pidgin: libpurple/plugins/ssl/ssl-gnutls.c annotate

annotate libpurple/plugins/ssl/ssl-gnutls.c @ 30959:43af903bd816

NSS will not return invalid or irrelevant intermediate certificates that the server presented as part of the certificate chain. GnuTLS, however, will return them, which breaks our certificate validation when the server is mis-configured. This fixes our GnuTLS SSL plugin to discard any certificate (and subsequent certs) in the chain if it did not sign the previous certificate. This allows GnuTLS users to connect to omega.contacts.msn.com while it is still misconfigured.

author	Stu Tomlinson <stu@nosnilmot.com>
date	Tue, 23 Nov 2010 01:50:30 +0000
parents	df9de37e0274
children	fb0c5aa0fe55

rev	line source
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1 /**
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	2 * @file ssl-gnutls.c GNUTLS SSL plugin.
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	3 *
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	4 * purple
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	5 *
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	6 * Copyright (C) 2003 Christian Hammond <chipx86@gnupdate.org>
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	7 *
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	8 * This program is free software; you can redistribute it and/or modify
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	9 * it under the terms of the GNU General Public License as published by
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	10 * the Free Software Foundation; either version 2 of the License, or
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	11 * (at your option) any later version.
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	12 *
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	13 * This program is distributed in the hope that it will be useful,
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	16 * GNU General Public License for more details.
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	17 *
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	18 * You should have received a copy of the GNU General Public License
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	19 * along with this program; if not, write to the Free Software
19681 44b4e8bd759b The FSF changed its address a while ago; our files were out of date. John Bailey <rekkanoryo@rekkanoryo.org> parents: 19649 diff changeset	20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	21 */
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	22 #include "internal.h"
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	23 #include "debug.h"
17913 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	24 #include "certificate.h"
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	25 #include "plugin.h"
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	26 #include "sslconn.h"
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	27 #include "version.h"
17766 fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	28 #include "util.h"
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	29
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	30 #define SSL_GNUTLS_PLUGIN_ID "ssl-gnutls"
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	31
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	32 #include <gnutls/gnutls.h>
17766 fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	33 #include <gnutls/x509.h>
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	34
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	35 typedef struct
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	36 {
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	37 gnutls_session session;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	38 guint handshake_handler;
29659 df9de37e0274 gnutls/nss: Don't call the handshake functions synchronously. Fixes #11525 Paul Aurich <paul@darkrain42.org> parents: 29657 diff changeset	39 guint handshake_timer;
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	40 } PurpleSslGnutlsData;
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	41
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	42 #define PURPLE_SSL_GNUTLS_DATA(gsc) ((PurpleSslGnutlsData *)gsc->private_data)
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	43
29656 9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	44 static gnutls_certificate_client_credentials xcred = NULL;
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	45
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	46 #ifdef HAVE_GNUTLS_PRIORITY_FUNCS
29657 1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 29656 diff changeset	47 /* Priority strings. The default one is, well, the default (and is always
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 29656 diff changeset	48 * set). The hash table is of the form hostname => priority (both
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 29656 diff changeset	49 * char *).
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 29656 diff changeset	50 *
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 29656 diff changeset	51 * We only use a gnutls_priority_t for the default on the assumption that
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 29656 diff changeset	52 * that's the more common case. Improvement patches (like matching on
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 29656 diff changeset	53 * subdomains) welcome.
29656 9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	54 */
29657 1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 29656 diff changeset	55 static gnutls_priority_t default_priority = NULL;
29656 9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	56 static GHashTable *host_priorities = NULL;
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	57 #endif
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	58
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	59 static void
27183 e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27113 diff changeset	60 ssl_gnutls_log(int level, const char *str)
e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27113 diff changeset	61 {
e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27113 diff changeset	62 /* GnuTLS log messages include the '\n' */
e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27113 diff changeset	63 purple_debug_misc("gnutls", "lvl %d: %s", level, str);
e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27113 diff changeset	64 }
e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27113 diff changeset	65
e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27113 diff changeset	66 static void
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	67 ssl_gnutls_init_gnutls(void)
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	68 {
27183 e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27113 diff changeset	69 const char *debug_level;
29656 9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	70 const char *host_priorities_str;
27183 e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27113 diff changeset	71
17911 91feef6cbede - GnuTLS uses glib memory mgmt William Ehlhardt <williamehlhardt@gmail.com> parents: 17793 diff changeset	72 /* Configure GnuTLS to use glib memory management */
91feef6cbede - GnuTLS uses glib memory mgmt William Ehlhardt <williamehlhardt@gmail.com> parents: 17793 diff changeset	73 /* I expect that this isn't really necessary, but it may prevent
91feef6cbede - GnuTLS uses glib memory mgmt William Ehlhardt <williamehlhardt@gmail.com> parents: 17793 diff changeset	74 some bugs */
17913 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	75 /* TODO: It may be necessary to wrap this allocators for GnuTLS.
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	76 If there are strange bugs, perhaps look here (yes, I am a
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	77 hypocrite) */
17911 91feef6cbede - GnuTLS uses glib memory mgmt William Ehlhardt <williamehlhardt@gmail.com> parents: 17793 diff changeset	78 gnutls_global_set_mem_functions(
23276 b87ce62751a2 I can't think of any reason we would need to use the zero versions of Mark Doliner <mark@kingant.net> parents: 21678 diff changeset	79 (gnutls_alloc_function) g_malloc, /* malloc */
b87ce62751a2 I can't think of any reason we would need to use the zero versions of Mark Doliner <mark@kingant.net> parents: 21678 diff changeset	80 (gnutls_alloc_function) g_malloc, /* secure malloc */
17911 91feef6cbede - GnuTLS uses glib memory mgmt William Ehlhardt <williamehlhardt@gmail.com> parents: 17793 diff changeset	81 NULL, /* mem_is_secure */
17913 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	82 (gnutls_realloc_function) g_realloc, /* realloc */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	83 (gnutls_free_function) g_free /* free */
17911 91feef6cbede - GnuTLS uses glib memory mgmt William Ehlhardt <williamehlhardt@gmail.com> parents: 17793 diff changeset	84 );
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	85
27183 e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27113 diff changeset	86 debug_level = g_getenv("PURPLE_GNUTLS_DEBUG");
e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27113 diff changeset	87 if (debug_level) {
e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27113 diff changeset	88 int level = atoi(debug_level);
e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27113 diff changeset	89 if (level < 0) {
e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27113 diff changeset	90 purple_debug_warning("gnutls", "Assuming log level 0 instead of %d\n",
e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27113 diff changeset	91 level);
e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27113 diff changeset	92 level = 0;
e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27113 diff changeset	93 }
e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27113 diff changeset	94
e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27113 diff changeset	95 /* "The level is an integer between 0 and 9. Higher values mean more verbosity." */
e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27113 diff changeset	96 gnutls_global_set_log_level(level);
e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27113 diff changeset	97 gnutls_global_set_log_function(ssl_gnutls_log);
e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27113 diff changeset	98 }
e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27113 diff changeset	99
29656 9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	100 /* Expected format: host=priority;host2=priority;*=priority
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	101 * where "*" is used to override the default priority string for
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	102 * libpurple.
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	103 */
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	104 host_priorities_str = g_getenv("PURPLE_GNUTLS_PRIORITIES");
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	105 if (host_priorities_str) {
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	106 #ifndef HAVE_GNUTLS_PRIORITY_FUNCS
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	107 purple_debug_warning("gnutls", "Warning, PURPLE_GNUTLS_PRIORITIES "
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	108 "environment variable set, but we were built "
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	109 "against an older GnuTLS that doesn't support "
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	110 "this. :-(");
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	111 #else /* HAVE_GNUTLS_PRIORITY_FUNCS */
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	112 char **entries = g_strsplit(host_priorities_str, ";", -1);
29657 1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 29656 diff changeset	113 char *default_priority_str = NULL;
29656 9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	114 guint i;
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	115
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	116 host_priorities = g_hash_table_new_full(g_str_hash, g_str_equal,
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	117 g_free, g_free);
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	118
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	119 for (i = 0; entries[i]; ++i) {
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	120 char *host = entries[i];
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	121 char *equals = strchr(host, '=');
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	122 char *prio_str;
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	123
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	124 if (equals) {
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	125 *equals = '\0';
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	126 prio_str = equals + 1;
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	127
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	128 /* Empty? */
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	129 if (*prio_str == '\0') {
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	130 purple_debug_warning("gnutls", "Ignoring empty priority "
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	131 "string for %s\n", host);
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	132 } else {
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	133 /* TODO: Validate each of these and complain */
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	134 if (g_str_equal(host, "*")) {
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	135 /* Override the default priority */
29657 1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 29656 diff changeset	136 g_free(default_priority_str);
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 29656 diff changeset	137 default_priority_str = g_strdup(prio_str);
29656 9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	138 } else
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	139 g_hash_table_insert(host_priorities, g_strdup(host),
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	140 g_strdup(prio_str));
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	141 }
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	142 }
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	143 }
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	144
29657 1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 29656 diff changeset	145 if (default_priority_str) {
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 29656 diff changeset	146 if (gnutls_priority_init(&default_priority, default_priority_str, NULL)) {
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 29656 diff changeset	147 purple_debug_warning("gnutls", "Unable to set default priority to %s\n",
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 29656 diff changeset	148 default_priority_str);
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 29656 diff changeset	149 /* Versions of GnuTLS as of 2.8.6 (2010-03-31) don't free/NULL
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 29656 diff changeset	150 * this on error.
