Mercurial > pidgin
annotate libpurple/plugins/ssl/ssl-gnutls.c @ 30959:43af903bd816
NSS will not return invalid or irrelevant intermediate certificates
that the server presented as part of the certificate chain. GnuTLS,
however, will return them, which breaks our certificate validation
when the server is mis-configured.
This fixes our GnuTLS SSL plugin to discard any certificate (and
subsequent certs) in the chain if it did not sign the previous
certificate. This allows GnuTLS users to connect to
omega.contacts.msn.com while it is still misconfigured.
author | Stu Tomlinson <stu@nosnilmot.com> |
---|---|
date | Tue, 23 Nov 2010 01:50:30 +0000 |
parents | df9de37e0274 |
children | fb0c5aa0fe55 |
rev | line source |
---|---|
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1 /** |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
2 * @file ssl-gnutls.c GNUTLS SSL plugin. |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
3 * |
15822 | 4 * purple |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
5 * |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
6 * Copyright (C) 2003 Christian Hammond <chipx86@gnupdate.org> |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
7 * |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
8 * This program is free software; you can redistribute it and/or modify |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
9 * it under the terms of the GNU General Public License as published by |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
10 * the Free Software Foundation; either version 2 of the License, or |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
11 * (at your option) any later version. |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
12 * |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
13 * This program is distributed in the hope that it will be useful, |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
16 * GNU General Public License for more details. |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
17 * |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
18 * You should have received a copy of the GNU General Public License |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
19 * along with this program; if not, write to the Free Software |
19681
44b4e8bd759b
The FSF changed its address a while ago; our files were out of date.
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
19649
diff
changeset
|
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
21 */ |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
22 #include "internal.h" |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
23 #include "debug.h" |
17913
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
24 #include "certificate.h" |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
25 #include "plugin.h" |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
26 #include "sslconn.h" |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
27 #include "version.h" |
17766
fe571cfcf225
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17252
diff
changeset
|
28 #include "util.h" |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
29 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
30 #define SSL_GNUTLS_PLUGIN_ID "ssl-gnutls" |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
31 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
32 #include <gnutls/gnutls.h> |
17766
fe571cfcf225
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17252
diff
changeset
|
33 #include <gnutls/x509.h> |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
34 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
35 typedef struct |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
36 { |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
37 gnutls_session session; |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
38 guint handshake_handler; |
29659
df9de37e0274
gnutls/nss: Don't call the handshake functions synchronously. Fixes #11525
Paul Aurich <paul@darkrain42.org>
parents:
29657
diff
changeset
|
39 guint handshake_timer; |
15822 | 40 } PurpleSslGnutlsData; |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
41 |
15822 | 42 #define PURPLE_SSL_GNUTLS_DATA(gsc) ((PurpleSslGnutlsData *)gsc->private_data) |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
43 |
29656
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
44 static gnutls_certificate_client_credentials xcred = NULL; |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
45 |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
46 #ifdef HAVE_GNUTLS_PRIORITY_FUNCS |
29657
1b8ed243d6d1
gnutls: Use gnutls_priority_init for the default priority.
Paul Aurich <paul@darkrain42.org>
parents:
29656
diff
changeset
|
47 /* Priority strings. The default one is, well, the default (and is always |
1b8ed243d6d1
gnutls: Use gnutls_priority_init for the default priority.
Paul Aurich <paul@darkrain42.org>
parents:
29656
diff
changeset
|
48 * set). The hash table is of the form hostname => priority (both |
1b8ed243d6d1
gnutls: Use gnutls_priority_init for the default priority.
Paul Aurich <paul@darkrain42.org>
parents:
29656
diff
changeset
|
49 * char *). |
1b8ed243d6d1
gnutls: Use gnutls_priority_init for the default priority.
Paul Aurich <paul@darkrain42.org>
parents:
29656
diff
changeset
|
50 * |
1b8ed243d6d1
gnutls: Use gnutls_priority_init for the default priority.
Paul Aurich <paul@darkrain42.org>
parents:
29656
diff
changeset
|
51 * We only use a gnutls_priority_t for the default on the assumption that |
1b8ed243d6d1
gnutls: Use gnutls_priority_init for the default priority.
Paul Aurich <paul@darkrain42.org>
parents:
29656
diff
changeset
|
52 * that's the more common case. Improvement patches (like matching on |
1b8ed243d6d1
gnutls: Use gnutls_priority_init for the default priority.
Paul Aurich <paul@darkrain42.org>
parents:
29656
diff
changeset
|
53 * subdomains) welcome. |
29656
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
54 */ |
29657
1b8ed243d6d1
gnutls: Use gnutls_priority_init for the default priority.
Paul Aurich <paul@darkrain42.org>
parents:
29656
diff
changeset
|
55 static gnutls_priority_t default_priority = NULL; |
29656
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
56 static GHashTable *host_priorities = NULL; |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
57 #endif |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
58 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
59 static void |
27183
e997e1e9b4f1
Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar.
Paul Aurich <paul@darkrain42.org>
parents:
27113
diff
changeset
|
60 ssl_gnutls_log(int level, const char *str) |
e997e1e9b4f1
Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar.
Paul Aurich <paul@darkrain42.org>
parents:
27113
diff
changeset
|
61 { |
e997e1e9b4f1
Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar.
Paul Aurich <paul@darkrain42.org>
parents:
27113
diff
changeset
|
62 /* GnuTLS log messages include the '\n' */ |
e997e1e9b4f1
Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar.
Paul Aurich <paul@darkrain42.org>
parents:
27113
diff
changeset
|
63 purple_debug_misc("gnutls", "lvl %d: %s", level, str); |
e997e1e9b4f1
Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar.
Paul Aurich <paul@darkrain42.org>
parents:
27113
diff
changeset
|
64 } |
e997e1e9b4f1
Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar.
Paul Aurich <paul@darkrain42.org>
parents:
27113
diff
changeset
|
65 |
e997e1e9b4f1
Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar.
Paul Aurich <paul@darkrain42.org>
parents:
27113
diff
changeset
|
66 static void |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
67 ssl_gnutls_init_gnutls(void) |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
68 { |
27183
e997e1e9b4f1
Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar.
Paul Aurich <paul@darkrain42.org>
parents:
27113
diff
changeset
|
69 const char *debug_level; |
29656
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
70 const char *host_priorities_str; |
27183
e997e1e9b4f1
Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar.
Paul Aurich <paul@darkrain42.org>
parents:
27113
diff
changeset
|
71 |
17911
91feef6cbede
- GnuTLS uses glib memory mgmt
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17793
diff
changeset
|
72 /* Configure GnuTLS to use glib memory management */ |
91feef6cbede
- GnuTLS uses glib memory mgmt
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17793
diff
changeset
|
73 /* I expect that this isn't really necessary, but it may prevent |
91feef6cbede
- GnuTLS uses glib memory mgmt
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17793
diff
changeset
|
74 some bugs */ |
17913
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
75 /* TODO: It may be necessary to wrap this allocators for GnuTLS. |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
76 If there are strange bugs, perhaps look here (yes, I am a |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
77 hypocrite) */ |
17911
91feef6cbede
- GnuTLS uses glib memory mgmt
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17793
diff
changeset
|
78 gnutls_global_set_mem_functions( |
23276
b87ce62751a2
I can't think of any reason we would need to use the zero versions of
Mark Doliner <mark@kingant.net>
parents:
21678
diff
changeset
|
79 (gnutls_alloc_function) g_malloc, /* malloc */ |
b87ce62751a2
I can't think of any reason we would need to use the zero versions of
Mark Doliner <mark@kingant.net>
parents:
21678
diff
changeset
|
80 (gnutls_alloc_function) g_malloc, /* secure malloc */ |
17911
91feef6cbede
- GnuTLS uses glib memory mgmt
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17793
diff
changeset
|
81 NULL, /* mem_is_secure */ |
17913
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
82 (gnutls_realloc_function) g_realloc, /* realloc */ |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
83 (gnutls_free_function) g_free /* free */ |
17911
91feef6cbede
- GnuTLS uses glib memory mgmt
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17793
diff
changeset
|
84 ); |
19550
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
85 |
27183
e997e1e9b4f1
Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar.
Paul Aurich <paul@darkrain42.org>
parents:
27113
diff
changeset
|
86 debug_level = g_getenv("PURPLE_GNUTLS_DEBUG"); |
e997e1e9b4f1
Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar.
Paul Aurich <paul@darkrain42.org>
parents:
27113
diff
changeset
|
87 if (debug_level) { |
e997e1e9b4f1
Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar.
Paul Aurich <paul@darkrain42.org>
parents:
27113
diff
changeset
|
88 int level = atoi(debug_level); |
e997e1e9b4f1
Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar.
Paul Aurich <paul@darkrain42.org>
parents:
27113
diff
changeset
|
89 if (level < 0) { |
e997e1e9b4f1
Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar.
Paul Aurich <paul@darkrain42.org>
parents:
27113
diff
changeset
|
90 purple_debug_warning("gnutls", "Assuming log level 0 instead of %d\n", |
e997e1e9b4f1
Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar.
Paul Aurich <paul@darkrain42.org>
parents:
27113
diff
changeset
|
91 level); |
e997e1e9b4f1
Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar.
Paul Aurich <paul@darkrain42.org>
parents:
27113
diff
changeset
|
92 level = 0; |
e997e1e9b4f1
Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar.
Paul Aurich <paul@darkrain42.org>
parents:
27113
diff
changeset
|
93 } |
e997e1e9b4f1
Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar.
Paul Aurich <paul@darkrain42.org>
parents:
27113
diff
changeset
|
94 |
e997e1e9b4f1
Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar.
Paul Aurich <paul@darkrain42.org>
parents:
27113
diff
changeset
|
95 /* "The level is an integer between 0 and 9. Higher values mean more verbosity." */ |
e997e1e9b4f1
Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar.
Paul Aurich <paul@darkrain42.org>
parents:
27113
diff
changeset
|
96 gnutls_global_set_log_level(level); |
e997e1e9b4f1
Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar.
Paul Aurich <paul@darkrain42.org>
parents:
27113
diff
changeset
|
97 gnutls_global_set_log_function(ssl_gnutls_log); |
e997e1e9b4f1
Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar.
Paul Aurich <paul@darkrain42.org>
parents:
27113
diff
changeset
|
98 } |
e997e1e9b4f1
Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar.
Paul Aurich <paul@darkrain42.org>
parents:
27113
diff
changeset
|
99 |
29656
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
100 /* Expected format: host=priority;host2=priority;*=priority |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
101 * where "*" is used to override the default priority string for |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
102 * libpurple. |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
103 */ |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
104 host_priorities_str = g_getenv("PURPLE_GNUTLS_PRIORITIES"); |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
105 if (host_priorities_str) { |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
106 #ifndef HAVE_GNUTLS_PRIORITY_FUNCS |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
107 purple_debug_warning("gnutls", "Warning, PURPLE_GNUTLS_PRIORITIES " |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
108 "environment variable set, but we were built " |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
109 "against an older GnuTLS that doesn't support " |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
110 "this. :-("); |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
111 #else /* HAVE_GNUTLS_PRIORITY_FUNCS */ |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
112 char **entries = g_strsplit(host_priorities_str, ";", -1); |
29657
1b8ed243d6d1
gnutls: Use gnutls_priority_init for the default priority.
Paul Aurich <paul@darkrain42.org>
parents:
29656
diff
changeset
|
113 char *default_priority_str = NULL; |
29656
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
114 guint i; |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
115 |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
116 host_priorities = g_hash_table_new_full(g_str_hash, g_str_equal, |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
117 g_free, g_free); |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
118 |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
119 for (i = 0; entries[i]; ++i) { |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
120 char *host = entries[i]; |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
121 char *equals = strchr(host, '='); |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
122 char *prio_str; |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
123 |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
124 if (equals) { |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
125 *equals = '\0'; |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
126 prio_str = equals + 1; |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
127 |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
128 /* Empty? */ |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
129 if (*prio_str == '\0') { |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
130 purple_debug_warning("gnutls", "Ignoring empty priority " |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
131 "string for %s\n", host); |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
132 } else { |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
133 /* TODO: Validate each of these and complain */ |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
134 if (g_str_equal(host, "*")) { |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
135 /* Override the default priority */ |
29657
1b8ed243d6d1
gnutls: Use gnutls_priority_init for the default priority.
Paul Aurich <paul@darkrain42.org>
parents:
29656
diff
changeset
|
136 g_free(default_priority_str); |
1b8ed243d6d1
gnutls: Use gnutls_priority_init for the default priority.
Paul Aurich <paul@darkrain42.org>
parents:
29656
diff
changeset
|
137 default_priority_str = g_strdup(prio_str); |
29656
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
138 } else |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
139 g_hash_table_insert(host_priorities, g_strdup(host), |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
140 g_strdup(prio_str)); |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
141 } |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
142 } |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
143 } |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
144 |
29657
1b8ed243d6d1
gnutls: Use gnutls_priority_init for the default priority.
Paul Aurich <paul@darkrain42.org>
parents:
29656
diff
changeset
|
145 if (default_priority_str) { |
1b8ed243d6d1
gnutls: Use gnutls_priority_init for the default priority.
Paul Aurich <paul@darkrain42.org>
parents:
29656
diff
changeset
|
146 if (gnutls_priority_init(&default_priority, default_priority_str, NULL)) { |
1b8ed243d6d1
gnutls: Use gnutls_priority_init for the default priority.
