Mercurial > pidgin.yaz

changeset 6703:36897b9e009f

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
[gaim-migrate @ 7229] Forgot the SSL wrapper code. committer: Tailor Script <tailor@pidgin.im>
author Christian Hammond <chipx86@chipx86.com>
date Tue, 02 Sep 2003 04:43:28 +0000
parents 302ee2792e91
children 471eed8124d5
files src/sslconn.c src/sslconn.h
diffstat 2 files changed, 474 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/sslconn.c	Tue Sep 02 04:43:28 2003 +0000
@@ -0,0 +1,357 @@
+/**
+ * @file sslconn.c SSL API
+ * @ingroup core
+ *
+ * gaim
+ *
+ * Copyright (C) 2003 Christian Hammond <chipx86@gnupdate.org>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+#include "internal.h"
+
+#include "debug.h"
+#include "sslconn.h"
+
+#ifdef HAVE_NSS
+# include <nspr.h>
+# include <nss.h>
+# include <pk11func.h>
+# include <prio.h>
+# include <secerr.h>
+# include <secmod.h>
+# include <ssl.h>
+# include <sslerr.h>
+# include <sslproto.h>
+
+typedef struct
+{
+	char *host;
+	int port;
+	void *user_data;
+	GaimSslInputFunction input_func;
+
+	int fd;
+	int inpa;
+
+	PRFileDesc *nss_fd;
+	PRFileDesc *nss_in;
+
+} GaimSslData;
+
+static gboolean _nss_initialized = FALSE;
+static const PRIOMethods *_nss_methods = NULL;
+static PRDescIdentity _identity;
+
+static void
+destroy_ssl_data(GaimSslData *data)
+{
+	if (data->inpa)   gaim_input_remove(data->inpa);
+	if (data->nss_in) PR_Close(data->nss_in);
+	if (data->nss_fd) PR_Close(data->nss_fd);
+	if (data->fd)     close(data->fd);
+
+	if (data->host != NULL)
+		g_free(data->host);
+
+	g_free(data);
+}
+
+static void
+init_nss(void)
+{
+	if (_nss_initialized)
+		return;
+
+	PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
+	NSS_NoDB_Init(NULL);
+
+	/* TODO: Fix this so autoconf does the work trying to find this lib. */
+	SECMOD_AddNewModule("Builtins", LIBDIR "/libnssckbi.so", 0, 0);
+	NSS_SetDomesticPolicy();
+
+	_identity = PR_GetUniqueIdentity("Gaim");
+	_nss_methods = PR_GetDefaultIOMethods();
+
+	_nss_initialized = TRUE;
+}
+
+static SECStatus
+ssl_auth_cert(void *arg, PRFileDesc *socket, PRBool checksig, PRBool is_server)
+{
+	return SECSuccess;
+
+#if 0
+	CERTCertificate *cert;
+	void *pinArg;
+	SECStatus status;
+
+	cert = SSL_PeerCertificate(socket);
+	pinArg = SSL_RevealPinArg(socket);
+
+	status = CERT_VerifyCertNow((CERTCertDBHandle *)arg, cert, checksig,
+								certUsageSSLClient, pinArg);
+
+	if (status != SECSuccess) {
+		gaim_debug(GAIM_DEBUG_ERROR, "msn", "CERT_VerifyCertNow failed\n");
+		CERT_DestroyCertificate(cert);
+		return status;
+	}
+
+	CERT_DestroyCertificate(cert);
+	return SECSuccess;
+#endif
+}
+
+SECStatus
+ssl_bad_cert(void *arg, PRFileDesc *socket)
+{
+	SECStatus status = SECFailure;
+	PRErrorCode err;
+
+	if (arg == NULL)
+		return status;
+
+	*(PRErrorCode *)arg = err = PORT_GetError();
+
+	switch (err)
+	{
+		case SEC_ERROR_INVALID_AVA:
+		case SEC_ERROR_INVALID_TIME:
+		case SEC_ERROR_BAD_SIGNATURE:
+		case SEC_ERROR_EXPIRED_CERTIFICATE:
+		case SEC_ERROR_UNKNOWN_ISSUER:
+		case SEC_ERROR_UNTRUSTED_CERT:
+		case SEC_ERROR_CERT_VALID:
+		case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
+		case SEC_ERROR_CRL_EXPIRED:
+		case SEC_ERROR_CRL_BAD_SIGNATURE:
+		case SEC_ERROR_EXTENSION_VALUE_INVALID:
+		case SEC_ERROR_CA_CERT_INVALID:
+		case SEC_ERROR_CERT_USAGES_INVALID:
+		case SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION:
+			status = SECSuccess;
+			break;
+
+		default:
+			status = SECFailure;
+			break;
+	}
+
