pidgin: libpurple/certificate.c annotate

annotate libpurple/certificate.c @ 27671:99baf778e0b9

Fix GnuTLS validation of the CACert Chain. Closes #4458. If certificate validation fails partway through, check the last validated certificate and, if it's in the CA store, consider the chain validated. This allows GnuTLS to validate the CAcert Class 3 intermediate without requiring us to accept MD5 signatures anywhere.

author	Paul Aurich <paul@darkrain42.org>
date	Wed, 22 Jul 2009 07:31:40 +0000
parents	4c5f35f2b1ff
children	d0654dea0575

rev	line source
17910 668a294f9a72 - Added certificate.[ch] and got them integrated into the build William Ehlhardt <williamehlhardt@gmail.com> parents: diff changeset	1 /**
19075 a0138be8d725 - Typo fix William Ehlhardt <williamehlhardt@gmail.com> parents: 19067 diff changeset	2 * @file certificate.c Public-Key Certificate API
17910 668a294f9a72 - Added certificate.[ch] and got them integrated into the build William Ehlhardt <williamehlhardt@gmail.com> parents: diff changeset	3 * @ingroup core
668a294f9a72 - Added certificate.[ch] and got them integrated into the build William Ehlhardt <williamehlhardt@gmail.com> parents: diff changeset	4 */
668a294f9a72 - Added certificate.[ch] and got them integrated into the build William Ehlhardt <williamehlhardt@gmail.com> parents: diff changeset	5
668a294f9a72 - Added certificate.[ch] and got them integrated into the build William Ehlhardt <williamehlhardt@gmail.com> parents: diff changeset	6 /*
668a294f9a72 - Added certificate.[ch] and got them integrated into the build William Ehlhardt <williamehlhardt@gmail.com> parents: diff changeset	7 *
668a294f9a72 - Added certificate.[ch] and got them integrated into the build William Ehlhardt <williamehlhardt@gmail.com> parents: diff changeset	8 * purple
668a294f9a72 - Added certificate.[ch] and got them integrated into the build William Ehlhardt <williamehlhardt@gmail.com> parents: diff changeset	9 *
668a294f9a72 - Added certificate.[ch] and got them integrated into the build William Ehlhardt <williamehlhardt@gmail.com> parents: diff changeset	10 * Purple is the legal property of its developers, whose names are too numerous
668a294f9a72 - Added certificate.[ch] and got them integrated into the build William Ehlhardt <williamehlhardt@gmail.com> parents: diff changeset	11 * to list here. Please refer to the COPYRIGHT file distributed with this
668a294f9a72 - Added certificate.[ch] and got them integrated into the build William Ehlhardt <williamehlhardt@gmail.com> parents: diff changeset	12 * source distribution.
668a294f9a72 - Added certificate.[ch] and got them integrated into the build William Ehlhardt <williamehlhardt@gmail.com> parents: diff changeset	13 *
668a294f9a72 - Added certificate.[ch] and got them integrated into the build William Ehlhardt <williamehlhardt@gmail.com> parents: diff changeset	14 * This program is free software; you can redistribute it and/or modify
668a294f9a72 - Added certificate.[ch] and got them integrated into the build William Ehlhardt <williamehlhardt@gmail.com> parents: diff changeset	15 * it under the terms of the GNU General Public License as published by
668a294f9a72 - Added certificate.[ch] and got them integrated into the build William Ehlhardt <williamehlhardt@gmail.com> parents: diff changeset	16 * the Free Software Foundation; either version 2 of the License, or
668a294f9a72 - Added certificate.[ch] and got them integrated into the build William Ehlhardt <williamehlhardt@gmail.com> parents: diff changeset	17 * (at your option) any later version.
668a294f9a72 - Added certificate.[ch] and got them integrated into the build William Ehlhardt <williamehlhardt@gmail.com> parents: diff changeset	18 *
668a294f9a72 - Added certificate.[ch] and got them integrated into the build William Ehlhardt <williamehlhardt@gmail.com> parents: diff changeset	19 * This program is distributed in the hope that it will be useful,
668a294f9a72 - Added certificate.[ch] and got them integrated into the build William Ehlhardt <williamehlhardt@gmail.com> parents: diff changeset	20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
668a294f9a72 - Added certificate.[ch] and got them integrated into the build William Ehlhardt <williamehlhardt@gmail.com> parents: diff changeset	21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
668a294f9a72 - Added certificate.[ch] and got them integrated into the build William Ehlhardt <williamehlhardt@gmail.com> parents: diff changeset	22 * GNU General Public License for more details.