Paul Aurich <paul@darkrain42.org>
parents:
29656
diff
changeset
|
147 purple_debug_warning("gnutls", "Unable to set default priority to %s\n", |
1b8ed243d6d1
gnutls: Use gnutls_priority_init for the default priority.
Paul Aurich <paul@darkrain42.org>
parents:
29656
diff
changeset
|
148 default_priority_str); |
1b8ed243d6d1
gnutls: Use gnutls_priority_init for the default priority.
Paul Aurich <paul@darkrain42.org>
parents:
29656
diff
changeset
|
149 /* Versions of GnuTLS as of 2.8.6 (2010-03-31) don't free/NULL |
1b8ed243d6d1
gnutls: Use gnutls_priority_init for the default priority.
Paul Aurich <paul@darkrain42.org>
parents:
29656
diff
changeset
|
150 * this on error. |
1b8ed243d6d1
gnutls: Use gnutls_priority_init for the default priority.
Paul Aurich <paul@darkrain42.org>
parents:
29656
diff
changeset
|
151 */ |
1b8ed243d6d1
gnutls: Use gnutls_priority_init for the default priority.
Paul Aurich <paul@darkrain42.org>
parents:
29656
diff
changeset
|
152 gnutls_free(default_priority); |
1b8ed243d6d1
gnutls: Use gnutls_priority_init for the default priority.
Paul Aurich <paul@darkrain42.org>
parents:
29656
diff
changeset
|
153 default_priority = NULL; |
1b8ed243d6d1
gnutls: Use gnutls_priority_init for the default priority.
Paul Aurich <paul@darkrain42.org>
parents:
29656
diff
changeset
|
154 } |
1b8ed243d6d1
gnutls: Use gnutls_priority_init for the default priority.
Paul Aurich <paul@darkrain42.org>
parents:
29656
diff
changeset
|
155 |
1b8ed243d6d1
gnutls: Use gnutls_priority_init for the default priority.
Paul Aurich <paul@darkrain42.org>
parents:
29656
diff
changeset
|
156 g_free(default_priority_str); |
1b8ed243d6d1
gnutls: Use gnutls_priority_init for the default priority.
Paul Aurich <paul@darkrain42.org>
parents:
29656
diff
changeset
|
157 } |
1b8ed243d6d1
gnutls: Use gnutls_priority_init for the default priority.
Paul Aurich <paul@darkrain42.org>
parents:
29656
diff
changeset
|
158 |
29656
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
159 g_strfreev(entries); |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
160 #endif /* HAVE_GNUTLS_PRIORITY_FUNCS */ |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
161 } |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
162 |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
163 #ifdef HAVE_GNUTLS_PRIORITY_FUNCS |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
164 /* Make sure we set have a default priority! */ |
29657
1b8ed243d6d1
gnutls: Use gnutls_priority_init for the default priority.
Paul Aurich <paul@darkrain42.org>
parents:
29656
diff
changeset
|
165 if (!default_priority) { |
1b8ed243d6d1
gnutls: Use gnutls_priority_init for the default priority.
Paul Aurich <paul@darkrain42.org>
parents:
29656
diff
changeset
|
166 if (gnutls_priority_init(&default_priority, "NORMAL:%SSL3_RECORD_VERSION", NULL)) { |
1b8ed243d6d1
gnutls: Use gnutls_priority_init for the default priority.
Paul Aurich <paul@darkrain42.org>
parents:
29656
diff
changeset
|
167 /* See comment above about memory leak */ |
1b8ed243d6d1
gnutls: Use gnutls_priority_init for the default priority.
Paul Aurich <paul@darkrain42.org>
parents:
29656
diff
changeset
|
168 gnutls_free(default_priority); |
1b8ed243d6d1
gnutls: Use gnutls_priority_init for the default priority.
Paul Aurich <paul@darkrain42.org>
parents:
29656
diff
changeset
|
169 gnutls_priority_init(&default_priority, "NORMAL", NULL); |
1b8ed243d6d1
gnutls: Use gnutls_priority_init for the default priority.
Paul Aurich <paul@darkrain42.org>
parents:
29656
diff
changeset
|
170 } |
1b8ed243d6d1
gnutls: Use gnutls_priority_init for the default priority.
Paul Aurich <paul@darkrain42.org>
parents:
29656
diff
changeset
|
171 } |
29656
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
172 #endif /* HAVE_GNUTLS_PRIORITY_FUNCS */ |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
173 |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
174 gnutls_global_init(); |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
175 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
176 gnutls_certificate_allocate_credentials(&xcred); |
17913
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
177 |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
178 /* TODO: I can likely remove this */ |
17781
3ce170204ef0
disapproval of revision '38e35430b0f7a8b7d764fca702732e7f1c652d02'
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17780
diff
changeset
|
179 gnutls_certificate_set_x509_trust_file(xcred, "ca.pem", |
3ce170204ef0
disapproval of revision '38e35430b0f7a8b7d764fca702732e7f1c652d02'
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17780
diff
changeset
|
180 GNUTLS_X509_FMT_PEM); |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
181 } |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
182 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
183 static gboolean |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
184 ssl_gnutls_init(void) |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
185 { |
19550
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
186 return TRUE; |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
187 } |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
188 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
189 static void |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
190 ssl_gnutls_uninit(void) |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
191 { |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
192 gnutls_global_deinit(); |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
193 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
194 gnutls_certificate_free_credentials(xcred); |
29656
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
195 xcred = NULL; |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
196 |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
197 #ifdef HAVE_GNUTLS_PRIORITY_FUNCS |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
198 if (host_priorities) { |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
199 g_hash_table_destroy(host_priorities); |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
200 host_priorities = NULL; |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
201 } |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
202 |
29657
1b8ed243d6d1
gnutls: Use gnutls_priority_init for the default priority.
Paul Aurich <paul@darkrain42.org>
parents:
29656
diff
changeset
|
203 gnutls_priority_deinit(default_priority); |
29656
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
204 default_priority = NULL; |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
205 #endif |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
206 } |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
207 |
18955
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
208 static void |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
209 ssl_gnutls_verified_cb(PurpleCertificateVerificationStatus st, |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
210 gpointer userdata) |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
211 { |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
212 PurpleSslConnection *gsc = (PurpleSslConnection *) userdata; |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
213 |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
214 if (st == PURPLE_CERTIFICATE_VALID) { |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
215 /* Certificate valid? Good! Do the connection! */ |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
216 gsc->connect_cb(gsc->connect_cb_data, gsc, PURPLE_INPUT_READ); |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
217 } else { |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
218 /* Otherwise, signal an error */ |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
219 if(gsc->error_cb != NULL) |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
220 gsc->error_cb(gsc, PURPLE_SSL_CERTIFICATE_INVALID, |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
221 gsc->connect_cb_data); |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
222 purple_ssl_close(gsc); |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
223 } |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
224 } |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
225 |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
226 |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
227 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
228 static void ssl_gnutls_handshake_cb(gpointer data, gint source, |
15822 | 229 PurpleInputCondition cond) |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
230 { |
15822 | 231 PurpleSslConnection *gsc = data; |
232 PurpleSslGnutlsData *gnutls_data = PURPLE_SSL_GNUTLS_DATA(gsc); | |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
233 ssize_t ret; |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
234 |
20255
07c103ac3795
applied changes from 5252885d793a4d288d92856d511d721bf5bb87ef
Richard Laager <rlaager@wiktel.com>
parents:
19681
diff
changeset
|
235 /*purple_debug_info("gnutls", "Handshaking with %s\n", gsc->host);*/ |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
236 ret = gnutls_handshake(gnutls_data->session); |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
237 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
238 if(ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED) |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
239 return; |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
240 |
15822 | 241 purple_input_remove(gnutls_data->handshake_handler); |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
242 gnutls_data->handshake_handler = 0; |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
243 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
244 if(ret != 0) { |
15822 | 245 purple_debug_error("gnutls", "Handshake failed. Error %s\n", |
15784
eed84b59c252
There were a few problems here
Mark Doliner <mark@kingant.net>
parents:
15373
diff
changeset
|
246 gnutls_strerror(ret)); |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
247 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
248 if(gsc->error_cb != NULL) |
15822 | 249 gsc->error_cb(gsc, PURPLE_SSL_HANDSHAKE_FAILED, |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
250 gsc->connect_cb_data); |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
251 |
15822 | 252 purple_ssl_close(gsc); |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
253 } else { |
18938
f2ddc4b10d72
- Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18935
diff
changeset
|
254 /* Now we are cooking with gas! */ |
f2ddc4b10d72
- Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18935
diff
changeset
|
255 PurpleSslOps *ops = purple_ssl_get_ops(); |
f2ddc4b10d72
- Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18935
diff
changeset
|
256 GList * peers = ops->get_peer_certificates(gsc); |
19550
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
257 |
18938
f2ddc4b10d72
- Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18935
diff
changeset
|
258 PurpleCertificateScheme *x509 = |
f2ddc4b10d72
- Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18935
diff
changeset
|
259 purple_certificate_find_scheme("x509"); |
f2ddc4b10d72
- Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18935
diff
changeset
|
260 |
f2ddc4b10d72
- Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18935
diff
changeset
|
261 GList * l; |
19549
5f4100c7dd00
Fix compiler warnings about having a variable declaration after some
Mark Doliner <mark@kingant.net>
parents:
19498
diff
changeset
|
262 |
5f4100c7dd00
Fix compiler warnings about having a variable declaration after some
Mark Doliner <mark@kingant.net>
parents:
19498
diff
changeset
|
263 /* TODO: Remove all this debugging babble */ |
5f4100c7dd00
Fix compiler warnings about having a variable declaration after some
Mark Doliner <mark@kingant.net>
parents:
19498
diff
changeset
|
264 purple_debug_info("gnutls", "Handshake complete\n"); |
5f4100c7dd00
Fix compiler warnings about having a variable declaration after some
Mark Doliner <mark@kingant.net>
parents:
19498
diff
changeset
|
265 |
18938
f2ddc4b10d72
- Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18935
diff
changeset
|
266 for (l=peers; l; l = l->next) { |
f2ddc4b10d72
- Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18935
diff
changeset
|
267 PurpleCertificate *crt = l->data; |
f2ddc4b10d72
- Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18935
diff
changeset
|
268 GByteArray *z = |
f2ddc4b10d72
- Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18935
diff
changeset
|
269 x509->get_fingerprint_sha1(crt); |
f2ddc4b10d72
- Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18935
diff
changeset
|
270 gchar * fpr = |
f2ddc4b10d72
- Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18935
diff
changeset
|
271 purple_base16_encode_chunked(z->data, |
f2ddc4b10d72
- Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18935
diff
changeset
|
272 z->len); |
f2ddc4b10d72
- Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18935
diff
changeset
|
273 |
f2ddc4b10d72
- Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18935
diff
changeset
|
274 purple_debug_info("gnutls/x509", |
f2ddc4b10d72
- Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18935
diff
changeset
|
275 "Key print: %s\n", |
f2ddc4b10d72
- Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18935
diff
changeset
|
276 fpr); |
f2ddc4b10d72
- Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18935
diff
changeset
|
277 |
f2ddc4b10d72
- Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18935
diff
changeset
|
278 /* Kill the cert! */ |
f2ddc4b10d72
- Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18935
diff
changeset
|
279 x509->destroy_certificate(crt); |
19550
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
280 |
18938
f2ddc4b10d72
- Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18935
diff
changeset
|
281 g_free(fpr); |
f2ddc4b10d72
- Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18935
diff
changeset
|
282 g_byte_array_free(z, TRUE); |
f2ddc4b10d72
- Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18935
diff
changeset
|
283 } |
f2ddc4b10d72
- Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18935
diff
changeset
|
284 g_list_free(peers); |
19550
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
285 |
17766
fe571cfcf225
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17252
diff
changeset
|
286 { |
20282
62b83cebbb59
applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e
Richard Laager <rlaager@wiktel.com>
parents:
20255
diff
changeset
|
287 const gnutls_datum *cert_list; |
19550
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
288 unsigned int cert_list_size = 0; |
20282
62b83cebbb59
applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e
Richard Laager <rlaager@wiktel.com>
parents:
20255
diff
changeset
|
289 gnutls_session session=gnutls_data->session; |
19550
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
290 int i; |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
291 |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
292 cert_list = |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
293 gnutls_certificate_get_peers(session, &cert_list_size); |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
294 |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
295 purple_debug_info("gnutls", |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
296 "Peer provided %d certs\n", |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
297 cert_list_size); |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
298 for (i=0; i<cert_list_size; i++) |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
299 { |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
300 gchar fpr_bin[256]; |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
301 gsize fpr_bin_sz = sizeof(fpr_bin); |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
302 gchar * fpr_asc = NULL; |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
303 gchar tbuf[256]; |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
304 gsize tsz=sizeof(tbuf); |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
305 gchar * tasc = NULL; |
20282
62b83cebbb59
applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e
Richard Laager <rlaager@wiktel.com>
parents:
20255
diff
changeset
|
306 gnutls_x509_crt cert; |
19550
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
307 |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
308 gnutls_x509_crt_init(&cert); |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
309 gnutls_x509_crt_import (cert, &cert_list[i], |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
310 GNUTLS_X509_FMT_DER); |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
311 |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
312 gnutls_x509_crt_get_fingerprint(cert, GNUTLS_MAC_SHA, |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
313 fpr_bin, &fpr_bin_sz); |
17766
fe571cfcf225
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17252
diff
changeset
|
314 |
19550
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
315 fpr_asc = |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
316 purple_base16_encode_chunked((const guchar *)fpr_bin, fpr_bin_sz); |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
317 |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
318 purple_debug_info("gnutls", |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
319 "Lvl %d SHA1 fingerprint: %s\n", |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
320 i, fpr_asc); |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
321 |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
322 tsz=sizeof(tbuf); |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
323 gnutls_x509_crt_get_serial(cert,tbuf,&tsz); |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
324 tasc=purple_base16_encode_chunked((const guchar *)tbuf, tsz); |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
325 purple_debug_info("gnutls", |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
326 "Serial: %s\n", |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
327 tasc); |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
328 g_free(tasc); |
17766
fe571cfcf225
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17252
diff
changeset
|
329 |
19550
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
330 tsz=sizeof(tbuf); |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
