pidgin: libpurple/plugins/ssl/ssl-gnutls.c annotate

annotate libpurple/plugins/ssl/ssl-gnutls.c @ 19013:5157ebe90b93

- Add activation/expiration time retrievers to GnuTLS plugin

author	William Ehlhardt <williamehlhardt@gmail.com>
date	Thu, 12 Jul 2007 02:59:13 +0000
parents	7fd9bd55f8d0
children	e6558bae2bc6

rev	line source
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1 /**
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	2 * @file ssl-gnutls.c GNUTLS SSL plugin.
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	3 *
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	4 * purple
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	5 *
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	6 * Copyright (C) 2003 Christian Hammond <chipx86@gnupdate.org>
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	7 *
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	8 * This program is free software; you can redistribute it and/or modify
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	9 * it under the terms of the GNU General Public License as published by
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	10 * the Free Software Foundation; either version 2 of the License, or
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	11 * (at your option) any later version.
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	12 *
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	13 * This program is distributed in the hope that it will be useful,
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	16 * GNU General Public License for more details.
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	17 *
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	18 * You should have received a copy of the GNU General Public License
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	19 * along with this program; if not, write to the Free Software
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	21 */
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	22 #include "internal.h"
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	23 #include "debug.h"
17913 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	24 #include "certificate.h"
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	25 #include "plugin.h"
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	26 #include "sslconn.h"
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	27 #include "version.h"
17766 fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	28 #include "util.h"
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	29
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	30 #define SSL_GNUTLS_PLUGIN_ID "ssl-gnutls"
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	31
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	32 #ifdef HAVE_GNUTLS
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	33
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	34 #include <gnutls/gnutls.h>
17766 fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	35 #include <gnutls/x509.h>
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	36
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	37 typedef struct
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	38 {
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	39 gnutls_session session;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	40 guint handshake_handler;
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	41 } PurpleSslGnutlsData;
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	42
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	43 #define PURPLE_SSL_GNUTLS_DATA(gsc) ((PurpleSslGnutlsData *)gsc->private_data)
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	44
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	45 static gnutls_certificate_client_credentials xcred;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	46
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	47 static void
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	48 ssl_gnutls_init_gnutls(void)
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	49 {
17911 91feef6cbede - GnuTLS uses glib memory mgmt William Ehlhardt <williamehlhardt@gmail.com> parents: 17793 diff changeset	50 /* Configure GnuTLS to use glib memory management */
91feef6cbede - GnuTLS uses glib memory mgmt William Ehlhardt <williamehlhardt@gmail.com> parents: 17793 diff changeset	51 /* I expect that this isn't really necessary, but it may prevent
91feef6cbede - GnuTLS uses glib memory mgmt William Ehlhardt <williamehlhardt@gmail.com> parents: 17793 diff changeset	52 some bugs */
17913 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	53 /* TODO: It may be necessary to wrap this allocators for GnuTLS.
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	54 If there are strange bugs, perhaps look here (yes, I am a
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	55 hypocrite) */
17911 91feef6cbede - GnuTLS uses glib memory mgmt William Ehlhardt <williamehlhardt@gmail.com> parents: 17793 diff changeset	56 gnutls_global_set_mem_functions(
17913 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	57 (gnutls_alloc_function) g_malloc0, /* malloc */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	58 (gnutls_alloc_function) g_malloc0, /* secure malloc */
17911 91feef6cbede - GnuTLS uses glib memory mgmt William Ehlhardt <williamehlhardt@gmail.com> parents: 17793 diff changeset	59 NULL, /* mem_is_secure */
17913 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	60 (gnutls_realloc_function) g_realloc, /* realloc */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	61 (gnutls_free_function) g_free /* free */
17911 91feef6cbede - GnuTLS uses glib memory mgmt William Ehlhardt <williamehlhardt@gmail.com> parents: 17793 diff changeset	62 );
91feef6cbede - GnuTLS uses glib memory mgmt William Ehlhardt <williamehlhardt@gmail.com> parents: 17793 diff changeset	63
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	64 gnutls_global_init();
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	65
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	66 gnutls_certificate_allocate_credentials(&xcred);
17913 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	67
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	68 /* TODO: I can likely remove this */
17781 3ce170204ef0 disapproval of revision '38e35430b0f7a8b7d764fca702732e7f1c652d02' William Ehlhardt <williamehlhardt@gmail.com> parents: 17780 diff changeset	69 gnutls_certificate_set_x509_trust_file(xcred, "ca.pem",
3ce170204ef0 disapproval of revision '38e35430b0f7a8b7d764fca702732e7f1c652d02' William Ehlhardt <williamehlhardt@gmail.com> parents: 17780 diff changeset	70 GNUTLS_X509_FMT_PEM);
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	71 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	72
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	73 static gboolean
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	74 ssl_gnutls_init(void)
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	75 {
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	76 return TRUE;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	77 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	78
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	79 static void
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	80 ssl_gnutls_uninit(void)
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	81 {
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	82 gnutls_global_deinit();
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	83
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	84 gnutls_certificate_free_credentials(xcred);
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	85 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	86
18955 f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	87 static void
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	88 ssl_gnutls_verified_cb(PurpleCertificateVerificationStatus st,
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	89 gpointer userdata)
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	90 {
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	91 PurpleSslConnection gsc = (PurpleSslConnection ) userdata;
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	92
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	93 if (st == PURPLE_CERTIFICATE_VALID) {
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	94 /* Certificate valid? Good! Do the connection! */
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	95 gsc->connect_cb(gsc->connect_cb_data, gsc, PURPLE_INPUT_READ);
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	96 } else {
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	97 /* Otherwise, signal an error */
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	98 if(gsc->error_cb != NULL)
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	99 gsc->error_cb(gsc, PURPLE_SSL_CERTIFICATE_INVALID,
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	100 gsc->connect_cb_data);
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	101 purple_ssl_close(gsc);
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	102 }
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	103 }
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	104
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	105
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	106
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	107 static void ssl_gnutls_handshake_cb(gpointer data, gint source,
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	108 PurpleInputCondition cond)
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	109 {
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	110 PurpleSslConnection *gsc = data;
32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	111 PurpleSslGnutlsData *gnutls_data = PURPLE_SSL_GNUTLS_DATA(gsc);
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	112 ssize_t ret;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	113
18930 559f29b68dcf - Debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18927 diff changeset	114 purple_debug_info("gnutls", "Handshaking with %s\n", gsc->host);
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	115 ret = gnutls_handshake(gnutls_data->session);
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	116
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	117 if(ret == GNUTLS_E_AGAIN \|\| ret == GNUTLS_E_INTERRUPTED)
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	118 return;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	119
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	120 purple_input_remove(gnutls_data->handshake_handler);
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	121 gnutls_data->handshake_handler = 0;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	122
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	123 if(ret != 0) {
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	124 purple_debug_error("gnutls", "Handshake failed. Error %s\n",
15784 eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15373 diff changeset	125 gnutls_strerror(ret));
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	126
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	127 if(gsc->error_cb != NULL)
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	128 gsc->error_cb(gsc, PURPLE_SSL_HANDSHAKE_FAILED,
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	129 gsc->connect_cb_data);
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	130
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	131 purple_ssl_close(gsc);
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	132 } else {
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	133 purple_debug_info("gnutls", "Handshake complete\n");
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	134
18938 f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	135 /* TODO: Remove all this debugging babble */
