Mercurial > pidgin
annotate src/ssl-nss.c @ 6747:82348b5ab87e
[gaim-migrate @ 7279]
Waaahhh, I'm automake. I don't want to include a conditional variable in my
list of sources. That would be too much work for me, so I'll complain
instead! Poor me!
committer: Tailor Script <tailor@pidgin.im>
author | Christian Hammond <chipx86@chipx86.com> |
---|---|
date | Thu, 04 Sep 2003 23:33:28 +0000 |
parents | 6c95f01aaf49 |
children | f9efcba2d02f |
rev | line source |
---|---|
6738 | 1 /** |
2 * @file ssl-nss.c SSL Operations for Mozilla NSS | |
3 * @ingroup core | |
4 * | |
5 * gaim | |
6 * | |
7 * Copyright (C) 2003 Christian Hammond <chipx86@gnupdate.org> | |
8 * | |
9 * This program is free software; you can redistribute it and/or modify | |
10 * it under the terms of the GNU General Public License as published by | |
11 * the Free Software Foundation; either version 2 of the License, or | |
12 * (at your option) any later version. | |
13 * | |
14 * This program is distributed in the hope that it will be useful, | |
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
17 * GNU General Public License for more details. | |
18 * | |
19 * You should have received a copy of the GNU General Public License | |
20 * along with this program; if not, write to the Free Software | |
21 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA | |
22 */ | |
6747
82348b5ab87e
[gaim-migrate @ 7279]
Christian Hammond <chipx86@chipx86.com>
parents:
6738
diff
changeset
|
23 #include "internal.h" |
82348b5ab87e
[gaim-migrate @ 7279]
Christian Hammond <chipx86@chipx86.com>
parents:
6738
diff
changeset
|
24 |
82348b5ab87e
[gaim-migrate @ 7279]
Christian Hammond <chipx86@chipx86.com>
parents:
6738
diff
changeset
|
25 #ifdef HAVE_NSS |
82348b5ab87e
[gaim-migrate @ 7279]
Christian Hammond <chipx86@chipx86.com>
parents:
6738
diff
changeset
|
26 |
6738 | 27 #include "debug.h" |
28 #include "sslconn.h" | |
29 | |
30 #include <nspr.h> | |
31 #include <nss.h> | |
32 #include <pk11func.h> | |
33 #include <prio.h> | |
34 #include <secerr.h> | |
35 #include <secmod.h> | |
36 #include <ssl.h> | |
37 #include <sslerr.h> | |
38 #include <sslproto.h> | |
39 | |
40 typedef struct | |
41 { | |
42 PRFileDesc *fd; | |
43 PRFileDesc *in; | |
44 | |
45 } GaimSslNssData; | |
46 | |
47 #define GAIM_SSL_NSS_DATA(gsc) ((GaimSslNssData *)gsc->private_data) | |
48 | |
49 static const PRIOMethods *_nss_methods = NULL; | |
50 static PRDescIdentity _identity; | |
51 | |
52 static SECStatus | |
53 ssl_auth_cert(void *arg, PRFileDesc *socket, PRBool checksig, | |
54 PRBool is_server) | |
55 { | |
56 return SECSuccess; | |
57 | |
58 #if 0 | |
59 CERTCertificate *cert; | |
60 void *pinArg; | |
61 SECStatus status; | |
62 | |
63 cert = SSL_PeerCertificate(socket); | |
64 pinArg = SSL_RevealPinArg(socket); | |
65 | |
66 status = CERT_VerifyCertNow((CERTCertDBHandle *)arg, cert, checksig, | |
67 certUsageSSLClient, pinArg); | |
68 | |
69 if (status != SECSuccess) { | |
70 gaim_debug_error("nss", "CERT_VerifyCertNow failed\n"); | |
