changeset 17509:deb00aacc93c

merge of '03ea20ce538dad585a5a2d40778f242a1fd85a4b' and '04e67ab53da79e8268e027ed9b4423c64c6b86ee'
author William Ehlhardt <williamehlhardt@gmail.com>
date Thu, 31 May 2007 00:40:46 +0000
parents 393cf111f366 (current diff) 3ce170204ef0 (diff)
children f7bf776d628a
files libpurple/plugins/ssl/ssl-gnutls.c
diffstat 2 files changed, 9 insertions(+), 178 deletions(-) [+]
line wrap: on
line diff
--- a/libpurple/plugins/ssl/ssl-gnutls.c	Thu May 31 00:40:36 2007 +0000
+++ b/libpurple/plugins/ssl/ssl-gnutls.c	Thu May 31 00:40:46 2007 +0000
@@ -22,7 +22,6 @@
 #include "internal.h"
 #include "debug.h"
 #include "plugin.h"
-#include "request.h"
 #include "sslconn.h"
 #include "version.h"
 #include "util.h"
@@ -50,8 +49,8 @@
 	gnutls_global_init();
 
 	gnutls_certificate_allocate_credentials(&xcred);
-	/*gnutls_certificate_set_x509_trust_file(xcred, "ca.pem",
-	  GNUTLS_X509_FMT_PEM);*/
+	gnutls_certificate_set_x509_trust_file(xcred, "ca.pem",
+		GNUTLS_X509_FMT_PEM);
 }
 
 static gboolean
@@ -68,163 +67,6 @@
 	gnutls_certificate_free_credentials(xcred);
 }
 
-/** Callback from the dialog in ssl_gnutls_authcheck_ask */
-static void ssl_gnutls_authcheck_cb(PurpleSslConnection * gsc, gint choice)
-{
-  if (NULL == gsc)
-    {
-      purple_debug_error("gnutls","Inappropriate NULL argument at %s:%d\n",
-			 __FILE__, (int) __LINE__);
-      return;
-    }
-
-  switch(choice)
-    {
-    case 1: /* "Accept" */
-      /* TODO: Shoud PURPLE_INPUT_READ be hardcoded? */
-      gsc->connect_cb(gsc->connect_cb_data, gsc, PURPLE_INPUT_READ);
-      break;
-
-    default: /* "Cancel" or otherwise...? */
-      purple_debug_info("gnutls",
-			"User rejected certificate from %s\n",
-			gsc->host);
-      if(gsc->error_cb != NULL)
-	gsc->error_cb(gsc, PURPLE_SSL_PEER_AUTH_FAILED,
-		      gsc->connect_cb_data);
-      purple_ssl_close(gsc);
-    }
-}
-
-/** Pop up a dialog asking for verification of the given certificate */
-static void ssl_gnutls_authcheck_ask(PurpleSslConnection * gsc)
-{
-  PurpleSslGnutlsData *gnutls_data = PURPLE_SSL_GNUTLS_DATA(gsc);
-
-  const gnutls_datum_t *cert_list;
-  unsigned int cert_list_size = 0;
-  gnutls_session_t session=gnutls_data->session;
-  
-  cert_list =
-    gnutls_certificate_get_peers(session, &cert_list_size);
-
-  if (0 == cert_list_size || NULL == cert_list)
-    {
-      /* Peer provided no certificates at all.
-	 TODO: We should write a witty message here.
-      */
-      gchar * primary = g_strdup_printf
-	(
-	 _("Peer %s provided no certificates.\n Connect anyway?"),
-	 gsc->host
-	 );
-
-      purple_request_accept_cancel
-	(gsc,
-	 _("SSL Authorization Request"),
-	 primary,
-	 _("The server you are connecting to presented no certificates identifying itself. You have no assurance that you are not connecting to an imposter. Connect anyway?"),
-	 2, /* Default action is "Cancel" */
-	 NULL, NULL, /* There is no way to extract account data from
-			a connection handle, it seems. */
-	 NULL,       /* Same goes for the conversation data */
-	 gsc,        /* Pass connection ptr to callback */
-	 ssl_gnutls_authcheck_cb, /* Accept */
-	 ssl_gnutls_authcheck_cb  /* Cancel */
-	 );
-      g_free(primary);
-    }
-  else
-    {
-      /* Grab the first certificate and display some data about it */
-      gchar fpr_bin[256];     /* Raw binary key fingerprint */
-      gsize fpr_bin_sz = sizeof(fpr_bin); /* Size of above (used later) */
-      gchar * fpr_asc = NULL; /* ASCII representation of key fingerprint */
-      gchar ser_bin[256];     /* Certificate Serial Number field */
-      gsize ser_bin_sz = sizeof(ser_bin);
-      gchar * ser_asc = NULL;
-      gchar dn[1024];          /* Certificate Name field */
-      gsize dn_sz = sizeof(dn);
-      /* TODO: Analyze certificate time/date stuff */
-      gboolean CERT_OK = TRUE; /* Is the certificate "good"? */
-
-      gnutls_x509_crt_t cert; /* Certificate data itself */
-
-      /* Suck the certificate data into the structure */
-      gnutls_x509_crt_init(&cert);
-      gnutls_x509_crt_import (cert, &cert_list[0],
-			      GNUTLS_X509_FMT_DER);
-
-      /* Read key fingerprint */
-      gnutls_x509_crt_get_fingerprint(cert, GNUTLS_MAC_SHA,
-				      fpr_bin, &fpr_bin_sz);
-      fpr_asc = purple_base16_encode_chunked(fpr_bin,fpr_bin_sz);
-
-      /* Read serial number */
-      gnutls_x509_crt_get_serial(cert, ser_bin, &ser_bin_sz);
-      ser_asc = purple_base16_encode_chunked(ser_bin,ser_bin_sz);
-
-      /* Read the certificate DN field */
-      gnutls_x509_crt_get_dn(cert, dn, &dn_sz);
-
-      /* TODO: Certificate checking here */
-
-
-      /* Build the dialog */
-      {
-	gchar * primary = NULL;
-	gchar * secondary = NULL;
-
-	if ( CERT_OK == TRUE )
-	  {
-	    primary = g_strdup_printf
-	      (
-	       _("Certificate from %s is valid. Accept?"),
-	       gsc->host
-	       );
-	  }
-	else
-	  {
-	    primary = g_strdup_printf
-	      (
-	       _("Certificate from %s not valid! Accept anyway?"),
-	       gsc->host
-	       );
-	  }
-
-	secondary = g_strdup_printf
-	  (
-	   _("Certificate name: %s\nKey fingerprint (SHA1):%s\nSerial Number:%s\nTODO: Expiration dates, etc.\n"),
-	   dn, fpr_asc, ser_asc
-	   );
-
-	purple_request_accept_cancel
-	  (gsc,
-	   _("SSL Authorization Request"),
-	   primary,
-	   secondary,
-	   (CERT_OK == TRUE ? 1:2), /* Default action depends on certificate
-				       status. */
-	   NULL, NULL, /* There is no way to extract account data from
-			  a connection handle, it seems. */
-	   NULL,       /* Same goes for the conversation data */
-	   gsc,        /* Pass connection ptr to callback */
-	   ssl_gnutls_authcheck_cb, /* Accept */
-	   ssl_gnutls_authcheck_cb  /* Cancel */
-	 );
-
-	g_free(primary);
-	g_free(secondary);
-      }
-
-
-      /* Cleanup! */
-      g_free(fpr_asc);
-      g_free(ser_asc);
-
-      gnutls_x509_crt_deinit(cert);
-    }
-}
 