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	136 /* Now we are cooking with gas! */
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	137 PurpleSslOps *ops = purple_ssl_get_ops();
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	138 GList * peers = ops->get_peer_certificates(gsc);
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	139
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	140 PurpleCertificateScheme *x509 =
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	141 purple_certificate_find_scheme("x509");
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	142
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	143 GList * l;
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	144 for (l=peers; l; l = l->next) {
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	145 PurpleCertificate *crt = l->data;
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	146 GByteArray *z =
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	147 x509->get_fingerprint_sha1(crt);
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	148 gchar * fpr =
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	149 purple_base16_encode_chunked(z->data,
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	150 z->len);
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	151
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	152 purple_debug_info("gnutls/x509",
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	153 "Key print: %s\n",
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	154 fpr);
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	155
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	156 /* Kill the cert! */
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	157 x509->destroy_certificate(crt);
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	158
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	159 g_free(fpr);
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	160 g_byte_array_free(z, TRUE);
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	161 }
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	162 g_list_free(peers);
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	163
17766 fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	164 {
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	165 const gnutls_datum_t *cert_list;
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	166 unsigned int cert_list_size = 0;
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	167 gnutls_session_t session=gnutls_data->session;
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	168
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	169 cert_list =
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	170 gnutls_certificate_get_peers(session, &cert_list_size);
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	171
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	172 purple_debug_info("gnutls",
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	173 "Peer provided %d certs\n",
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	174 cert_list_size);
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	175 int i;
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	176 for (i=0; i<cert_list_size; i++)
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	177 {
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	178 gchar fpr_bin[256];
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	179 gsize fpr_bin_sz = sizeof(fpr_bin);
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	180 gchar * fpr_asc = NULL;
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	181 gchar tbuf[256];
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	182 gsize tsz=sizeof(tbuf);
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	183 gchar * tasc = NULL;
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	184 gnutls_x509_crt_t cert;
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	185
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	186 gnutls_x509_crt_init(&cert);
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	187 gnutls_x509_crt_import (cert, &cert_list[i],
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	188 GNUTLS_X509_FMT_DER);
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	189
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	190 gnutls_x509_crt_get_fingerprint(cert, GNUTLS_MAC_SHA,
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	191 fpr_bin, &fpr_bin_sz);
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	192
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	193 fpr_asc =
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	194 purple_base16_encode_chunked(fpr_bin,fpr_bin_sz);
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	195
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	196 purple_debug_info("gnutls",
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	197 "Lvl %d SHA1 fingerprint: %s\n",
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	198 i, fpr_asc);
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	199
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	200 tsz=sizeof(tbuf);
17781 3ce170204ef0 disapproval of revision '38e35430b0f7a8b7d764fca702732e7f1c652d02' William Ehlhardt <williamehlhardt@gmail.com> parents: 17780 diff changeset	201 gnutls_x509_crt_get_serial(cert,tbuf,&tsz);
17766 fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	202 tasc=
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	203 purple_base16_encode_chunked(tbuf, tsz);
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	204 purple_debug_info("gnutls",
17781 3ce170204ef0 disapproval of revision '38e35430b0f7a8b7d764fca702732e7f1c652d02' William Ehlhardt <williamehlhardt@gmail.com> parents: 17780 diff changeset	205 "Serial: %s\n",
3ce170204ef0 disapproval of revision '38e35430b0f7a8b7d764fca702732e7f1c652d02' William Ehlhardt <williamehlhardt@gmail.com> parents: 17780 diff changeset	206 tasc);
17766 fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	207 g_free(tasc);
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	208
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	209 tsz=sizeof(tbuf);
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	210 gnutls_x509_crt_get_dn (cert, tbuf, &tsz);
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	211 purple_debug_info("gnutls",
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	212 "Cert DN: %s\n",
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	213 tbuf);
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	214 tsz=sizeof(tbuf);
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	215 gnutls_x509_crt_get_issuer_dn (cert, tbuf, &tsz);
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	216 purple_debug_info("gnutls",
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	217 "Cert Issuer DN: %s\n",
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	218 tbuf);
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	219
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	220 g_free(fpr_asc); fpr_asc = NULL;
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	221 gnutls_x509_crt_deinit(cert);
17781 3ce170204ef0 disapproval of revision '38e35430b0f7a8b7d764fca702732e7f1c652d02' William Ehlhardt <williamehlhardt@gmail.com> parents: 17780 diff changeset	222 }
17766 fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	223
17781 3ce170204ef0 disapproval of revision '38e35430b0f7a8b7d764fca702732e7f1c652d02' William Ehlhardt <williamehlhardt@gmail.com> parents: 17780 diff changeset	224 }
18955 f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	225
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	226 /* TODO: The following logic should really be in libpurple */
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	227 /* If a Verifier was given, hand control over to it */
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	228 if (gsc->verifier) {
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	229 GList *peers;
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	230 /* First, get the peer cert chain */
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	231 peers = purple_ssl_get_peer_certificates(gsc);
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	232
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	233 /* Now kick off the verification process */
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	234 purple_certificate_verify(gsc->verifier,
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	235 gsc->host,
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	236 peers,
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	237 ssl_gnutls_verified_cb,
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	238 gsc);
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	239
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	240 } else {
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	241 /* Otherwise, just call the "connection complete"
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	242 callback */
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	243 gsc->connect_cb(gsc->connect_cb_data, gsc, cond);
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	244 }
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	245 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	246
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	247 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	248
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	249
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	250 static void
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	251 ssl_gnutls_connect(PurpleSslConnection *gsc)
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	252 {
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	253 PurpleSslGnutlsData *gnutls_data;
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	254 static const int cert_type_priority[2] = { GNUTLS_CRT_X509, 0 };
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	255
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	256 gnutls_data = g_new0(PurpleSslGnutlsData, 1);
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	257 gsc->private_data = gnutls_data;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	258
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	259 gnutls_init(&gnutls_data->session, GNUTLS_CLIENT);
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	260 gnutls_set_default_priority(gnutls_data->session);
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	261
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	262 gnutls_certificate_type_set_priority(gnutls_data->session,
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	263 cert_type_priority);
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	264
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	265 gnutls_credentials_set(gnutls_data->session, GNUTLS_CRD_CERTIFICATE,
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	266 xcred);
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	267
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	268 gnutls_transport_set_ptr(gnutls_data->session, GINT_TO_POINTER(gsc->fd));
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	269
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	270 gnutls_data->handshake_handler = purple_input_add(gsc->fd,
32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	271 PURPLE_INPUT_READ, ssl_gnutls_handshake_cb, gsc);
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	272
17252 a2edef5eb1b1 - Document some weird-looking logic in the GnuTLS plugin. William Ehlhardt <williamehlhardt@gmail.com> parents: 16665 diff changeset	273 /* Orborde asks: Why are we configuring a callback, then
a2edef5eb1b1 - Document some weird-looking logic in the GnuTLS plugin. William Ehlhardt <williamehlhardt@gmail.com> parents: 16665 diff changeset	274 immediately calling it?
