pidgin.yaz: libpurple/certificate.c comparison

comparison libpurple/certificate.c @ 28070:d0654dea0575

certs: Clean up the code a little, since I made it hard to follow.

author	Paul Aurich <paul@darkrain42.org>
date	Thu, 30 Jul 2009 05:24:44 +0000
parents	99baf778e0b9
children	585684d297a3 f834ffa7490b 32956c0536b9 b131c68822ce

comparison

equal deleted inserted replaced

-:82ac0bef7d89
+:d0654dea0575
 	purple_certificate_destroy(cached_crt);
 	g_byte_array_free(peer_fpr, TRUE);
 	g_byte_array_free(cached_fpr, TRUE);
 }
+/*
+* This is called from two points in x509_tls_cached_unknown_peer below
+* once we've verified the signature chain is valid. Now we need to verify
+* the subject name of the certificate.
+*/
+static void
+x509_tls_cached_check_subject_name(PurpleCertificateVerificationRequest *vrq)
+{
+	PurpleCertificatePool *tls_peers;
+	PurpleCertificate *peer_crt;
+	GList *chain = vrq->cert_chain;
+	peer_crt = (PurpleCertificate *) chain->data;
+	/* Last, check that the hostname matches */
+	if ( ! purple_certificate_check_subject_name(peer_crt,
+						     vrq->subject_name) ) {
+		gchar *sn = purple_certificate_get_subject_name(peer_crt);
+		gchar *msg;
+		purple_debug_error("certificate/x509/tls_cached",
+				  "Name mismatch: Certificate given for %s "
+				  "has a name of %s\n",
+				  vrq->subject_name, sn);
+		/* Prompt the user to authenticate the certificate */
+		/* TODO: Provide the user with more guidance about why he is
+		   being prompted */
+		/* vrq will be completed by user_auth */
+		msg = g_strdup_printf(_("The certificate presented by \"%s\" "
+					"claims to be from \"%s\" instead.  "
+					"This could mean that you are not "
+					"connecting to the service you "
+					"believe you are."),
+				      vrq->subject_name, sn);
+		x509_tls_cached_user_auth(vrq,msg);
+		g_free(sn);
+		g_free(msg);
+		return;
+	} /* if (name mismatch) */
+	/* If we reach this point, the certificate is good. */
+	/* Look up the local cache and store it there for future use */
+	tls_peers = purple_certificate_find_pool(x509_tls_cached.scheme_name,
+						 "tls_peers");
+	if (tls_peers) {
+		if (!purple_certificate_pool_store(tls_peers,vrq->subject_name,
+						   peer_crt) ) {
+			purple_debug_error("certificate/x509/tls_cached",
+					   "FAILED to cache peer certificate\n");
+		}
+	} else {
+		purple_debug_error("certificate/x509/tls_cached",
+				   "Unable to locate tls_peers certificate "
+				   "cache.\n");
+	}
+	/* Whew! Done! */
+	purple_certificate_verify_complete(vrq, PURPLE_CERTIFICATE_VALID);
+}
 /* For when we've never communicated with this party before */
 /* TODO: Need ways to specify possibly multiple problems with a cert, or at
-least  reprioritize them. For example, maybe the signature ought to be
+least  reprioritize them.
-checked BEFORE the hostname checking?
+*/
-Stu thinks we should check the signature before the name, so we do now.
-The above TODO still stands. */
 static void
 x509_tls_cached_unknown_peer(PurpleCertificateVerificationRequest *vrq)
 {
-	PurpleCertificatePool *ca, *tls_peers;
+	PurpleCertificatePool *ca;
 	PurpleCertificate *peer_crt;
+	PurpleCertificate *ca_crt, *end_crt;
 	PurpleCertificate *failing_crt;
 	GList *chain = vrq->cert_chain;
-	gboolean chain_validated = FALSE;
+	GByteArray *last_fpr, *ca_fpr;
+	gchar *ca_id;
 	peer_crt = (PurpleCertificate *) chain->data;
 	/* TODO: Figure out a way to check for a bad signature, as opposed to
 	   "not self-signed" */
 	/* Next, attempt to verify the last certificate against a CA */
 	ca = purple_certificate_find_pool(x509_tls_cached.scheme_name, "ca");
 	/* Next, check that the certificate chain is valid */
-	if (purple_certificate_check_signature_chain_with_failing(chain,
+	if (!purple_certificate_check_signature_chain_with_failing(chain,
-	                                                          &failing_crt))
+				&failing_crt))
-		chain_validated = TRUE;
+	{
-	else {
+		gboolean chain_validated = FALSE;
 		/*
 		 * Check if the failing certificate is in the CA store. If it is, then
 		 * consider this fully validated. This works around issues with some