668a294f9a72 - Added certificate.[ch] and got them integrated into the build William Ehlhardt <williamehlhardt@gmail.com> parents: diff changeset	23 *
668a294f9a72 - Added certificate.[ch] and got them integrated into the build William Ehlhardt <williamehlhardt@gmail.com> parents: diff changeset	24 * You should have received a copy of the GNU General Public License
668a294f9a72 - Added certificate.[ch] and got them integrated into the build William Ehlhardt <williamehlhardt@gmail.com> parents: diff changeset	25 * along with this program; if not, write to the Free Software
19681 44b4e8bd759b The FSF changed its address a while ago; our files were out of date. John Bailey <rekkanoryo@rekkanoryo.org> parents: 19649 diff changeset	26 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA
17910 668a294f9a72 - Added certificate.[ch] and got them integrated into the build William Ehlhardt <williamehlhardt@gmail.com> parents: diff changeset	27 */
668a294f9a72 - Added certificate.[ch] and got them integrated into the build William Ehlhardt <williamehlhardt@gmail.com> parents: diff changeset	28
668a294f9a72 - Added certificate.[ch] and got them integrated into the build William Ehlhardt <williamehlhardt@gmail.com> parents: diff changeset	29 #include <glib.h>
668a294f9a72 - Added certificate.[ch] and got them integrated into the build William Ehlhardt <williamehlhardt@gmail.com> parents: diff changeset	30
19504 d5ecaf5bce93 Fix the win32 build for the cert SoC branch merge. Daniel Atallah <daniel.atallah@gmail.com> parents: 19497 diff changeset	31 #include "internal.h"
17910 668a294f9a72 - Added certificate.[ch] and got them integrated into the build William Ehlhardt <williamehlhardt@gmail.com> parents: diff changeset	32 #include "certificate.h"
19517 7bea9c9fd2a5 (Un)Register the pools with DBus to avoid a runtime fit. Sadrul Habib Chowdhury <imadil@gmail.com> parents: 19515 diff changeset	33 #include "dbus-maybe.h"
18192 dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	34 #include "debug.h"
18953 89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	35 #include "request.h"
19044 602295db8e6b - Register the certificate-stored and certificate-deleted signals William Ehlhardt <williamehlhardt@gmail.com> parents: 19034 diff changeset	36 #include "signals.h"
18953 89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	37 #include "util.h"
17910 668a294f9a72 - Added certificate.[ch] and got them integrated into the build William Ehlhardt <williamehlhardt@gmail.com> parents: diff changeset	38
668a294f9a72 - Added certificate.[ch] and got them integrated into the build William Ehlhardt <williamehlhardt@gmail.com> parents: diff changeset	39 /** List holding pointers to all registered certificate schemes */
18192 dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	40 static GList *cert_schemes = NULL;
18941 425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	41 /** List of registered Verifiers */
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	42 static GList *cert_verifiers = NULL;
18971 898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	43 /** List of registered Pools */
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	44 static GList *cert_pools = NULL;
18941 425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	45
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	46 void
18942 02102eccc4be - purple_certificate_verify now takes a Verifier argument, creates its William Ehlhardt <williamehlhardt@gmail.com> parents: 18941 diff changeset	47 purple_certificate_verify (PurpleCertificateVerifier *verifier,
02102eccc4be - purple_certificate_verify now takes a Verifier argument, creates its William Ehlhardt <williamehlhardt@gmail.com> parents: 18941 diff changeset	48 const gchar subject_name, GList cert_chain,
18941 425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	49 PurpleCertificateVerifiedCallback cb,
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	50 gpointer cb_data)
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	51 {
18942 02102eccc4be - purple_certificate_verify now takes a Verifier argument, creates its William Ehlhardt <williamehlhardt@gmail.com> parents: 18941 diff changeset	52 PurpleCertificateVerificationRequest *vrq;
18941 425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	53 PurpleCertificateScheme *scheme;
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	54
18942 02102eccc4be - purple_certificate_verify now takes a Verifier argument, creates its William Ehlhardt <williamehlhardt@gmail.com> parents: 18941 diff changeset	55 g_return_if_fail(subject_name != NULL);
18941 425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	56 /* If you don't have a cert to check, why are you requesting that it
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	57 be verified? */
18942 02102eccc4be - purple_certificate_verify now takes a Verifier argument, creates its William Ehlhardt <williamehlhardt@gmail.com> parents: 18941 diff changeset	58 g_return_if_fail(cert_chain != NULL);