a2edef5eb1b1 - Document some weird-looking logic in the GnuTLS plugin. William Ehlhardt <williamehlhardt@gmail.com> parents: 16665 diff changeset	275
a2edef5eb1b1 - Document some weird-looking logic in the GnuTLS plugin. William Ehlhardt <williamehlhardt@gmail.com> parents: 16665 diff changeset	276 Answer: gnutls_handshake (up in handshake_cb) needs to be called
a2edef5eb1b1 - Document some weird-looking logic in the GnuTLS plugin. William Ehlhardt <williamehlhardt@gmail.com> parents: 16665 diff changeset	277 once in order to get the ball rolling on the SSL connection.
a2edef5eb1b1 - Document some weird-looking logic in the GnuTLS plugin. William Ehlhardt <williamehlhardt@gmail.com> parents: 16665 diff changeset	278 Once it has done so, only then will the server reply, triggering
a2edef5eb1b1 - Document some weird-looking logic in the GnuTLS plugin. William Ehlhardt <williamehlhardt@gmail.com> parents: 16665 diff changeset	279 the callback.
a2edef5eb1b1 - Document some weird-looking logic in the GnuTLS plugin. William Ehlhardt <williamehlhardt@gmail.com> parents: 16665 diff changeset	280
a2edef5eb1b1 - Document some weird-looking logic in the GnuTLS plugin. William Ehlhardt <williamehlhardt@gmail.com> parents: 16665 diff changeset	281 Since the logic driving gnutls_handshake is the same with the first
a2edef5eb1b1 - Document some weird-looking logic in the GnuTLS plugin. William Ehlhardt <williamehlhardt@gmail.com> parents: 16665 diff changeset	282 and subsequent calls, we'll just fire the callback immediately to
a2edef5eb1b1 - Document some weird-looking logic in the GnuTLS plugin. William Ehlhardt <williamehlhardt@gmail.com> parents: 16665 diff changeset	283 accomplish this.
a2edef5eb1b1 - Document some weird-looking logic in the GnuTLS plugin. William Ehlhardt <williamehlhardt@gmail.com> parents: 16665 diff changeset	284 */
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	285 ssl_gnutls_handshake_cb(gsc, gsc->fd, PURPLE_INPUT_READ);
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	286 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	287
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	288 static void
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	289 ssl_gnutls_close(PurpleSslConnection *gsc)
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	290 {
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	291 PurpleSslGnutlsData *gnutls_data = PURPLE_SSL_GNUTLS_DATA(gsc);
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	292
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	293 if(!gnutls_data)
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	294 return;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	295
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	296 if(gnutls_data->handshake_handler)
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	297 purple_input_remove(gnutls_data->handshake_handler);
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	298
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	299 gnutls_bye(gnutls_data->session, GNUTLS_SHUT_RDWR);
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	300
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	301 gnutls_deinit(gnutls_data->session);
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	302
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	303 g_free(gnutls_data);
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	304 gsc->private_data = NULL;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	305 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	306
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	307 static size_t
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	308 ssl_gnutls_read(PurpleSslConnection gsc, void data, size_t len)
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	309 {
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	310 PurpleSslGnutlsData *gnutls_data = PURPLE_SSL_GNUTLS_DATA(gsc);
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	311 ssize_t s;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	312
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	313 s = gnutls_record_recv(gnutls_data->session, data, len);
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	314
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	315 if(s == GNUTLS_E_AGAIN \|\| s == GNUTLS_E_INTERRUPTED) {
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	316 s = -1;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	317 errno = EAGAIN;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	318 } else if(s < 0) {
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	319 purple_debug_error("gnutls", "receive failed: %s\n",
15784 eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15373 diff changeset	320 gnutls_strerror(s));
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15373 diff changeset	321 s = -1;
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15373 diff changeset	322 /*
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15373 diff changeset	323 * TODO: Set errno to something more appropriate. Or even
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15373 diff changeset	324 * better: allow ssl plugins to keep track of their
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15373 diff changeset	325 * own error message, then add a new ssl_ops function
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15373 diff changeset	326 * that returns the error message.
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15373 diff changeset	327 */
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15373 diff changeset	328 errno = EIO;
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	329 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	330
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	331 return s;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	332 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	333
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	334 static size_t
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	335 ssl_gnutls_write(PurpleSslConnection gsc, const void data, size_t len)
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	336 {
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	337 PurpleSslGnutlsData *gnutls_data = PURPLE_SSL_GNUTLS_DATA(gsc);
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	338 ssize_t s = 0;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	339
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	340 /* XXX: when will gnutls_data be NULL? */
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	341 if(gnutls_data)
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	342 s = gnutls_record_send(gnutls_data->session, data, len);
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	343
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	344 if(s == GNUTLS_E_AGAIN \|\| s == GNUTLS_E_INTERRUPTED) {
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	345 s = -1;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	346 errno = EAGAIN;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	347 } else if(s < 0) {
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	348 purple_debug_error("gnutls", "send failed: %s\n",
15784 eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15373 diff changeset	349 gnutls_strerror(s));
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15373 diff changeset	350 s = -1;
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15373 diff changeset	351 /*
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15373 diff changeset	352 * TODO: Set errno to something more appropriate. Or even
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15373 diff changeset	353 * better: allow ssl plugins to keep track of their
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15373 diff changeset	354 * own error message, then add a new ssl_ops function
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15373 diff changeset	355 * that returns the error message.
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15373 diff changeset	356 */
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15373 diff changeset	357 errno = EIO;
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	358 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	359
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	360 return s;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	361 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	362
17914 2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	363 /* Forward declarations are fun!