331 gnutls_x509_crt_get_dn (cert, tbuf, &tsz); |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
332 purple_debug_info("gnutls", |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
333 "Cert DN: %s\n", |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
334 tbuf); |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
335 tsz=sizeof(tbuf); |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
336 gnutls_x509_crt_get_issuer_dn (cert, tbuf, &tsz); |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
337 purple_debug_info("gnutls", |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
338 "Cert Issuer DN: %s\n", |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
339 tbuf); |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
340 |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
341 g_free(fpr_asc); |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
342 fpr_asc = NULL; |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
343 gnutls_x509_crt_deinit(cert); |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
344 } |
17781
3ce170204ef0
disapproval of revision '38e35430b0f7a8b7d764fca702732e7f1c652d02'
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17780
diff
changeset
|
345 } |
18955
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
346 |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
347 /* TODO: The following logic should really be in libpurple */ |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
348 /* If a Verifier was given, hand control over to it */ |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
349 if (gsc->verifier) { |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
350 GList *peers; |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
351 /* First, get the peer cert chain */ |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
352 peers = purple_ssl_get_peer_certificates(gsc); |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
353 |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
354 /* Now kick off the verification process */ |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
355 purple_certificate_verify(gsc->verifier, |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
356 gsc->host, |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
357 peers, |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
358 ssl_gnutls_verified_cb, |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
359 gsc); |
19021
fcca10d0ac7d
- purple_certificate_verify no longer takes possession of the
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19019
diff
changeset
|
360 |
fcca10d0ac7d
- purple_certificate_verify no longer takes possession of the
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19019
diff
changeset
|
361 purple_certificate_destroy_list(peers); |
18955
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
362 } else { |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
363 /* Otherwise, just call the "connection complete" |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
364 callback */ |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
365 gsc->connect_cb(gsc->connect_cb_data, gsc, cond); |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
366 } |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
367 } |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
368 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
369 } |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
370 |
29659
df9de37e0274
gnutls/nss: Don't call the handshake functions synchronously. Fixes #11525
Paul Aurich <paul@darkrain42.org>
parents:
29657
diff
changeset
|
371 static gboolean |
df9de37e0274
gnutls/nss: Don't call the handshake functions synchronously. Fixes #11525
Paul Aurich <paul@darkrain42.org>
parents:
29657
diff
changeset
|
372 start_handshake_cb(gpointer data) |
df9de37e0274
gnutls/nss: Don't call the handshake functions synchronously. Fixes #11525
Paul Aurich <paul@darkrain42.org>
parents:
29657
diff
changeset
|
373 { |
df9de37e0274
gnutls/nss: Don't call the handshake functions synchronously. Fixes #11525
Paul Aurich <paul@darkrain42.org>
parents:
29657
diff
changeset
|
374 PurpleSslConnection *gsc = data; |
df9de37e0274
gnutls/nss: Don't call the handshake functions synchronously. Fixes #11525
Paul Aurich <paul@darkrain42.org>
parents:
29657
diff
changeset
|
375 PurpleSslGnutlsData *gnutls_data = PURPLE_SSL_GNUTLS_DATA(gsc); |
df9de37e0274
gnutls/nss: Don't call the handshake functions synchronously. Fixes #11525
Paul Aurich <paul@darkrain42.org>
parents:
29657
diff
changeset
|
376 |
df9de37e0274
gnutls/nss: Don't call the handshake functions synchronously. Fixes #11525
Paul Aurich <paul@darkrain42.org>
parents:
29657
diff
changeset
|
377 purple_debug_info("gnutls", "Starting handshake with %s\n", gsc->host); |
df9de37e0274
gnutls/nss: Don't call the handshake functions synchronously. Fixes #11525
Paul Aurich <paul@darkrain42.org>
parents:
29657
diff
changeset
|
378 |
df9de37e0274
gnutls/nss: Don't call the handshake functions synchronously. Fixes #11525
Paul Aurich <paul@darkrain42.org>
parents:
29657
diff
changeset
|
379 gnutls_data->handshake_timer = 0; |
df9de37e0274
gnutls/nss: Don't call the handshake functions synchronously. Fixes #11525
Paul Aurich <paul@darkrain42.org>
parents:
29657
diff
changeset
|
380 |
df9de37e0274
gnutls/nss: Don't call the handshake functions synchronously. Fixes #11525
Paul Aurich <paul@darkrain42.org>
parents:
29657
diff
changeset
|
381 ssl_gnutls_handshake_cb(gsc, gsc->fd, PURPLE_INPUT_READ); |
df9de37e0274
gnutls/nss: Don't call the handshake functions synchronously. Fixes #11525
Paul Aurich <paul@darkrain42.org>
parents:
29657
diff
changeset
|
382 return FALSE; |
df9de37e0274
gnutls/nss: Don't call the handshake functions synchronously. Fixes #11525
Paul Aurich <paul@darkrain42.org>
parents:
29657
diff
changeset
|
383 } |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
384 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
385 static void |
15822 | 386 ssl_gnutls_connect(PurpleSslConnection *gsc) |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
387 { |
15822 | 388 PurpleSslGnutlsData *gnutls_data; |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
389 static const int cert_type_priority[2] = { GNUTLS_CRT_X509, 0 }; |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
390 |
15822 | 391 gnutls_data = g_new0(PurpleSslGnutlsData, 1); |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
392 gsc->private_data = gnutls_data; |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
393 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
394 gnutls_init(&gnutls_data->session, GNUTLS_CLIENT); |
25499
309f6dca369a
Use _set_default_priority on gnutls versions lacking _priority_set_direct.
Ethan Blanton <elb@pidgin.im>
parents:
25498
diff
changeset
|
395 #ifdef HAVE_GNUTLS_PRIORITY_FUNCS |
29656
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
396 { |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
397 const char *prio_str = NULL; |
29657
1b8ed243d6d1
gnutls: Use gnutls_priority_init for the default priority.
Paul Aurich <paul@darkrain42.org>
parents:
29656
diff
changeset
|
398 gboolean set = FALSE; |
29656
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
399 |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
400 /* Let's see if someone has specified a specific priority */ |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
401 if (gsc->host && host_priorities) |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
402 prio_str = g_hash_table_lookup(host_priorities, gsc->host); |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
403 |
29657
1b8ed243d6d1
gnutls: Use gnutls_priority_init for the default priority.
Paul Aurich <paul@darkrain42.org>
parents:
29656
diff
changeset
|
404 if (prio_str) |
1b8ed243d6d1
gnutls: Use gnutls_priority_init for the default priority.
Paul Aurich <paul@darkrain42.org>
parents:
29656
diff
changeset
|
405 set = (GNUTLS_E_SUCCESS == |
1b8ed243d6d1
gnutls: Use gnutls_priority_init for the default priority.
Paul Aurich <paul@darkrain42.org>
parents:
29656
diff
changeset
|
406 gnutls_priority_set_direct(gnutls_data->session, prio_str, |
1b8ed243d6d1
gnutls: Use gnutls_priority_init for the default priority.
Paul Aurich <paul@darkrain42.org>
parents:
29656
diff
changeset
|
407 NULL)); |
29656
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
408 |
29657
1b8ed243d6d1
gnutls: Use gnutls_priority_init for the default priority.
Paul Aurich <paul@darkrain42.org>
parents:
29656
diff
changeset
|
409 if (!set) |
1b8ed243d6d1
gnutls: Use gnutls_priority_init for the default priority.
Paul Aurich <paul@darkrain42.org>
parents:
29656
diff
changeset
|
410 gnutls_priority_set(gnutls_data->session, default_priority); |
29656
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
411 } |
25499
309f6dca369a
Use _set_default_priority on gnutls versions lacking _priority_set_direct.
Ethan Blanton <elb@pidgin.im>
parents:
25498
diff
changeset
|
412 #else |
309f6dca369a
Use _set_default_priority on gnutls versions lacking _priority_set_direct.
Ethan Blanton <elb@pidgin.im>
parents:
25498
diff
changeset
|
413 gnutls_set_default_priority(gnutls_data->session); |
309f6dca369a
Use _set_default_priority on gnutls versions lacking _priority_set_direct.
Ethan Blanton <elb@pidgin.im>
parents:
25498
diff
changeset
|
414 #endif |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
415 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
416 gnutls_certificate_type_set_priority(gnutls_data->session, |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
417 cert_type_priority); |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
418 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
419 gnutls_credentials_set(gnutls_data->session, GNUTLS_CRD_CERTIFICATE, |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
420 xcred); |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
421 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
422 gnutls_transport_set_ptr(gnutls_data->session, GINT_TO_POINTER(gsc->fd)); |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
423 |
15822 | 424 gnutls_data->handshake_handler = purple_input_add(gsc->fd, |
425 PURPLE_INPUT_READ, ssl_gnutls_handshake_cb, gsc); | |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
426 |
17252
a2edef5eb1b1
- Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
16665
diff
changeset
|
427 /* Orborde asks: Why are we configuring a callback, then |
29659
df9de37e0274
gnutls/nss: Don't call the handshake functions synchronously. Fixes #11525
Paul Aurich <paul@darkrain42.org>
parents:
29657
diff
changeset
|
428 (almost) immediately calling it? |
17252
a2edef5eb1b1
- Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
16665
diff
changeset
|
429 |
a2edef5eb1b1
- Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
16665
diff
changeset
|
430 Answer: gnutls_handshake (up in handshake_cb) needs to be called |
a2edef5eb1b1
- Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
16665
diff
changeset
|
431 once in order to get the ball rolling on the SSL connection. |
a2edef5eb1b1
- Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
16665
diff
changeset
|
432 Once it has done so, only then will the server reply, triggering |
a2edef5eb1b1
- Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
16665
diff
changeset
|
433 the callback. |
a2edef5eb1b1
- Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
16665
diff
changeset
|
434 |
a2edef5eb1b1
- Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
16665
diff
changeset
|
435 Since the logic driving gnutls_handshake is the same with the first |
a2edef5eb1b1
- Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
16665
diff
changeset
|
436 and subsequent calls, we'll just fire the callback immediately to |
a2edef5eb1b1
- Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
16665
diff
changeset
|
437 accomplish this. |
a2edef5eb1b1
- Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
16665
diff
changeset
|
438 */ |
29659
df9de37e0274
gnutls/nss: Don't call the handshake functions synchronously. Fixes #11525
Paul Aurich <paul@darkrain42.org>
parents:
29657
diff
changeset
|
439 gnutls_data->handshake_timer = purple_timeout_add(0, start_handshake_cb, |
df9de37e0274
gnutls/nss: Don't call the handshake functions synchronously. Fixes #11525
Paul Aurich <paul@darkrain42.org>
parents:
29657
diff
changeset
|
440 gsc); |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
441 } |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
442 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
443 static void |
15822 | 444 ssl_gnutls_close(PurpleSslConnection *gsc) |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
445 { |
15822 | 446 PurpleSslGnutlsData *gnutls_data = PURPLE_SSL_GNUTLS_DATA(gsc); |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
447 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
448 if(!gnutls_data) |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
449 return; |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
450 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
451 if(gnutls_data->handshake_handler) |
15822 | 452 purple_input_remove(gnutls_data->handshake_handler); |
29659
df9de37e0274
gnutls/nss: Don't call the handshake functions synchronously. Fixes #11525
Paul Aurich <paul@darkrain42.org>
parents:
29657
diff
changeset
|
453 if (gnutls_data->handshake_timer) |
df9de37e0274
gnutls/nss: Don't call the handshake functions synchronously. Fixes #11525
Paul Aurich <paul@darkrain42.org>
parents:
29657
diff
changeset
|
454 purple_timeout_remove(gnutls_data->handshake_timer); |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
455 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
456 gnutls_bye(gnutls_data->session, GNUTLS_SHUT_RDWR); |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
457 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
458 gnutls_deinit(gnutls_data->session); |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
459 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
460 g_free(gnutls_data); |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
461 gsc->private_data = NULL; |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
462 } |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
463 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
464 static size_t |
15822 | 465 ssl_gnutls_read(PurpleSslConnection *gsc, void *data, size_t len) |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
466 { |
15822 | 467 PurpleSslGnutlsData *gnutls_data = PURPLE_SSL_GNUTLS_DATA(gsc); |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
468 ssize_t s; |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
469 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
470 s = gnutls_record_recv(gnutls_data->session, data, len); |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
471 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
472 if(s == GNUTLS_E_AGAIN || s == GNUTLS_E_INTERRUPTED) { |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
473 s = -1; |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
474 errno = EAGAIN; |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
475 } else if(s < 0) { |
15822 | 476 purple_debug_error("gnutls", "receive failed: %s\n", |
15784
eed84b59c252
There were a few problems here
Mark Doliner <mark@kingant.net>
parents:
15373
diff
changeset
|
477 gnutls_strerror(s)); |
eed84b59c252
There were a few problems here
Mark Doliner <mark@kingant.net>
parents:
15373
diff
changeset
|
478 s = -1; |
eed84b59c252
There were a few problems here
Mark Doliner <mark@kingant.net>
parents:
15373
diff
changeset
|
479 /* |
eed84b59c252
There were a few problems here
Mark Doliner <mark@kingant.net>
parents:
15373
diff
changeset
|
480 * TODO: Set errno to something more appropriate. Or even |
eed84b59c252
There were a few problems here
Mark Doliner <mark@kingant.net>
parents:
15373
diff
changeset
|
481 * better: allow ssl plugins to keep track of their |
eed84b59c252
There were a few problems here
Mark Doliner <mark@kingant.net>
parents:
15373
diff
changeset
|
482 * own error message, then add a new ssl_ops function |
eed84b59c252
There were a few problems here
Mark Doliner <mark@kingant.net>
parents:
15373
diff
changeset
|
483 * that returns the error message. |
eed84b59c252
There were a few problems here
Mark Doliner <mark@kingant.net>
parents:
15373
diff
changeset
|
484 */ |
eed84b59c252
There were a few problems here
Mark Doliner <mark@kingant.net>
parents:
15373
diff
changeset
|
485 errno = EIO; |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
486 } |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
487 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
488 return s; |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
489 } |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
490 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
491 static size_t |
15822 | 492 ssl_gnutls_write(PurpleSslConnection *gsc, const void *data, size_t len) |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
493 { |
15822 | 494 PurpleSslGnutlsData *gnutls_data = PURPLE_SSL_GNUTLS_DATA(gsc); |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
495 ssize_t s = 0; |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
496 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
497 /* XXX: when will gnutls_data be NULL? */ |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
498 if(gnutls_data) |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
499 s = gnutls_record_send(gnutls_data->session, data, len); |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
500 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
501 if(s == GNUTLS_E_AGAIN || s == GNUTLS_E_INTERRUPTED) { |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
502 s = -1; |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
503 errno = EAGAIN; |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
504 } else if(s < 0) { |
15822 | 505 purple_debug_error("gnutls", "send failed: %s\n", |
15784
eed84b59c252
There were a few problems here
Mark Doliner <mark@kingant.net>
parents:
15373
diff
changeset
|
506 gnutls_strerror(s)); |
eed84b59c252
There were a few problems here
Mark Doliner <mark@kingant.net>
parents:
15373
diff
changeset
|
507 s = -1; |
eed84b59c252
There were a few problems here
Mark Doliner <mark@kingant.net>
parents:
15373
diff
changeset
|
508 /* |
eed84b59c252
There were a few problems here
Mark Doliner <mark@kingant.net>
parents:
15373
diff
changeset
|
509 * TODO: Set errno to something more appropriate. Or even |