02102eccc4be - purple_certificate_verify now takes a Verifier argument, creates its William Ehlhardt <williamehlhardt@gmail.com> parents: 18941 diff changeset	59 g_return_if_fail(cb != NULL);
18941 425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	60
18942 02102eccc4be - purple_certificate_verify now takes a Verifier argument, creates its William Ehlhardt <williamehlhardt@gmail.com> parents: 18941 diff changeset	61 /* Look up the CertificateScheme */
02102eccc4be - purple_certificate_verify now takes a Verifier argument, creates its William Ehlhardt <williamehlhardt@gmail.com> parents: 18941 diff changeset	62 scheme = purple_certificate_find_scheme(verifier->scheme_name);
02102eccc4be - purple_certificate_verify now takes a Verifier argument, creates its William Ehlhardt <williamehlhardt@gmail.com> parents: 18941 diff changeset	63 g_return_if_fail(scheme);
18941 425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	64
18943 c519ff185569 - purple_certificate_verify attempts to check that the cert chain is of William Ehlhardt <williamehlhardt@gmail.com> parents: 18942 diff changeset	65 /* Check that at least the first cert in the chain matches the
c519ff185569 - purple_certificate_verify attempts to check that the cert chain is of William Ehlhardt <williamehlhardt@gmail.com> parents: 18942 diff changeset	66 Verifier scheme */
18960 6831c126bcf3 - Fixed an inverted assertion William Ehlhardt <williamehlhardt@gmail.com> parents: 18957 diff changeset	67 g_return_if_fail(scheme ==
18943 c519ff185569 - purple_certificate_verify attempts to check that the cert chain is of William Ehlhardt <williamehlhardt@gmail.com> parents: 18942 diff changeset	68 ((PurpleCertificate *) (cert_chain->data))->scheme);
c519ff185569 - purple_certificate_verify attempts to check that the cert chain is of William Ehlhardt <williamehlhardt@gmail.com> parents: 18942 diff changeset	69
18941 425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	70 /* Construct and fill in the request fields */
18949 8902f0d7e40f - Use g_new0 instead of g_new William Ehlhardt <williamehlhardt@gmail.com> parents: 18947 diff changeset	71 vrq = g_new0(PurpleCertificateVerificationRequest, 1);
18942 02102eccc4be - purple_certificate_verify now takes a Verifier argument, creates its William Ehlhardt <williamehlhardt@gmail.com> parents: 18941 diff changeset	72 vrq->verifier = verifier;
02102eccc4be - purple_certificate_verify now takes a Verifier argument, creates its William Ehlhardt <williamehlhardt@gmail.com> parents: 18941 diff changeset	73 vrq->scheme = scheme;
02102eccc4be - purple_certificate_verify now takes a Verifier argument, creates its William Ehlhardt <williamehlhardt@gmail.com> parents: 18941 diff changeset	74 vrq->subject_name = g_strdup(subject_name);
19021 fcca10d0ac7d - purple_certificate_verify no longer takes possession of the William Ehlhardt <williamehlhardt@gmail.com> parents: 19020 diff changeset	75 vrq->cert_chain = purple_certificate_copy_list(cert_chain);
18941 425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	76 vrq->cb = cb;
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	77 vrq->cb_data = cb_data;
18942 02102eccc4be - purple_certificate_verify now takes a Verifier argument, creates its William Ehlhardt <williamehlhardt@gmail.com> parents: 18941 diff changeset	78
02102eccc4be - purple_certificate_verify now takes a Verifier argument, creates its William Ehlhardt <williamehlhardt@gmail.com> parents: 18941 diff changeset	79 /* Initiate verification */
02102eccc4be - purple_certificate_verify now takes a Verifier argument, creates its William Ehlhardt <williamehlhardt@gmail.com> parents: 18941 diff changeset	80 (verifier->start_verification)(vrq);
18941 425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	81 }
18192 dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	82
18946 617447a71ab7 - Add certificate_destroy and certificate_destroy_list William Ehlhardt <williamehlhardt@gmail.com> parents: 18943 diff changeset	83 void
19088 f5802217844d - Add verify_complete, which should deprecate verify_destroy William Ehlhardt <williamehlhardt@gmail.com> parents: 19086 diff changeset	84 purple_certificate_verify_complete(PurpleCertificateVerificationRequest *vrq,
f5802217844d - Add verify_complete, which should deprecate verify_destroy William Ehlhardt <williamehlhardt@gmail.com> parents: 19086 diff changeset	85 PurpleCertificateVerificationStatus st)
f5802217844d - Add verify_complete, which should deprecate verify_destroy William Ehlhardt <williamehlhardt@gmail.com> parents: 19086 diff changeset	86 {
f5802217844d - Add verify_complete, which should deprecate verify_destroy William Ehlhardt <williamehlhardt@gmail.com> parents: 19086 diff changeset	87 PurpleCertificateVerifier *vr;
f5802217844d - Add verify_complete, which should deprecate verify_destroy William Ehlhardt <williamehlhardt@gmail.com> parents: 19086 diff changeset	88
f5802217844d - Add verify_complete, which should deprecate verify_destroy William Ehlhardt <williamehlhardt@gmail.com> parents: 19086 diff changeset	89 g_return_if_fail(vrq);