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	364 TODO: This is a stupid place for this */
18189 030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	365 static PurpleCertificate *
18186 80c909c5bb7a - Add a mode switch to allow DER or PEM imports (necessary because SSL certs William Ehlhardt <williamehlhardt@gmail.com> parents: 17914 diff changeset	366 x509_import_from_datum(const gnutls_datum_t dt, gnutls_x509_crt_fmt_t mode);
17914 2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	367
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	368 static GList *
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	369 ssl_gnutls_get_peer_certificates(PurpleSslConnection * gsc)
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	370 {
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	371 PurpleSslGnutlsData *gnutls_data = PURPLE_SSL_GNUTLS_DATA(gsc);
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	372
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	373 /* List of Certificate instances to return */
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	374 GList * peer_certs = NULL;
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	375
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	376 /* List of raw certificates as given by GnuTLS */
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	377 const gnutls_datum_t *cert_list;
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	378 unsigned int cert_list_size = 0;
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	379
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	380 unsigned int i;
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	381
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	382 /* This should never, ever happen. */
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	383 g_return_val_if_fail( gnutls_certificate_type_get (gnutls_data->session) == GNUTLS_CRT_X509, NULL);
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	384
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	385 /* Get the certificate list from GnuTLS */
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	386 /* TODO: I am _pretty sure_ this doesn't block or do other exciting things */
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	387 cert_list = gnutls_certificate_get_peers(gnutls_data->session,
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	388 &cert_list_size);
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	389
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	390 /* Convert each certificate to a Certificate and append it to the list */
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	391 for (i = 0; i < cert_list_size; i++) {
18189 030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	392 PurpleCertificate * newcrt = x509_import_from_datum(cert_list[i],
18186 80c909c5bb7a - Add a mode switch to allow DER or PEM imports (necessary because SSL certs William Ehlhardt <williamehlhardt@gmail.com> parents: 17914 diff changeset	393 GNUTLS_X509_FMT_DER);
17914 2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	394 /* Append is somewhat inefficient on linked lists, but is easy
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	395 to read. If someone complains, I'll change it.
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	396 TODO: Is anyone complaining? (Maybe elb?) */
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	397 peer_certs = g_list_append(peer_certs, newcrt);
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	398 }
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	399
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	400 /* cert_list shouldn't need free()-ing */
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	401 /* TODO: double-check this */
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	402
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	403 return peer_certs;
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	404 }
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	405
17913 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	406 /************************************************************************/
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	407 /* X.509 functionality */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	408 /************************************************************************/
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	409 const gchar * SCHEME_NAME = "x509";
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	410
18189 030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	411 static PurpleCertificateScheme x509_gnutls;
17913 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	412
17914 2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	413 /** Transforms a gnutls_datum_t containing an X.509 certificate into a Certificate instance under the x509_gnutls scheme
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	414 *
18186 80c909c5bb7a - Add a mode switch to allow DER or PEM imports (necessary because SSL certs William Ehlhardt <williamehlhardt@gmail.com> parents: 17914 diff changeset	415 * @param dt Datum to transform
80c909c5bb7a - Add a mode switch to allow DER or PEM imports (necessary because SSL certs William Ehlhardt <williamehlhardt@gmail.com> parents: 17914 diff changeset	416 * @param mode GnuTLS certificate format specifier (GNUTLS_X509_FMT_PEM for
80c909c5bb7a - Add a mode switch to allow DER or PEM imports (necessary because SSL certs William Ehlhardt <williamehlhardt@gmail.com> parents: 17914 diff changeset	417 * reading from files, and GNUTLS_X509_FMT_DER for converting
80c909c5bb7a - Add a mode switch to allow DER or PEM imports (necessary because SSL certs William Ehlhardt <williamehlhardt@gmail.com> parents: 17914 diff changeset	418 * "over the wire" certs for SSL)
17914 2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	419 *
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	420 * @return A newly allocated Certificate structure of the x509_gnutls scheme
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	421 */
18189 030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	422 static PurpleCertificate *
18186 80c909c5bb7a - Add a mode switch to allow DER or PEM imports (necessary because SSL certs William Ehlhardt <williamehlhardt@gmail.com> parents: 17914 diff changeset	423 x509_import_from_datum(const gnutls_datum_t dt, gnutls_x509_crt_fmt_t mode)
17914 2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	424 {
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	425 /* Internal certificate data structure */
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	426 gnutls_x509_crt_t *certdat;
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	427 /* New certificate to return */
18189 030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	428 PurpleCertificate * crt;
17914 2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	429
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	430 /* Allocate and prepare the internal certificate data */
18961 fa138dbacff5 - More g_new0 instead of g_new William Ehlhardt <williamehlhardt@gmail.com> parents: 18955 diff changeset	431 certdat = g_new0(gnutls_x509_crt_t, 1);
17914 2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	432 gnutls_x509_crt_init(certdat);
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	433
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	434 /* Perform the actual certificate parse */
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	435 /* Yes, certdat SHOULD be dereferenced */
18186 80c909c5bb7a - Add a mode switch to allow DER or PEM imports (necessary because SSL certs William Ehlhardt <williamehlhardt@gmail.com> parents: 17914 diff changeset	436 gnutls_x509_crt_import(*certdat, &dt, mode);
17914 2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	437
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	438 /* Allocate the certificate and load it with data */
18961 fa138dbacff5 - More g_new0 instead of g_new William Ehlhardt <williamehlhardt@gmail.com> parents: 18955 diff changeset	439 crt = g_new0(PurpleCertificate, 1);
17914 2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	440 crt->scheme = &x509_gnutls;
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	441 crt->data = certdat;
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	442
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	443 return crt;
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	444 }
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	445
17913 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	446 /** Imports a PEM-formatted X.509 certificate from the specified file.