 		 * prominent intermediate CAs whose signature is md5WithRSAEncryption.
 		 * I'm looking at CACert Class 3 here. See #4458 for details.
 		/*
 		 * If we get here, either the cert matched the stuff right above
 		 * or it didn't, in which case we give up and complain to the user.
 		 */
-		if (!chain_validated) {
+		if (chain_validated) {
+			x509_tls_cached_check_subject_name(vrq);
+		} else {
 			/* TODO: Tell the user where the chain broke? */
 			/* TODO: This error will hopelessly confuse any
 			   non-elite user. */
 			gchar *secondary;
 			g_free(secondary);
 			/* Okay, we're done here */
 			purple_certificate_verify_complete(vrq,
 							   PURPLE_CERTIFICATE_INVALID);
-			return;
 		}
+		return;
 	} /* if (signature chain not good) */
 	/* If, for whatever reason, there is no Certificate Authority pool
 	   loaded, we will simply present it to the user for checking. */
 	if ( !ca ) {
 						"certificate cannot be "
 						"validated."));
 		return;
 	}
-	if (!chain_validated) {
+	end_crt = g_list_last(chain)->data;
-		GByteArray *last_fpr, *ca_fpr;
-		PurpleCertificate *ca_crt, *end_crt;
+	/* Attempt to look up the last certificate's issuer */
-		gchar *ca_id;
+	ca_id = purple_certificate_get_issuer_unique_id(end_crt);
+	purple_debug_info("certificate/x509/tls_cached",
-		end_crt = g_list_last(chain)->data;
+			  "Checking for a CA with DN=%s\n",
+			  ca_id);
-		/* Attempt to look up the last certificate's issuer */
+	ca_crt = purple_certificate_pool_retrieve(ca, ca_id);
-		ca_id = purple_certificate_get_issuer_unique_id(end_crt);
+	if ( NULL == ca_crt ) {
-		purple_debug_info("certificate/x509/tls_cached",
+		purple_debug_warning("certificate/x509/tls_cached",
-				  "Checking for a CA with DN=%s\n",
+				  "Certificate Authority with DN='%s' not "
+				  "found. I'll prompt the user, I guess.\n",
 				  ca_id);
-		ca_crt = purple_certificate_pool_retrieve(ca, ca_id);
-		if ( NULL == ca_crt ) {
-			purple_debug_warning("certificate/x509/tls_cached",
-					  "Certificate Authority with DN='%s' not "
-					  "found. I'll prompt the user, I guess.\n",
-					  ca_id);
-			g_free(ca_id);
-			/* vrq will be completed by user_auth */
-			x509_tls_cached_user_auth(vrq,_("The root certificate this "
-							"one claims to be issued by "
-							"is unknown to Pidgin."));
-			return;
-		}
 		g_free(ca_id);
+		/* vrq will be completed by user_auth */
-		/*
+		x509_tls_cached_user_auth(vrq,_("The root certificate this "
-		 * Check the fingerprints; if they match, then this certificate *is* one
+						"one claims to be issued by "
-		 * of the designated "trusted roots", and we don't need to verify the
+						"is unknown to Pidgin."));
-		 * signature. This is good because some of the older roots are self-signed
+		return;
-		 * with bad hash algorithms that we don't want to allow in any other
+	}
-		 * circumstances (one of Verisign's root CAs is self-signed with MD2).
-		 *
+	g_free(ca_id);
-		 * If the fingerprints don't match, we'll fall back to checking the
-		 * signature.
+	/*
-		 *
+	 * Check the fingerprints; if they match, then this certificate *is* one
-		 * GnuTLS doesn't seem to include the final root in the verification
+	 * of the designated "trusted roots", and we don't need to verify the
-		 * list, so this check will never succeed.  NSS *does* include it in
+	 * signature. This is good because some of the older roots are self-signed
-		 * the list, so here we are.
+	 * with bad hash algorithms that we don't want to allow in any other
-		 */
+	 * circumstances (one of Verisign's root CAs is self-signed with MD2).
-		last_fpr = purple_certificate_get_fingerprint_sha1(end_crt);
+	 *
-		ca_fpr   = purple_certificate_get_fingerprint_sha1(ca_crt);
+	 * If the fingerprints don't match, we'll fall back to checking the
+	 * signature.
-		if ( !byte_arrays_equal(last_fpr, ca_fpr) &&
+	 *
-				!purple_certificate_signed_by(end_crt, ca_crt) )
+	 * GnuTLS doesn't seem to include the final root in the verification
-		{
+	 * list, so this check will never succeed.  NSS *does* include it in
-			/* TODO: If signed_by ever returns a reason, maybe mention
+	 * the list, so here we are.
-			   that, too. */
+	 */
