Mercurial > pidgin.yaz
comparison libpurple/certificate.c @ 19086:e256e0bf8ae1
- Move "certificate found in cache" out of tls_cached_start_verify into
its own function.
author | William Ehlhardt <williamehlhardt@gmail.com> |
---|---|
date | Fri, 10 Aug 2007 04:21:44 +0000 |
parents | 1bd9557f866e |
children | f5802217844d |
comparison
equal
deleted
inserted
replaced
19085:1bd9557f866e | 19086:e256e0bf8ae1 |
---|---|
839 /* Okay, we're done here */ | 839 /* Okay, we're done here */ |
840 purple_certificate_verify_destroy(vrq); | 840 purple_certificate_verify_destroy(vrq); |
841 return; | 841 return; |
842 } | 842 } |
843 | 843 |
844 static void | |
845 x509_tls_cached_cert_in_cache(PurpleCertificateVerificationRequest *vrq) | |
846 { | |
847 /* TODO: Looking this up by name over and over is expensive. | |
848 Fix, please! */ | |
849 PurpleCertificatePool *tls_peers = | |
850 purple_certificate_find_pool(x509_tls_cached.scheme_name, | |
851 "tls_peers"); | |
852 | |
853 /* The peer's certificate should be the first in the list */ | |
854 PurpleCertificate *peer_crt = | |
855 (PurpleCertificate *) vrq->cert_chain->data; | |
856 | |
857 PurpleCertificate *cached_crt; | |
858 GByteArray *peer_fpr, *cached_fpr; | |
859 | |
860 /* Load up the cached certificate */ | |
861 cached_crt = purple_certificate_pool_retrieve( | |
862 tls_peers, vrq->subject_name); | |
863 g_assert(cached_crt); | |
864 | |
865 /* Now get SHA1 sums for both and compare them */ | |
866 /* TODO: This is not an elegant way to compare certs */ | |
867 peer_fpr = purple_certificate_get_fingerprint_sha1(peer_crt); | |
868 cached_fpr = purple_certificate_get_fingerprint_sha1(cached_crt); | |
869 if (!memcmp(peer_fpr->data, cached_fpr->data, peer_fpr->len)) { | |
870 purple_debug_info("certificate/x509/tls_cached", | |
871 "Peer cert matched cached\n"); | |
872 (vrq->cb)(PURPLE_CERTIFICATE_VALID, vrq->cb_data); | |
873 | |
874 /* vrq is now finished */ | |
875 purple_certificate_verify_destroy(vrq); | |
876 } else { | |
877 purple_debug_info("certificate/x509/tls_cached", | |
878 "Peer cert did NOT match cached\n"); | |
879 /* vrq now becomes the problem of cert_changed */ | |
880 x509_tls_cached_peer_cert_changed(vrq); | |
881 } | |
882 | |
883 purple_certificate_destroy(cached_crt); | |
884 g_byte_array_free(peer_fpr, TRUE); | |
885 g_byte_array_free(cached_fpr, TRUE); | |
886 } | |
887 | |
844 /* For when we've never communicated with this party before */ | 888 /* For when we've never communicated with this party before */ |
845 static void | 889 static void |
846 x509_tls_cached_unknown_peer(PurpleCertificateVerificationRequest *vrq) | 890 x509_tls_cached_unknown_peer(PurpleCertificateVerificationRequest *vrq) |
847 { | 891 { |
848 /* For now, just toss it to the user */ | 892 /* For now, just toss it to the user */ |
850 } | 894 } |
851 | 895 |
852 static void | 896 static void |
853 x509_tls_cached_start_verify(PurpleCertificateVerificationRequest *vrq) | 897 x509_tls_cached_start_verify(PurpleCertificateVerificationRequest *vrq) |
854 { | 898 { |
855 PurpleCertificate *peer_crt = (PurpleCertificate *) vrq->cert_chain->data; | |
856 const gchar *tls_peers_name = "tls_peers"; /* Name of local cache */ | 899 const gchar *tls_peers_name = "tls_peers"; /* Name of local cache */ |
857 PurpleCertificatePool *tls_peers; | 900 PurpleCertificatePool *tls_peers; |
858 | 901 |
859 g_return_if_fail(vrq); | 902 g_return_if_fail(vrq); |
860 | 903 |
877 | 920 |
878 /* Check if the peer has a certificate cached already */ | 921 /* Check if the peer has a certificate cached already */ |
879 purple_debug_info("certificate/x509/tls_cached", | 922 purple_debug_info("certificate/x509/tls_cached", |
880 "Checking for cached cert...\n"); | 923 "Checking for cached cert...\n"); |
881 if (purple_certificate_pool_contains(tls_peers, vrq->subject_name)) { | 924 if (purple_certificate_pool_contains(tls_peers, vrq->subject_name)) { |
882 PurpleCertificate *cached_crt; | |
883 GByteArray *peer_fpr, *cached_fpr; | |
884 | |
885 purple_debug_info("certificate/x509/tls_cached", | 925 purple_debug_info("certificate/x509/tls_cached", |
886 "...Found cached cert\n"); | 926 "...Found cached cert\n"); |
887 | 927 /* vrq is now the responsibility of cert_in_cache */ |
888 /* Load up the cached certificate */ | 928 x509_tls_cached_cert_in_cache(vrq); |
889 cached_crt = purple_certificate_pool_retrieve( | 929 } else { |
890 tls_peers, vrq->subject_name); | |
891 | |
892 /* Now get SHA1 sums for both and compare them */ | |
893 /* TODO: This is not an elegant way to compare certs */ | |
894 peer_fpr = purple_certificate_get_fingerprint_sha1(peer_crt); | |
895 cached_fpr = purple_certificate_get_fingerprint_sha1(cached_crt); | |
896 if (!memcmp(peer_fpr->data, cached_fpr->data, peer_fpr->len)) { | |
897 purple_debug_info("certificate/x509/tls_cached", | |
898 "Peer cert matched cached\n"); | |
899 (vrq->cb)(PURPLE_CERTIFICATE_VALID, vrq->cb_data); | |
900 | |
901 /* vrq is now finished */ | |
902 purple_certificate_verify_destroy(vrq); | |
903 } else { | |
904 purple_debug_info("certificate/x509/tls_cached", | |
905 "Peer cert did NOT match cached\n"); | |
906 /* vrq now becomes the problem of cert_changed */ | |
907 x509_tls_cached_peer_cert_changed(vrq); | |
908 } | |
909 | |
910 purple_certificate_destroy(cached_crt); | |
911 g_byte_array_free(peer_fpr, TRUE); | |
912 g_byte_array_free(cached_fpr, TRUE); | |
913 } else { /*** Cached certificate was NOT found ***/ | |
914 /* TODO: Prompt the user, etc. */ | 930 /* TODO: Prompt the user, etc. */ |
915 purple_debug_info("certificate/x509/tls_cached", | 931 purple_debug_info("certificate/x509/tls_cached", |
916 "...Not in cache\n"); | 932 "...Not in cache\n"); |
917 /* vrq now becomes the problem of unknown_peer */ | 933 /* vrq now becomes the problem of unknown_peer */ |
918 x509_tls_cached_unknown_peer(vrq); | 934 x509_tls_cached_unknown_peer(vrq); |