f5802217844d - Add verify_complete, which should deprecate verify_destroy William Ehlhardt <williamehlhardt@gmail.com> parents: 19086 diff changeset	90
20747 17e605dd2de1 - Debugging babble in purple_verify_complete to tell final verification William Ehlhardt <williamehlhardt@gmail.com> parents: 20746 diff changeset	91 if (st == PURPLE_CERTIFICATE_VALID) {
17e605dd2de1 - Debugging babble in purple_verify_complete to tell final verification William Ehlhardt <williamehlhardt@gmail.com> parents: 20746 diff changeset	92 purple_debug_info("certificate",
17e605dd2de1 - Debugging babble in purple_verify_complete to tell final verification William Ehlhardt <williamehlhardt@gmail.com> parents: 20746 diff changeset	93 "Successfully verified certificate for %s\n",
17e605dd2de1 - Debugging babble in purple_verify_complete to tell final verification William Ehlhardt <williamehlhardt@gmail.com> parents: 20746 diff changeset	94 vrq->subject_name);
17e605dd2de1 - Debugging babble in purple_verify_complete to tell final verification William Ehlhardt <williamehlhardt@gmail.com> parents: 20746 diff changeset	95 } else {
27231 627d23bfdb05 Increase the logging level of some debugging messages that seemed to be a mauro.brasil@tqi.com.br parents: 25941 diff changeset	96 purple_debug_error("certificate",
20747 17e605dd2de1 - Debugging babble in purple_verify_complete to tell final verification William Ehlhardt <williamehlhardt@gmail.com> parents: 20746 diff changeset	97 "Failed to verify certificate for %s\n",
17e605dd2de1 - Debugging babble in purple_verify_complete to tell final verification William Ehlhardt <williamehlhardt@gmail.com> parents: 20746 diff changeset	98 vrq->subject_name);
17e605dd2de1 - Debugging babble in purple_verify_complete to tell final verification William Ehlhardt <williamehlhardt@gmail.com> parents: 20746 diff changeset	99 }
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	100
19088 f5802217844d - Add verify_complete, which should deprecate verify_destroy William Ehlhardt <williamehlhardt@gmail.com> parents: 19086 diff changeset	101 /* Pass the results on to the request's callback */
f5802217844d - Add verify_complete, which should deprecate verify_destroy William Ehlhardt <williamehlhardt@gmail.com> parents: 19086 diff changeset	102 (vrq->cb)(st, vrq->cb_data);
f5802217844d - Add verify_complete, which should deprecate verify_destroy William Ehlhardt <williamehlhardt@gmail.com> parents: 19086 diff changeset	103
f5802217844d - Add verify_complete, which should deprecate verify_destroy William Ehlhardt <williamehlhardt@gmail.com> parents: 19086 diff changeset	104 /* And now to eliminate the request */
f5802217844d - Add verify_complete, which should deprecate verify_destroy William Ehlhardt <williamehlhardt@gmail.com> parents: 19086 diff changeset	105 /* Fetch the Verifier responsible... */
f5802217844d - Add verify_complete, which should deprecate verify_destroy William Ehlhardt <williamehlhardt@gmail.com> parents: 19086 diff changeset	106 vr = vrq->verifier;
f5802217844d - Add verify_complete, which should deprecate verify_destroy William Ehlhardt <williamehlhardt@gmail.com> parents: 19086 diff changeset	107 /* ...and order it to KILL */
f5802217844d - Add verify_complete, which should deprecate verify_destroy William Ehlhardt <williamehlhardt@gmail.com> parents: 19086 diff changeset	108 (vr->destroy_request)(vrq);
f5802217844d - Add verify_complete, which should deprecate verify_destroy William Ehlhardt <williamehlhardt@gmail.com> parents: 19086 diff changeset	109
f5802217844d - Add verify_complete, which should deprecate verify_destroy William Ehlhardt <williamehlhardt@gmail.com> parents: 19086 diff changeset	110 /* Now the internals have been cleaned up, so clean up the libpurple-
f5802217844d - Add verify_complete, which should deprecate verify_destroy William Ehlhardt <williamehlhardt@gmail.com> parents: 19086 diff changeset	111 created elements */
f5802217844d - Add verify_complete, which should deprecate verify_destroy William Ehlhardt <williamehlhardt@gmail.com> parents: 19086 diff changeset	112 g_free(vrq->subject_name);
f5802217844d - Add verify_complete, which should deprecate verify_destroy William Ehlhardt <williamehlhardt@gmail.com> parents: 19086 diff changeset	113 purple_certificate_destroy_list(vrq->cert_chain);
f5802217844d - Add verify_complete, which should deprecate verify_destroy William Ehlhardt <williamehlhardt@gmail.com> parents: 19086 diff changeset	114
f5802217844d - Add verify_complete, which should deprecate verify_destroy William Ehlhardt <williamehlhardt@gmail.com> parents: 19086 diff changeset	115 /* A structure born
f5802217844d - Add verify_complete, which should deprecate verify_destroy William Ehlhardt <williamehlhardt@gmail.com> parents: 19086 diff changeset	116 * to much ado
f5802217844d - Add verify_complete, which should deprecate verify_destroy William Ehlhardt <williamehlhardt@gmail.com> parents: 19086 diff changeset	117 * and with so much within.
