR_SockOpt_Nonblocking;
176 socket_opt.value.non_blocking = PR_FALSE;
177
178 PR_SetSocketOption(nss_data->fd, &socket_opt);
179
180 nss_data->in = SSL_ImportFD(NULL, nss_data->fd);
181
182 if (nss_data->in == NULL)
183 {
184 gaim_debug_error("nss", "nss_data->in == NUL!\n");
185
186 gaim_ssl_close((GaimSslConnection *)gsc);
187
188 return;
189 }
190
191 SSL_OptionSet(nss_data->in, SSL_SECURITY, PR_TRUE);
192 SSL_OptionSet(nss_data->in, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE);
193
194 SSL_AuthCertificateHook(nss_data->in,
195 (SSLAuthCertificate)ssl_auth_cert,
196 (void *)CERT_GetDefaultCertDB());
197 SSL_BadCertHook(nss_data->in, (SSLBadCertHandler)ssl_bad_cert, NULL);
198
199 SSL_SetURL(nss_data->in, gsc->host);
200
201 SSL_ResetHandshake(nss_data->in, PR_FALSE);
202
203 if (SSL_ForceHandshake(nss_data->in))
204 {
205 gaim_debug_error("nss", "Handshake failed\n");
206
207 gaim_ssl_close(gsc);
208
209 return;
210 }
211
212 gsc->connect_cb(gsc->connect_cb_data, gsc, cond);
213 }
214
215 static void
216 ssl_nss_close(GaimSslConnection *gsc)
217 {
218 GaimSslNssData *nss_data = GAIM_SSL_NSS_DATA(gsc);
219
220 if (nss_data->in) PR_Close(nss_data->in);
221 /* if (nss_data->fd) PR_Close(nss_data->fd); */
222
223 g_free(nss_data);
224 }
225
226 static size_t
227 ssl_nss_read(GaimSslConnection *gsc, void *data, size_t len)
228 {
229 GaimSslNssData *nss_data = GAIM_SSL_NSS_DATA(gsc);
230
231 return PR_Read(nss_data->in, data, len);
232 }
233
234 static size_t
235 ssl_nss_write(GaimSslConnection *gsc, const void *data, size_t len)
236 {
237 GaimSslNssData *nss_data = GAIM_SSL_NSS_DATA(gsc);
238
239 return PR_Write(nss_data->in, data, len);
240 }
241
242 static GaimSslOps ssl_ops =
243 {
244 ssl_nss_init,
245 ssl_nss_uninit,
246 ssl_nss_connect_cb,
247 ssl_nss_close,
248 ssl_nss_read,
249 ssl_nss_write
250 };
251
252 #endif /* HAVE_NSS */
253
254
255 static gboolean
256 plugin_load(GaimPlugin *plugin)
257 {
258 #ifdef HAVE_NSS
259 gaim_ssl_set_ops(&ssl_ops);
260
261 return TRUE;
262 #else
263 return FALSE;
264 #endif
265 }
266
267 static gboolean
268 plugin_unload(GaimPlugin *plugin)
269 {
270 return TRUE;
271 }
272
273 static GaimPluginInfo info =
274 {
275 2, /**< api_version */
276 GAIM_PLUGIN_STANDARD, /**< type */
277 NULL, /**< ui_requirement */
278 GAIM_PLUGIN_FLAG_INVISIBLE, /**< flags */
279 NULL, /**< dependencies */
280 GAIM_PRIORITY_DEFAULT, /**< priority */
281
282 SSL_GNUTLS_PLUGIN_ID, /**< id */
283 N_("NSS"), /**< name */
284 VERSION, /**< version */
285 /** summary */
286 N_("Provides SSL support through Mozilla NSS."),
287 /** description */
288 N_("Provides SSL support through Mozilla NSS."),
289 "Christian Hammond <chipx86@gnupdate.org>",
290 GAIM_WEBSITE, /**< homepage */
291
292 plugin_load, /**< load */
293 plugin_unload, /**< unload */
294 NULL, /**< destroy */
295
296 NULL, /**< ui_info */
297 NULL /**< extra_info */
298 };
299
300 static void
301 init_plugin(GaimPlugin *plugin)
302 {
303 }
304
305 GAIM_INIT_PLUGIN(ssl_nss, init_plugin, info)