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 29656 diff changeset	151 */
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 29656 diff changeset	152 gnutls_free(default_priority);
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 29656 diff changeset	153 default_priority = NULL;
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 29656 diff changeset	154 }
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 29656 diff changeset	155
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 29656 diff changeset	156 g_free(default_priority_str);
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 29656 diff changeset	157 }
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 29656 diff changeset	158
29656 9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	159 g_strfreev(entries);
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	160 #endif /* HAVE_GNUTLS_PRIORITY_FUNCS */
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	161 }
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	162
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	163 #ifdef HAVE_GNUTLS_PRIORITY_FUNCS
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	164 /* Make sure we set have a default priority! */
29657 1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 29656 diff changeset	165 if (!default_priority) {
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 29656 diff changeset	166 if (gnutls_priority_init(&default_priority, "NORMAL:%SSL3_RECORD_VERSION", NULL)) {
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 29656 diff changeset	167 /* See comment above about memory leak */
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 29656 diff changeset	168 gnutls_free(default_priority);
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 29656 diff changeset	169 gnutls_priority_init(&default_priority, "NORMAL", NULL);
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 29656 diff changeset	170 }
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 29656 diff changeset	171 }
29656 9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	172 #endif /* HAVE_GNUTLS_PRIORITY_FUNCS */
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	173
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	174 gnutls_global_init();
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	175
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	176 gnutls_certificate_allocate_credentials(&xcred);
17913 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	177
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	178 /* TODO: I can likely remove this */
17781 3ce170204ef0 disapproval of revision '38e35430b0f7a8b7d764fca702732e7f1c652d02' William Ehlhardt <williamehlhardt@gmail.com> parents: 17780 diff changeset	179 gnutls_certificate_set_x509_trust_file(xcred, "ca.pem",
3ce170204ef0 disapproval of revision '38e35430b0f7a8b7d764fca702732e7f1c652d02' William Ehlhardt <williamehlhardt@gmail.com> parents: 17780 diff changeset	180 GNUTLS_X509_FMT_PEM);
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	181 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	182
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	183 static gboolean
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	184 ssl_gnutls_init(void)
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	185 {
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	186 return TRUE;
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	187 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	188
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	189 static void
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	190 ssl_gnutls_uninit(void)
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	191 {
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	192 gnutls_global_deinit();
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	193
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	194 gnutls_certificate_free_credentials(xcred);
29656 9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	195 xcred = NULL;
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	196
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	197 #ifdef HAVE_GNUTLS_PRIORITY_FUNCS
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	198 if (host_priorities) {
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	199 g_hash_table_destroy(host_priorities);
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	200 host_priorities = NULL;
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	201 }
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	202
29657 1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 29656 diff changeset	203 gnutls_priority_deinit(default_priority);
29656 9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	204 default_priority = NULL;
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	205 #endif
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	206 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	207
18955 f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	208 static void
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	209 ssl_gnutls_verified_cb(PurpleCertificateVerificationStatus st,
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	210 gpointer userdata)
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	211 {
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	212 PurpleSslConnection gsc = (PurpleSslConnection ) userdata;
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	213
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	214 if (st == PURPLE_CERTIFICATE_VALID) {
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	215 /* Certificate valid? Good! Do the connection! */
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	216 gsc->connect_cb(gsc->connect_cb_data, gsc, PURPLE_INPUT_READ);
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	217 } else {
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	218 /* Otherwise, signal an error */
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	219 if(gsc->error_cb != NULL)
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	220 gsc->error_cb(gsc, PURPLE_SSL_CERTIFICATE_INVALID,
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	221 gsc->connect_cb_data);
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	222 purple_ssl_close(gsc);
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	223 }
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	224 }
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	225
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	226
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	227
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	228 static void ssl_gnutls_handshake_cb(gpointer data, gint source,
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	229 PurpleInputCondition cond)
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	230 {
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	231 PurpleSslConnection *gsc = data;
32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	232 PurpleSslGnutlsData *gnutls_data = PURPLE_SSL_GNUTLS_DATA(gsc);
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	233 ssize_t ret;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	234
20255 07c103ac3795 applied changes from 5252885d793a4d288d92856d511d721bf5bb87ef Richard Laager <rlaager@wiktel.com> parents: 19681 diff changeset	235 /purple_debug_info("gnutls", "Handshaking with %s\n", gsc->host);/
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	236 ret = gnutls_handshake(gnutls_data->session);
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	237
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	238 if(ret == GNUTLS_E_AGAIN \|\| ret == GNUTLS_E_INTERRUPTED)
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	239 return;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	240
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	241 purple_input_remove(gnutls_data->handshake_handler);
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	242 gnutls_data->handshake_handler = 0;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	243
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	244 if(ret != 0) {
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	245 purple_debug_error("gnutls", "Handshake failed. Error %s\n",
15784 eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15373 diff changeset	246 gnutls_strerror(ret));
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	247
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	248 if(gsc->error_cb != NULL)
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	249 gsc->error_cb(gsc, PURPLE_SSL_HANDSHAKE_FAILED,
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	250 gsc->connect_cb_data);
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	251
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	252 purple_ssl_close(gsc);
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	253 } else {
18938 f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	254 /* Now we are cooking with gas! */
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	255 PurpleSslOps *ops = purple_ssl_get_ops();
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	256 GList * peers = ops->get_peer_certificates(gsc);
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	257
18938 f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	258 PurpleCertificateScheme *x509 =
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	259 purple_certificate_find_scheme("x509");
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	260
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	261 GList * l;
19549 5f4100c7dd00 Fix compiler warnings about having a variable declaration after some Mark Doliner <mark@kingant.net> parents: 19498 diff changeset	262
5f4100c7dd00 Fix compiler warnings about having a variable declaration after some Mark Doliner <mark@kingant.net> parents: 19498 diff changeset	263 /* TODO: Remove all this debugging babble */
5f4100c7dd00 Fix compiler warnings about having a variable declaration after some Mark Doliner <mark@kingant.net> parents: 19498 diff changeset	264 purple_debug_info("gnutls", "Handshake complete\n");
5f4100c7dd00 Fix compiler warnings about having a variable declaration after some Mark Doliner <mark@kingant.net> parents: 19498 diff changeset	265
18938 f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	266 for (l=peers; l; l = l->next) {
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	267 PurpleCertificate *crt = l->data;
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	268 GByteArray *z =
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	269 x509->get_fingerprint_sha1(crt);
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	270 gchar * fpr =
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	271 purple_base16_encode_chunked(z->data,
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	272 z->len);
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	273
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	274 purple_debug_info("gnutls/x509",
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	275 "Key print: %s\n",
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	276 fpr);
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	277
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	278 /* Kill the cert! */
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	279 x509->destroy_certificate(crt);
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	280
18938 f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	281 g_free(fpr);
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	282 g_byte_array_free(z, TRUE);
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	283 }
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	284 g_list_free(peers);
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	285
17766 fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	286 {
20282 62b83cebbb59 applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e Richard Laager <rlaager@wiktel.com> parents: 20255 diff changeset	287 const gnutls_datum *cert_list;
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	288 unsigned int cert_list_size = 0;
20282 62b83cebbb59 applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e Richard Laager <rlaager@wiktel.com> parents: 20255 diff changeset	289 gnutls_session session=gnutls_data->session;
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	290 int i;
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	291
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	292 cert_list =
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	293 gnutls_certificate_get_peers(session, &cert_list_size);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	294
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	295 purple_debug_info("gnutls",
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	296 "Peer provided %d certs\n",
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	297 cert_list_size);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	298 for (i=0; i<cert_list_size; i++)
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	299 {
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	300 gchar fpr_bin[256];
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	301 gsize fpr_bin_sz = sizeof(fpr_bin);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	302 gchar * fpr_asc = NULL;
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	303 gchar tbuf[256];
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	304 gsize tsz=sizeof(tbuf);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	305 gchar * tasc = NULL;
20282 62b83cebbb59 applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e Richard Laager <rlaager@wiktel.com> parents: 20255 diff changeset	306 gnutls_x509_crt cert;
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	307
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	308 gnutls_x509_crt_init(&cert);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	309 gnutls_x509_crt_import (cert, &cert_list[i],
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	310 GNUTLS_X509_FMT_DER);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	311
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	312 gnutls_x509_crt_get_fingerprint(cert, GNUTLS_MAC_SHA,
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	313 fpr_bin, &fpr_bin_sz);
17766 fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	314
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	315 fpr_asc =
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	316 purple_base16_encode_chunked((const guchar *)fpr_bin, fpr_bin_sz);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	317
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	318 purple_debug_info("gnutls",
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	319 "Lvl %d SHA1 fingerprint: %s\n",
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	320 i, fpr_asc);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	321
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	322 tsz=sizeof(tbuf);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	323 gnutls_x509_crt_get_serial(cert,tbuf,&tsz);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	324 tasc=purple_base16_encode_chunked((const guchar *)tbuf, tsz);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	325 purple_debug_info("gnutls",
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	326 "Serial: %s\n",
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	327 tasc);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	328 g_free(tasc);
17766 fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	329
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	330 tsz=sizeof(tbuf);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	331 gnutls_x509_crt_get_dn (cert, tbuf, &tsz);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	332 purple_debug_info("gnutls",
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	333 "Cert DN: %s\n",
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	334 tbuf);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	335 tsz=sizeof(tbuf);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	336 gnutls_x509_crt_get_issuer_dn (cert, tbuf, &tsz);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	337 purple_debug_info("gnutls",
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	338 "Cert Issuer DN: %s\n",
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	339 tbuf);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	340
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	341 g_free(fpr_asc);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	342 fpr_asc = NULL;
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	343 gnutls_x509_crt_deinit(cert);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	344 }
17781 3ce170204ef0 disapproval of revision '38e35430b0f7a8b7d764fca702732e7f1c652d02' William Ehlhardt <williamehlhardt@gmail.com> parents: 17780 diff changeset	345 }
18955 f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	346
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	347 /* TODO: The following logic should really be in libpurple */
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	348 /* If a Verifier was given, hand control over to it */
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	349 if (gsc->verifier) {
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	350 GList *peers;