f5802217844d - Add verify_complete, which should deprecate verify_destroy William Ehlhardt <williamehlhardt@gmail.com> parents: 19086 diff changeset	118 * It reaches now
f5802217844d - Add verify_complete, which should deprecate verify_destroy William Ehlhardt <williamehlhardt@gmail.com> parents: 19086 diff changeset	119 * its quiet end. */
f5802217844d - Add verify_complete, which should deprecate verify_destroy William Ehlhardt <williamehlhardt@gmail.com> parents: 19086 diff changeset	120 g_free(vrq);
f5802217844d - Add verify_complete, which should deprecate verify_destroy William Ehlhardt <williamehlhardt@gmail.com> parents: 19086 diff changeset	121 }
f5802217844d - Add verify_complete, which should deprecate verify_destroy William Ehlhardt <williamehlhardt@gmail.com> parents: 19086 diff changeset	122
f5802217844d - Add verify_complete, which should deprecate verify_destroy William Ehlhardt <williamehlhardt@gmail.com> parents: 19086 diff changeset	123
19018 d6f902265076 - Add purple_certificate_copy and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19014 diff changeset	124 PurpleCertificate *
d6f902265076 - Add purple_certificate_copy and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19014 diff changeset	125 purple_certificate_copy(PurpleCertificate *crt)
d6f902265076 - Add purple_certificate_copy and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19014 diff changeset	126 {
d6f902265076 - Add purple_certificate_copy and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19014 diff changeset	127 g_return_val_if_fail(crt, NULL);
d6f902265076 - Add purple_certificate_copy and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19014 diff changeset	128 g_return_val_if_fail(crt->scheme, NULL);
d6f902265076 - Add purple_certificate_copy and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19014 diff changeset	129 g_return_val_if_fail(crt->scheme->copy_certificate, NULL);
d6f902265076 - Add purple_certificate_copy and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19014 diff changeset	130
d6f902265076 - Add purple_certificate_copy and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19014 diff changeset	131 return (crt->scheme->copy_certificate)(crt);
d6f902265076 - Add purple_certificate_copy and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19014 diff changeset	132 }
18947 3c6bf77bf7c4 - Add purple_certificate_verify_destroy and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 18946 diff changeset	133
19020 d69355001a6e - Add purple_certificate_copy_list William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	134 GList *
d69355001a6e - Add purple_certificate_copy_list William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	135 purple_certificate_copy_list(GList *crt_list)
d69355001a6e - Add purple_certificate_copy_list William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	136 {
24270 e265e7066598 Fix a printf("%s", NULL). Fixes #7289. Daniel Atallah <daniel.atallah@gmail.com> parents: 23987 diff changeset	137 GList new_l, l;
19020 d69355001a6e - Add purple_certificate_copy_list William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	138
d69355001a6e - Add purple_certificate_copy_list William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	139 /* First, make a shallow copy of the list */
24270 e265e7066598 Fix a printf("%s", NULL). Fixes #7289. Daniel Atallah <daniel.atallah@gmail.com> parents: 23987 diff changeset	140 new_l = g_list_copy(crt_list);
19020 d69355001a6e - Add purple_certificate_copy_list William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	141
d69355001a6e - Add purple_certificate_copy_list William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	142 /* Now go through and actually duplicate each certificate */
24270 e265e7066598 Fix a printf("%s", NULL). Fixes #7289. Daniel Atallah <daniel.atallah@gmail.com> parents: 23987 diff changeset	143 for (l = new_l; l; l = l->next) {
19020 d69355001a6e - Add purple_certificate_copy_list William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	144 l->data = purple_certificate_copy(l->data);
d69355001a6e - Add purple_certificate_copy_list William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	145 }
d69355001a6e - Add purple_certificate_copy_list William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	146
24270 e265e7066598 Fix a printf("%s", NULL). Fixes #7289. Daniel Atallah <daniel.atallah@gmail.com> parents: 23987 diff changeset	147 return new_l;
19020 d69355001a6e - Add purple_certificate_copy_list William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	148 }
d69355001a6e - Add purple_certificate_copy_list William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	149
18947 3c6bf77bf7c4 - Add purple_certificate_verify_destroy and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 18946 diff changeset	150 void
18946 617447a71ab7 - Add certificate_destroy and certificate_destroy_list William Ehlhardt <williamehlhardt@gmail.com> parents: 18943 diff changeset	151 purple_certificate_destroy (PurpleCertificate *crt)