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	447 * @param filename Filename to import from. Format is PEM
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	448 *
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	449 * @return A newly allocated Certificate structure of the x509_gnutls scheme
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	450 */
18189 030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	451 static PurpleCertificate *
17913 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	452 x509_import_from_file(const gchar * filename)
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	453 {
18189 030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	454 PurpleCertificate crt; / Certificate being constructed */
17913 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	455 gchar buf; / Used to load the raw file data */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	456 gsize buf_sz; /* Size of the above */
17914 2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	457 gnutls_datum_t dt; /* Struct to pass down to GnuTLS */
17913 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	458
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	459 purple_debug_info("gnutls",
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	460 "Attempting to load X.509 certificate from %s\n",
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	461 filename);
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	462
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	463 /* Next, we'll simply yank the entire contents of the file
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	464 into memory */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	465 /* TODO: Should I worry about very large files here? */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	466 /* TODO: Error checking */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	467 g_file_get_contents(filename,
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	468 &buf,
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	469 &buf_sz,
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	470 NULL /* No error checking for now */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	471 );
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	472
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	473 /* Load the datum struct */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	474 dt.data = (unsigned char *) buf;
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	475 dt.size = buf_sz;
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	476
17914 2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	477 /* Perform the conversion */
18186 80c909c5bb7a - Add a mode switch to allow DER or PEM imports (necessary because SSL certs William Ehlhardt <williamehlhardt@gmail.com> parents: 17914 diff changeset	478 crt = x509_import_from_datum(dt,
80c909c5bb7a - Add a mode switch to allow DER or PEM imports (necessary because SSL certs William Ehlhardt <williamehlhardt@gmail.com> parents: 17914 diff changeset	479 GNUTLS_X509_FMT_PEM); // files should be in PEM format
17913 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	480
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	481 /* Cleanup */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	482 g_free(buf);
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	483
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	484 return crt;
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	485 }
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	486
18977 31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	487 /**
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	488 * Exports a PEM-formatted X.509 certificate to the specified file.
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	489 * @param filename Filename to export to. Format will be PEM
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	490 * @param crt Certificate to export
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	491 *
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	492 * @return TRUE if success, otherwise FALSE
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	493 */
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	494 static gboolean
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	495 x509_export_certificate(const gchar filename, PurpleCertificate crt)
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	496 {
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	497 gnutls_x509_crt_t crt_dat; /* GnuTLS cert struct */
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	498 int ret;
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	499 gchar * out_buf; /* Data to output */
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	500 size_t out_size; /* Output size */
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	501 gboolean success = FALSE;
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	502
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	503 /* Paranoia paranoia paranoia! */
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	504 g_return_val_if_fail(filename, FALSE);
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	505 g_return_val_if_fail(crt, FALSE);
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	506 g_return_val_if_fail(crt->scheme == &x509_gnutls, FALSE);
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	507 g_return_val_if_fail(crt->data, FALSE);
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	508
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	509 crt_dat = ( (gnutls_x509_crt_t ) crt->data);
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	510
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	511 /* Obtain the output size required */
19004 d4065b26dcac - Fix intermittent crash due to uninitialized variable William Ehlhardt <williamehlhardt@gmail.com> parents: 19003 diff changeset	512 out_size = 0;
18977 31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	513 ret = gnutls_x509_crt_export(crt_dat, GNUTLS_X509_FMT_PEM,
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	514 NULL, /* Provide no buffer yet */
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	515 &out_size /* Put size here */
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	516 );
19002 daeca1b9ebdb - Fix an incorrect assertion in GnuTLS plugin William Ehlhardt <williamehlhardt@gmail.com> parents: 18977 diff changeset	517 g_return_val_if_fail(ret == GNUTLS_E_SHORT_MEMORY_BUFFER, FALSE);
18977 31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	518
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	519 /* Now allocate a buffer and really export it */
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	520 out_buf = g_new0(gchar, out_size);
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	521 ret = gnutls_x509_crt_export(crt_dat, GNUTLS_X509_FMT_PEM,
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	522 out_buf, /* Export to our new buffer */
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	523 &out_size /* Put size here */
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	524 );
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	525 if (ret != 0) {
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	526 purple_debug_error("gnutls/x509",
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	527 "Failed to export cert to buffer with code %d\n",
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	528 ret);
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	529 g_free(out_buf);
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	530 return FALSE;
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	531 }
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	532
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	533 /* Write it out to an actual file */
19003 0b1a75eb5627 - GnuTLS plugin no longer uses write_data_to_file from util. It has been William Ehlhardt <williamehlhardt@gmail.com> parents: 19002 diff changeset	534 /* TODO: THIS IS A COMPATIBILITY VIOLATION
0b1a75eb5627 - GnuTLS plugin no longer uses write_data_to_file from util. It has been William Ehlhardt <williamehlhardt@gmail.com> parents: 19002 diff changeset	535 Look into util.c write_data_to_file. */
0b1a75eb5627 - GnuTLS plugin no longer uses write_data_to_file from util. It has been William Ehlhardt <williamehlhardt@gmail.com> parents: 19002 diff changeset	536 success = g_file_set_contents(filename,
0b1a75eb5627 - GnuTLS plugin no longer uses write_data_to_file from util. It has been William Ehlhardt <williamehlhardt@gmail.com> parents: 19002 diff changeset	537 out_buf,
0b1a75eb5627 - GnuTLS plugin no longer uses write_data_to_file from util. It has been William Ehlhardt <williamehlhardt@gmail.com> parents: 19002 diff changeset	538 out_size,
0b1a75eb5627 - GnuTLS plugin no longer uses write_data_to_file from util. It has been William Ehlhardt <williamehlhardt@gmail.com> parents: 19002 diff changeset	539 NULL);
18977 31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	540
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	541
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	542 g_free(out_buf);
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	543 g_return_val_if_fail(success, FALSE);
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	544 return success;
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	545 }
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	546
17913 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	547 /** Frees a Certificate
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	548 *
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	549 * Destroys a Certificate's internal data structures and frees the pointer
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	550 * given.
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	551 * @param crt Certificate instance to be destroyed. It WILL NOT be destroyed
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	552 * if it is not of the correct CertificateScheme. Can be NULL
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	553 *
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	554 */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	555 static void
18189 030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	556 x509_destroy_certificate(PurpleCertificate * crt)
17913 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	557 {
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	558 /* TODO: Issue a warning here? */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	559 if (NULL == crt) return;
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	560
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	561 /* Check that the scheme is x509_gnutls */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	562 if ( crt->scheme != &x509_gnutls ) {
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	563 purple_debug_error("gnutls",
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	564 "destroy_certificate attempted on certificate of wrong scheme (scheme was %s, expected %s)\n",
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	565 crt->scheme->name,
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	566 SCHEME_NAME);
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	567 return;
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	568 }
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	569
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	570 /* TODO: Different error checking? */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	571 g_return_if_fail(crt->data != NULL);
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	572 g_return_if_fail(crt->scheme != NULL);
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	573
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	574 /* Destroy the GnuTLS-specific data */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	575 gnutls_x509_crt_deinit( ( (gnutls_x509_crt_t ) crt->data ) );
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	576 g_free(crt->data);
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	577
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	578 /* TODO: Reference counting here? */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	579
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	580 /* Kill the structure itself */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	581 g_free(crt);
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	582 }
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	583
18191 a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	584 /** Determines whether one certificate has been issued and signed by another
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	585 *
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	586 * @param crt Certificate to check the signature of
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	587 * @param issuer Issuer's certificate
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	588 *
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	589 * @return TRUE if crt was signed and issued by issuer, otherwise FALSE
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	590 * @TODO Modify this function to return a reason for invalidity?