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	351 /* First, get the peer cert chain */
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	352 peers = purple_ssl_get_peer_certificates(gsc);
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	353
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	354 /* Now kick off the verification process */
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	355 purple_certificate_verify(gsc->verifier,
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	356 gsc->host,
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	357 peers,
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	358 ssl_gnutls_verified_cb,
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	359 gsc);
19021 fcca10d0ac7d - purple_certificate_verify no longer takes possession of the William Ehlhardt <williamehlhardt@gmail.com> parents: 19019 diff changeset	360
fcca10d0ac7d - purple_certificate_verify no longer takes possession of the William Ehlhardt <williamehlhardt@gmail.com> parents: 19019 diff changeset	361 purple_certificate_destroy_list(peers);
18955 f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	362 } else {
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	363 /* Otherwise, just call the "connection complete"
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	364 callback */
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	365 gsc->connect_cb(gsc->connect_cb_data, gsc, cond);
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	366 }
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	367 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	368
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	369 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	370
29659 df9de37e0274 gnutls/nss: Don't call the handshake functions synchronously. Fixes #11525 Paul Aurich <paul@darkrain42.org> parents: 29657 diff changeset	371 static gboolean
df9de37e0274 gnutls/nss: Don't call the handshake functions synchronously. Fixes #11525 Paul Aurich <paul@darkrain42.org> parents: 29657 diff changeset	372 start_handshake_cb(gpointer data)
df9de37e0274 gnutls/nss: Don't call the handshake functions synchronously. Fixes #11525 Paul Aurich <paul@darkrain42.org> parents: 29657 diff changeset	373 {
df9de37e0274 gnutls/nss: Don't call the handshake functions synchronously. Fixes #11525 Paul Aurich <paul@darkrain42.org> parents: 29657 diff changeset	374 PurpleSslConnection *gsc = data;
df9de37e0274 gnutls/nss: Don't call the handshake functions synchronously. Fixes #11525 Paul Aurich <paul@darkrain42.org> parents: 29657 diff changeset	375 PurpleSslGnutlsData *gnutls_data = PURPLE_SSL_GNUTLS_DATA(gsc);
df9de37e0274 gnutls/nss: Don't call the handshake functions synchronously. Fixes #11525 Paul Aurich <paul@darkrain42.org> parents: 29657 diff changeset	376
df9de37e0274 gnutls/nss: Don't call the handshake functions synchronously. Fixes #11525 Paul Aurich <paul@darkrain42.org> parents: 29657 diff changeset	377 purple_debug_info("gnutls", "Starting handshake with %s\n", gsc->host);
df9de37e0274 gnutls/nss: Don't call the handshake functions synchronously. Fixes #11525 Paul Aurich <paul@darkrain42.org> parents: 29657 diff changeset	378
df9de37e0274 gnutls/nss: Don't call the handshake functions synchronously. Fixes #11525 Paul Aurich <paul@darkrain42.org> parents: 29657 diff changeset	379 gnutls_data->handshake_timer = 0;
df9de37e0274 gnutls/nss: Don't call the handshake functions synchronously. Fixes #11525 Paul Aurich <paul@darkrain42.org> parents: 29657 diff changeset	380
df9de37e0274 gnutls/nss: Don't call the handshake functions synchronously. Fixes #11525 Paul Aurich <paul@darkrain42.org> parents: 29657 diff changeset	381 ssl_gnutls_handshake_cb(gsc, gsc->fd, PURPLE_INPUT_READ);
df9de37e0274 gnutls/nss: Don't call the handshake functions synchronously. Fixes #11525 Paul Aurich <paul@darkrain42.org> parents: 29657 diff changeset	382 return FALSE;
df9de37e0274 gnutls/nss: Don't call the handshake functions synchronously. Fixes #11525 Paul Aurich <paul@darkrain42.org> parents: 29657 diff changeset	383 }
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	384
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	385 static void
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	386 ssl_gnutls_connect(PurpleSslConnection *gsc)
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	387 {
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	388 PurpleSslGnutlsData *gnutls_data;
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	389 static const int cert_type_priority[2] = { GNUTLS_CRT_X509, 0 };
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	390
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	391 gnutls_data = g_new0(PurpleSslGnutlsData, 1);
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	392 gsc->private_data = gnutls_data;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	393
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	394 gnutls_init(&gnutls_data->session, GNUTLS_CLIENT);
25499 309f6dca369a Use _set_default_priority on gnutls versions lacking _priority_set_direct. Ethan Blanton <elb@pidgin.im> parents: 25498 diff changeset	395 #ifdef HAVE_GNUTLS_PRIORITY_FUNCS
29656 9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	396 {
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	397 const char *prio_str = NULL;
29657 1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 29656 diff changeset	398 gboolean set = FALSE;
29656 9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	399
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	400 /* Let's see if someone has specified a specific priority */
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	401 if (gsc->host && host_priorities)
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	402 prio_str = g_hash_table_lookup(host_priorities, gsc->host);
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	403
29657 1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 29656 diff changeset	404 if (prio_str)
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 29656 diff changeset	405 set = (GNUTLS_E_SUCCESS ==
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 29656 diff changeset	406 gnutls_priority_set_direct(gnutls_data->session, prio_str,
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 29656 diff changeset	407 NULL));
29656 9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	408
29657 1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 29656 diff changeset	409 if (!set)
1b8ed243d6d1 gnutls: Use gnutls_priority_init for the default priority. Paul Aurich <paul@darkrain42.org> parents: 29656 diff changeset	410 gnutls_priority_set(gnutls_data->session, default_priority);
29656 9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	411 }
25499 309f6dca369a Use _set_default_priority on gnutls versions lacking _priority_set_direct. Ethan Blanton <elb@pidgin.im> parents: 25498 diff changeset	412 #else
309f6dca369a Use _set_default_priority on gnutls versions lacking _priority_set_direct. Ethan Blanton <elb@pidgin.im> parents: 25498 diff changeset	413 gnutls_set_default_priority(gnutls_data->session);
309f6dca369a Use _set_default_priority on gnutls versions lacking _priority_set_direct. Ethan Blanton <elb@pidgin.im> parents: 25498 diff changeset	414 #endif
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	415
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	416 gnutls_certificate_type_set_priority(gnutls_data->session,
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	417 cert_type_priority);
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	418
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	419 gnutls_credentials_set(gnutls_data->session, GNUTLS_CRD_CERTIFICATE,
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	420 xcred);
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	421
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	422 gnutls_transport_set_ptr(gnutls_data->session, GINT_TO_POINTER(gsc->fd));
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	423
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	424 gnutls_data->handshake_handler = purple_input_add(gsc->fd,
32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	425 PURPLE_INPUT_READ, ssl_gnutls_handshake_cb, gsc);
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	426
17252 a2edef5eb1b1 - Document some weird-looking logic in the GnuTLS plugin. William Ehlhardt <williamehlhardt@gmail.com> parents: 16665 diff changeset	427 /* Orborde asks: Why are we configuring a callback, then
29659 df9de37e0274 gnutls/nss: Don't call the handshake functions synchronously. Fixes #11525 Paul Aurich <paul@darkrain42.org> parents: 29657 diff changeset	428 (almost) immediately calling it?
17252 a2edef5eb1b1 - Document some weird-looking logic in the GnuTLS plugin. William Ehlhardt <williamehlhardt@gmail.com> parents: 16665 diff changeset	429
a2edef5eb1b1 - Document some weird-looking logic in the GnuTLS plugin. William Ehlhardt <williamehlhardt@gmail.com> parents: 16665 diff changeset	430 Answer: gnutls_handshake (up in handshake_cb) needs to be called
a2edef5eb1b1 - Document some weird-looking logic in the GnuTLS plugin. William Ehlhardt <williamehlhardt@gmail.com> parents: 16665 diff changeset	431 once in order to get the ball rolling on the SSL connection.
a2edef5eb1b1 - Document some weird-looking logic in the GnuTLS plugin. William Ehlhardt <williamehlhardt@gmail.com> parents: 16665 diff changeset	432 Once it has done so, only then will the server reply, triggering
a2edef5eb1b1 - Document some weird-looking logic in the GnuTLS plugin. William Ehlhardt <williamehlhardt@gmail.com> parents: 16665 diff changeset	433 the callback.
a2edef5eb1b1 - Document some weird-looking logic in the GnuTLS plugin. William Ehlhardt <williamehlhardt@gmail.com> parents: 16665 diff changeset	434
a2edef5eb1b1 - Document some weird-looking logic in the GnuTLS plugin. William Ehlhardt <williamehlhardt@gmail.com> parents: 16665 diff changeset	435 Since the logic driving gnutls_handshake is the same with the first
a2edef5eb1b1 - Document some weird-looking logic in the GnuTLS plugin. William Ehlhardt <williamehlhardt@gmail.com> parents: 16665 diff changeset	436 and subsequent calls, we'll just fire the callback immediately to
a2edef5eb1b1 - Document some weird-looking logic in the GnuTLS plugin. William Ehlhardt <williamehlhardt@gmail.com> parents: 16665 diff changeset	437 accomplish this.
a2edef5eb1b1 - Document some weird-looking logic in the GnuTLS plugin. William Ehlhardt <williamehlhardt@gmail.com> parents: 16665 diff changeset	438 */
29659 df9de37e0274 gnutls/nss: Don't call the handshake functions synchronously. Fixes #11525 Paul Aurich <paul@darkrain42.org> parents: 29657 diff changeset	439 gnutls_data->handshake_timer = purple_timeout_add(0, start_handshake_cb,
df9de37e0274 gnutls/nss: Don't call the handshake functions synchronously. Fixes #11525 Paul Aurich <paul@darkrain42.org> parents: 29657 diff changeset	440 gsc);
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	441 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	442
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	443 static void
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	444 ssl_gnutls_close(PurpleSslConnection *gsc)
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	445 {
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	446 PurpleSslGnutlsData *gnutls_data = PURPLE_SSL_GNUTLS_DATA(gsc);
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	447
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	448 if(!gnutls_data)
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	449 return;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	450
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	451 if(gnutls_data->handshake_handler)
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	452 purple_input_remove(gnutls_data->handshake_handler);
29659 df9de37e0274 gnutls/nss: Don't call the handshake functions synchronously. Fixes #11525 Paul Aurich <paul@darkrain42.org> parents: 29657 diff changeset	453 if (gnutls_data->handshake_timer)
df9de37e0274 gnutls/nss: Don't call the handshake functions synchronously. Fixes #11525 Paul Aurich <paul@darkrain42.org> parents: 29657 diff changeset	454 purple_timeout_remove(gnutls_data->handshake_timer);
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	455
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	456 gnutls_bye(gnutls_data->session, GNUTLS_SHUT_RDWR);
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	457
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	458 gnutls_deinit(gnutls_data->session);
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	459
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	460 g_free(gnutls_data);
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	461 gsc->private_data = NULL;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	462 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	463
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	464 static size_t
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	465 ssl_gnutls_read(PurpleSslConnection gsc, void data, size_t len)
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	466 {
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	467 PurpleSslGnutlsData *gnutls_data = PURPLE_SSL_GNUTLS_DATA(gsc);
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	468 ssize_t s;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	469
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	470 s = gnutls_record_recv(gnutls_data->session, data, len);
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	471
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	472 if(s == GNUTLS_E_AGAIN \|\| s == GNUTLS_E_INTERRUPTED) {
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	473 s = -1;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	474 errno = EAGAIN;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	475 } else if(s < 0) {
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	476 purple_debug_error("gnutls", "receive failed: %s\n",
15784 eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15373 diff changeset	477 gnutls_strerror(s));
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15373 diff changeset	478 s = -1;
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15373 diff changeset	479 /*
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15373 diff changeset	480 * TODO: Set errno to something more appropriate. Or even
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15373 diff changeset	481 * better: allow ssl plugins to keep track of their
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15373 diff changeset	482 * own error message, then add a new ssl_ops function
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15373 diff changeset	483 * that returns the error message.
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15373 diff changeset	484 */
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15373 diff changeset	485 errno = EIO;
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	486 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	487
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	488 return s;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	489 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	490
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	491 static size_t
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	492 ssl_gnutls_write(PurpleSslConnection gsc, const void data, size_t len)
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	493 {
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	494 PurpleSslGnutlsData *gnutls_data = PURPLE_SSL_GNUTLS_DATA(gsc);
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	495 ssize_t s = 0;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	496
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	497 /* XXX: when will gnutls_data be NULL? */
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	498 if(gnutls_data)
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	499 s = gnutls_record_send(gnutls_data->session, data, len);
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	500
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	501 if(s == GNUTLS_E_AGAIN \|\| s == GNUTLS_E_INTERRUPTED) {
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	502 s = -1;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	503 errno = EAGAIN;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	504 } else if(s < 0) {
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	505 purple_debug_error("gnutls", "send failed: %s\n",
15784 eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15373 diff changeset	506 gnutls_strerror(s));
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15373 diff changeset	507 s = -1;
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15373 diff changeset	508 /*
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15373 diff changeset	509 * TODO: Set errno to something more appropriate. Or even
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15373 diff changeset	510 * better: allow ssl plugins to keep track of their
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15373 diff changeset	511 * own error message, then add a new ssl_ops function
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15373 diff changeset	512 * that returns the error message.