617447a71ab7 - Add certificate_destroy and certificate_destroy_list William Ehlhardt <williamehlhardt@gmail.com> parents: 18943 diff changeset	152 {
617447a71ab7 - Add certificate_destroy and certificate_destroy_list William Ehlhardt <williamehlhardt@gmail.com> parents: 18943 diff changeset	153 PurpleCertificateScheme *scheme;
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	154
18946 617447a71ab7 - Add certificate_destroy and certificate_destroy_list William Ehlhardt <williamehlhardt@gmail.com> parents: 18943 diff changeset	155 if (NULL == crt) return;
617447a71ab7 - Add certificate_destroy and certificate_destroy_list William Ehlhardt <williamehlhardt@gmail.com> parents: 18943 diff changeset	156
617447a71ab7 - Add certificate_destroy and certificate_destroy_list William Ehlhardt <williamehlhardt@gmail.com> parents: 18943 diff changeset	157 scheme = crt->scheme;
617447a71ab7 - Add certificate_destroy and certificate_destroy_list William Ehlhardt <williamehlhardt@gmail.com> parents: 18943 diff changeset	158
617447a71ab7 - Add certificate_destroy and certificate_destroy_list William Ehlhardt <williamehlhardt@gmail.com> parents: 18943 diff changeset	159 (scheme->destroy_certificate)(crt);
617447a71ab7 - Add certificate_destroy and certificate_destroy_list William Ehlhardt <williamehlhardt@gmail.com> parents: 18943 diff changeset	160 }
617447a71ab7 - Add certificate_destroy and certificate_destroy_list William Ehlhardt <williamehlhardt@gmail.com> parents: 18943 diff changeset	161
617447a71ab7 - Add certificate_destroy and certificate_destroy_list William Ehlhardt <williamehlhardt@gmail.com> parents: 18943 diff changeset	162 void
617447a71ab7 - Add certificate_destroy and certificate_destroy_list William Ehlhardt <williamehlhardt@gmail.com> parents: 18943 diff changeset	163 purple_certificate_destroy_list (GList * crt_list)
617447a71ab7 - Add certificate_destroy and certificate_destroy_list William Ehlhardt <williamehlhardt@gmail.com> parents: 18943 diff changeset	164 {
617447a71ab7 - Add certificate_destroy and certificate_destroy_list William Ehlhardt <williamehlhardt@gmail.com> parents: 18943 diff changeset	165 PurpleCertificate *crt;
617447a71ab7 - Add certificate_destroy and certificate_destroy_list William Ehlhardt <williamehlhardt@gmail.com> parents: 18943 diff changeset	166 GList *l;
617447a71ab7 - Add certificate_destroy and certificate_destroy_list William Ehlhardt <williamehlhardt@gmail.com> parents: 18943 diff changeset	167
617447a71ab7 - Add certificate_destroy and certificate_destroy_list William Ehlhardt <williamehlhardt@gmail.com> parents: 18943 diff changeset	168 for (l=crt_list; l; l = l->next) {
617447a71ab7 - Add certificate_destroy and certificate_destroy_list William Ehlhardt <williamehlhardt@gmail.com> parents: 18943 diff changeset	169 crt = (PurpleCertificate *) l->data;
617447a71ab7 - Add certificate_destroy and certificate_destroy_list William Ehlhardt <williamehlhardt@gmail.com> parents: 18943 diff changeset	170 purple_certificate_destroy(crt);
617447a71ab7 - Add certificate_destroy and certificate_destroy_list William Ehlhardt <williamehlhardt@gmail.com> parents: 18943 diff changeset	171 }
617447a71ab7 - Add certificate_destroy and certificate_destroy_list William Ehlhardt <williamehlhardt@gmail.com> parents: 18943 diff changeset	172
617447a71ab7 - Add certificate_destroy and certificate_destroy_list William Ehlhardt <williamehlhardt@gmail.com> parents: 18943 diff changeset	173 g_list_free(crt_list);
617447a71ab7 - Add certificate_destroy and certificate_destroy_list William Ehlhardt <williamehlhardt@gmail.com> parents: 18943 diff changeset	174 }
18953 89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	175
19076 daa68185a018 - Add purple_certificate_signed_by William Ehlhardt <williamehlhardt@gmail.com> parents: 19075 diff changeset	176 gboolean
daa68185a018 - Add purple_certificate_signed_by William Ehlhardt <williamehlhardt@gmail.com> parents: 19075 diff changeset	177 purple_certificate_signed_by(PurpleCertificate crt, PurpleCertificate issuer)
daa68185a018 - Add purple_certificate_signed_by William Ehlhardt <williamehlhardt@gmail.com> parents: 19075 diff changeset	178 {
daa68185a018 - Add purple_certificate_signed_by William Ehlhardt <williamehlhardt@gmail.com> parents: 19075 diff changeset	179 PurpleCertificateScheme *scheme;
daa68185a018 - Add purple_certificate_signed_by William Ehlhardt <williamehlhardt@gmail.com> parents: 19075 diff changeset	180
daa68185a018 - Add purple_certificate_signed_by William Ehlhardt <williamehlhardt@gmail.com> parents: 19075 diff changeset	181 g_return_val_if_fail(crt, FALSE);
daa68185a018 - Add purple_certificate_signed_by William Ehlhardt <williamehlhardt@gmail.com> parents: 19075 diff changeset	182 g_return_val_if_fail(issuer, FALSE);
daa68185a018 - Add purple_certificate_signed_by William Ehlhardt <williamehlhardt@gmail.com> parents: 19075 diff changeset	183
daa68185a018 - Add purple_certificate_signed_by William Ehlhardt <williamehlhardt@gmail.com> parents: 19075 diff changeset	184 scheme = crt->scheme;