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	591 */
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	592 static gboolean
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	593 x509_certificate_signed_by(PurpleCertificate * crt,
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	594 PurpleCertificate * issuer)
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	595 {
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	596 gnutls_x509_crt_t crt_dat;
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	597 gnutls_x509_crt_t issuer_dat;
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	598 unsigned int verify; /* used to store details from GnuTLS verifier */
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	599 int ret;
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	600
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	601 /* TODO: Change this error checking? */
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	602 g_return_val_if_fail(crt, FALSE);
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	603 g_return_val_if_fail(issuer, FALSE);
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	604
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	605 /* Verify that both certs are the correct scheme */
18963 146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	606 g_return_val_if_fail(crt->scheme == &x509_gnutls, FALSE);
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	607 g_return_val_if_fail(issuer->scheme == &x509_gnutls, FALSE);
18191 a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	608
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	609 /* TODO: check for more nullness? */
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	610
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	611 crt_dat = ((gnutls_x509_crt_t ) crt->data);
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	612 issuer_dat = ((gnutls_x509_crt_t ) issuer->data);
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	613
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	614 /* First, let's check that crt.issuer is actually issuer */
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	615 ret = gnutls_x509_crt_check_issuer(crt_dat, issuer_dat);
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	616 if (ret <= 0) {
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	617
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	618 if (ret < 0) {
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	619 purple_debug_error("gnutls/x509",
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	620 "GnuTLS error %d while checking certificate issuer match.",
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	621 ret);
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	622 }
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	623
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	624 /* The issuer is not correct, or there were errors */
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	625 return FALSE;
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	626 }
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	627
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	628 /* Now, check the signature */
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	629 /* The second argument is a ptr to an array of "trusted" issuer certs,
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	630 but we're only using one trusted one */
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	631 ret = gnutls_x509_crt_verify(crt_dat, &issuer_dat, 1, 0, &verify);
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	632
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	633 if (ret > 0) {
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	634 /* The certificate is good. */
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	635 return TRUE;
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	636 }
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	637 else if (ret < 0) {
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	638 purple_debug_error("gnutls/x509",
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	639 "Attempted certificate verification caused a GnuTLS error code %d. I will just say the signature is bad, but you should look into this.\n", ret);
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	640 return FALSE;
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	641 }
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	642 else {
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	643 /* Signature didn't check out, but at least
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	644 there were no errors*/
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	645 return FALSE;
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	646 } /* if (ret, etc.) */
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	647
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	648 /* Control does not reach this point */
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	649 }
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	650
18935 cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	651 static GByteArray *
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	652 x509_sha1sum(PurpleCertificate *crt)
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	653 {
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	654 size_t hashlen = 20; /* SHA1 hashes are 20 bytes */
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	655 size_t tmpsz = hashlen; /* Throw-away variable for GnuTLS to stomp on*/
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	656 gnutls_x509_crt_t crt_dat;
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	657 GByteArray hash; /< Final hash container /
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	658 guchar hashbuf[hashlen]; /*< Temporary buffer to contain hash /
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	659
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	660 g_return_val_if_fail(crt, NULL);
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	661
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	662 crt_dat = ( (gnutls_x509_crt_t ) crt->data );
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	663
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	664 /* Extract the fingerprint */
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	665 /* TODO: Errorcheck? */
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	666 gnutls_x509_crt_get_fingerprint(crt_dat, GNUTLS_MAC_SHA,
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	667 hashbuf, &tmpsz);
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	668
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	669 /* This shouldn't happen */
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	670 g_return_val_if_fail(tmpsz == hashlen, NULL);
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	671
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	672 /* Okay, now create and fill hash array */
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	673 hash = g_byte_array_new();
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	674 g_byte_array_append(hash, hashbuf, hashlen);
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	675
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	676 return hash;
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	677 }
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	678
18963 146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	679 static gchar *
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	680 x509_common_name (PurpleCertificate *crt)
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	681 {
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	682 gnutls_x509_crt_t cert_dat;
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	683 gchar *cn = NULL;
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	684 size_t cn_size;
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	685
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	686 g_return_val_if_fail(crt, NULL);
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	687 g_return_val_if_fail(crt->scheme == &x509_gnutls, NULL);
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	688
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	689 cert_dat = ( (gnutls_x509_crt_t ) crt->data );
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	690
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	691 /* TODO: Not return values? */
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	692
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	693 /* Figure out the length of the Common Name */
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	694 /* Claim that the buffer is size 0 so GnuTLS just tells us how much
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	695 space it needs */
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	696 cn_size = 0;
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	697 gnutls_x509_crt_get_dn_by_oid(cert_dat,
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	698 GNUTLS_OID_X520_COMMON_NAME,