71 CERT_DestroyCertificate(cert); | |
72 return status; | |
73 } | |
74 | |
75 CERT_DestroyCertificate(cert); | |
76 return SECSuccess; | |
77 #endif | |
78 } | |
79 | |
80 SECStatus | |
81 ssl_bad_cert(void *arg, PRFileDesc *socket) | |
82 { | |
83 SECStatus status = SECFailure; | |
84 PRErrorCode err; | |
85 | |
86 if (arg == NULL) | |
87 return status; | |
88 | |
89 *(PRErrorCode *)arg = err = PORT_GetError(); | |
90 | |
91 switch (err) | |
92 { | |
93 case SEC_ERROR_INVALID_AVA: | |
94 case SEC_ERROR_INVALID_TIME: | |
95 case SEC_ERROR_BAD_SIGNATURE: | |
96 case SEC_ERROR_EXPIRED_CERTIFICATE: | |
97 case SEC_ERROR_UNKNOWN_ISSUER: | |
98 case SEC_ERROR_UNTRUSTED_CERT: | |
99 case SEC_ERROR_CERT_VALID: | |
100 case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE: | |
101 case SEC_ERROR_CRL_EXPIRED: | |
102 case SEC_ERROR_CRL_BAD_SIGNATURE: | |
103 case SEC_ERROR_EXTENSION_VALUE_INVALID: | |
104 case SEC_ERROR_CA_CERT_INVALID: | |
105 case SEC_ERROR_CERT_USAGES_INVALID: | |
106 case SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION: | |
107 status = SECSuccess; | |
108 break; | |
109 | |
110 default: | |
111 status = SECFailure; | |
112 break; | |
113 } | |
114 | |
115 gaim_debug_error("nss", "Bad certificate: %d\n"); | |
116 | |
117 return status; | |
118 } | |
119 | |
120 static void | |
121 input_func(gpointer data, gint source, GaimInputCondition cond) | |
122 { | |
123 GaimSslConnection *gsc = (GaimSslConnection *)data; | |
124 GaimSslNssData *nss_data = GAIM_SSL_NSS_DATA(gsc); | |
125 char *cp, *ip, *sp; | |
126 int op, kp0, kp1; | |
127 int result; | |
128 | |
129 result = SSL_SecurityStatus(nss_data->in, &op, &cp, &kp0, | |
130 &kp1, &ip, &sp); | |
131 | |
132 gaim_debug_misc("nss", | |
133 "bulk cipher %s, %d secret key bits, %d key bits, status: %d\n" | |
134 "subject DN: %s\n" | |
135 "issuer DN: %s\n", | |
136 cp, kp1, kp0, op, sp, ip); | |
137 | |
138 PR_Free(cp); | |
139 PR_Free(ip); | |
140 PR_Free(sp); | |
141 | |
142 gsc->input_func(gsc->user_data, gsc, cond); | |
143 } | |
144 | |
145 static gboolean | |
146 ssl_nss_init(void) | |
147 { | |
148 PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); | |
149 NSS_NoDB_Init(NULL); | |
150 | |
151 /* TODO: Fix this so autoconf does the work trying to find this lib. */ | |
152 SECMOD_AddNewModule("Builtins", LIBDIR "/libnssckbi.so", 0, 0); | |
153 NSS_SetDomesticPolicy(); | |
154 | |
155 _identity = PR_GetUniqueIdentity("Gaim"); | |
156 _nss_methods = PR_GetDefaultIOMethods(); | |
157 | |
158 return TRUE; | |
159 } | |
160 | |
161 static void | |
162 ssl_nss_uninit(void) | |
163 { | |
164 PR_Cleanup(); | |
165 | |
166 _nss_methods = NULL; | |
167 } | |
168 | |
169 static void | |
170 ssl_nss_connect_cb(gpointer data, gint source, GaimInputCondition cond) | |
171 { | |
172 GaimSslConnection *gsc = (GaimSslConnection *)data; | |
173 GaimSslNssData *nss_data = g_new0(GaimSslNssData, 1); | |
174 PRSocketOptionData socket_opt; | |