eed84b59c252
There were a few problems here
Mark Doliner <mark@kingant.net>
parents:
15373
diff
changeset
|
510 * better: allow ssl plugins to keep track of their |
eed84b59c252
There were a few problems here
Mark Doliner <mark@kingant.net>
parents:
15373
diff
changeset
|
511 * own error message, then add a new ssl_ops function |
eed84b59c252
There were a few problems here
Mark Doliner <mark@kingant.net>
parents:
15373
diff
changeset
|
512 * that returns the error message. |
eed84b59c252
There were a few problems here
Mark Doliner <mark@kingant.net>
parents:
15373
diff
changeset
|
513 */ |
eed84b59c252
There were a few problems here
Mark Doliner <mark@kingant.net>
parents:
15373
diff
changeset
|
514 errno = EIO; |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
515 } |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
516 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
517 return s; |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
518 } |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
519 |
19491
4f472eef762c
- TODO-whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19218
diff
changeset
|
520 /* Forward declarations are fun! */ |
18189
030a2209ae96
- Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18188
diff
changeset
|
521 static PurpleCertificate * |
20282
62b83cebbb59
applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e
Richard Laager <rlaager@wiktel.com>
parents:
20255
diff
changeset
|
522 x509_import_from_datum(const gnutls_datum dt, gnutls_x509_crt_fmt mode); |
30959
43af903bd816
NSS will not return invalid or irrelevant intermediate certificates
Stu Tomlinson <stu@nosnilmot.com>
parents:
29659
diff
changeset
|
523 /* indeed! */ |
43af903bd816
NSS will not return invalid or irrelevant intermediate certificates
Stu Tomlinson <stu@nosnilmot.com>
parents:
29659
diff
changeset
|
524 static gboolean |
43af903bd816
NSS will not return invalid or irrelevant intermediate certificates
Stu Tomlinson <stu@nosnilmot.com>
parents:
29659
diff
changeset
|
525 x509_certificate_signed_by(PurpleCertificate * crt, |
43af903bd816
NSS will not return invalid or irrelevant intermediate certificates
Stu Tomlinson <stu@nosnilmot.com>
parents:
29659
diff
changeset
|
526 PurpleCertificate * issuer); |
43af903bd816
NSS will not return invalid or irrelevant intermediate certificates
Stu Tomlinson <stu@nosnilmot.com>
parents:
29659
diff
changeset
|
527 static void |
43af903bd816
NSS will not return invalid or irrelevant intermediate certificates
Stu Tomlinson <stu@nosnilmot.com>
parents:
29659
diff
changeset
|
528 x509_destroy_certificate(PurpleCertificate * crt); |
17914
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
529 |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
530 static GList * |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
531 ssl_gnutls_get_peer_certificates(PurpleSslConnection * gsc) |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
532 { |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
533 PurpleSslGnutlsData *gnutls_data = PURPLE_SSL_GNUTLS_DATA(gsc); |
30959
43af903bd816
NSS will not return invalid or irrelevant intermediate certificates
Stu Tomlinson <stu@nosnilmot.com>
parents:
29659
diff
changeset
|
534 PurpleCertificate *prvcrt = NULL; |
17914
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
535 |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
536 /* List of Certificate instances to return */ |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
537 GList * peer_certs = NULL; |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
538 |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
539 /* List of raw certificates as given by GnuTLS */ |
20282
62b83cebbb59
applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e
Richard Laager <rlaager@wiktel.com>
parents:
20255
diff
changeset
|
540 const gnutls_datum *cert_list; |
17914
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
541 unsigned int cert_list_size = 0; |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
542 |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
543 unsigned int i; |
19550
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
544 |
17914
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
545 /* This should never, ever happen. */ |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
546 g_return_val_if_fail( gnutls_certificate_type_get (gnutls_data->session) == GNUTLS_CRT_X509, NULL); |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
547 |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
548 /* Get the certificate list from GnuTLS */ |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
549 /* TODO: I am _pretty sure_ this doesn't block or do other exciting things */ |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
550 cert_list = gnutls_certificate_get_peers(gnutls_data->session, |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
551 &cert_list_size); |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
552 |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
553 /* Convert each certificate to a Certificate and append it to the list */ |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
554 for (i = 0; i < cert_list_size; i++) { |
18189
030a2209ae96
- Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18188
diff
changeset
|
555 PurpleCertificate * newcrt = x509_import_from_datum(cert_list[i], |
18186
80c909c5bb7a
- Add a mode switch to allow DER or PEM imports (necessary because SSL certs
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17914
diff
changeset
|
556 GNUTLS_X509_FMT_DER); |
17914
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
557 /* Append is somewhat inefficient on linked lists, but is easy |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
558 to read. If someone complains, I'll change it. |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
559 TODO: Is anyone complaining? (Maybe elb?) */ |
30959
43af903bd816
NSS will not return invalid or irrelevant intermediate certificates
Stu Tomlinson <stu@nosnilmot.com>
parents:
29659
diff
changeset
|
560 /* only append if previous cert was actually signed by this one. |
43af903bd816
NSS will not return invalid or irrelevant intermediate certificates
Stu Tomlinson <stu@nosnilmot.com>
parents:
29659
diff
changeset
|
561 * Thanks Microsoft. */ |
43af903bd816
NSS will not return invalid or irrelevant intermediate certificates
Stu Tomlinson <stu@nosnilmot.com>
parents:
29659
diff
changeset
|
562 if ((prvcrt == NULL) || x509_certificate_signed_by(prvcrt, newcrt)) { |
43af903bd816
NSS will not return invalid or irrelevant intermediate certificates
Stu Tomlinson <stu@nosnilmot.com>
parents:
29659
diff
changeset
|
563 peer_certs = g_list_append(peer_certs, newcrt); |
43af903bd816
NSS will not return invalid or irrelevant intermediate certificates
Stu Tomlinson <stu@nosnilmot.com>
parents:
29659
diff
changeset
|
564 prvcrt = newcrt; |
43af903bd816
NSS will not return invalid or irrelevant intermediate certificates
Stu Tomlinson <stu@nosnilmot.com>
parents:
29659
diff
changeset
|
565 } else { |
43af903bd816
NSS will not return invalid or irrelevant intermediate certificates
Stu Tomlinson <stu@nosnilmot.com>
parents:
29659
diff
changeset
|
566 x509_destroy_certificate(newcrt); |
43af903bd816
NSS will not return invalid or irrelevant intermediate certificates
Stu Tomlinson <stu@nosnilmot.com>
parents:
29659
diff
changeset
|
567 purple_debug_error("gnutls", "Dropping further peer certificates " |
43af903bd816
NSS will not return invalid or irrelevant intermediate certificates
Stu Tomlinson <stu@nosnilmot.com>
parents:
29659
diff
changeset
|
568 "because the chain is broken!\n"); |
43af903bd816
NSS will not return invalid or irrelevant intermediate certificates
Stu Tomlinson <stu@nosnilmot.com>
parents:
29659
diff
changeset
|
569 break; |
43af903bd816
NSS will not return invalid or irrelevant intermediate certificates
Stu Tomlinson <stu@nosnilmot.com>
parents:
29659
diff
changeset
|
570 } |
17914
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
571 } |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
572 |
19491
4f472eef762c
- TODO-whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19218
diff
changeset
|
573 /* cert_list doesn't need free()-ing */ |
17914
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
574 |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
575 return peer_certs; |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
576 } |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
577 |
17913
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
578 /************************************************************************/ |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
579 /* X.509 functionality */ |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
580 /************************************************************************/ |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
581 const gchar * SCHEME_NAME = "x509"; |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
582 |
18189
030a2209ae96
- Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18188
diff
changeset
|
583 static PurpleCertificateScheme x509_gnutls; |
17913
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
584 |
19017
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
585 /** Refcounted GnuTLS certificate data instance */ |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
586 typedef struct { |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
587 gint refcount; |
20282
62b83cebbb59
applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e
Richard Laager <rlaager@wiktel.com>
parents:
20255
diff
changeset
|
588 gnutls_x509_crt crt; |
19017
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
589 } x509_crtdata_t; |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
590 |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
591 /** Helper functions for reference counting */ |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
592 static x509_crtdata_t * |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
593 x509_crtdata_addref(x509_crtdata_t *cd) |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
594 { |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
595 (cd->refcount)++; |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
596 return cd; |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
597 } |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
598 |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
599 static void |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
600 x509_crtdata_delref(x509_crtdata_t *cd) |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
601 { |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
602 (cd->refcount)--; |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
603 |
19552 | 604 if (cd->refcount < 0) |
19551
ce3dec442fec
Replace a call to g_assert() with a logging statement
Mark Doliner <mark@kingant.net>
parents:
19550
diff
changeset
|
605 g_critical("Refcount of x509_crtdata_t is %d, which is less " |
ce3dec442fec
Replace a call to g_assert() with a logging statement
Mark Doliner <mark@kingant.net>
parents:
19550
diff
changeset
|
606 "than zero!\n", cd->refcount); |
ce3dec442fec
Replace a call to g_assert() with a logging statement
Mark Doliner <mark@kingant.net>
parents:
19550
diff
changeset
|
607 |
19017
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
608 /* If the refcount reaches zero, kill the structure */ |
19551
ce3dec442fec
Replace a call to g_assert() with a logging statement
Mark Doliner <mark@kingant.net>
parents:
19550
diff
changeset
|
609 if (cd->refcount <= 0) { |
19017
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
610 /* Kill the internal data */ |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
611 gnutls_x509_crt_deinit( cd->crt ); |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
612 /* And kill the struct */ |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
613 g_free( cd ); |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
614 } |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
615 } |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
616 |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
617 /** Helper macro to retrieve the GnuTLS crt_t from a PurpleCertificate */ |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
618 #define X509_GET_GNUTLS_DATA(pcrt) ( ((x509_crtdata_t *) (pcrt->data))->crt) |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
619 |
20282
62b83cebbb59
applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e
Richard Laager <rlaager@wiktel.com>
parents:
20255
diff
changeset
|
620 /** Transforms a gnutls_datum containing an X.509 certificate into a Certificate instance under the x509_gnutls scheme |
17914
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
621 * |
18186
80c909c5bb7a
- Add a mode switch to allow DER or PEM imports (necessary because SSL certs
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17914
diff
changeset
|
622 * @param dt Datum to transform |
80c909c5bb7a
- Add a mode switch to allow DER or PEM imports (necessary because SSL certs
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17914
diff
changeset
|
623 * @param mode GnuTLS certificate format specifier (GNUTLS_X509_FMT_PEM for |
80c909c5bb7a
- Add a mode switch to allow DER or PEM imports (necessary because SSL certs
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17914
diff
changeset
|
624 * reading from files, and GNUTLS_X509_FMT_DER for converting |
80c909c5bb7a
- Add a mode switch to allow DER or PEM imports (necessary because SSL certs
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17914
diff
changeset
|
625 * "over the wire" certs for SSL) |
17914
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
626 * |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
627 * @return A newly allocated Certificate structure of the x509_gnutls scheme |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
628 */ |
18189
030a2209ae96
- Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18188
diff
changeset
|
629 static PurpleCertificate * |
20282
62b83cebbb59
applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e
Richard Laager <rlaager@wiktel.com>
parents:
20255
diff
changeset
|
630 x509_import_from_datum(const gnutls_datum dt, gnutls_x509_crt_fmt mode) |
17914
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
631 { |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
632 /* Internal certificate data structure */ |
19017
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
633 x509_crtdata_t *certdat; |
17914
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
634 /* New certificate to return */ |
18189
030a2209ae96
- Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18188
diff
changeset
|
635 PurpleCertificate * crt; |
17914
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
636 |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
637 /* Allocate and prepare the internal certificate data */ |
19017
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
638 certdat = g_new0(x509_crtdata_t, 1); |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
639 gnutls_x509_crt_init(&(certdat->crt)); |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
640 certdat->refcount = 0; |
19550
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
641 |
17914
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
642 /* Perform the actual certificate parse */ |
19017
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
643 /* Yes, certdat->crt should be passed as-is */ |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
644 gnutls_x509_crt_import(certdat->crt, &dt, mode); |
19550
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
645 |
17914
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
646 /* Allocate the certificate and load it with data */ |
18961
fa138dbacff5
- More g_new0 instead of g_new
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18955
diff
changeset
|
647 crt = g_new0(PurpleCertificate, 1); |
17914
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
648 crt->scheme = &x509_gnutls; |
19017
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
649 crt->data = x509_crtdata_addref(certdat); |
17914
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
650 |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
651 return crt; |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
652 } |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
653 |
17913
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
654 /** Imports a PEM-formatted X.509 certificate from the specified file. |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
655 * @param filename Filename to import from. Format is PEM |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
656 * |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
657 * @return A newly allocated Certificate structure of the x509_gnutls scheme |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
658 */ |
18189
030a2209ae96
- Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18188
diff
changeset
|
659 static PurpleCertificate * |
17913
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
660 x509_import_from_file(const gchar * filename) |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
661 { |
18189
030a2209ae96
- Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18188
diff
changeset
|
662 PurpleCertificate *crt; /* Certificate being constructed */ |
17913
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
663 gchar *buf; /* Used to load the raw file data */ |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
664 gsize buf_sz; /* Size of the above */ |
20282
62b83cebbb59
applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e
Richard Laager <rlaager@wiktel.com>
parents:
20255
diff
changeset
|
665 gnutls_datum dt; /* Struct to pass down to GnuTLS */ |
17913
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
666 |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
667 purple_debug_info("gnutls", |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
668 "Attempting to load X.509 certificate from %s\n", |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
669 filename); |
19550
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
670 |
17913
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
671 /* Next, we'll simply yank the entire contents of the file |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
672 into memory */ |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