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	699 0, /* First CN found, please */
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	700 0, /* Not in raw mode */
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	701 cn, &cn_size);
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	702
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	703 /* Now allocate and get the Common Name */
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	704 cn = g_new0(gchar, cn_size);
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	705 gnutls_x509_crt_get_dn_by_oid(cert_dat,
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	706 GNUTLS_OID_X520_COMMON_NAME,
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	707 0, /* First CN found, please */
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	708 0, /* Not in raw mode */
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	709 cn, &cn_size);
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	710
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	711 return cn;
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	712 }
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	713
19008 7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	714 static gboolean
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	715 x509_check_name (PurpleCertificate crt, const gchar name)
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	716 {
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	717 gnutls_x509_crt_t crt_dat;
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	718
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	719 g_return_val_if_fail(crt, FALSE);
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	720 g_return_val_if_fail(crt->scheme == &x509_gnutls, FALSE);
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	721 g_return_val_if_fail(name, FALSE);
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	722
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	723 crt_dat = ( (gnutls_x509_crt_t ) crt->data );
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	724
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	725 if (gnutls_x509_crt_check_hostname(crt_dat, name)) {
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	726 return TRUE;
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	727 } else {
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	728 return FALSE;
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	729 }
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	730 }
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	731
19013 5157ebe90b93 - Add activation/expiration time retrievers to GnuTLS plugin William Ehlhardt <williamehlhardt@gmail.com> parents: 19008 diff changeset	732 static time_t
5157ebe90b93 - Add activation/expiration time retrievers to GnuTLS plugin William Ehlhardt <williamehlhardt@gmail.com> parents: 19008 diff changeset	733 x509_activation (PurpleCertificate *crt)
5157ebe90b93 - Add activation/expiration time retrievers to GnuTLS plugin William Ehlhardt <williamehlhardt@gmail.com> parents: 19008 diff changeset	734 {
5157ebe90b93 - Add activation/expiration time retrievers to GnuTLS plugin William Ehlhardt <williamehlhardt@gmail.com> parents: 19008 diff changeset	735 gnutls_x509_crt_t crt_dat;
5157ebe90b93 - Add activation/expiration time retrievers to GnuTLS plugin William Ehlhardt <williamehlhardt@gmail.com> parents: 19008 diff changeset	736
5157ebe90b93 - Add activation/expiration time retrievers to GnuTLS plugin William Ehlhardt <williamehlhardt@gmail.com> parents: 19008 diff changeset	737 g_assert(crt);
5157ebe90b93 - Add activation/expiration time retrievers to GnuTLS plugin William Ehlhardt <williamehlhardt@gmail.com> parents: 19008 diff changeset	738 g_assert(crt->scheme == &x509_gnutls);
5157ebe90b93 - Add activation/expiration time retrievers to GnuTLS plugin William Ehlhardt <williamehlhardt@gmail.com> parents: 19008 diff changeset	739
5157ebe90b93 - Add activation/expiration time retrievers to GnuTLS plugin William Ehlhardt <williamehlhardt@gmail.com> parents: 19008 diff changeset	740 crt_dat = ( (gnutls_x509_crt_t ) crt->data );
5157ebe90b93 - Add activation/expiration time retrievers to GnuTLS plugin William Ehlhardt <williamehlhardt@gmail.com> parents: 19008 diff changeset	741
5157ebe90b93 - Add activation/expiration time retrievers to GnuTLS plugin William Ehlhardt <williamehlhardt@gmail.com> parents: 19008 diff changeset	742 /* TODO: Errorcheck this? */
5157ebe90b93 - Add activation/expiration time retrievers to GnuTLS plugin William Ehlhardt <williamehlhardt@gmail.com> parents: 19008 diff changeset	743 return gnutls_x509_crt_get_activation_time(crt_dat);
5157ebe90b93 - Add activation/expiration time retrievers to GnuTLS plugin William Ehlhardt <williamehlhardt@gmail.com> parents: 19008 diff changeset	744 }
5157ebe90b93 - Add activation/expiration time retrievers to GnuTLS plugin William Ehlhardt <williamehlhardt@gmail.com> parents: 19008 diff changeset	745
5157ebe90b93 - Add activation/expiration time retrievers to GnuTLS plugin William Ehlhardt <williamehlhardt@gmail.com> parents: 19008 diff changeset	746 static time_t
5157ebe90b93 - Add activation/expiration time retrievers to GnuTLS plugin William Ehlhardt <williamehlhardt@gmail.com> parents: 19008 diff changeset	747 x509_expiration (PurpleCertificate *crt)
5157ebe90b93 - Add activation/expiration time retrievers to GnuTLS plugin William Ehlhardt <williamehlhardt@gmail.com> parents: 19008 diff changeset	748 {
5157ebe90b93 - Add activation/expiration time retrievers to GnuTLS plugin William Ehlhardt <williamehlhardt@gmail.com> parents: 19008 diff changeset	749 gnutls_x509_crt_t crt_dat;
5157ebe90b93 - Add activation/expiration time retrievers to GnuTLS plugin William Ehlhardt <williamehlhardt@gmail.com> parents: 19008 diff changeset	750
5157ebe90b93 - Add activation/expiration time retrievers to GnuTLS plugin William Ehlhardt <williamehlhardt@gmail.com> parents: 19008 diff changeset	751 g_assert(crt);
5157ebe90b93 - Add activation/expiration time retrievers to GnuTLS plugin William Ehlhardt <williamehlhardt@gmail.com> parents: 19008 diff changeset	752 g_assert(crt->scheme == &x509_gnutls);
5157ebe90b93 - Add activation/expiration time retrievers to GnuTLS plugin William Ehlhardt <williamehlhardt@gmail.com> parents: 19008 diff changeset	753
5157ebe90b93 - Add activation/expiration time retrievers to GnuTLS plugin William Ehlhardt <williamehlhardt@gmail.com> parents: 19008 diff changeset	754 crt_dat = ( (gnutls_x509_crt_t ) crt->data );
5157ebe90b93 - Add activation/expiration time retrievers to GnuTLS plugin William Ehlhardt <williamehlhardt@gmail.com> parents: 19008 diff changeset	755
5157ebe90b93 - Add activation/expiration time retrievers to GnuTLS plugin William Ehlhardt <williamehlhardt@gmail.com> parents: 19008 diff changeset	756 /* TODO: Errorcheck this? */
5157ebe90b93 - Add activation/expiration time retrievers to GnuTLS plugin William Ehlhardt <williamehlhardt@gmail.com> parents: 19008 diff changeset	757 return gnutls_x509_crt_get_expiration_time(crt_dat);
5157ebe90b93 - Add activation/expiration time retrievers to GnuTLS plugin William Ehlhardt <williamehlhardt@gmail.com> parents: 19008 diff changeset	758 }
5157ebe90b93 - Add activation/expiration time retrievers to GnuTLS plugin William Ehlhardt <williamehlhardt@gmail.com> parents: 19008 diff changeset	759
18189 030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	760 /* X.509 certificate operations provided by this plugin */
030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	761 /* TODO: Flesh this out! */
030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	762 static PurpleCertificateScheme x509_gnutls = {
030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	763 "x509", /* Scheme name */
030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	764 N_("X.509 Certificates"), /* User-visible scheme name */
030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	765 x509_import_from_file, /* Certificate import function */
18977 31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	766 x509_export_certificate, /* Certificate export function */
18934 04be1b885ef3 - Add more to the Certificate struct William Ehlhardt <williamehlhardt@gmail.com> parents: 18930 diff changeset	767 x509_destroy_certificate, /* Destroy cert */
18935 cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	768 x509_sha1sum, /* SHA1 fingerprint */
18934 04be1b885ef3 - Add more to the Certificate struct William Ehlhardt <williamehlhardt@gmail.com> parents: 18930 diff changeset	769 NULL, /* Unique ID */
18963 146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	770 NULL, /* Issuer Unique ID */
19006 dc60287ce426 - Add get_activation_time and get_expiration_time to CertificateScheme William Ehlhardt <williamehlhardt@gmail.com> parents: 19004 diff changeset	771 x509_common_name, /* Subject name */
19008 7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	772 x509_check_name, /* Check subject name */
