Mercurial > pidgin.yaz

comparison libpurple/certificate.c @ 19086:e256e0bf8ae1

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
- Move "certificate found in cache" out of tls_cached_start_verify into its own function.
author William Ehlhardt <williamehlhardt@gmail.com>
date Fri, 10 Aug 2007 04:21:44 +0000
parents 1bd9557f866e
children f5802217844d
comparison
equal deleted inserted replaced
19085:1bd9557f866e 19086:e256e0bf8ae1
839 /* Okay, we're done here */ 839 /* Okay, we're done here */
840 purple_certificate_verify_destroy(vrq); 840 purple_certificate_verify_destroy(vrq);
841 return; 841 return;
842 } 842 }
843 843
844 static void
845 x509_tls_cached_cert_in_cache(PurpleCertificateVerificationRequest *vrq)
846 {
847 /* TODO: Looking this up by name over and over is expensive.
848 Fix, please! */
849 PurpleCertificatePool *tls_peers =
850 purple_certificate_find_pool(x509_tls_cached.scheme_name,
851 "tls_peers");
852
853 /* The peer's certificate should be the first in the list */
854 PurpleCertificate *peer_crt =
855 (PurpleCertificate *) vrq->cert_chain->data;
856
857 PurpleCertificate *cached_crt;
858 GByteArray *peer_fpr, *cached_fpr;
859
860 /* Load up the cached certificate */
861 cached_crt = purple_certificate_pool_retrieve(
862 tls_peers, vrq->subject_name);
863 g_assert(cached_crt);
864
865 /* Now get SHA1 sums for both and compare them */
866 /* TODO: This is not an elegant way to compare certs */
867 peer_fpr = purple_certificate_get_fingerprint_sha1(peer_crt);
868 cached_fpr = purple_certificate_get_fingerprint_sha1(cached_crt);
869 if (!memcmp(peer_fpr->data, cached_fpr->data, peer_fpr->len)) {
870 purple_debug_info("certificate/x509/tls_cached",
871 "Peer cert matched cached\n");
872 (vrq->cb)(PURPLE_CERTIFICATE_VALID, vrq->cb_data);
873
874 /* vrq is now finished */
875 purple_certificate_verify_destroy(vrq);
876 } else {
877 purple_debug_info("certificate/x509/tls_cached",
878 "Peer cert did NOT match cached\n");
879 /* vrq now becomes the problem of cert_changed */
880 x509_tls_cached_peer_cert_changed(vrq);
881 }
882
883 purple_certificate_destroy(cached_crt);
884 g_byte_array_free(peer_fpr, TRUE);
885 g_byte_array_free(cached_fpr, TRUE);
886 }
887
844 /* For when we've never communicated with this party before */ 888 /* For when we've never communicated with this party before */
845 static void 889 static void
846 x509_tls_cached_unknown_peer(PurpleCertificateVerificationRequest *vrq) 890 x509_tls_cached_unknown_peer(PurpleCertificateVerificationRequest *vrq)
847 { 891 {
848 /* For now, just toss it to the user */ 892 /* For now, just toss it to the user */
850 } 894 }
851 895
852 static void 896 static void
853 x509_tls_cached_start_verify(PurpleCertificateVerificationRequest *vrq) 897 x509_tls_cached_start_verify(PurpleCertificateVerificationRequest *vrq)
854 { 898 {
855 PurpleCertificate *peer_crt = (PurpleCertificate *) vrq->cert_chain->data;
856 const gchar *tls_peers_name = "tls_peers"; /* Name of local cache */ 899 const gchar *tls_peers_name = "tls_peers"; /* Name of local cache */
857 PurpleCertificatePool *tls_peers; 900 PurpleCertificatePool *tls_peers;
858 901
859 g_return_if_fail(vrq); 902 g_return_if_fail(vrq);
860 903
877 920
878 /* Check if the peer has a certificate cached already */ 921 /* Check if the peer has a certificate cached already */
879 purple_debug_info("certificate/x509/tls_cached", 922 purple_debug_info("certificate/x509/tls_cached",
880 "Checking for cached cert...\n"); 923 "Checking for cached cert...\n");
881 if (purple_certificate_pool_contains(tls_peers, vrq->subject_name)) { 924 if (purple_certificate_pool_contains(tls_peers, vrq->subject_name)) {
882 PurpleCertificate *cached_crt;
883 GByteArray *peer_fpr, *cached_fpr;
884
885 purple_debug_info("certificate/x509/tls_cached", 925 purple_debug_info("certificate/x509/tls_cached",
886 "...Found cached cert\n"); 926 "...Found cached cert\n");
887 927 /* vrq is now the responsibility of cert_in_cache */
888 /* Load up the cached certificate */ 928 x509_tls_cached_cert_in_cache(vrq);
889 cached_crt = purple_certificate_pool_retrieve( 929 } else {
890 tls_peers, vrq->subject_name);
891
892 /* Now get SHA1 sums for both and compare them */
893 /* TODO: This is not an elegant way to compare certs */
894 peer_fpr = purple_certificate_get_fingerprint_sha1(peer_crt);
895 cached_fpr = purple_certificate_get_fingerprint_sha1(cached_crt);
896 if (!memcmp(peer_fpr->data, cached_fpr->data, peer_fpr->len)) {
897 purple_debug_info("certificate/x509/tls_cached",
898 "Peer cert matched cached\n");
899 (vrq->cb)(PURPLE_CERTIFICATE_VALID, vrq->cb_data);
900
901 /* vrq is now finished */
902 purple_certificate_verify_destroy(vrq);
903 } else {
904 purple_debug_info("certificate/x509/tls_cached",
905 "Peer cert did NOT match cached\n");
906 /* vrq now becomes the problem of cert_changed */
907 x509_tls_cached_peer_cert_changed(vrq);
908 }
909
910 purple_certificate_destroy(cached_crt);
911 g_byte_array_free(peer_fpr, TRUE);
912 g_byte_array_free(cached_fpr, TRUE);
913 } else { /*** Cached certificate was NOT found ***/
914 /* TODO: Prompt the user, etc. */ 930 /* TODO: Prompt the user, etc. */
915 purple_debug_info("certificate/x509/tls_cached", 931 purple_debug_info("certificate/x509/tls_cached",
916 "...Not in cache\n"); 932 "...Not in cache\n");
917 /* vrq now becomes the problem of unknown_peer */ 933 /* vrq now becomes the problem of unknown_peer */
918 x509_tls_cached_unknown_peer(vrq); 934 x509_tls_cached_unknown_peer(vrq);