673 /* TODO: Should I worry about very large files here? */ |
19491
4f472eef762c
- TODO-whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19218
diff
changeset
|
674 g_return_val_if_fail( |
4f472eef762c
- TODO-whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19218
diff
changeset
|
675 g_file_get_contents(filename, |
17913
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
676 &buf, |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
677 &buf_sz, |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
678 NULL /* No error checking for now */ |
19491
4f472eef762c
- TODO-whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19218
diff
changeset
|
679 ), |
4f472eef762c
- TODO-whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19218
diff
changeset
|
680 NULL); |
19550
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
681 |
17913
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
682 /* Load the datum struct */ |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
683 dt.data = (unsigned char *) buf; |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
684 dt.size = buf_sz; |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
685 |
21678 | 686 /* Perform the conversion; files should be in PEM format */ |
687 crt = x509_import_from_datum(dt, GNUTLS_X509_FMT_PEM); | |
19550
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
688 |
17913
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
689 /* Cleanup */ |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
690 g_free(buf); |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
691 |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
692 return crt; |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
693 } |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
694 |
29647
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
695 /** Imports a number of PEM-formatted X.509 certificates from the specified file. |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
696 * @param filename Filename to import from. Format is PEM |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
697 * |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
698 * @return A newly allocated GSList of Certificate structures of the x509_gnutls scheme |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
699 */ |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
700 static GSList * |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
701 x509_importcerts_from_file(const gchar * filename) |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
702 { |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
703 PurpleCertificate *crt; /* Certificate being constructed */ |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
704 gchar *buf; /* Used to load the raw file data */ |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
705 gchar *begin, *end; |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
706 GSList *crts = NULL; |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
707 gsize buf_sz; /* Size of the above */ |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
708 gnutls_datum dt; /* Struct to pass down to GnuTLS */ |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
709 |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
710 purple_debug_info("gnutls", |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
711 "Attempting to load X.509 certificates from %s\n", |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
712 filename); |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
713 |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
714 /* Next, we'll simply yank the entire contents of the file |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
715 into memory */ |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
716 /* TODO: Should I worry about very large files here? */ |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
717 g_return_val_if_fail( |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
718 g_file_get_contents(filename, |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
719 &buf, |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
720 &buf_sz, |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
721 NULL /* No error checking for now */ |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
722 ), |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
723 NULL); |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
724 |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
725 begin = buf; |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
726 while((end = strstr(begin, "-----END CERTIFICATE-----")) != NULL) { |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
727 end += sizeof("-----END CERTIFICATE-----")-1; |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
728 /* Load the datum struct */ |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
729 dt.data = (unsigned char *) begin; |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
730 dt.size = (end-begin); |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
731 |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
732 /* Perform the conversion; files should be in PEM format */ |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
733 crt = x509_import_from_datum(dt, GNUTLS_X509_FMT_PEM); |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
734 crts = g_slist_prepend(crts, crt); |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
735 begin = end; |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
736 } |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
737 |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
738 /* Cleanup */ |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
739 g_free(buf); |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
740 |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
741 return crts; |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
742 } |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
743 |
18977
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
744 /** |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
745 * Exports a PEM-formatted X.509 certificate to the specified file. |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
746 * @param filename Filename to export to. Format will be PEM |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
747 * @param crt Certificate to export |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
748 * |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
749 * @return TRUE if success, otherwise FALSE |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
750 */ |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
751 static gboolean |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
752 x509_export_certificate(const gchar *filename, PurpleCertificate *crt) |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
753 { |
20282
62b83cebbb59
applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e
Richard Laager <rlaager@wiktel.com>
parents:
20255
diff
changeset
|
754 gnutls_x509_crt crt_dat; /* GnuTLS cert struct */ |
18977
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
755 int ret; |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
756 gchar * out_buf; /* Data to output */ |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
757 size_t out_size; /* Output size */ |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
758 gboolean success = FALSE; |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
759 |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
760 /* Paranoia paranoia paranoia! */ |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
761 g_return_val_if_fail(filename, FALSE); |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
762 g_return_val_if_fail(crt, FALSE); |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
763 g_return_val_if_fail(crt->scheme == &x509_gnutls, FALSE); |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
764 g_return_val_if_fail(crt->data, FALSE); |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
765 |
19017
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
766 crt_dat = X509_GET_GNUTLS_DATA(crt); |
18977
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
767 |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
768 /* Obtain the output size required */ |
19004
d4065b26dcac
- Fix intermittent crash due to uninitialized variable
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19003
diff
changeset
|
769 out_size = 0; |
18977
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
770 ret = gnutls_x509_crt_export(crt_dat, GNUTLS_X509_FMT_PEM, |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
771 NULL, /* Provide no buffer yet */ |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
772 &out_size /* Put size here */ |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
773 ); |
19002
daeca1b9ebdb
- Fix an incorrect assertion in GnuTLS plugin
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18977
diff
changeset
|
774 g_return_val_if_fail(ret == GNUTLS_E_SHORT_MEMORY_BUFFER, FALSE); |
18977
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
775 |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
776 /* Now allocate a buffer and *really* export it */ |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
777 out_buf = g_new0(gchar, out_size); |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
778 ret = gnutls_x509_crt_export(crt_dat, GNUTLS_X509_FMT_PEM, |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
779 out_buf, /* Export to our new buffer */ |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
780 &out_size /* Put size here */ |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
781 ); |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
782 if (ret != 0) { |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
783 purple_debug_error("gnutls/x509", |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
784 "Failed to export cert to buffer with code %d\n", |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
785 ret); |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
786 g_free(out_buf); |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
787 return FALSE; |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
788 } |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
789 |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
790 /* Write it out to an actual file */ |
19498
7589b218f89a
- Add purple_util_write_data_to_file_absolute; glib's
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19494
diff
changeset
|
791 success = purple_util_write_data_to_file_absolute(filename, |
7589b218f89a
- Add purple_util_write_data_to_file_absolute; glib's
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19494
diff
changeset
|
792 out_buf, out_size); |
18977
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
793 |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
794 g_free(out_buf); |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
795 return success; |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
796 } |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
797 |
19019
e179e7e6ded7
- Add GnuTLS X.509 cert copy operator
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19018
diff
changeset
|
798 static PurpleCertificate * |
e179e7e6ded7
- Add GnuTLS X.509 cert copy operator
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19018
diff
changeset
|
799 x509_copy_certificate(PurpleCertificate *crt) |
e179e7e6ded7
- Add GnuTLS X.509 cert copy operator
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19018
diff
changeset
|
800 { |
e179e7e6ded7
- Add GnuTLS X.509 cert copy operator
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19018
diff
changeset
|
801 x509_crtdata_t *crtdat; |
e179e7e6ded7
- Add GnuTLS X.509 cert copy operator
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19018
diff
changeset
|
802 PurpleCertificate *newcrt; |
e179e7e6ded7
- Add GnuTLS X.509 cert copy operator
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19018
diff
changeset
|
803 |
e179e7e6ded7
- Add GnuTLS X.509 cert copy operator
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19018
diff
changeset
|
804 g_return_val_if_fail(crt, NULL); |
e179e7e6ded7
- Add GnuTLS X.509 cert copy operator
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19018
diff
changeset
|
805 g_return_val_if_fail(crt->scheme == &x509_gnutls, NULL); |
e179e7e6ded7
- Add GnuTLS X.509 cert copy operator
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19018
diff
changeset
|
806 |
e179e7e6ded7
- Add GnuTLS X.509 cert copy operator
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19018
diff
changeset
|
807 crtdat = (x509_crtdata_t *) crt->data; |
e179e7e6ded7
- Add GnuTLS X.509 cert copy operator
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19018
diff
changeset
|
808 |
e179e7e6ded7
- Add GnuTLS X.509 cert copy operator
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19018
diff
changeset
|
809 newcrt = g_new0(PurpleCertificate, 1); |
e179e7e6ded7
- Add GnuTLS X.509 cert copy operator
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19018
diff
changeset
|
810 newcrt->scheme = &x509_gnutls; |
e179e7e6ded7
- Add GnuTLS X.509 cert copy operator
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19018
diff
changeset
|
811 newcrt->data = x509_crtdata_addref(crtdat); |
e179e7e6ded7
- Add GnuTLS X.509 cert copy operator
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19018
diff
changeset
|
812 |
e179e7e6ded7
- Add GnuTLS X.509 cert copy operator
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19018
diff
changeset
|
813 return newcrt; |
e179e7e6ded7
- Add GnuTLS X.509 cert copy operator
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19018
diff
changeset
|
814 } |
17913
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
815 /** Frees a Certificate |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
816 * |
19550
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
817 * Destroys a Certificate's internal data structures and frees the pointer |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
818 * given. |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
819 * @param crt Certificate instance to be destroyed. It WILL NOT be destroyed |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
820 * if it is not of the correct CertificateScheme. Can be NULL |
17913
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
821 * |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
822 */ |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
823 static void |
18189
030a2209ae96
- Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18188
diff
changeset
|
824 x509_destroy_certificate(PurpleCertificate * crt) |
17913
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
825 { |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
826 if (NULL == crt) return; |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
827 |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
828 /* Check that the scheme is x509_gnutls */ |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
829 if ( crt->scheme != &x509_gnutls ) { |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
830 purple_debug_error("gnutls", |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
831 "destroy_certificate attempted on certificate of wrong scheme (scheme was %s, expected %s)\n", |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
832 crt->scheme->name, |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
833 SCHEME_NAME); |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
834 return; |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
835 } |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
836 |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
837 g_return_if_fail(crt->data != NULL); |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
838 g_return_if_fail(crt->scheme != NULL); |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
839 |
19017
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
840 /* Use the reference counting system to free (or not) the |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
841 underlying data */ |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
842 x509_crtdata_delref((x509_crtdata_t *)crt->data); |
19550
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
843 |
17913
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
844 /* Kill the structure itself */ |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
845 g_free(crt); |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
846 } |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
847 |
18191
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
848 /** Determines whether one certificate has been issued and signed by another |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
849 * |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
850 * @param crt Certificate to check the signature of |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
851 * @param issuer Issuer's certificate |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
852 * |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
853 * @return TRUE if crt was signed and issued by issuer, otherwise FALSE |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
854 * @TODO Modify this function to return a reason for invalidity? |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
855 */ |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
856 static gboolean |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
857 x509_certificate_signed_by(PurpleCertificate * crt, |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
858 PurpleCertificate * issuer) |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
859 { |
20282
62b83cebbb59
applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e
Richard Laager <rlaager@wiktel.com>
parents:
20255
diff
changeset
|
860 gnutls_x509_crt crt_dat; |
62b83cebbb59
applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e
Richard Laager <rlaager@wiktel.com>
parents:
20255
diff
changeset
|
861 gnutls_x509_crt issuer_dat; |
19212
2c7c934bfb4e
- Fix x509_signed_by. Apparently I can't read documentation.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19079
diff
changeset
|
862 unsigned int verify; /* used to store result from GnuTLS verifier */ |
18191
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
863 int ret; |
27655
0ac5a002dd6d
Add a debug log message when MD5 is used in a verification chain. Refs #4458.