daa68185a018 - Add purple_certificate_signed_by William Ehlhardt <williamehlhardt@gmail.com> parents: 19075 diff changeset	185 g_return_val_if_fail(scheme, FALSE);
daa68185a018 - Add purple_certificate_signed_by William Ehlhardt <williamehlhardt@gmail.com> parents: 19075 diff changeset	186 /* We can't compare two certs of unrelated schemes, obviously */
daa68185a018 - Add purple_certificate_signed_by William Ehlhardt <williamehlhardt@gmail.com> parents: 19075 diff changeset	187 g_return_val_if_fail(issuer->scheme == scheme, FALSE);
daa68185a018 - Add purple_certificate_signed_by William Ehlhardt <williamehlhardt@gmail.com> parents: 19075 diff changeset	188
daa68185a018 - Add purple_certificate_signed_by William Ehlhardt <williamehlhardt@gmail.com> parents: 19075 diff changeset	189 return (scheme->signed_by)(crt, issuer);
daa68185a018 - Add purple_certificate_signed_by William Ehlhardt <williamehlhardt@gmail.com> parents: 19075 diff changeset	190 }
daa68185a018 - Add purple_certificate_signed_by William Ehlhardt <williamehlhardt@gmail.com> parents: 19075 diff changeset	191
19077 8275c3cbc9da - Add purple_certificate_check_signature_chain William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	192 gboolean
27671 99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	193 purple_certificate_check_signature_chain_with_failing(GList *chain,
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	194 PurpleCertificate **failing)
19077 8275c3cbc9da - Add purple_certificate_check_signature_chain William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	195 {
8275c3cbc9da - Add purple_certificate_check_signature_chain William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	196 GList *cur;
8275c3cbc9da - Add purple_certificate_check_signature_chain William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	197 PurpleCertificate crt, issuer;
19081 bdd8911d5031 - Add debugging babble to check_signature_chain William Ehlhardt <williamehlhardt@gmail.com> parents: 19080 diff changeset	198 gchar *uid;
27664 151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	199 time_t now, activation, expiration;
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	200 gboolean ret;
19077 8275c3cbc9da - Add purple_certificate_check_signature_chain William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	201
8275c3cbc9da - Add purple_certificate_check_signature_chain William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	202 g_return_val_if_fail(chain, FALSE);
19081 bdd8911d5031 - Add debugging babble to check_signature_chain William Ehlhardt <williamehlhardt@gmail.com> parents: 19080 diff changeset	203
27671 99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	204 if (failing)
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	205 *failing = NULL;
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	206
19081 bdd8911d5031 - Add debugging babble to check_signature_chain William Ehlhardt <williamehlhardt@gmail.com> parents: 19080 diff changeset	207 uid = purple_certificate_get_unique_id((PurpleCertificate *) chain->data);
bdd8911d5031 - Add debugging babble to check_signature_chain William Ehlhardt <williamehlhardt@gmail.com> parents: 19080 diff changeset	208 purple_debug_info("certificate",
bdd8911d5031 - Add debugging babble to check_signature_chain William Ehlhardt <williamehlhardt@gmail.com> parents: 19080 diff changeset	209 "Checking signature chain for uid=%s\n",
bdd8911d5031 - Add debugging babble to check_signature_chain William Ehlhardt <williamehlhardt@gmail.com> parents: 19080 diff changeset	210 uid);
bdd8911d5031 - Add debugging babble to check_signature_chain William Ehlhardt <williamehlhardt@gmail.com> parents: 19080 diff changeset	211 g_free(uid);
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	212
19077 8275c3cbc9da - Add purple_certificate_check_signature_chain William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	213 /* If this is a single-certificate chain, say that it is valid */
8275c3cbc9da - Add purple_certificate_check_signature_chain William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	214 if (chain->next == NULL) {
19081 bdd8911d5031 - Add debugging babble to check_signature_chain William Ehlhardt <williamehlhardt@gmail.com> parents: 19080 diff changeset	215 purple_debug_info("certificate",
bdd8911d5031 - Add debugging babble to check_signature_chain William Ehlhardt <williamehlhardt@gmail.com> parents: 19080 diff changeset	216 "...Singleton. We'll say it's valid.\n");
19077 8275c3cbc9da - Add purple_certificate_check_signature_chain William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	217 return TRUE;
8275c3cbc9da - Add purple_certificate_check_signature_chain William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	218 }
8275c3cbc9da - Add purple_certificate_check_signature_chain William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	219
27664 151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	220 now = time(NULL);
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	221
19077 8275c3cbc9da - Add purple_certificate_check_signature_chain William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	222 /* Load crt with the first certificate */