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15373 diff changeset	513 */
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15373 diff changeset	514 errno = EIO;
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	515 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	516
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	517 return s;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	518 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	519
19491 4f472eef762c - TODO-whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19218 diff changeset	520 /* Forward declarations are fun! */
18189 030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	521 static PurpleCertificate *
20282 62b83cebbb59 applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e Richard Laager <rlaager@wiktel.com> parents: 20255 diff changeset	522 x509_import_from_datum(const gnutls_datum dt, gnutls_x509_crt_fmt mode);
30959 43af903bd816 NSS will not return invalid or irrelevant intermediate certificates Stu Tomlinson <stu@nosnilmot.com> parents: 29659 diff changeset	523 /* indeed! */
43af903bd816 NSS will not return invalid or irrelevant intermediate certificates Stu Tomlinson <stu@nosnilmot.com> parents: 29659 diff changeset	524 static gboolean
43af903bd816 NSS will not return invalid or irrelevant intermediate certificates Stu Tomlinson <stu@nosnilmot.com> parents: 29659 diff changeset	525 x509_certificate_signed_by(PurpleCertificate * crt,
43af903bd816 NSS will not return invalid or irrelevant intermediate certificates Stu Tomlinson <stu@nosnilmot.com> parents: 29659 diff changeset	526 PurpleCertificate * issuer);
43af903bd816 NSS will not return invalid or irrelevant intermediate certificates Stu Tomlinson <stu@nosnilmot.com> parents: 29659 diff changeset	527 static void
43af903bd816 NSS will not return invalid or irrelevant intermediate certificates Stu Tomlinson <stu@nosnilmot.com> parents: 29659 diff changeset	528 x509_destroy_certificate(PurpleCertificate * crt);
17914 2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	529
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	530 static GList *
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	531 ssl_gnutls_get_peer_certificates(PurpleSslConnection * gsc)
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	532 {
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	533 PurpleSslGnutlsData *gnutls_data = PURPLE_SSL_GNUTLS_DATA(gsc);
30959 43af903bd816 NSS will not return invalid or irrelevant intermediate certificates Stu Tomlinson <stu@nosnilmot.com> parents: 29659 diff changeset	534 PurpleCertificate *prvcrt = NULL;
17914 2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	535
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	536 /* List of Certificate instances to return */
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	537 GList * peer_certs = NULL;
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	538
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	539 /* List of raw certificates as given by GnuTLS */
20282 62b83cebbb59 applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e Richard Laager <rlaager@wiktel.com> parents: 20255 diff changeset	540 const gnutls_datum *cert_list;
17914 2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	541 unsigned int cert_list_size = 0;
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	542
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	543 unsigned int i;
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	544
17914 2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	545 /* This should never, ever happen. */
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	546 g_return_val_if_fail( gnutls_certificate_type_get (gnutls_data->session) == GNUTLS_CRT_X509, NULL);
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	547
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	548 /* Get the certificate list from GnuTLS */
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	549 /* TODO: I am _pretty sure_ this doesn't block or do other exciting things */
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	550 cert_list = gnutls_certificate_get_peers(gnutls_data->session,
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	551 &cert_list_size);
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	552
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	553 /* Convert each certificate to a Certificate and append it to the list */
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	554 for (i = 0; i < cert_list_size; i++) {
18189 030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	555 PurpleCertificate * newcrt = x509_import_from_datum(cert_list[i],
18186 80c909c5bb7a - Add a mode switch to allow DER or PEM imports (necessary because SSL certs William Ehlhardt <williamehlhardt@gmail.com> parents: 17914 diff changeset	556 GNUTLS_X509_FMT_DER);
17914 2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	557 /* Append is somewhat inefficient on linked lists, but is easy
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	558 to read. If someone complains, I'll change it.
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	559 TODO: Is anyone complaining? (Maybe elb?) */
30959 43af903bd816 NSS will not return invalid or irrelevant intermediate certificates Stu Tomlinson <stu@nosnilmot.com> parents: 29659 diff changeset	560 /* only append if previous cert was actually signed by this one.
43af903bd816 NSS will not return invalid or irrelevant intermediate certificates Stu Tomlinson <stu@nosnilmot.com> parents: 29659 diff changeset	561 * Thanks Microsoft. */
43af903bd816 NSS will not return invalid or irrelevant intermediate certificates Stu Tomlinson <stu@nosnilmot.com> parents: 29659 diff changeset	562 if ((prvcrt == NULL) \|\| x509_certificate_signed_by(prvcrt, newcrt)) {
43af903bd816 NSS will not return invalid or irrelevant intermediate certificates Stu Tomlinson <stu@nosnilmot.com> parents: 29659 diff changeset	563 peer_certs = g_list_append(peer_certs, newcrt);
43af903bd816 NSS will not return invalid or irrelevant intermediate certificates Stu Tomlinson <stu@nosnilmot.com> parents: 29659 diff changeset	564 prvcrt = newcrt;
43af903bd816 NSS will not return invalid or irrelevant intermediate certificates Stu Tomlinson <stu@nosnilmot.com> parents: 29659 diff changeset	565 } else {
43af903bd816 NSS will not return invalid or irrelevant intermediate certificates Stu Tomlinson <stu@nosnilmot.com> parents: 29659 diff changeset	566 x509_destroy_certificate(newcrt);
43af903bd816 NSS will not return invalid or irrelevant intermediate certificates Stu Tomlinson <stu@nosnilmot.com> parents: 29659 diff changeset	567 purple_debug_error("gnutls", "Dropping further peer certificates "
43af903bd816 NSS will not return invalid or irrelevant intermediate certificates Stu Tomlinson <stu@nosnilmot.com> parents: 29659 diff changeset	568 "because the chain is broken!\n");
43af903bd816 NSS will not return invalid or irrelevant intermediate certificates Stu Tomlinson <stu@nosnilmot.com> parents: 29659 diff changeset	569 break;
43af903bd816 NSS will not return invalid or irrelevant intermediate certificates Stu Tomlinson <stu@nosnilmot.com> parents: 29659 diff changeset	570 }
17914 2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	571 }
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	572
19491 4f472eef762c - TODO-whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19218 diff changeset	573 /* cert_list doesn't need free()-ing */
17914 2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	574
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	575 return peer_certs;
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	576 }
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	577
17913 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	578 /************************************************************************/
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	579 /* X.509 functionality */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	580 /************************************************************************/
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	581 const gchar * SCHEME_NAME = "x509";
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	582
18189 030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	583 static PurpleCertificateScheme x509_gnutls;
17913 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	584
19017 e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	585 /** Refcounted GnuTLS certificate data instance */
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	586 typedef struct {
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	587 gint refcount;
20282 62b83cebbb59 applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e Richard Laager <rlaager@wiktel.com> parents: 20255 diff changeset	588 gnutls_x509_crt crt;
19017 e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	589 } x509_crtdata_t;
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	590
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	591 /** Helper functions for reference counting */
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	592 static x509_crtdata_t *
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	593 x509_crtdata_addref(x509_crtdata_t *cd)
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	594 {
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	595 (cd->refcount)++;
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	596 return cd;
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	597 }
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	598
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	599 static void
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	600 x509_crtdata_delref(x509_crtdata_t *cd)
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	601 {
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	602 (cd->refcount)--;
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	603
19552 c35c3c3fc4cf refcount of 0 is normal Mark Doliner <mark@kingant.net> parents: 19551 diff changeset	604 if (cd->refcount < 0)
19551 ce3dec442fec Replace a call to g_assert() with a logging statement Mark Doliner <mark@kingant.net> parents: 19550 diff changeset	605 g_critical("Refcount of x509_crtdata_t is %d, which is less "
ce3dec442fec Replace a call to g_assert() with a logging statement Mark Doliner <mark@kingant.net> parents: 19550 diff changeset	606 "than zero!\n", cd->refcount);
ce3dec442fec Replace a call to g_assert() with a logging statement Mark Doliner <mark@kingant.net> parents: 19550 diff changeset	607
19017 e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	608 /* If the refcount reaches zero, kill the structure */
19551 ce3dec442fec Replace a call to g_assert() with a logging statement Mark Doliner <mark@kingant.net> parents: 19550 diff changeset	609 if (cd->refcount <= 0) {
19017 e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	610 /* Kill the internal data */
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	611 gnutls_x509_crt_deinit( cd->crt );
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	612 /* And kill the struct */
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	613 g_free( cd );
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	614 }
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	615 }
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	616
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	617 /** Helper macro to retrieve the GnuTLS crt_t from a PurpleCertificate */
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	618 #define X509_GET_GNUTLS_DATA(pcrt) ( ((x509_crtdata_t *) (pcrt->data))->crt)
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	619
20282 62b83cebbb59 applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e Richard Laager <rlaager@wiktel.com> parents: 20255 diff changeset	620 /** Transforms a gnutls_datum containing an X.509 certificate into a Certificate instance under the x509_gnutls scheme
17914 2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	621 *
18186 80c909c5bb7a - Add a mode switch to allow DER or PEM imports (necessary because SSL certs William Ehlhardt <williamehlhardt@gmail.com> parents: 17914 diff changeset	622 * @param dt Datum to transform
80c909c5bb7a - Add a mode switch to allow DER or PEM imports (necessary because SSL certs William Ehlhardt <williamehlhardt@gmail.com> parents: 17914 diff changeset	623 * @param mode GnuTLS certificate format specifier (GNUTLS_X509_FMT_PEM for
80c909c5bb7a - Add a mode switch to allow DER or PEM imports (necessary because SSL certs William Ehlhardt <williamehlhardt@gmail.com> parents: 17914 diff changeset	624 * reading from files, and GNUTLS_X509_FMT_DER for converting
80c909c5bb7a - Add a mode switch to allow DER or PEM imports (necessary because SSL certs William Ehlhardt <williamehlhardt@gmail.com> parents: 17914 diff changeset	625 * "over the wire" certs for SSL)
17914 2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	626 *
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	627 * @return A newly allocated Certificate structure of the x509_gnutls scheme
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	628 */
18189 030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	629 static PurpleCertificate *
20282 62b83cebbb59 applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e Richard Laager <rlaager@wiktel.com> parents: 20255 diff changeset	630 x509_import_from_datum(const gnutls_datum dt, gnutls_x509_crt_fmt mode)
17914 2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	631 {
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	632 /* Internal certificate data structure */
19017 e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	633 x509_crtdata_t *certdat;
17914 2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	634 /* New certificate to return */
18189 030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	635 PurpleCertificate * crt;
17914 2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	636
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	637 /* Allocate and prepare the internal certificate data */
19017 e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	638 certdat = g_new0(x509_crtdata_t, 1);
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	639 gnutls_x509_crt_init(&(certdat->crt));
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	640 certdat->refcount = 0;
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	641
17914 2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	642 /* Perform the actual certificate parse */
19017 e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	643 /* Yes, certdat->crt should be passed as-is */
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	644 gnutls_x509_crt_import(certdat->crt, &dt, mode);
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	645
17914 2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	646 /* Allocate the certificate and load it with data */
18961 fa138dbacff5 - More g_new0 instead of g_new William Ehlhardt <williamehlhardt@gmail.com> parents: 18955 diff changeset	647 crt = g_new0(PurpleCertificate, 1);
17914 2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	648 crt->scheme = &x509_gnutls;
19017 e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	649 crt->data = x509_crtdata_addref(certdat);
17914 2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	650
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	651 return crt;
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	652 }
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	653
17913 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	654 /** Imports a PEM-formatted X.509 certificate from the specified file.