-			/* TODO: Also mention the CA involved. While I could do this
+	last_fpr = purple_certificate_get_fingerprint_sha1(end_crt);
-			   now, a full DN is a little much with which to assault the
+	ca_fpr   = purple_certificate_get_fingerprint_sha1(ca_crt);
-			   user's poor, leaky eyes. */
-			/* TODO: This error message makes my eyes cross, and I wrote it */
+	if ( !byte_arrays_equal(last_fpr, ca_fpr) &&
-			gchar * secondary =
+			!purple_certificate_signed_by(end_crt, ca_crt) )
-				g_strdup_printf(_("The certificate chain presented by "
+	{
-						  "%s does not have a valid digital "
+		/* TODO: If signed_by ever returns a reason, maybe mention
-						  "signature from the Certificate "
+		   that, too. */
-						  "Authority from which it claims to "
+		/* TODO: Also mention the CA involved. While I could do this
-						  "have a signature."),
+		   now, a full DN is a little much with which to assault the
-						vrq->subject_name);
+		   user's poor, leaky eyes. */
+		/* TODO: This error message makes my eyes cross, and I wrote it */
-			purple_notify_error(NULL, /* TODO: Probably wrong */
+		gchar * secondary =
-					    _("SSL Certificate Error"),
+			g_strdup_printf(_("The certificate chain presented by "
-					    _("Invalid certificate authority"
+					  "%s does not have a valid digital "
-					      " signature"),
+					  "signature from the Certificate "
-					    secondary);
+					  "Authority from which it claims to "
-			g_free(secondary);
+					  "have a signature."),
+					vrq->subject_name);
-			/* Signal "bad cert" */
-			purple_certificate_verify_complete(vrq,
+		purple_notify_error(NULL, /* TODO: Probably wrong */
-							   PURPLE_CERTIFICATE_INVALID);
+				    _("SSL Certificate Error"),
+				    _("Invalid certificate authority"
-			purple_certificate_destroy(ca_crt);
+				      " signature"),
-			g_byte_array_free(ca_fpr, TRUE);
+				    secondary);
-			g_byte_array_free(last_fpr, TRUE);
+		g_free(secondary);
-			return;
-		} /* if (CA signature not good) */
+		/* Signal "bad cert" */
+		purple_certificate_verify_complete(vrq,
+						   PURPLE_CERTIFICATE_INVALID);
+		purple_certificate_destroy(ca_crt);
 		g_byte_array_free(ca_fpr, TRUE);
 		g_byte_array_free(last_fpr, TRUE);
-	}
-	/* Last, check that the hostname matches */
-	if ( ! purple_certificate_check_subject_name(peer_crt,
-						     vrq->subject_name) ) {
-		gchar *sn = purple_certificate_get_subject_name(peer_crt);
-		gchar *msg;
-		purple_debug_error("certificate/x509/tls_cached",
-				  "Name mismatch: Certificate given for %s "
-				  "has a name of %s\n",
-				  vrq->subject_name, sn);
-		/* Prompt the user to authenticate the certificate */
-		/* TODO: Provide the user with more guidance about why he is
-		   being prompted */
-		/* vrq will be completed by user_auth */
-		msg = g_strdup_printf(_("The certificate presented by \"%s\" "
-					"claims to be from \"%s\" instead.  "
-					"This could mean that you are not "
-					"connecting to the service you "
-					"believe you are."),
-				      vrq->subject_name, sn);
-		x509_tls_cached_user_auth(vrq,msg);
-		g_free(sn);
-		g_free(msg);
 		return;
-	} /* if (name mismatch) */
+	} /* if (CA signature not good) */
-	/* If we reach this point, the certificate is good. */
+	g_byte_array_free(ca_fpr, TRUE);
-	/* Look up the local cache and store it there for future use */
+	g_byte_array_free(last_fpr, TRUE);
-	tls_peers = purple_certificate_find_pool(x509_tls_cached.scheme_name,
-						 "tls_peers");
+	x509_tls_cached_check_subject_name(vrq);
-	if (tls_peers) {
-		if (!purple_certificate_pool_store(tls_peers,vrq->subject_name,
-						   peer_crt) ) {
-			purple_debug_error("certificate/x509/tls_cached",
-					   "FAILED to cache peer certificate\n");
-		}
-	} else {
-		purple_debug_error("certificate/x509/tls_cached",
-				   "Unable to locate tls_peers certificate "
-				   "cache.\n");
-	}
-	/* Whew! Done! */
-	purple_certificate_verify_complete(vrq, PURPLE_CERTIFICATE_VALID);
 }
 static void
 x509_tls_cached_start_verify(PurpleCertificateVerificationRequest *vrq)
 {

Mercurial > pidgin.yaz

comparison libpurple/certificate.c @ 28070:d0654dea0575