Paul Aurich <paul@darkrain42.org>
parents:
27183
diff
changeset
|
864 gchar *crt_id = NULL; |
0ac5a002dd6d
Add a debug log message when MD5 is used in a verification chain. Refs #4458.
Paul Aurich <paul@darkrain42.org>
parents:
27183
diff
changeset
|
865 gchar *issuer_id = NULL; |
19550
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
866 |
18191
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
867 g_return_val_if_fail(crt, FALSE); |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
868 g_return_val_if_fail(issuer, FALSE); |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
869 |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
870 /* Verify that both certs are the correct scheme */ |
18963
146907cd3b07
- Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18961
diff
changeset
|
871 g_return_val_if_fail(crt->scheme == &x509_gnutls, FALSE); |
146907cd3b07
- Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18961
diff
changeset
|
872 g_return_val_if_fail(issuer->scheme == &x509_gnutls, FALSE); |
18191
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
873 |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
874 /* TODO: check for more nullness? */ |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
875 |
19017
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
876 crt_dat = X509_GET_GNUTLS_DATA(crt); |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
877 issuer_dat = X509_GET_GNUTLS_DATA(issuer); |
18191
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
878 |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
879 /* First, let's check that crt.issuer is actually issuer */ |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
880 ret = gnutls_x509_crt_check_issuer(crt_dat, issuer_dat); |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
881 if (ret <= 0) { |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
882 |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
883 if (ret < 0) { |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
884 purple_debug_error("gnutls/x509", |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
885 "GnuTLS error %d while checking certificate issuer match.", |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
886 ret); |
19212
2c7c934bfb4e
- Fix x509_signed_by. Apparently I can't read documentation.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19079
diff
changeset
|
887 } else { |
2c7c934bfb4e
- Fix x509_signed_by. Apparently I can't read documentation.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19079
diff
changeset
|
888 gchar *crt_id, *issuer_id, *crt_issuer_id; |
2c7c934bfb4e
- Fix x509_signed_by. Apparently I can't read documentation.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19079
diff
changeset
|
889 crt_id = purple_certificate_get_unique_id(crt); |
2c7c934bfb4e
- Fix x509_signed_by. Apparently I can't read documentation.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19079
diff
changeset
|
890 issuer_id = purple_certificate_get_unique_id(issuer); |
2c7c934bfb4e
- Fix x509_signed_by. Apparently I can't read documentation.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19079
diff
changeset
|
891 crt_issuer_id = |
2c7c934bfb4e
- Fix x509_signed_by. Apparently I can't read documentation.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19079
diff
changeset
|
892 purple_certificate_get_issuer_unique_id(crt); |
2c7c934bfb4e
- Fix x509_signed_by. Apparently I can't read documentation.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19079
diff
changeset
|
893 purple_debug_info("gnutls/x509", |
28358
401a00227615
ssl-gnutls: I think this error message makes a little more sense.
Paul Aurich <paul@darkrain42.org>
parents:
28355
diff
changeset
|
894 "Certificate %s is issued by " |
401a00227615
ssl-gnutls: I think this error message makes a little more sense.
Paul Aurich <paul@darkrain42.org>
parents:
28355
diff
changeset
|
895 "%s, which does not match %s.\n", |
20285
3b459f294dc1
applied changes from f143c30a12f30c53e017f1bfc22ccddee96036fc
Richard Laager <rlaager@wiktel.com>
parents:
20284
diff
changeset
|
896 crt_id ? crt_id : "(null)", |
3b459f294dc1
applied changes from f143c30a12f30c53e017f1bfc22ccddee96036fc
Richard Laager <rlaager@wiktel.com>
parents:
20284
diff
changeset
|
897 crt_issuer_id ? crt_issuer_id : "(null)", |
3b459f294dc1
applied changes from f143c30a12f30c53e017f1bfc22ccddee96036fc
Richard Laager <rlaager@wiktel.com>
parents:
20284
diff
changeset
|
898 issuer_id ? issuer_id : "(null)"); |
19212
2c7c934bfb4e
- Fix x509_signed_by. Apparently I can't read documentation.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19079
diff
changeset
|
899 g_free(crt_id); |
2c7c934bfb4e
- Fix x509_signed_by. Apparently I can't read documentation.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19079
diff
changeset
|
900 g_free(issuer_id); |
2c7c934bfb4e
- Fix x509_signed_by. Apparently I can't read documentation.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19079
diff
changeset
|
901 g_free(crt_issuer_id); |
18191
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
902 } |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
903 |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
904 /* The issuer is not correct, or there were errors */ |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
905 return FALSE; |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
906 } |
19550
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
907 |
18191
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
908 /* Now, check the signature */ |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
909 /* The second argument is a ptr to an array of "trusted" issuer certs, |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
910 but we're only using one trusted one */ |
19218
0e17da726a8c
- x509_signed_by now accepts a signature by an X.509 version 1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19215
diff
changeset
|
911 ret = gnutls_x509_crt_verify(crt_dat, &issuer_dat, 1, |
0e17da726a8c
- x509_signed_by now accepts a signature by an X.509 version 1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19215
diff
changeset
|
912 /* Permit signings by X.509v1 certs |
0e17da726a8c
- x509_signed_by now accepts a signature by an X.509 version 1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19215
diff
changeset
|
913 (Verisign and possibly others have |
0e17da726a8c
- x509_signed_by now accepts a signature by an X.509 version 1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19215
diff
changeset
|
914 root certificates that predate the |
0e17da726a8c
- x509_signed_by now accepts a signature by an X.509 version 1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19215
diff
changeset
|
915 current standard) */ |
0e17da726a8c
- x509_signed_by now accepts a signature by an X.509 version 1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19215
diff
changeset
|
916 GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT, |
0e17da726a8c
- x509_signed_by now accepts a signature by an X.509 version 1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19215
diff
changeset
|
917 &verify); |
19550
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
918 |
19212
2c7c934bfb4e
- Fix x509_signed_by. Apparently I can't read documentation.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19079
diff
changeset
|
919 if (ret != 0) { |
18191
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
920 purple_debug_error("gnutls/x509", |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
921 "Attempted certificate verification caused a GnuTLS error code %d. I will just say the signature is bad, but you should look into this.\n", ret); |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
922 return FALSE; |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
923 } |
19212
2c7c934bfb4e
- Fix x509_signed_by. Apparently I can't read documentation.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19079
diff
changeset
|
924 |
28355
13a229a062c6
Check the GnuTLS version before using a recent-ish flag. Fixes #10412.
Paul Aurich <paul@darkrain42.org>
parents:
27655
diff
changeset
|
925 #ifdef HAVE_GNUTLS_CERT_INSECURE_ALGORITHM |
27655
0ac5a002dd6d
Add a debug log message when MD5 is used in a verification chain. Refs #4458.
Paul Aurich <paul@darkrain42.org>
parents:
27183
diff
changeset
|
926 if (verify & GNUTLS_CERT_INSECURE_ALGORITHM) { |
0ac5a002dd6d
Add a debug log message when MD5 is used in a verification chain. Refs #4458.
Paul Aurich <paul@darkrain42.org>
parents:
27183
diff
changeset
|
927 /* |
0ac5a002dd6d
Add a debug log message when MD5 is used in a verification chain. Refs #4458.
Paul Aurich <paul@darkrain42.org>
parents:
27183
diff
changeset
|
928 * A certificate in the chain is signed with an insecure |
0ac5a002dd6d
Add a debug log message when MD5 is used in a verification chain. Refs #4458.
Paul Aurich <paul@darkrain42.org>
parents:
27183
diff
changeset
|
929 * algorithm. Put a warning into the log to make this error |
0ac5a002dd6d
Add a debug log message when MD5 is used in a verification chain. Refs #4458.
Paul Aurich <paul@darkrain42.org>
parents:
27183
diff
changeset
|
930 * perfectly clear as soon as someone looks at the debug log is |
0ac5a002dd6d
Add a debug log message when MD5 is used in a verification chain. Refs #4458.
Paul Aurich <paul@darkrain42.org>
parents:
27183
diff
changeset
|
931 * generated. |
0ac5a002dd6d
Add a debug log message when MD5 is used in a verification chain. Refs #4458.
Paul Aurich <paul@darkrain42.org>
parents:
27183
diff
changeset
|
932 */ |
0ac5a002dd6d
Add a debug log message when MD5 is used in a verification chain. Refs #4458.
Paul Aurich <paul@darkrain42.org>
parents:
27183
diff
changeset
|
933 crt_id = purple_certificate_get_unique_id(crt); |
0ac5a002dd6d
Add a debug log message when MD5 is used in a verification chain. Refs #4458.
Paul Aurich <paul@darkrain42.org>
parents:
27183
diff
changeset
|
934 issuer_id = purple_certificate_get_issuer_unique_id(crt); |
0ac5a002dd6d
Add a debug log message when MD5 is used in a verification chain. Refs #4458.
Paul Aurich <paul@darkrain42.org>
parents:
27183
diff
changeset
|
935 purple_debug_warning("gnutls/x509", |
0ac5a002dd6d
Add a debug log message when MD5 is used in a verification chain. Refs #4458.
Paul Aurich <paul@darkrain42.org>
parents:
27183
diff
changeset
|
936 "Insecure hash algorithm used by %s to sign %s\n", |
0ac5a002dd6d
Add a debug log message when MD5 is used in a verification chain. Refs #4458.
Paul Aurich <paul@darkrain42.org>
parents:
27183
diff
changeset
|
937 issuer_id, crt_id); |
0ac5a002dd6d
Add a debug log message when MD5 is used in a verification chain. Refs #4458.
Paul Aurich <paul@darkrain42.org>
parents:
27183
diff
changeset
|
938 } |
28355
13a229a062c6
Check the GnuTLS version before using a recent-ish flag. Fixes #10412.
Paul Aurich <paul@darkrain42.org>
parents:
27655
diff
changeset
|
939 #endif |
27655
0ac5a002dd6d
Add a debug log message when MD5 is used in a verification chain. Refs #4458.
Paul Aurich <paul@darkrain42.org>
parents:
27183
diff
changeset
|
940 |
19212
2c7c934bfb4e
- Fix x509_signed_by. Apparently I can't read documentation.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19079
diff
changeset
|
941 if (verify & GNUTLS_CERT_INVALID) { |
18191
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
942 /* Signature didn't check out, but at least |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
943 there were no errors*/ |
27655
0ac5a002dd6d
Add a debug log message when MD5 is used in a verification chain. Refs #4458.
Paul Aurich <paul@darkrain42.org>
parents:
27183
diff
changeset
|
944 if (!crt_id) |
0ac5a002dd6d
Add a debug log message when MD5 is used in a verification chain. Refs #4458.
Paul Aurich <paul@darkrain42.org>
parents:
27183
diff
changeset
|
945 crt_id = purple_certificate_get_unique_id(crt); |
0ac5a002dd6d
Add a debug log message when MD5 is used in a verification chain. Refs #4458.
Paul Aurich <paul@darkrain42.org>
parents:
27183
diff
changeset
|
946 if (!issuer_id) |
0ac5a002dd6d
Add a debug log message when MD5 is used in a verification chain. Refs #4458.
Paul Aurich <paul@darkrain42.org>
parents:
27183
diff
changeset
|
947 issuer_id = purple_certificate_get_issuer_unique_id(crt); |
0ac5a002dd6d
Add a debug log message when MD5 is used in a verification chain. Refs #4458.
Paul Aurich <paul@darkrain42.org>
parents:
27183
diff
changeset
|
948 purple_debug_error("gnutls/x509", |
0ac5a002dd6d
Add a debug log message when MD5 is used in a verification chain. Refs #4458.