+	gaim_debug(GAIM_DEBUG_ERROR, "msn",
+			   "Bad certificate: %d\n");
+
+	return status;
+}
+
+static void
+input_func(gpointer data, gint source, GaimInputCondition cond)
+{
+	GaimSslData *ssl_data = (GaimSslData *)data;
+	char *cp, *ip, *sp;
+	int op, kp0, kp1;
+	int result;
+
+	result = SSL_SecurityStatus(ssl_data->nss_in, &op, &cp, &kp0,
+								&kp1, &ip, &sp);
+
+	gaim_debug(GAIM_DEBUG_MISC, "msn",
+		"bulk cipher %s, %d secret key bits, %d key bits, status: %d\n"
+		"subject DN: %s\n"
+		"issuer  DN: %s\n",
+		cp, kp1, kp0, op, sp, ip);
+
+	PR_Free(cp);
+	PR_Free(ip);
+	PR_Free(sp);
+
+	ssl_data->input_func(ssl_data->user_data, (GaimSslConnection *)ssl_data,
+						 cond);
+}
+
+static void
+ssl_connect_cb(gpointer data, gint source, GaimInputCondition cond)
+{
+	PRSocketOptionData socket_opt;
+	GaimSslData *ssl_data = (GaimSslData *)data;
+
+	if (!_nss_initialized)
+		init_nss();
+
+	ssl_data->fd = source;
+
+	ssl_data->nss_fd = PR_ImportTCPSocket(ssl_data->fd);
+
+	if (ssl_data->nss_fd == NULL)
+	{
+		gaim_debug(GAIM_DEBUG_ERROR, "ssl", "nss_fd == NULL!\n");
+
+		destroy_ssl_data(ssl_data);
+
+		return;
+	}
+
+	socket_opt.option = PR_SockOpt_Nonblocking;
+	socket_opt.value.non_blocking = PR_FALSE;
+
+	PR_SetSocketOption(ssl_data->nss_fd, &socket_opt);
+
+	ssl_data->nss_in = SSL_ImportFD(NULL, ssl_data->nss_fd);
+
+	if (ssl_data->nss_in == NULL)
+	{
+		gaim_debug(GAIM_DEBUG_ERROR, "ssl", "nss_in == NUL!\n");
+
+		destroy_ssl_data(ssl_data);
+
+		return;
+	}
+
+	SSL_OptionSet(ssl_data->nss_in, SSL_SECURITY,            PR_TRUE);
+	SSL_OptionSet(ssl_data->nss_in, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE);
+
+	SSL_AuthCertificateHook(ssl_data->nss_in,
+							(SSLAuthCertificate)ssl_auth_cert,
+							(void *)CERT_GetDefaultCertDB());
+	SSL_BadCertHook(ssl_data->nss_in, (SSLBadCertHandler)ssl_bad_cert, NULL);
+
+	SSL_SetURL(ssl_data->nss_in, ssl_data->host);
+
+	SSL_ResetHandshake(ssl_data->nss_in, PR_FALSE);
+
+	if (SSL_ForceHandshake(ssl_data->nss_in))
+	{
+		gaim_debug(GAIM_DEBUG_ERROR, "ssl", "Handshake failed\n");
+
+		destroy_ssl_data(ssl_data);
+
+		return;
+	}
+
+#if 0
+	ssl_data->input_func(ssl_data->user_data, (GaimSslConnection *)ssl_data,
+						 cond);
+#endif
+
+	input_func(ssl_data, source, cond);
+}
+#endif /* HAVE_NSS */
+
+gboolean
+gaim_ssl_is_supported(void)
+{
+#ifdef HAVE_NSS
+	return TRUE;
+#else
+	return FALSE;
+#endif
+}
+
+GaimSslConnection *
+gaim_ssl_connect(GaimAccount *account, const char *host, int port,
+				 GaimSslInputFunction func, void *data)
+{
+#ifdef HAVE_NSS
+	int i;
+	GaimSslData *ssl_data;
+
+	g_return_val_if_fail(host != NULL,            NULL);
+	g_return_val_if_fail(port != 0 && port != -1, NULL);
+	g_return_val_if_fail(func != NULL,            NULL);
+	g_return_val_if_fail(gaim_ssl_is_supported(), NULL);
+
+	ssl_data = g_new0(GaimSslData, 1);
+
+	ssl_data->host       = g_strdup(host);
+	ssl_data->port       = port;
+	ssl_data->user_data  = data;
+	ssl_data->input_func = func;
+
+	i = gaim_proxy_connect(account, host, port, ssl_connect_cb, ssl_data);
+
+	if (i < 0)
+	{
+		g_free(ssl_data->host);
+		g_free(ssl_data);
+
+		return NULL;
+	}
+
+	return (GaimSslConnection)ssl_data;
+#else
+	g_return_val_if_fail(gaim_ssl_is_supported(), -1);
+#endif
+}
+
+void
+gaim_ssl_close(GaimSslConnection *gsc)
+{
+	g_return_if_fail(gsc != NULL);
+
+#ifdef HAVE_NSS
+	destroy_ssl_data((GaimSslData *)gsc);
+#endif
+}
+
+size_t
+gaim_ssl_read(GaimSslConnection *gsc, void *data, size_t len)
+{
+#ifdef HAVE_NSS