175 | |
176 gsc->private_data = nss_data; | |
177 | |
178 gsc->fd = source; | |
179 | |
180 nss_data->fd = PR_ImportTCPSocket(gsc->fd); | |
181 | |
182 if (nss_data->fd == NULL) | |
183 { | |
184 gaim_debug_error("nss", "nss_data->fd == NULL!\n"); | |
185 | |
186 gaim_ssl_close((GaimSslConnection *)gsc); | |
187 | |
188 return; | |
189 } | |
190 | |
191 socket_opt.option = PR_SockOpt_Nonblocking; | |
192 socket_opt.value.non_blocking = PR_FALSE; | |
193 | |
194 PR_SetSocketOption(nss_data->fd, &socket_opt); | |
195 | |
196 nss_data->in = SSL_ImportFD(NULL, nss_data->fd); | |
197 | |
198 if (nss_data->in == NULL) | |
199 { | |
200 gaim_debug_error("nss", "nss_data->in == NUL!\n"); | |
201 | |
202 gaim_ssl_close((GaimSslConnection *)gsc); | |
203 | |
204 return; | |
205 } | |
206 | |
207 SSL_OptionSet(nss_data->in, SSL_SECURITY, PR_TRUE); | |
208 SSL_OptionSet(nss_data->in, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE); | |
209 | |
210 SSL_AuthCertificateHook(nss_data->in, | |
211 (SSLAuthCertificate)ssl_auth_cert, | |
212 (void *)CERT_GetDefaultCertDB()); | |
213 SSL_BadCertHook(nss_data->in, (SSLBadCertHandler)ssl_bad_cert, NULL); | |
214 | |
215 SSL_SetURL(nss_data->in, gsc->host); | |
216 | |
217 SSL_ResetHandshake(nss_data->in, PR_FALSE); | |
218 | |
219 if (SSL_ForceHandshake(nss_data->in)) | |
220 { | |
221 gaim_debug_error("nss", "Handshake failed\n"); | |
222 | |
223 gaim_ssl_close((GaimSslConnection *)gsc); | |
224 | |
225 return; | |
226 } | |
227 | |
228 #if 0 | |
229 gsc->input_func(gsc->user_data, (GaimSslConnection *)gsc, | |
230 cond); | |
231 #endif | |
232 | |
233 input_func(gsc, source, cond); | |
234 } | |
235 | |
236 static void | |
237 ssl_nss_close(GaimSslConnection *gsc) | |
238 { | |
239 GaimSslNssData *nss_data = GAIM_SSL_NSS_DATA(gsc); | |
240 | |
241 if (nss_data->in) PR_Close(nss_data->in); | |
242 if (nss_data->fd) PR_Close(nss_data->fd); | |
243 | |
244 g_free(nss_data); | |
245 } | |
246 | |
247 static size_t | |
248 ssl_nss_read(GaimSslConnection *gsc, void *data, size_t len) | |
249 { | |
250 GaimSslNssData *nss_data = GAIM_SSL_NSS_DATA(gsc); | |
251 | |
252 return PR_Read(nss_data->in, data, len); | |
253 } | |
254 | |
255 static size_t | |
256 ssl_nss_write(GaimSslConnection *gsc, const void *data, size_t len) | |
257 { | |
258 GaimSslNssData *nss_data = GAIM_SSL_NSS_DATA(gsc); | |
259 | |
260 return PR_Write(nss_data->in, data, len); | |
261 } | |
262 | |
263 static GaimSslOps ssl_ops = | |
264 { | |
265 ssl_nss_init, | |
266 ssl_nss_uninit, | |
267 ssl_nss_connect_cb, | |
268 ssl_nss_close, | |
269 ssl_nss_read, | |
270 ssl_nss_write | |
271 }; | |
272 | |
273 GaimSslOps * | |
274 gaim_ssl_nss_get_ops() | |
275 { | |
276 return &ssl_ops; | |
277 } | |
6747
82348b5ab87e
[gaim-migrate @ 7279]
Christian Hammond <chipx86@chipx86.com>
parents:
6738
diff
changeset
|
278 |
82348b5ab87e
[gaim-migrate @ 7279]
Christian Hammond <chipx86@chipx86.com>
parents:
6738
diff
changeset
|
279 #endif /* HAVE_NSS */ |