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	655 * @param filename Filename to import from. Format is PEM
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	656 *
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	657 * @return A newly allocated Certificate structure of the x509_gnutls scheme
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	658 */
18189 030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	659 static PurpleCertificate *
17913 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	660 x509_import_from_file(const gchar * filename)
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	661 {
18189 030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	662 PurpleCertificate crt; / Certificate being constructed */
17913 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	663 gchar buf; / Used to load the raw file data */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	664 gsize buf_sz; /* Size of the above */
20282 62b83cebbb59 applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e Richard Laager <rlaager@wiktel.com> parents: 20255 diff changeset	665 gnutls_datum dt; /* Struct to pass down to GnuTLS */
17913 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	666
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	667 purple_debug_info("gnutls",
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	668 "Attempting to load X.509 certificate from %s\n",
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	669 filename);
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	670
17913 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	671 /* Next, we'll simply yank the entire contents of the file
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	672 into memory */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	673 /* TODO: Should I worry about very large files here? */
19491 4f472eef762c - TODO-whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19218 diff changeset	674 g_return_val_if_fail(
4f472eef762c - TODO-whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19218 diff changeset	675 g_file_get_contents(filename,
17913 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	676 &buf,
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	677 &buf_sz,
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	678 NULL /* No error checking for now */
19491 4f472eef762c - TODO-whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19218 diff changeset	679 ),
4f472eef762c - TODO-whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19218 diff changeset	680 NULL);
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	681
17913 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	682 /* Load the datum struct */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	683 dt.data = (unsigned char *) buf;
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	684 dt.size = buf_sz;
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	685
21678 a890a1574703 Boo for C99 in the core Ethan Blanton <elb@pidgin.im> parents: 21030 diff changeset	686 /* Perform the conversion; files should be in PEM format */
a890a1574703 Boo for C99 in the core Ethan Blanton <elb@pidgin.im> parents: 21030 diff changeset	687 crt = x509_import_from_datum(dt, GNUTLS_X509_FMT_PEM);
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	688
17913 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	689 /* Cleanup */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	690 g_free(buf);
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	691
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	692 return crt;
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	693 }
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	694
29647 c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	695 /** Imports a number of PEM-formatted X.509 certificates from the specified file.
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	696 * @param filename Filename to import from. Format is PEM
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	697 *
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	698 * @return A newly allocated GSList of Certificate structures of the x509_gnutls scheme
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	699 */
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	700 static GSList *
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	701 x509_importcerts_from_file(const gchar * filename)
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	702 {
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	703 PurpleCertificate crt; / Certificate being constructed */
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	704 gchar buf; / Used to load the raw file data */
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	705 gchar begin, end;
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	706 GSList *crts = NULL;
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	707 gsize buf_sz; /* Size of the above */
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	708 gnutls_datum dt; /* Struct to pass down to GnuTLS */
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	709
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	710 purple_debug_info("gnutls",
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	711 "Attempting to load X.509 certificates from %s\n",
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	712 filename);
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	713
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	714 /* Next, we'll simply yank the entire contents of the file
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	715 into memory */
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	716 /* TODO: Should I worry about very large files here? */
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	717 g_return_val_if_fail(
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	718 g_file_get_contents(filename,
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	719 &buf,
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	720 &buf_sz,
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	721 NULL /* No error checking for now */
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	722 ),
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	723 NULL);
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	724
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	725 begin = buf;
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	726 while((end = strstr(begin, "-----END CERTIFICATE-----")) != NULL) {
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	727 end += sizeof("-----END CERTIFICATE-----")-1;
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	728 /* Load the datum struct */
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	729 dt.data = (unsigned char *) begin;
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	730 dt.size = (end-begin);
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	731
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	732 /* Perform the conversion; files should be in PEM format */
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	733 crt = x509_import_from_datum(dt, GNUTLS_X509_FMT_PEM);
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	734 crts = g_slist_prepend(crts, crt);
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	735 begin = end;
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	736 }
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	737
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	738 /* Cleanup */
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	739 g_free(buf);
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	740
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	741 return crts;
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	742 }
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	743
18977 31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	744 /**
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	745 * Exports a PEM-formatted X.509 certificate to the specified file.
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	746 * @param filename Filename to export to. Format will be PEM
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	747 * @param crt Certificate to export
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	748 *
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	749 * @return TRUE if success, otherwise FALSE
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	750 */
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	751 static gboolean
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	752 x509_export_certificate(const gchar filename, PurpleCertificate crt)
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	753 {
20282 62b83cebbb59 applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e Richard Laager <rlaager@wiktel.com> parents: 20255 diff changeset	754 gnutls_x509_crt crt_dat; /* GnuTLS cert struct */
18977 31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	755 int ret;
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	756 gchar * out_buf; /* Data to output */
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	757 size_t out_size; /* Output size */
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	758 gboolean success = FALSE;
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	759
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	760 /* Paranoia paranoia paranoia! */
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	761 g_return_val_if_fail(filename, FALSE);
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	762 g_return_val_if_fail(crt, FALSE);
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	763 g_return_val_if_fail(crt->scheme == &x509_gnutls, FALSE);
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	764 g_return_val_if_fail(crt->data, FALSE);
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	765
19017 e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	766 crt_dat = X509_GET_GNUTLS_DATA(crt);
18977 31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	767
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	768 /* Obtain the output size required */
19004 d4065b26dcac - Fix intermittent crash due to uninitialized variable William Ehlhardt <williamehlhardt@gmail.com> parents: 19003 diff changeset	769 out_size = 0;
18977 31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	770 ret = gnutls_x509_crt_export(crt_dat, GNUTLS_X509_FMT_PEM,
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	771 NULL, /* Provide no buffer yet */
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	772 &out_size /* Put size here */
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	773 );
19002 daeca1b9ebdb - Fix an incorrect assertion in GnuTLS plugin William Ehlhardt <williamehlhardt@gmail.com> parents: 18977 diff changeset	774 g_return_val_if_fail(ret == GNUTLS_E_SHORT_MEMORY_BUFFER, FALSE);
18977 31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	775
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	776 /* Now allocate a buffer and really export it */
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	777 out_buf = g_new0(gchar, out_size);
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	778 ret = gnutls_x509_crt_export(crt_dat, GNUTLS_X509_FMT_PEM,
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	779 out_buf, /* Export to our new buffer */
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	780 &out_size /* Put size here */
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	781 );
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	782 if (ret != 0) {
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	783 purple_debug_error("gnutls/x509",
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	784 "Failed to export cert to buffer with code %d\n",
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	785 ret);
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	786 g_free(out_buf);
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	787 return FALSE;
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	788 }
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	789
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	790 /* Write it out to an actual file */
19498 7589b218f89a - Add purple_util_write_data_to_file_absolute; glib's William Ehlhardt <williamehlhardt@gmail.com> parents: 19494 diff changeset	791 success = purple_util_write_data_to_file_absolute(filename,
7589b218f89a - Add purple_util_write_data_to_file_absolute; glib's William Ehlhardt <williamehlhardt@gmail.com> parents: 19494 diff changeset	792 out_buf, out_size);
18977 31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	793
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	794 g_free(out_buf);
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	795 return success;
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	796 }
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	797
19019 e179e7e6ded7 - Add GnuTLS X.509 cert copy operator William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	798 static PurpleCertificate *
e179e7e6ded7 - Add GnuTLS X.509 cert copy operator William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	799 x509_copy_certificate(PurpleCertificate *crt)
e179e7e6ded7 - Add GnuTLS X.509 cert copy operator William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	800 {
e179e7e6ded7 - Add GnuTLS X.509 cert copy operator William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	801 x509_crtdata_t *crtdat;
e179e7e6ded7 - Add GnuTLS X.509 cert copy operator William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	802 PurpleCertificate *newcrt;
e179e7e6ded7 - Add GnuTLS X.509 cert copy operator William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	803
e179e7e6ded7 - Add GnuTLS X.509 cert copy operator William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	804 g_return_val_if_fail(crt, NULL);
e179e7e6ded7 - Add GnuTLS X.509 cert copy operator William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	805 g_return_val_if_fail(crt->scheme == &x509_gnutls, NULL);
e179e7e6ded7 - Add GnuTLS X.509 cert copy operator William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	806
e179e7e6ded7 - Add GnuTLS X.509 cert copy operator William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	807 crtdat = (x509_crtdata_t *) crt->data;
e179e7e6ded7 - Add GnuTLS X.509 cert copy operator William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	808
e179e7e6ded7 - Add GnuTLS X.509 cert copy operator William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	809 newcrt = g_new0(PurpleCertificate, 1);
e179e7e6ded7 - Add GnuTLS X.509 cert copy operator William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	810 newcrt->scheme = &x509_gnutls;
e179e7e6ded7 - Add GnuTLS X.509 cert copy operator William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	811 newcrt->data = x509_crtdata_addref(crtdat);
e179e7e6ded7 - Add GnuTLS X.509 cert copy operator William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	812
e179e7e6ded7 - Add GnuTLS X.509 cert copy operator William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	813 return newcrt;
e179e7e6ded7 - Add GnuTLS X.509 cert copy operator William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	814 }
17913 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	815 /** Frees a Certificate
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	816 *
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	817 * Destroys a Certificate's internal data structures and frees the pointer
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	818 * given.
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	819 * @param crt Certificate instance to be destroyed. It WILL NOT be destroyed
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	820 * if it is not of the correct CertificateScheme. Can be NULL
17913 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	821 *
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	822 */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	823 static void
18189 030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	824 x509_destroy_certificate(PurpleCertificate * crt)
17913 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	825 {
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	826 if (NULL == crt) return;
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	827
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	828 /* Check that the scheme is x509_gnutls */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	829 if ( crt->scheme != &x509_gnutls ) {
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	830 purple_debug_error("gnutls",
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	831 "destroy_certificate attempted on certificate of wrong scheme (scheme was %s, expected %s)\n",
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	832 crt->scheme->name,
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	833 SCHEME_NAME);
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	834 return;
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	835 }
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	836
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	837 g_return_if_fail(crt->data != NULL);
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	838 g_return_if_fail(crt->scheme != NULL);
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	839
19017 e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	840 /* Use the reference counting system to free (or not) the
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	841 underlying data */
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	842 x509_crtdata_delref((x509_crtdata_t *)crt->data);
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	843
17913 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	844 /* Kill the structure itself */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	845 g_free(crt);
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	846 }
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	847
18191 a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	848 /** Determines whether one certificate has been issued and signed by another
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	849 *
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	850 * @param crt Certificate to check the signature of
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	851 * @param issuer Issuer's certificate
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	852 *
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	853 * @return TRUE if crt was signed and issued by issuer, otherwise FALSE
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	854 * @TODO Modify this function to return a reason for invalidity?