19013 5157ebe90b93 - Add activation/expiration time retrievers to GnuTLS plugin William Ehlhardt <williamehlhardt@gmail.com> parents: 19008 diff changeset	773 x509_activation, /* Activation time */
5157ebe90b93 - Add activation/expiration time retrievers to GnuTLS plugin William Ehlhardt <williamehlhardt@gmail.com> parents: 19008 diff changeset	774 x509_expiration /* Expiration time */
18189 030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	775 };
030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	776
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	777 static PurpleSslOps ssl_ops =
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	778 {
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	779 ssl_gnutls_init,
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	780 ssl_gnutls_uninit,
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	781 ssl_gnutls_connect,
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	782 ssl_gnutls_close,
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	783 ssl_gnutls_read,
16665 6531f1a2e1d7 Added NULL pads to ssl stuff Gary Kramlich <grim@reaperworld.com> parents: 15822 diff changeset	784 ssl_gnutls_write,
18187 33690062e8b3 - Expose get_peer_certificates in the SslOps struct, and modify gnutls William Ehlhardt <williamehlhardt@gmail.com> parents: 18186 diff changeset	785 ssl_gnutls_get_peer_certificates,
16665 6531f1a2e1d7 Added NULL pads to ssl stuff Gary Kramlich <grim@reaperworld.com> parents: 15822 diff changeset	786
6531f1a2e1d7 Added NULL pads to ssl stuff Gary Kramlich <grim@reaperworld.com> parents: 15822 diff changeset	787 /* padding */
6531f1a2e1d7 Added NULL pads to ssl stuff Gary Kramlich <grim@reaperworld.com> parents: 15822 diff changeset	788 NULL,
6531f1a2e1d7 Added NULL pads to ssl stuff Gary Kramlich <grim@reaperworld.com> parents: 15822 diff changeset	789 NULL,
6531f1a2e1d7 Added NULL pads to ssl stuff Gary Kramlich <grim@reaperworld.com> parents: 15822 diff changeset	790 NULL
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	791 };
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	792
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	793 #endif /* HAVE_GNUTLS */
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	794
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	795 static gboolean
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	796 plugin_load(PurplePlugin *plugin)
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	797 {
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	798 #ifdef HAVE_GNUTLS
18927 9abc911c65aa - GnuTLS plugin registers an x509 certscheme now William Ehlhardt <williamehlhardt@gmail.com> parents: 18191 diff changeset	799 /* Register that we're providing an X.509 CertScheme */
9abc911c65aa - GnuTLS plugin registers an x509 certscheme now William Ehlhardt <williamehlhardt@gmail.com> parents: 18191 diff changeset	800 /* @TODO : error checking */
9abc911c65aa - GnuTLS plugin registers an x509 certscheme now William Ehlhardt <williamehlhardt@gmail.com> parents: 18191 diff changeset	801 purple_certificate_register_scheme( &x509_gnutls );
9abc911c65aa - GnuTLS plugin registers an x509 certscheme now William Ehlhardt <williamehlhardt@gmail.com> parents: 18191 diff changeset	802
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	803 if(!purple_ssl_get_ops()) {
32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	804 purple_ssl_set_ops(&ssl_ops);
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	805 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	806
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	807 /* Init GNUTLS now so others can use it even if sslconn never does */
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	808 ssl_gnutls_init_gnutls();
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	809
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	810 return TRUE;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	811 #else
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	812 return FALSE;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	813 #endif
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	814 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	815
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	816 static gboolean
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	817 plugin_unload(PurplePlugin *plugin)
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	818 {
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	819 #ifdef HAVE_GNUTLS
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	820 if(purple_ssl_get_ops() == &ssl_ops) {
32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	821 purple_ssl_set_ops(NULL);
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	822 }
18927 9abc911c65aa - GnuTLS plugin registers an x509 certscheme now William Ehlhardt <williamehlhardt@gmail.com> parents: 18191 diff changeset	823
9abc911c65aa - GnuTLS plugin registers an x509 certscheme now William Ehlhardt <williamehlhardt@gmail.com> parents: 18191 diff changeset	824 purple_certificate_unregister_scheme( &x509_gnutls );
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	825 #endif
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	826
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	827 return TRUE;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	828 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	829
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	830 static PurplePluginInfo info =
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	831 {
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	832 PURPLE_PLUGIN_MAGIC,
32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	833 PURPLE_MAJOR_VERSION,
32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	834 PURPLE_MINOR_VERSION,
32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	835 PURPLE_PLUGIN_STANDARD, /*< type /
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	836 NULL, /*< ui_requirement /
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	837 PURPLE_PLUGIN_FLAG_INVISIBLE, /*< flags /
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	838 NULL, /*< dependencies /
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	839 PURPLE_PRIORITY_DEFAULT, /*< priority /
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	840
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	841 SSL_GNUTLS_PLUGIN_ID, /*< id /
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	842 N_("GNUTLS"), /*< name /
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	843 VERSION, /*< version /
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	844 /** summary */
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	845 N_("Provides SSL support through GNUTLS."),
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	846 /** description */
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	847 N_("Provides SSL support through GNUTLS."),
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	848 "Christian Hammond <chipx86@gnupdate.org>",
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	849 PURPLE_WEBSITE, /*< homepage /
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	850
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	851 plugin_load, /*< load /
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	852 plugin_unload, /*< unload /
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	853 NULL, /*< destroy /
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	854
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	855 NULL, /*< ui_info /
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	856 NULL, /*< extra_info /
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	857 NULL, /*< prefs_info /
16665 6531f1a2e1d7 Added NULL pads to ssl stuff Gary Kramlich <grim@reaperworld.com> parents: 15822 diff changeset	858 NULL, /*< actions /
6531f1a2e1d7 Added NULL pads to ssl stuff Gary Kramlich <grim@reaperworld.com> parents: 15822 diff changeset	859
6531f1a2e1d7 Added NULL pads to ssl stuff Gary Kramlich <grim@reaperworld.com> parents: 15822 diff changeset	860 /* padding */
6531f1a2e1d7 Added NULL pads to ssl stuff Gary Kramlich <grim@reaperworld.com> parents: 15822 diff changeset	861 NULL,
6531f1a2e1d7 Added NULL pads to ssl stuff Gary Kramlich <grim@reaperworld.com> parents: 15822 diff changeset	862 NULL,
6531f1a2e1d7 Added NULL pads to ssl stuff Gary Kramlich <grim@reaperworld.com> parents: 15822 diff changeset	863 NULL,
6531f1a2e1d7 Added NULL pads to ssl stuff Gary Kramlich <grim@reaperworld.com> parents: 15822 diff changeset	864 NULL
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	865 };
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	866
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	867 static void
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	868 init_plugin(PurplePlugin *plugin)
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	869 {
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	870 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	871
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	872 PURPLE_INIT_PLUGIN(ssl_gnutls, init_plugin, info)

Mercurial > pidgin

annotate libpurple/plugins/ssl/ssl-gnutls.c @ 19013:5157ebe90b93