Paul Aurich <paul@darkrain42.org>
parents:
27183
diff
changeset
|
949 "Bad signature from %s on %s\n", |
19212
2c7c934bfb4e
- Fix x509_signed_by. Apparently I can't read documentation.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19079
diff
changeset
|
950 issuer_id, crt_id); |
2c7c934bfb4e
- Fix x509_signed_by. Apparently I can't read documentation.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19079
diff
changeset
|
951 g_free(crt_id); |
2c7c934bfb4e
- Fix x509_signed_by. Apparently I can't read documentation.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19079
diff
changeset
|
952 g_free(issuer_id); |
19550
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
953 |
18191
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
954 return FALSE; |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
955 } /* if (ret, etc.) */ |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
956 |
19212
2c7c934bfb4e
- Fix x509_signed_by. Apparently I can't read documentation.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19079
diff
changeset
|
957 /* If we got here, the signature is good */ |
2c7c934bfb4e
- Fix x509_signed_by. Apparently I can't read documentation.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19079
diff
changeset
|
958 return TRUE; |
18191
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
959 } |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
960 |
18935
cb9d2b9ad6bc
- Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18934
diff
changeset
|
961 static GByteArray * |
cb9d2b9ad6bc
- Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18934
diff
changeset
|
962 x509_sha1sum(PurpleCertificate *crt) |
cb9d2b9ad6bc
- Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18934
diff
changeset
|
963 { |
cb9d2b9ad6bc
- Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18934
diff
changeset
|
964 size_t hashlen = 20; /* SHA1 hashes are 20 bytes */ |
cb9d2b9ad6bc
- Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18934
diff
changeset
|
965 size_t tmpsz = hashlen; /* Throw-away variable for GnuTLS to stomp on*/ |
20282
62b83cebbb59
applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e
Richard Laager <rlaager@wiktel.com>
parents:
20255
diff
changeset
|
966 gnutls_x509_crt crt_dat; |
18935
cb9d2b9ad6bc
- Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18934
diff
changeset
|
967 GByteArray *hash; /**< Final hash container */ |
cb9d2b9ad6bc
- Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18934
diff
changeset
|
968 guchar hashbuf[hashlen]; /**< Temporary buffer to contain hash */ |
cb9d2b9ad6bc
- Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18934
diff
changeset
|
969 |
cb9d2b9ad6bc
- Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18934
diff
changeset
|
970 g_return_val_if_fail(crt, NULL); |
cb9d2b9ad6bc
- Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18934
diff
changeset
|
971 |
19017
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
972 crt_dat = X509_GET_GNUTLS_DATA(crt); |
18935
cb9d2b9ad6bc
- Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18934
diff
changeset
|
973 |
cb9d2b9ad6bc
- Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18934
diff
changeset
|
974 /* Extract the fingerprint */ |
19492
447470c8111a
- More TODO whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19491
diff
changeset
|
975 g_return_val_if_fail( |
447470c8111a
- More TODO whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19491
diff
changeset
|
976 0 == gnutls_x509_crt_get_fingerprint(crt_dat, GNUTLS_MAC_SHA, |
447470c8111a
- More TODO whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19491
diff
changeset
|
977 hashbuf, &tmpsz), |
447470c8111a
- More TODO whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19491
diff
changeset
|
978 NULL); |
18935
cb9d2b9ad6bc
- Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18934
diff
changeset
|
979 |
cb9d2b9ad6bc
- Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18934
diff
changeset
|
980 /* This shouldn't happen */ |
cb9d2b9ad6bc
- Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18934
diff
changeset
|
981 g_return_val_if_fail(tmpsz == hashlen, NULL); |
19550
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
982 |
18935
cb9d2b9ad6bc
- Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18934
diff
changeset
|
983 /* Okay, now create and fill hash array */ |
cb9d2b9ad6bc
- Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18934
diff
changeset
|
984 hash = g_byte_array_new(); |
cb9d2b9ad6bc
- Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18934
diff
changeset
|
985 g_byte_array_append(hash, hashbuf, hashlen); |
cb9d2b9ad6bc
- Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18934
diff
changeset
|
986 |
cb9d2b9ad6bc
- Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18934
diff
changeset
|
987 return hash; |
cb9d2b9ad6bc
- Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18934
diff
changeset
|
988 } |
cb9d2b9ad6bc
- Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18934
diff
changeset
|
989 |
18963
146907cd3b07
- Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18961
diff
changeset
|
990 static gchar * |
19079
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
991 x509_cert_dn (PurpleCertificate *crt) |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
992 { |
20282
62b83cebbb59
applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e
Richard Laager <rlaager@wiktel.com>
parents:
20255
diff
changeset
|
993 gnutls_x509_crt cert_dat; |
19079
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
994 gchar *dn = NULL; |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
995 size_t dn_size; |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
996 |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
997 g_return_val_if_fail(crt, NULL); |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
998 g_return_val_if_fail(crt->scheme == &x509_gnutls, NULL); |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
999 |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
1000 cert_dat = X509_GET_GNUTLS_DATA(crt); |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
1001 |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
1002 /* Figure out the length of the Distinguished Name */ |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
1003 /* Claim that the buffer is size 0 so GnuTLS just tells us how much |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
1004 space it needs */ |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
1005 dn_size = 0; |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
1006 gnutls_x509_crt_get_dn(cert_dat, dn, &dn_size); |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
1007 |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
1008 /* Now allocate and get the Distinguished Name */ |
20283
5edb55b70108
applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971
Richard Laager <rlaager@wiktel.com>
parents:
20282
diff
changeset
|
1009 /* Old versions of GnuTLS have an off-by-one error in reporting |
5edb55b70108
applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971
Richard Laager <rlaager@wiktel.com>
parents:
20282
diff
changeset
|
1010 the size of the needed buffer in some functions, so allocate |
5edb55b70108
applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971
Richard Laager <rlaager@wiktel.com>
parents:
20282
diff
changeset
|
1011 an extra byte */ |
5edb55b70108
applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971
Richard Laager <rlaager@wiktel.com>
parents:
20282
diff
changeset
|
1012 dn = g_new0(gchar, ++dn_size); |
19493
e147c3a821dd
- Errorchecking in x509_cert_dn
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19492
diff
changeset
|
1013 if (0 != gnutls_x509_crt_get_dn(cert_dat, dn, &dn_size)) { |
e147c3a821dd
- Errorchecking in x509_cert_dn
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19492
diff
changeset
|
1014 purple_debug_error("gnutls/x509", |
e147c3a821dd
- Errorchecking in x509_cert_dn
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19492
diff
changeset
|
1015 "Failed to get Distinguished Name\n"); |
e147c3a821dd
- Errorchecking in x509_cert_dn
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19492
diff
changeset
|
1016 g_free(dn); |
e147c3a821dd
- Errorchecking in x509_cert_dn
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19492
diff
changeset
|
1017 return NULL; |
e147c3a821dd
- Errorchecking in x509_cert_dn
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19492
diff
changeset
|
1018 } |
19550
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
1019 |
19079
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
1020 return dn; |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
1021 } |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
1022 |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
1023 static gchar * |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
1024 x509_issuer_dn (PurpleCertificate *crt) |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
1025 { |
20282
62b83cebbb59
applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e
Richard Laager <rlaager@wiktel.com>
parents:
20255
diff
changeset
|
1026 gnutls_x509_crt cert_dat; |
19079
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
1027 gchar *dn = NULL; |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
1028 size_t dn_size; |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
1029 |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
1030 g_return_val_if_fail(crt, NULL); |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
1031 g_return_val_if_fail(crt->scheme == &x509_gnutls, NULL); |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
1032 |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
1033 cert_dat = X509_GET_GNUTLS_DATA(crt); |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
1034 |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
1035 /* Figure out the length of the Distinguished Name */ |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
1036 /* Claim that the buffer is size 0 so GnuTLS just tells us how much |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
1037 space it needs */ |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
1038 dn_size = 0; |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
1039 gnutls_x509_crt_get_issuer_dn(cert_dat, dn, &dn_size); |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
1040 |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
1041 /* Now allocate and get the Distinguished Name */ |
20283
5edb55b70108
applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971
Richard Laager <rlaager@wiktel.com>
parents:
20282
diff
changeset
|
1042 /* Old versions of GnuTLS have an off-by-one error in reporting |
5edb55b70108
applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971
Richard Laager <rlaager@wiktel.com>
parents:
20282
diff
changeset
|
1043 the size of the needed buffer in some functions, so allocate |
5edb55b70108
applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971
Richard Laager <rlaager@wiktel.com>
parents:
20282
diff
changeset
|
1044 an extra byte */ |
5edb55b70108
applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971
Richard Laager <rlaager@wiktel.com>
parents:
20282
diff
changeset
|
1045 dn = g_new0(gchar, ++dn_size); |
19494
280c6ec32ca6
- Yet More TODO whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19493
diff
changeset
|
1046 if (0 != gnutls_x509_crt_get_issuer_dn(cert_dat, dn, &dn_size)) { |
280c6ec32ca6
- Yet More TODO whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19493
diff
changeset
|
1047 purple_debug_error("gnutls/x509", |
280c6ec32ca6
- Yet More TODO whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19493
diff
changeset
|
1048 "Failed to get issuer's Distinguished " |
280c6ec32ca6
- Yet More TODO whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19493
diff
changeset
|
1049 "Name\n"); |
280c6ec32ca6
- Yet More TODO whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19493
diff
changeset
|
1050 g_free(dn); |
280c6ec32ca6
- Yet More TODO whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19493
diff
changeset
|
1051 return NULL; |
280c6ec32ca6
- Yet More TODO whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19493
diff
changeset
|
1052 } |
19550
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
1053 |
19079
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
1054 return dn; |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
1055 } |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
1056 |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
1057 static gchar * |
18963
146907cd3b07
- Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18961
diff
changeset
|
1058 x509_common_name (PurpleCertificate *crt) |
146907cd3b07
- Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18961
diff
changeset
|
1059 { |
20282
62b83cebbb59
applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e
Richard Laager <rlaager@wiktel.com>
parents:
20255
diff
changeset
|
1060 gnutls_x509_crt cert_dat; |
18963
146907cd3b07
- Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18961
diff
changeset
|
1061 gchar *cn = NULL; |
146907cd3b07
- Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18961
diff
changeset
|
1062 size_t cn_size; |
19494
280c6ec32ca6
- Yet More TODO whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19493
diff
changeset
|
1063 int ret; |
18963
146907cd3b07
- Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18961
diff
changeset
|
1064 |
146907cd3b07
- Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18961
diff
changeset
|
1065 g_return_val_if_fail(crt, NULL); |
146907cd3b07
- Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18961
diff
changeset
|
1066 g_return_val_if_fail(crt->scheme == &x509_gnutls, NULL); |
146907cd3b07
- Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18961
diff
changeset
|
1067 |
19017
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
1068 cert_dat = X509_GET_GNUTLS_DATA(crt); |
18963
146907cd3b07
- Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18961
diff
changeset
|
1069 |
146907cd3b07
- Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18961
diff
changeset
|
1070 /* Figure out the length of the Common Name */ |
146907cd3b07
- Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18961
diff
changeset
|
1071 /* Claim that the buffer is size 0 so GnuTLS just tells us how much |
146907cd3b07
- Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18961
diff
changeset
|
1072 space it needs */ |
146907cd3b07
- Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18961
diff
changeset
|
1073 cn_size = 0; |
146907cd3b07
- Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18961
diff
changeset
|
1074 gnutls_x509_crt_get_dn_by_oid(cert_dat, |
146907cd3b07
- Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18961
diff
changeset
|
1075 GNUTLS_OID_X520_COMMON_NAME, |
146907cd3b07
- Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18961
diff
changeset
|
1076 0, /* First CN found, please */ |
146907cd3b07
- Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18961
diff
changeset
|
1077 0, /* Not in raw mode */ |
146907cd3b07
- Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18961
diff
changeset
|
1078 cn, &cn_size); |
146907cd3b07
- Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18961
diff
changeset
|
1079 |
146907cd3b07
- Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18961
diff
changeset
|
1080 /* Now allocate and get the Common Name */ |
20283
5edb55b70108
applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971
Richard Laager <rlaager@wiktel.com>
parents:
20282
diff
changeset
|
1081 /* Old versions of GnuTLS have an off-by-one error in reporting |
5edb55b70108
applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971
Richard Laager <rlaager@wiktel.com>
parents:
20282
diff
changeset
|
1082 the size of the needed buffer in some functions, so allocate |
5edb55b70108
applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971
Richard Laager <rlaager@wiktel.com>
parents:
20282
diff
changeset
|
1083 an extra byte */ |
5edb55b70108
applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971
Richard Laager <rlaager@wiktel.com>
parents:
20282
diff
changeset
|
1084 cn = g_new0(gchar, ++cn_size); |
19494
280c6ec32ca6
- Yet More TODO whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19493
diff
changeset
|
1085 ret = gnutls_x509_crt_get_dn_by_oid(cert_dat, |
280c6ec32ca6
- Yet More TODO whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19493
diff
changeset
|
1086 GNUTLS_OID_X520_COMMON_NAME, |
280c6ec32ca6
- Yet More TODO whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19493
diff
changeset
|
1087 0, /* First CN found, please */ |
280c6ec32ca6
- Yet More TODO whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19493
diff
changeset
|
1088 0, /* Not in raw mode */ |
280c6ec32ca6
- Yet More TODO whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19493
diff
changeset
|
1089 cn, &cn_size); |
280c6ec32ca6
- Yet More TODO whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19493
diff
changeset
|
1090 if (ret != 0) { |
280c6ec32ca6
- Yet More TODO whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19493
diff
changeset
|
1091 purple_debug_error("gnutls/x509", |
280c6ec32ca6
- Yet More TODO whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19493
diff
changeset
|
1092 "Failed to get Common Name\n"); |
280c6ec32ca6
- Yet More TODO whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19493
diff
changeset
|
1093 g_free(cn); |
280c6ec32ca6
- Yet More TODO whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19493
diff
changeset
|
1094 return NULL; |
280c6ec32ca6
- Yet More TODO whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19493
diff
changeset
|
1095 } |
280c6ec32ca6
- Yet More TODO whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19493