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	855 */
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	856 static gboolean
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	857 x509_certificate_signed_by(PurpleCertificate * crt,
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	858 PurpleCertificate * issuer)
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	859 {
20282 62b83cebbb59 applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e Richard Laager <rlaager@wiktel.com> parents: 20255 diff changeset	860 gnutls_x509_crt crt_dat;
62b83cebbb59 applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e Richard Laager <rlaager@wiktel.com> parents: 20255 diff changeset	861 gnutls_x509_crt issuer_dat;
19212 2c7c934bfb4e - Fix x509_signed_by. Apparently I can't read documentation. William Ehlhardt <williamehlhardt@gmail.com> parents: 19079 diff changeset	862 unsigned int verify; /* used to store result from GnuTLS verifier */
18191 a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	863 int ret;
27655 0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27183 diff changeset	864 gchar *crt_id = NULL;
0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27183 diff changeset	865 gchar *issuer_id = NULL;
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	866
18191 a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	867 g_return_val_if_fail(crt, FALSE);
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	868 g_return_val_if_fail(issuer, FALSE);
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	869
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	870 /* Verify that both certs are the correct scheme */
18963 146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	871 g_return_val_if_fail(crt->scheme == &x509_gnutls, FALSE);
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	872 g_return_val_if_fail(issuer->scheme == &x509_gnutls, FALSE);
18191 a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	873
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	874 /* TODO: check for more nullness? */
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	875
19017 e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	876 crt_dat = X509_GET_GNUTLS_DATA(crt);
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	877 issuer_dat = X509_GET_GNUTLS_DATA(issuer);
18191 a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	878
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	879 /* First, let's check that crt.issuer is actually issuer */
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	880 ret = gnutls_x509_crt_check_issuer(crt_dat, issuer_dat);
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	881 if (ret <= 0) {
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	882
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	883 if (ret < 0) {
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	884 purple_debug_error("gnutls/x509",
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	885 "GnuTLS error %d while checking certificate issuer match.",
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	886 ret);
19212 2c7c934bfb4e - Fix x509_signed_by. Apparently I can't read documentation. William Ehlhardt <williamehlhardt@gmail.com> parents: 19079 diff changeset	887 } else {
2c7c934bfb4e - Fix x509_signed_by. Apparently I can't read documentation. William Ehlhardt <williamehlhardt@gmail.com> parents: 19079 diff changeset	888 gchar crt_id, issuer_id, *crt_issuer_id;
2c7c934bfb4e - Fix x509_signed_by. Apparently I can't read documentation. William Ehlhardt <williamehlhardt@gmail.com> parents: 19079 diff changeset	889 crt_id = purple_certificate_get_unique_id(crt);
2c7c934bfb4e - Fix x509_signed_by. Apparently I can't read documentation. William Ehlhardt <williamehlhardt@gmail.com> parents: 19079 diff changeset	890 issuer_id = purple_certificate_get_unique_id(issuer);
2c7c934bfb4e - Fix x509_signed_by. Apparently I can't read documentation. William Ehlhardt <williamehlhardt@gmail.com> parents: 19079 diff changeset	891 crt_issuer_id =
2c7c934bfb4e - Fix x509_signed_by. Apparently I can't read documentation. William Ehlhardt <williamehlhardt@gmail.com> parents: 19079 diff changeset	892 purple_certificate_get_issuer_unique_id(crt);
2c7c934bfb4e - Fix x509_signed_by. Apparently I can't read documentation. William Ehlhardt <williamehlhardt@gmail.com> parents: 19079 diff changeset	893 purple_debug_info("gnutls/x509",
28358 401a00227615 ssl-gnutls: I think this error message makes a little more sense. Paul Aurich <paul@darkrain42.org> parents: 28355 diff changeset	894 "Certificate %s is issued by "
401a00227615 ssl-gnutls: I think this error message makes a little more sense. Paul Aurich <paul@darkrain42.org> parents: 28355 diff changeset	895 "%s, which does not match %s.\n",
20285 3b459f294dc1 applied changes from f143c30a12f30c53e017f1bfc22ccddee96036fc Richard Laager <rlaager@wiktel.com> parents: 20284 diff changeset	896 crt_id ? crt_id : "(null)",
3b459f294dc1 applied changes from f143c30a12f30c53e017f1bfc22ccddee96036fc Richard Laager <rlaager@wiktel.com> parents: 20284 diff changeset	897 crt_issuer_id ? crt_issuer_id : "(null)",
3b459f294dc1 applied changes from f143c30a12f30c53e017f1bfc22ccddee96036fc Richard Laager <rlaager@wiktel.com> parents: 20284 diff changeset	898 issuer_id ? issuer_id : "(null)");
19212 2c7c934bfb4e - Fix x509_signed_by. Apparently I can't read documentation. William Ehlhardt <williamehlhardt@gmail.com> parents: 19079 diff changeset	899 g_free(crt_id);
2c7c934bfb4e - Fix x509_signed_by. Apparently I can't read documentation. William Ehlhardt <williamehlhardt@gmail.com> parents: 19079 diff changeset	900 g_free(issuer_id);
2c7c934bfb4e - Fix x509_signed_by. Apparently I can't read documentation. William Ehlhardt <williamehlhardt@gmail.com> parents: 19079 diff changeset	901 g_free(crt_issuer_id);
18191 a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	902 }
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	903
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	904 /* The issuer is not correct, or there were errors */
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	905 return FALSE;
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	906 }
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	907
18191 a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	908 /* Now, check the signature */
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	909 /* The second argument is a ptr to an array of "trusted" issuer certs,
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	910 but we're only using one trusted one */
19218 0e17da726a8c - x509_signed_by now accepts a signature by an X.509 version 1 William Ehlhardt <williamehlhardt@gmail.com> parents: 19215 diff changeset	911 ret = gnutls_x509_crt_verify(crt_dat, &issuer_dat, 1,
0e17da726a8c - x509_signed_by now accepts a signature by an X.509 version 1 William Ehlhardt <williamehlhardt@gmail.com> parents: 19215 diff changeset	912 /* Permit signings by X.509v1 certs
0e17da726a8c - x509_signed_by now accepts a signature by an X.509 version 1 William Ehlhardt <williamehlhardt@gmail.com> parents: 19215 diff changeset	913 (Verisign and possibly others have
0e17da726a8c - x509_signed_by now accepts a signature by an X.509 version 1 William Ehlhardt <williamehlhardt@gmail.com> parents: 19215 diff changeset	914 root certificates that predate the
0e17da726a8c - x509_signed_by now accepts a signature by an X.509 version 1 William Ehlhardt <williamehlhardt@gmail.com> parents: 19215 diff changeset	915 current standard) */
0e17da726a8c - x509_signed_by now accepts a signature by an X.509 version 1 William Ehlhardt <williamehlhardt@gmail.com> parents: 19215 diff changeset	916 GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT,
0e17da726a8c - x509_signed_by now accepts a signature by an X.509 version 1 William Ehlhardt <williamehlhardt@gmail.com> parents: 19215 diff changeset	917 &verify);
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	918
19212 2c7c934bfb4e - Fix x509_signed_by. Apparently I can't read documentation. William Ehlhardt <williamehlhardt@gmail.com> parents: 19079 diff changeset	919 if (ret != 0) {
18191 a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	920 purple_debug_error("gnutls/x509",
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	921 "Attempted certificate verification caused a GnuTLS error code %d. I will just say the signature is bad, but you should look into this.\n", ret);
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	922 return FALSE;
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	923 }
19212 2c7c934bfb4e - Fix x509_signed_by. Apparently I can't read documentation. William Ehlhardt <williamehlhardt@gmail.com> parents: 19079 diff changeset	924
28355 13a229a062c6 Check the GnuTLS version before using a recent-ish flag. Fixes #10412. Paul Aurich <paul@darkrain42.org> parents: 27655 diff changeset	925 #ifdef HAVE_GNUTLS_CERT_INSECURE_ALGORITHM
27655 0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27183 diff changeset	926 if (verify & GNUTLS_CERT_INSECURE_ALGORITHM) {
0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27183 diff changeset	927 /*
0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27183 diff changeset	928 * A certificate in the chain is signed with an insecure
0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27183 diff changeset	929 * algorithm. Put a warning into the log to make this error
0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27183 diff changeset	930 * perfectly clear as soon as someone looks at the debug log is
0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27183 diff changeset	931 * generated.
0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27183 diff changeset	932 */
0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27183 diff changeset	933 crt_id = purple_certificate_get_unique_id(crt);
0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27183 diff changeset	934 issuer_id = purple_certificate_get_issuer_unique_id(crt);
0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27183 diff changeset	935 purple_debug_warning("gnutls/x509",
0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27183 diff changeset	936 "Insecure hash algorithm used by %s to sign %s\n",
0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27183 diff changeset	937 issuer_id, crt_id);
0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27183 diff changeset	938 }
28355 13a229a062c6 Check the GnuTLS version before using a recent-ish flag. Fixes #10412. Paul Aurich <paul@darkrain42.org> parents: 27655 diff changeset	939 #endif
27655 0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27183 diff changeset	940
19212 2c7c934bfb4e - Fix x509_signed_by. Apparently I can't read documentation. William Ehlhardt <williamehlhardt@gmail.com> parents: 19079 diff changeset	941 if (verify & GNUTLS_CERT_INVALID) {
18191 a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	942 /* Signature didn't check out, but at least
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	943 there were no errors*/
27655 0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27183 diff changeset	944 if (!crt_id)
0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27183 diff changeset	945 crt_id = purple_certificate_get_unique_id(crt);
0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27183 diff changeset	946 if (!issuer_id)
0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27183 diff changeset	947 issuer_id = purple_certificate_get_issuer_unique_id(crt);
0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27183 diff changeset	948 purple_debug_error("gnutls/x509",
0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27183 diff changeset	949 "Bad signature from %s on %s\n",
19212 2c7c934bfb4e - Fix x509_signed_by. Apparently I can't read documentation. William Ehlhardt <williamehlhardt@gmail.com> parents: 19079 diff changeset	950 issuer_id, crt_id);
2c7c934bfb4e - Fix x509_signed_by. Apparently I can't read documentation. William Ehlhardt <williamehlhardt@gmail.com> parents: 19079 diff changeset	951 g_free(crt_id);
2c7c934bfb4e - Fix x509_signed_by. Apparently I can't read documentation. William Ehlhardt <williamehlhardt@gmail.com> parents: 19079 diff changeset	952 g_free(issuer_id);
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	953
18191 a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	954 return FALSE;
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	955 } /* if (ret, etc.) */
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	956
19212 2c7c934bfb4e - Fix x509_signed_by. Apparently I can't read documentation. William Ehlhardt <williamehlhardt@gmail.com> parents: 19079 diff changeset	957 /* If we got here, the signature is good */
2c7c934bfb4e - Fix x509_signed_by. Apparently I can't read documentation. William Ehlhardt <williamehlhardt@gmail.com> parents: 19079 diff changeset	958 return TRUE;
18191 a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	959 }
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	960
18935 cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	961 static GByteArray *
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	962 x509_sha1sum(PurpleCertificate *crt)
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	963 {
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	964 size_t hashlen = 20; /* SHA1 hashes are 20 bytes */
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	965 size_t tmpsz = hashlen; /* Throw-away variable for GnuTLS to stomp on*/
20282 62b83cebbb59 applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e Richard Laager <rlaager@wiktel.com> parents: 20255 diff changeset	966 gnutls_x509_crt crt_dat;
18935 cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	967 GByteArray hash; /< Final hash container /
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	968 guchar hashbuf[hashlen]; /*< Temporary buffer to contain hash /
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	969
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	970 g_return_val_if_fail(crt, NULL);
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	971
19017 e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	972 crt_dat = X509_GET_GNUTLS_DATA(crt);
18935 cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	973
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	974 /* Extract the fingerprint */
19492 447470c8111a - More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19491 diff changeset	975 g_return_val_if_fail(
447470c8111a - More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19491 diff changeset	976 0 == gnutls_x509_crt_get_fingerprint(crt_dat, GNUTLS_MAC_SHA,
447470c8111a - More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19491 diff changeset	977 hashbuf, &tmpsz),