 static void ssl_gnutls_handshake_cb(gpointer data, gint source,
 		PurpleInputCondition cond)
@@ -254,7 +96,6 @@
 	} else {
 		purple_debug_info("gnutls", "Handshake complete\n");
 
-		/* Spit some key info to debug */
 		{
 		  const gnutls_datum_t *cert_list;
 		  unsigned int cert_list_size = 0;
@@ -292,12 +133,12 @@
 					i, fpr_asc);
 		      
 		      tsz=sizeof(tbuf);
-		      int ret = gnutls_x509_crt_get_serial(cert,tbuf,&tsz);
+		      gnutls_x509_crt_get_serial(cert,tbuf,&tsz);
 		      tasc=
 			purple_base16_encode_chunked(tbuf, tsz);
 		      purple_debug_info("gnutls",
-					"Serial: %s(%d bytes, ret=%d)\n",
-					tasc, tsz, ret);
+					"Serial: %s\n",
+					tasc);
 		      g_free(tasc);
 
 		      tsz=sizeof(tbuf);
@@ -311,21 +152,12 @@
 					"Cert Issuer DN: %s\n",
 					tbuf);
 
-		      tsz=sizeof(tbuf);
-		      gnutls_x509_crt_get_key_id(cert,0, tbuf, &tsz);
-		      tasc = purple_base16_encode_chunked(tbuf, tsz);
-		      purple_debug_info("gnutls",
-					"Key ID: %s\n",
-					tasc);
-		      g_free(tasc);
-
 		      g_free(fpr_asc); fpr_asc = NULL;
 		      gnutls_x509_crt_deinit(cert);
-		    } /* for */
+		    }
 		  
-		} /* End keydata spitting */
-
-		/* Ask for cert verification */
+		}
+		gsc->connect_cb(gsc->connect_cb_data, gsc, cond);
 	}
 
 }
--- a/libpurple/sslconn.h	Thu May 31 00:40:36 2007 +0000
+++ b/libpurple/sslconn.h	Thu May 31 00:40:46 2007 +0000
@@ -32,8 +32,7 @@
 typedef enum
 {
 	PURPLE_SSL_HANDSHAKE_FAILED = 1,
-	PURPLE_SSL_CONNECT_FAILED = 2,
-	PURPLE_SSL_PEER_AUTH_FAILED = 3
+	PURPLE_SSL_CONNECT_FAILED = 2
 } PurpleSslErrorType;
 
 typedef struct _PurpleSslConnection PurpleSslConnection;