diff
changeset
|
1096 |
18963
146907cd3b07
- Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18961
diff
changeset
|
1097 return cn; |
146907cd3b07
- Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18961
diff
changeset
|
1098 } |
146907cd3b07
- Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18961
diff
changeset
|
1099 |
19008
7fd9bd55f8d0
- Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19007
diff
changeset
|
1100 static gboolean |
7fd9bd55f8d0
- Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19007
diff
changeset
|
1101 x509_check_name (PurpleCertificate *crt, const gchar *name) |
7fd9bd55f8d0
- Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19007
diff
changeset
|
1102 { |
20282
62b83cebbb59
applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e
Richard Laager <rlaager@wiktel.com>
parents:
20255
diff
changeset
|
1103 gnutls_x509_crt crt_dat; |
19008
7fd9bd55f8d0
- Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19007
diff
changeset
|
1104 |
7fd9bd55f8d0
- Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19007
diff
changeset
|
1105 g_return_val_if_fail(crt, FALSE); |
7fd9bd55f8d0
- Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19007
diff
changeset
|
1106 g_return_val_if_fail(crt->scheme == &x509_gnutls, FALSE); |
7fd9bd55f8d0
- Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19007
diff
changeset
|
1107 g_return_val_if_fail(name, FALSE); |
7fd9bd55f8d0
- Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19007
diff
changeset
|
1108 |
19017
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
1109 crt_dat = X509_GET_GNUTLS_DATA(crt); |
19008
7fd9bd55f8d0
- Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19007
diff
changeset
|
1110 |
7fd9bd55f8d0
- Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19007
diff
changeset
|
1111 if (gnutls_x509_crt_check_hostname(crt_dat, name)) { |
7fd9bd55f8d0
- Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19007
diff
changeset
|
1112 return TRUE; |
7fd9bd55f8d0
- Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19007
diff
changeset
|
1113 } else { |
7fd9bd55f8d0
- Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19007
diff
changeset
|
1114 return FALSE; |
7fd9bd55f8d0
- Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19007
diff
changeset
|
1115 } |
7fd9bd55f8d0
- Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19007
diff
changeset
|
1116 } |
7fd9bd55f8d0
- Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19007
diff
changeset
|
1117 |
19067
6c0aad79c4c5
- Change the internal structure of activation/expiration times to match
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19021
diff
changeset
|
1118 static gboolean |
6c0aad79c4c5
- Change the internal structure of activation/expiration times to match
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19021
diff
changeset
|
1119 x509_times (PurpleCertificate *crt, time_t *activation, time_t *expiration) |
19013
5157ebe90b93
- Add activation/expiration time retrievers to GnuTLS plugin
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19008
diff
changeset
|
1120 { |
20282
62b83cebbb59
applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e
Richard Laager <rlaager@wiktel.com>
parents:
20255
diff
changeset
|
1121 gnutls_x509_crt crt_dat; |
19067
6c0aad79c4c5
- Change the internal structure of activation/expiration times to match
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19021
diff
changeset
|
1122 /* GnuTLS time functions return this on error */ |
6c0aad79c4c5
- Change the internal structure of activation/expiration times to match
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19021
diff
changeset
|
1123 const time_t errval = (time_t) (-1); |
20332
3a9709bfde65
applied changes from 4d50bf3b08569aa2108a9f5da47fb1548d0c7dd9
Luke Schierer <lschiere@pidgin.im>
parents:
20285
diff
changeset
|
1124 gboolean success = TRUE; |
19067
6c0aad79c4c5
- Change the internal structure of activation/expiration times to match
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19021
diff
changeset
|
1125 |
6c0aad79c4c5
- Change the internal structure of activation/expiration times to match
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19021
diff
changeset
|
1126 g_return_val_if_fail(crt, FALSE); |
6c0aad79c4c5
- Change the internal structure of activation/expiration times to match
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19021
diff
changeset
|
1127 g_return_val_if_fail(crt->scheme == &x509_gnutls, FALSE); |
19013
5157ebe90b93
- Add activation/expiration time retrievers to GnuTLS plugin
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19008
diff
changeset
|
1128 |
19017
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
1129 crt_dat = X509_GET_GNUTLS_DATA(crt); |
19013
5157ebe90b93
- Add activation/expiration time retrievers to GnuTLS plugin
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19008
diff
changeset
|
1130 |
19067
6c0aad79c4c5
- Change the internal structure of activation/expiration times to match
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19021
diff
changeset
|
1131 if (activation) { |
6c0aad79c4c5
- Change the internal structure of activation/expiration times to match
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19021
diff
changeset
|
1132 *activation = gnutls_x509_crt_get_activation_time(crt_dat); |
20332
3a9709bfde65
applied changes from 4d50bf3b08569aa2108a9f5da47fb1548d0c7dd9
Luke Schierer <lschiere@pidgin.im>
parents:
20285
diff
changeset
|
1133 if (*activation == errval) |
3a9709bfde65
applied changes from 4d50bf3b08569aa2108a9f5da47fb1548d0c7dd9
Luke Schierer <lschiere@pidgin.im>
parents:
20285
diff
changeset
|
1134 success = FALSE; |
19067
6c0aad79c4c5
- Change the internal structure of activation/expiration times to match
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19021
diff
changeset
|
1135 } |
6c0aad79c4c5
- Change the internal structure of activation/expiration times to match
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19021
diff
changeset
|
1136 if (expiration) { |
6c0aad79c4c5
- Change the internal structure of activation/expiration times to match
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19021
diff
changeset
|
1137 *expiration = gnutls_x509_crt_get_expiration_time(crt_dat); |
20332
3a9709bfde65
applied changes from 4d50bf3b08569aa2108a9f5da47fb1548d0c7dd9
Luke Schierer <lschiere@pidgin.im>
parents:
20285
diff
changeset
|
1138 if (*expiration == errval) |
3a9709bfde65
applied changes from 4d50bf3b08569aa2108a9f5da47fb1548d0c7dd9
Luke Schierer <lschiere@pidgin.im>
parents:
20285
diff
changeset
|
1139 success = FALSE; |
19067
6c0aad79c4c5
- Change the internal structure of activation/expiration times to match
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19021
diff
changeset
|
1140 } |
19013
5157ebe90b93
- Add activation/expiration time retrievers to GnuTLS plugin
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19008
diff
changeset
|
1141 |
20332
3a9709bfde65
applied changes from 4d50bf3b08569aa2108a9f5da47fb1548d0c7dd9
Luke Schierer <lschiere@pidgin.im>
parents:
20285
diff
changeset
|
1142 return success; |
19013
5157ebe90b93
- Add activation/expiration time retrievers to GnuTLS plugin
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19008
diff
changeset
|
1143 } |
5157ebe90b93
- Add activation/expiration time retrievers to GnuTLS plugin
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19008
diff
changeset
|
1144 |
18189
030a2209ae96
- Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18188
diff
changeset
|
1145 /* X.509 certificate operations provided by this plugin */ |
030a2209ae96
- Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18188
diff
changeset
|
1146 static PurpleCertificateScheme x509_gnutls = { |
030a2209ae96
- Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18188
diff
changeset
|
1147 "x509", /* Scheme name */ |
030a2209ae96
- Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18188
diff
changeset
|
1148 N_("X.509 Certificates"), /* User-visible scheme name */ |
030a2209ae96
- Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18188
diff
changeset
|
1149 x509_import_from_file, /* Certificate import function */ |
18977
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
1150 x509_export_certificate, /* Certificate export function */ |
19019
e179e7e6ded7
- Add GnuTLS X.509 cert copy operator
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19018
diff
changeset
|
1151 x509_copy_certificate, /* Copy */ |
18934
04be1b885ef3
- Add more to the Certificate struct
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18930
diff
changeset
|
1152 x509_destroy_certificate, /* Destroy cert */ |
19076
daa68185a018
- Add purple_certificate_signed_by
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19067
diff
changeset
|
1153 x509_certificate_signed_by, /* Signature checker */ |
18935
cb9d2b9ad6bc
- Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18934
diff
changeset
|
1154 x509_sha1sum, /* SHA1 fingerprint */ |
19079
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
1155 x509_cert_dn, /* Unique ID */ |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
1156 x509_issuer_dn, /* Issuer Unique ID */ |
19006
dc60287ce426
- Add get_activation_time and get_expiration_time to CertificateScheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19004
diff
changeset
|
1157 x509_common_name, /* Subject name */ |
19008
7fd9bd55f8d0
- Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19007
diff
changeset
|
1158 x509_check_name, /* Check subject name */ |
19649
450f4a3c4c0f
- Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19552
diff
changeset
|
1159 x509_times, /* Activation/Expiration time */ |
29647
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
1160 x509_importcerts_from_file, /* Multiple certificates import function */ |
19649
450f4a3c4c0f
- Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19552
diff
changeset
|
1161 |
450f4a3c4c0f
- Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19552
diff
changeset
|
1162 NULL, |
450f4a3c4c0f
- Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19552
diff
changeset
|
1163 NULL, |
450f4a3c4c0f
- Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19552
diff
changeset
|
1164 NULL |
450f4a3c4c0f
- Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19552
diff
changeset
|
1165 |
18189
030a2209ae96
- Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18188
diff
changeset
|
1166 }; |
030a2209ae96
- Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18188
diff
changeset
|
1167 |
15822 | 1168 static PurpleSslOps ssl_ops = |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1169 { |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1170 ssl_gnutls_init, |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1171 ssl_gnutls_uninit, |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1172 ssl_gnutls_connect, |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1173 ssl_gnutls_close, |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1174 ssl_gnutls_read, |
16665
6531f1a2e1d7
Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents:
15822
diff
changeset
|
1175 ssl_gnutls_write, |
18187
33690062e8b3
- Expose get_peer_certificates in the SslOps struct, and modify gnutls
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18186
diff
changeset
|
1176 ssl_gnutls_get_peer_certificates, |
16665
6531f1a2e1d7
Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents:
15822
diff
changeset
|
1177 |
6531f1a2e1d7
Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents:
15822
diff
changeset
|
1178 /* padding */ |
6531f1a2e1d7
Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents:
15822
diff
changeset
|
1179 NULL, |
6531f1a2e1d7
Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents:
15822
diff
changeset
|
1180 NULL, |
6531f1a2e1d7
Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents:
15822
diff
changeset
|
1181 NULL |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1182 }; |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1183 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1184 static gboolean |
15822 | 1185 plugin_load(PurplePlugin *plugin) |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1186 { |
15822 | 1187 if(!purple_ssl_get_ops()) { |
1188 purple_ssl_set_ops(&ssl_ops); | |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1189 } |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1190 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1191 /* Init GNUTLS now so others can use it even if sslconn never does */ |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1192 ssl_gnutls_init_gnutls(); |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1193 |
19215
ab91044a914e
- Move ssl-gnutls x509 registration until after GnuTLS itself is inited
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19212
diff
changeset
|
1194 /* Register that we're providing an X.509 CertScheme */ |
ab91044a914e
- Move ssl-gnutls x509 registration until after GnuTLS itself is inited
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19212
diff
changeset
|
1195 purple_certificate_register_scheme( &x509_gnutls ); |
ab91044a914e
- Move ssl-gnutls x509 registration until after GnuTLS itself is inited
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19212
diff
changeset
|
1196 |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1197 return TRUE; |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1198 } |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1199 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1200 static gboolean |
15822 | 1201 plugin_unload(PurplePlugin *plugin) |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1202 { |
15822 | 1203 if(purple_ssl_get_ops() == &ssl_ops) { |
1204 purple_ssl_set_ops(NULL); | |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1205 } |
18927
9abc911c65aa
- GnuTLS plugin registers an x509 certscheme now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18191
diff
changeset
|
1206 |
9abc911c65aa
- GnuTLS plugin registers an x509 certscheme now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18191
diff
changeset
|
1207 purple_certificate_unregister_scheme( &x509_gnutls ); |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1208 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1209 return TRUE; |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1210 } |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1211 |
15822 | 1212 static PurplePluginInfo info = |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1213 { |
15822 | 1214 PURPLE_PLUGIN_MAGIC, |
1215 PURPLE_MAJOR_VERSION, | |
1216 PURPLE_MINOR_VERSION, | |
1217 PURPLE_PLUGIN_STANDARD, /**< type */ | |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1218 NULL, /**< ui_requirement */ |
15822 | 1219 PURPLE_PLUGIN_FLAG_INVISIBLE, /**< flags */ |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1220 NULL, /**< dependencies */ |
15822 | 1221 PURPLE_PRIORITY_DEFAULT, /**< priority */ |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1222 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1223 SSL_GNUTLS_PLUGIN_ID, /**< id */ |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1224 N_("GNUTLS"), /**< name */ |
21030
3cc856ca2338
Add a --with-extraversion option to ./configure so packagers can fine tune
Stu Tomlinson <stu@nosnilmot.com>
parents:
20332
diff
changeset
|
1225 DISPLAY_VERSION, /**< version */ |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1226 /** summary */ |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1227 N_("Provides SSL support through GNUTLS."), |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1228 /** description */ |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1229 N_("Provides SSL support through GNUTLS."), |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1230 "Christian Hammond <chipx86@gnupdate.org>", |
15822 | 1231 PURPLE_WEBSITE, /**< homepage */ |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1232 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1233 plugin_load, /**< load */ |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1234 plugin_unload, /**< unload */ |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1235 NULL, /**< destroy */ |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1236 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1237 NULL, /**< ui_info */ |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1238 NULL, /**< extra_info */ |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1239 NULL, /**< prefs_info */ |
16665
6531f1a2e1d7
Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents:
15822
diff
changeset
|
1240 NULL, /**< actions */ |
6531f1a2e1d7
Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents:
15822
diff
changeset
|
1241 |
6531f1a2e1d7
Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents:
15822
diff
changeset
|
1242 /* padding */ |
6531f1a2e1d7
Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents:
15822
diff
changeset
|
1243 NULL, |
6531f1a2e1d7
Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents:
15822
diff
changeset
|
1244 NULL, |
6531f1a2e1d7
Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents:
15822
diff
changeset
|
1245 NULL, |
6531f1a2e1d7
Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents:
15822
diff
changeset
|
1246 NULL |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1247 }; |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1248 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1249 static void |
15822 | 1250 init_plugin(PurplePlugin *plugin) |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1251 { |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1252 } |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1253 |
15822 | 1254 PURPLE_INIT_PLUGIN(ssl_gnutls, init_plugin, info) |