+	GaimSslData *ssl_data = (GaimSslData *)gsc;
+
+	g_return_val_if_fail(gsc  != NULL, 0);
+	g_return_val_if_fail(data != NULL, 0);
+	g_return_val_if_fail(len  >  0,    0);
+
+	return PR_Read(ssl_data->nss_in, data, len);
+#else
+	return 0;
+#endif
+}
+
+size_t
+gaim_ssl_write(GaimSslConnection *gsc, const void *data, size_t len)
+{
+#ifdef HAVE_NSS
+	GaimSslData *ssl_data = (GaimSslData *)gsc;
+
+	g_return_val_if_fail(gsc  != NULL, 0);
+	g_return_val_if_fail(data != NULL, 0);
+	g_return_val_if_fail(len  >  0,    0);
+
+	return PR_Write(ssl_data->nss_in, data, len);
+#else
+	return 0;
+#endif
+}
+
+void
+gaim_ssl_init(void)
+{
+}
+
+void
+gaim_ssl_uninit(void)
+{
+	if (!_nss_initialized)
+		return;
+
+#ifdef HAVE_NSS
+	PR_Cleanup();
+#endif
+
+	_nss_initialized = FALSE;
+	_nss_methods     = NULL;
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/sslconn.h	Tue Sep 02 04:43:28 2003 +0000
@@ -0,0 +1,117 @@
+/**
+ * @file sslconn.h SSL API
+ * @ingroup core
+ *
+ * gaim
+ *
+ * Copyright (C) 2003 Christian Hammond <chipx86@gnupdate.org>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+#ifndef _GAIM_SSL_H_
+#define _GAIM_SSL_H_
+
+#include "proxy.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define GAIM_SSL_DEFAULT_PORT 443
+
+typedef void *GaimSslConnection;
+typedef void (*GaimSslInputFunction)(gpointer, GaimSslConnection *,
+									 GaimInputCondition);
+
+/**************************************************************************/
+/** @name SSL API                                                         */
+/**************************************************************************/
+/*@{*/
+
+/**
+ * Returns whether or not SSL is currently supported.
+ *
+ * @return TRUE if SSL is supported, or FALSE otherwise.
+ */
+gboolean gaim_ssl_is_supported(void);
+
+/**
+ * Makes a SSL connection to the specified host and port.
+ *
+ * @param account The account making the connection.
+ * @param host    The destination host.
+ * @param port    The destination port.
+ * @param func    The SSL input handler function.
+ * @param data    User-defined data.
+ *
+ * @return The SSL connection handle.
+ */
+GaimSslConnection *gaim_ssl_connect(GaimAccount *account, const char *host,
+									int port, GaimSslInputFunction func,
+									void *data);
+
+/**
+ * Closes a SSL connection.
+ *
+ * @param gsc The SSL connection to close.
+ */
+void gaim_ssl_close(GaimSslConnection *gsc);
+
+/**
+ * Reads data from an SSL connection.
+ *
+ * @param gsc    The SSL connection handle.
+ * @param buffer The destination buffer.
+ * @param len    The maximum number of bytes to read.
+ *
+ * @return The number of bytes read.
+ */
+size_t gaim_ssl_read(GaimSslConnection *gsc, void *data, size_t len);
+
+/**
+ * Writes data to an SSL connection.
+ *
+ * @param gsc  The SSL connection handle.
+ * @param data The data to write.
+ * @param len  The length of the data to write.
+ *
+ * @return The number of bytes written.
+ */
+size_t gaim_ssl_write(GaimSslConnection *gsc, const void *data, size_t len);
+
+/*@}*/
+
+/**************************************************************************/
+/** @name Subsystem API                                                   */
+/**************************************************************************/
+/*@{*/
+
+/**
+ * Initializes the SSL subsystem.
+ */
+void gaim_ssl_init(void);
+
+/**
+ * Uninitializes the SSL subsystem.
+ */
+void gaim_ssl_uninit(void);
+
+/*@}*/
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _GAIM_SSL_H_ */