447470c8111a - More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19491 diff changeset	978 NULL);
18935 cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	979
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	980 /* This shouldn't happen */
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	981 g_return_val_if_fail(tmpsz == hashlen, NULL);
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	982
18935 cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	983 /* Okay, now create and fill hash array */
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	984 hash = g_byte_array_new();
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	985 g_byte_array_append(hash, hashbuf, hashlen);
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	986
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	987 return hash;
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	988 }
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	989
18963 146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	990 static gchar *
19079 05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	991 x509_cert_dn (PurpleCertificate *crt)
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	992 {
20282 62b83cebbb59 applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e Richard Laager <rlaager@wiktel.com> parents: 20255 diff changeset	993 gnutls_x509_crt cert_dat;
19079 05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	994 gchar *dn = NULL;
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	995 size_t dn_size;
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	996
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	997 g_return_val_if_fail(crt, NULL);
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	998 g_return_val_if_fail(crt->scheme == &x509_gnutls, NULL);
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	999
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1000 cert_dat = X509_GET_GNUTLS_DATA(crt);
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1001
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1002 /* Figure out the length of the Distinguished Name */
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1003 /* Claim that the buffer is size 0 so GnuTLS just tells us how much
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1004 space it needs */
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1005 dn_size = 0;
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1006 gnutls_x509_crt_get_dn(cert_dat, dn, &dn_size);
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1007
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1008 /* Now allocate and get the Distinguished Name */
20283 5edb55b70108 applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971 Richard Laager <rlaager@wiktel.com> parents: 20282 diff changeset	1009 /* Old versions of GnuTLS have an off-by-one error in reporting
5edb55b70108 applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971 Richard Laager <rlaager@wiktel.com> parents: 20282 diff changeset	1010 the size of the needed buffer in some functions, so allocate
5edb55b70108 applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971 Richard Laager <rlaager@wiktel.com> parents: 20282 diff changeset	1011 an extra byte */
5edb55b70108 applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971 Richard Laager <rlaager@wiktel.com> parents: 20282 diff changeset	1012 dn = g_new0(gchar, ++dn_size);
19493 e147c3a821dd - Errorchecking in x509_cert_dn William Ehlhardt <williamehlhardt@gmail.com> parents: 19492 diff changeset	1013 if (0 != gnutls_x509_crt_get_dn(cert_dat, dn, &dn_size)) {
e147c3a821dd - Errorchecking in x509_cert_dn William Ehlhardt <williamehlhardt@gmail.com> parents: 19492 diff changeset	1014 purple_debug_error("gnutls/x509",
e147c3a821dd - Errorchecking in x509_cert_dn William Ehlhardt <williamehlhardt@gmail.com> parents: 19492 diff changeset	1015 "Failed to get Distinguished Name\n");
e147c3a821dd - Errorchecking in x509_cert_dn William Ehlhardt <williamehlhardt@gmail.com> parents: 19492 diff changeset	1016 g_free(dn);
e147c3a821dd - Errorchecking in x509_cert_dn William Ehlhardt <williamehlhardt@gmail.com> parents: 19492 diff changeset	1017 return NULL;
e147c3a821dd - Errorchecking in x509_cert_dn William Ehlhardt <williamehlhardt@gmail.com> parents: 19492 diff changeset	1018 }
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	1019
19079 05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1020 return dn;
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1021 }
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1022
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1023 static gchar *
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1024 x509_issuer_dn (PurpleCertificate *crt)
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1025 {
20282 62b83cebbb59 applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e Richard Laager <rlaager@wiktel.com> parents: 20255 diff changeset	1026 gnutls_x509_crt cert_dat;
19079 05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1027 gchar *dn = NULL;
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1028 size_t dn_size;
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1029
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1030 g_return_val_if_fail(crt, NULL);
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1031 g_return_val_if_fail(crt->scheme == &x509_gnutls, NULL);
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1032
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1033 cert_dat = X509_GET_GNUTLS_DATA(crt);
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1034
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1035 /* Figure out the length of the Distinguished Name */
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1036 /* Claim that the buffer is size 0 so GnuTLS just tells us how much
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1037 space it needs */
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1038 dn_size = 0;
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1039 gnutls_x509_crt_get_issuer_dn(cert_dat, dn, &dn_size);
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1040
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1041 /* Now allocate and get the Distinguished Name */
20283 5edb55b70108 applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971 Richard Laager <rlaager@wiktel.com> parents: 20282 diff changeset	1042 /* Old versions of GnuTLS have an off-by-one error in reporting
5edb55b70108 applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971 Richard Laager <rlaager@wiktel.com> parents: 20282 diff changeset	1043 the size of the needed buffer in some functions, so allocate
5edb55b70108 applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971 Richard Laager <rlaager@wiktel.com> parents: 20282 diff changeset	1044 an extra byte */
5edb55b70108 applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971 Richard Laager <rlaager@wiktel.com> parents: 20282 diff changeset	1045 dn = g_new0(gchar, ++dn_size);
19494 280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	1046 if (0 != gnutls_x509_crt_get_issuer_dn(cert_dat, dn, &dn_size)) {
280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	1047 purple_debug_error("gnutls/x509",
280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	1048 "Failed to get issuer's Distinguished "
280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	1049 "Name\n");
280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	1050 g_free(dn);
280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	1051 return NULL;
280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	1052 }
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	1053
19079 05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1054 return dn;
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1055 }
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1056
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1057 static gchar *
18963 146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1058 x509_common_name (PurpleCertificate *crt)
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1059 {
20282 62b83cebbb59 applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e Richard Laager <rlaager@wiktel.com> parents: 20255 diff changeset	1060 gnutls_x509_crt cert_dat;
18963 146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1061 gchar *cn = NULL;
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1062 size_t cn_size;
19494 280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	1063 int ret;
18963 146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1064
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1065 g_return_val_if_fail(crt, NULL);
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1066 g_return_val_if_fail(crt->scheme == &x509_gnutls, NULL);
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1067
19017 e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	1068 cert_dat = X509_GET_GNUTLS_DATA(crt);
18963 146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1069
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1070 /* Figure out the length of the Common Name */
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1071 /* Claim that the buffer is size 0 so GnuTLS just tells us how much
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1072 space it needs */
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1073 cn_size = 0;
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1074 gnutls_x509_crt_get_dn_by_oid(cert_dat,
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1075 GNUTLS_OID_X520_COMMON_NAME,
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1076 0, /* First CN found, please */
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1077 0, /* Not in raw mode */
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1078 cn, &cn_size);
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1079
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1080 /* Now allocate and get the Common Name */
20283 5edb55b70108 applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971 Richard Laager <rlaager@wiktel.com> parents: 20282 diff changeset	1081 /* Old versions of GnuTLS have an off-by-one error in reporting
5edb55b70108 applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971 Richard Laager <rlaager@wiktel.com> parents: 20282 diff changeset	1082 the size of the needed buffer in some functions, so allocate
5edb55b70108 applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971 Richard Laager <rlaager@wiktel.com> parents: 20282 diff changeset	1083 an extra byte */
5edb55b70108 applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971 Richard Laager <rlaager@wiktel.com> parents: 20282 diff changeset	1084 cn = g_new0(gchar, ++cn_size);
19494 280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	1085 ret = gnutls_x509_crt_get_dn_by_oid(cert_dat,
280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	1086 GNUTLS_OID_X520_COMMON_NAME,
280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	1087 0, /* First CN found, please */
280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	1088 0, /* Not in raw mode */
280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	1089 cn, &cn_size);
280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	1090 if (ret != 0) {
280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	1091 purple_debug_error("gnutls/x509",
280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	1092 "Failed to get Common Name\n");
280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	1093 g_free(cn);
280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	1094 return NULL;
280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	1095 }
280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	1096
18963 146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1097 return cn;
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1098 }
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1099
19008 7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	1100 static gboolean
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	1101 x509_check_name (PurpleCertificate crt, const gchar name)
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	1102 {
20282 62b83cebbb59 applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e Richard Laager <rlaager@wiktel.com> parents: 20255 diff changeset	1103 gnutls_x509_crt crt_dat;
19008 7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	1104
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	1105 g_return_val_if_fail(crt, FALSE);
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	1106 g_return_val_if_fail(crt->scheme == &x509_gnutls, FALSE);
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	1107 g_return_val_if_fail(name, FALSE);
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	1108
19017 e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	1109 crt_dat = X509_GET_GNUTLS_DATA(crt);
19008 7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	1110
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	1111 if (gnutls_x509_crt_check_hostname(crt_dat, name)) {
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	1112 return TRUE;
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	1113 } else {
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	1114 return FALSE;
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	1115 }
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	1116 }
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	1117
19067 6c0aad79c4c5 - Change the internal structure of activation/expiration times to match William Ehlhardt <williamehlhardt@gmail.com> parents: 19021 diff changeset	1118 static gboolean
6c0aad79c4c5 - Change the internal structure of activation/expiration times to match William Ehlhardt <williamehlhardt@gmail.com> parents: 19021 diff changeset	1119 x509_times (PurpleCertificate crt, time_t activation, time_t *expiration)
19013 5157ebe90b93 - Add activation/expiration time retrievers to GnuTLS plugin William Ehlhardt <williamehlhardt@gmail.com> parents: 19008 diff changeset	1120 {
20282 62b83cebbb59 applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e Richard Laager <rlaager@wiktel.com> parents: 20255 diff changeset	1121 gnutls_x509_crt crt_dat;
19067 6c0aad79c4c5 - Change the internal structure of activation/expiration times to match William Ehlhardt <williamehlhardt@gmail.com> parents: 19021 diff changeset	1122 /* GnuTLS time functions return this on error */
6c0aad79c4c5 - Change the internal structure of activation/expiration times to match William Ehlhardt <williamehlhardt@gmail.com> parents: 19021 diff changeset	1123 const time_t errval = (time_t) (-1);
20332 3a9709bfde65 applied changes from 4d50bf3b08569aa2108a9f5da47fb1548d0c7dd9 Luke Schierer <lschiere@pidgin.im> parents: 20285 diff changeset	1124 gboolean success = TRUE;
19067 6c0aad79c4c5 - Change the internal structure of activation/expiration times to match William Ehlhardt <williamehlhardt@gmail.com> parents: 19021 diff changeset	1125
6c0aad79c4c5 - Change the internal structure of activation/expiration times to match William Ehlhardt <williamehlhardt@gmail.com> parents: 19021 diff changeset	1126 g_return_val_if_fail(crt, FALSE);
6c0aad79c4c5 - Change the internal structure of activation/expiration times to match William Ehlhardt <williamehlhardt@gmail.com> parents: 19021 diff changeset	1127 g_return_val_if_fail(crt->scheme == &x509_gnutls, FALSE);
19013 5157ebe90b93 - Add activation/expiration time retrievers to GnuTLS plugin William Ehlhardt <williamehlhardt@gmail.com> parents: 19008 diff changeset	1128
19017 e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	1129 crt_dat = X509_GET_GNUTLS_DATA(crt);
19013 5157ebe90b93 - Add activation/expiration time retrievers to GnuTLS plugin William Ehlhardt <williamehlhardt@gmail.com> parents: 19008 diff changeset	1130
19067 6c0aad79c4c5 - Change the internal structure of activation/expiration times to match William Ehlhardt <williamehlhardt@gmail.com> parents: 19021 diff changeset	1131 if (activation) {
6c0aad79c4c5 - Change the internal structure of activation/expiration times to match William Ehlhardt <williamehlhardt@gmail.com> parents: 19021 diff changeset	1132 *activation = gnutls_x509_crt_get_activation_time(crt_dat);
20332 3a9709bfde65 applied changes from 4d50bf3b08569aa2108a9f5da47fb1548d0c7dd9 Luke Schierer <lschiere@pidgin.im> parents: 20285 diff changeset	1133 if (*activation == errval)
3a9709bfde65 applied changes from 4d50bf3b08569aa2108a9f5da47fb1548d0c7dd9 Luke Schierer <lschiere@pidgin.im> parents: 20285 diff changeset	1134 success = FALSE;
19067 6c0aad79c4c5 - Change the internal structure of activation/expiration times to match William Ehlhardt <williamehlhardt@gmail.com> parents: 19021 diff changeset	1135 }
6c0aad79c4c5 - Change the internal structure of activation/expiration times to match William Ehlhardt <williamehlhardt@gmail.com> parents: 19021 diff changeset	1136 if (expiration) {
6c0aad79c4c5 - Change the internal structure of activation/expiration times to match William Ehlhardt <williamehlhardt@gmail.com> parents: 19021 diff changeset	1137 *expiration = gnutls_x509_crt_get_expiration_time(crt_dat);
20332 3a9709bfde65 applied changes from 4d50bf3b08569aa2108a9f5da47fb1548d0c7dd9 Luke Schierer <lschiere@pidgin.im> parents: 20285 diff changeset	1138 if (*expiration == errval)
3a9709bfde65 applied changes from 4d50bf3b08569aa2108a9f5da47fb1548d0c7dd9 Luke Schierer <lschiere@pidgin.im> parents: 20285 diff changeset	1139 success = FALSE;
19067 6c0aad79c4c5 - Change the internal structure of activation/expiration times to match William Ehlhardt <williamehlhardt@gmail.com> parents: 19021 diff changeset	1140 }
19013 5157ebe90b93 - Add activation/expiration time retrievers to GnuTLS plugin William Ehlhardt <williamehlhardt@gmail.com> parents: 19008 diff changeset	1141
20332 3a9709bfde65 applied changes from 4d50bf3b08569aa2108a9f5da47fb1548d0c7dd9 Luke Schierer <lschiere@pidgin.im> parents: 20285 diff changeset	1142 return success;
19013 5157ebe90b93 - Add activation/expiration time retrievers to GnuTLS plugin William Ehlhardt <williamehlhardt@gmail.com> parents: 19008 diff changeset	1143 }
5157ebe90b93 - Add activation/expiration time retrievers to GnuTLS plugin William Ehlhardt <williamehlhardt@gmail.com> parents: 19008 diff changeset	1144
18189 030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	1145 /* X.509 certificate operations provided by this plugin */
030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	1146 static PurpleCertificateScheme x509_gnutls = {
030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	1147 "x509", /* Scheme name */
030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	1148 N_("X.509 Certificates"), /* User-visible scheme name */
030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	1149 x509_import_from_file, /* Certificate import function */
18977 31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	1150 x509_export_certificate, /* Certificate export function */
19019 e179e7e6ded7 - Add GnuTLS X.509 cert copy operator William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	1151 x509_copy_certificate, /* Copy */
18934 04be1b885ef3 - Add more to the Certificate struct William Ehlhardt <williamehlhardt@gmail.com> parents: 18930 diff changeset	1152 x509_destroy_certificate, /* Destroy cert */
19076 daa68185a018 - Add purple_certificate_signed_by William Ehlhardt <williamehlhardt@gmail.com> parents: 19067 diff changeset	1153 x509_certificate_signed_by, /* Signature checker */
18935 cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	1154 x509_sha1sum, /* SHA1 fingerprint */
19079 05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1155 x509_cert_dn, /* Unique ID */
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1156 x509_issuer_dn, /* Issuer Unique ID */
19006 dc60287ce426 - Add get_activation_time and get_expiration_time to CertificateScheme William Ehlhardt <williamehlhardt@gmail.com> parents: 19004 diff changeset	1157 x509_common_name, /* Subject name */
19008 7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	1158 x509_check_name, /* Check subject name */
19649 450f4a3c4c0f - Add purple_reserved fields to various structures. William Ehlhardt <williamehlhardt@gmail.com> parents: 19552 diff changeset	1159 x509_times, /* Activation/Expiration time */
29647 c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	1160 x509_importcerts_from_file, /* Multiple certificates import function */
19649 450f4a3c4c0f - Add purple_reserved fields to various structures. William Ehlhardt <williamehlhardt@gmail.com> parents: 19552 diff changeset	1161
450f4a3c4c0f - Add purple_reserved fields to various structures. William Ehlhardt <williamehlhardt@gmail.com> parents: 19552 diff changeset	1162 NULL,
450f4a3c4c0f - Add purple_reserved fields to various structures. William Ehlhardt <williamehlhardt@gmail.com> parents: 19552 diff changeset	1163 NULL,
450f4a3c4c0f - Add purple_reserved fields to various structures. William Ehlhardt <williamehlhardt@gmail.com> parents: 19552 diff changeset	1164 NULL
450f4a3c4c0f - Add purple_reserved fields to various structures. William Ehlhardt <williamehlhardt@gmail.com> parents: 19552 diff changeset	1165
18189 030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	1166 };
030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	1167
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	1168 static PurpleSslOps ssl_ops =
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1169 {
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1170 ssl_gnutls_init,
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1171 ssl_gnutls_uninit,
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1172 ssl_gnutls_connect,
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1173 ssl_gnutls_close,
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1174 ssl_gnutls_read,
16665 6531f1a2e1d7 Added NULL pads to ssl stuff Gary Kramlich <grim@reaperworld.com> parents: 15822 diff changeset	1175 ssl_gnutls_write,
18187 33690062e8b3 - Expose get_peer_certificates in the SslOps struct, and modify gnutls William Ehlhardt <williamehlhardt@gmail.com> parents: 18186 diff changeset	1176 ssl_gnutls_get_peer_certificates,
16665 6531f1a2e1d7 Added NULL pads to ssl stuff Gary Kramlich <grim@reaperworld.com> parents: 15822 diff changeset	1177
6531f1a2e1d7 Added NULL pads to ssl stuff Gary Kramlich <grim@reaperworld.com> parents: 15822 diff changeset	1178 /* padding */
6531f1a2e1d7 Added NULL pads to ssl stuff Gary Kramlich <grim@reaperworld.com> parents: 15822 diff changeset	1179 NULL,
6531f1a2e1d7 Added NULL pads to ssl stuff Gary Kramlich <grim@reaperworld.com> parents: 15822 diff changeset	1180 NULL,
6531f1a2e1d7 Added NULL pads to ssl stuff Gary Kramlich <grim@reaperworld.com> parents: 15822 diff changeset	1181 NULL
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1182 };
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1183
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1184 static gboolean
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	1185 plugin_load(PurplePlugin *plugin)
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1186 {
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	1187 if(!purple_ssl_get_ops()) {
32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	1188 purple_ssl_set_ops(&ssl_ops);
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1189 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1190
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1191 /* Init GNUTLS now so others can use it even if sslconn never does */
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1192 ssl_gnutls_init_gnutls();
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1193
19215 ab91044a914e - Move ssl-gnutls x509 registration until after GnuTLS itself is inited William Ehlhardt <williamehlhardt@gmail.com> parents: 19212 diff changeset	1194 /* Register that we're providing an X.509 CertScheme */
ab91044a914e - Move ssl-gnutls x509 registration until after GnuTLS itself is inited William Ehlhardt <williamehlhardt@gmail.com> parents: 19212 diff changeset	1195 purple_certificate_register_scheme( &x509_gnutls );
ab91044a914e - Move ssl-gnutls x509 registration until after GnuTLS itself is inited William Ehlhardt <williamehlhardt@gmail.com> parents: 19212 diff changeset	1196
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1197 return TRUE;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1198 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1199
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1200 static gboolean
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	1201 plugin_unload(PurplePlugin *plugin)
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1202 {
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	1203 if(purple_ssl_get_ops() == &ssl_ops) {
32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	1204 purple_ssl_set_ops(NULL);
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1205 }
18927 9abc911c65aa - GnuTLS plugin registers an x509 certscheme now William Ehlhardt <williamehlhardt@gmail.com> parents: 18191 diff changeset	1206
9abc911c65aa - GnuTLS plugin registers an x509 certscheme now William Ehlhardt <williamehlhardt@gmail.com> parents: 18191 diff changeset	1207 purple_certificate_unregister_scheme( &x509_gnutls );
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1208
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1209 return TRUE;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1210 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1211
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	1212 static PurplePluginInfo info =
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1213 {
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	1214 PURPLE_PLUGIN_MAGIC,
32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	1215 PURPLE_MAJOR_VERSION,
32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	1216 PURPLE_MINOR_VERSION,
32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	1217 PURPLE_PLUGIN_STANDARD, /*< type /
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1218 NULL, /*< ui_requirement /
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	1219 PURPLE_PLUGIN_FLAG_INVISIBLE, /*< flags /
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1220 NULL, /*< dependencies /
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	1221 PURPLE_PRIORITY_DEFAULT, /*< priority /
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1222
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1223 SSL_GNUTLS_PLUGIN_ID, /*< id /
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1224 N_("GNUTLS"), /*< name /
21030 3cc856ca2338 Add a --with-extraversion option to ./configure so packagers can fine tune Stu Tomlinson <stu@nosnilmot.com> parents: 20332 diff changeset	1225 DISPLAY_VERSION, /*< version /
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1226 /** summary */
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1227 N_("Provides SSL support through GNUTLS."),
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1228 /** description */
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1229 N_("Provides SSL support through GNUTLS."),
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1230 "Christian Hammond <chipx86@gnupdate.org>",
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	1231 PURPLE_WEBSITE, /*< homepage /
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1232
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1233 plugin_load, /*< load /
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1234 plugin_unload, /*< unload /
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1235 NULL, /*< destroy /
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1236
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1237 NULL, /*< ui_info /
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1238 NULL, /*< extra_info /
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1239 NULL, /*< prefs_info /
16665 6531f1a2e1d7 Added NULL pads to ssl stuff Gary Kramlich <grim@reaperworld.com> parents: 15822 diff changeset	1240 NULL, /*< actions /
6531f1a2e1d7 Added NULL pads to ssl stuff Gary Kramlich <grim@reaperworld.com> parents: 15822 diff changeset	1241
6531f1a2e1d7 Added NULL pads to ssl stuff Gary Kramlich <grim@reaperworld.com> parents: 15822 diff changeset	1242 /* padding */
6531f1a2e1d7 Added NULL pads to ssl stuff Gary Kramlich <grim@reaperworld.com> parents: 15822 diff changeset	1243 NULL,
6531f1a2e1d7 Added NULL pads to ssl stuff Gary Kramlich <grim@reaperworld.com> parents: 15822 diff changeset	1244 NULL,
6531f1a2e1d7 Added NULL pads to ssl stuff Gary Kramlich <grim@reaperworld.com> parents: 15822 diff changeset	1245 NULL,
6531f1a2e1d7 Added NULL pads to ssl stuff Gary Kramlich <grim@reaperworld.com> parents: 15822 diff changeset	1246 NULL
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1247 };
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1248
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1249 static void
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	1250 init_plugin(PurplePlugin *plugin)
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1251 {
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1252 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1253
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	1254 PURPLE_INIT_PLUGIN(ssl_gnutls, init_plugin, info)

Mercurial > pidgin

annotate libpurple/plugins/ssl/ssl-gnutls.c @ 30959:43af903bd816