8275c3cbc9da - Add purple_certificate_check_signature_chain William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	223 crt = (PurpleCertificate *)(chain->data);
8275c3cbc9da - Add purple_certificate_check_signature_chain William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	224 /* And start with the second certificate in the chain */
8275c3cbc9da - Add purple_certificate_check_signature_chain William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	225 for ( cur = chain->next; cur; cur = cur->next ) {
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	226
19077 8275c3cbc9da - Add purple_certificate_check_signature_chain William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	227 issuer = (PurpleCertificate *)(cur->data);
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	228
27664 151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	229 uid = purple_certificate_get_unique_id(issuer);
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	230
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	231 ret = purple_certificate_get_times(issuer, &activation, &expiration);
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	232 if (!ret \|\| now < activation \|\| now > expiration) {
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	233 if (!ret)
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	234 purple_debug_error("certificate",
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	235 "...Failed to get validity times for certificate %s\n"
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	236 "Chain is INVALID\n", uid);
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	237 else if (now > expiration)
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	238 purple_debug_error("certificate",
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	239 "...Issuer %s expired at %s\nChain is INVALID\n",
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	240 uid, ctime(&expiration));
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	241 else
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	242 purple_debug_error("certificate",
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	243 "...Not-yet-activated issuer %s will be valid at %s\n"
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	244 "Chain is INVALID\n", uid, ctime(&activation));
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	245
27671 99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	246 if (failing)
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	247 *failing = crt;
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	248
27664 151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	249 g_free(uid);
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	250 return FALSE;
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	251 }
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	252
19077 8275c3cbc9da - Add purple_certificate_check_signature_chain William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	253 /* Check the signature for this link */
8275c3cbc9da - Add purple_certificate_check_signature_chain William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	254 if (! purple_certificate_signed_by(crt, issuer) ) {
27231 627d23bfdb05 Increase the logging level of some debugging messages that seemed to be a mauro.brasil@tqi.com.br parents: 25941 diff changeset	255 purple_debug_error("certificate",
19081 bdd8911d5031 - Add debugging babble to check_signature_chain William Ehlhardt <williamehlhardt@gmail.com> parents: 19080 diff changeset	256 "...Bad or missing signature by %s\nChain is INVALID\n",
bdd8911d5031 - Add debugging babble to check_signature_chain William Ehlhardt <williamehlhardt@gmail.com> parents: 19080 diff changeset	257 uid);
bdd8911d5031 - Add debugging babble to check_signature_chain William Ehlhardt <williamehlhardt@gmail.com> parents: 19080 diff changeset	258 g_free(uid);
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	259
27671 99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	260 if (failing)
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	261 *failing = crt;
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	262
19077 8275c3cbc9da - Add purple_certificate_check_signature_chain William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	263 return FALSE;
8275c3cbc9da - Add purple_certificate_check_signature_chain William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	264 }
8275c3cbc9da - Add purple_certificate_check_signature_chain William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	265
19081 bdd8911d5031 - Add debugging babble to check_signature_chain William Ehlhardt <williamehlhardt@gmail.com> parents: 19080 diff changeset	266 purple_debug_info("certificate",
bdd8911d5031 - Add debugging babble to check_signature_chain William Ehlhardt <williamehlhardt@gmail.com> parents: 19080 diff changeset	267 "...Good signature by %s\n",
bdd8911d5031 - Add debugging babble to check_signature_chain William Ehlhardt <williamehlhardt@gmail.com> parents: 19080 diff changeset	268 uid);
bdd8911d5031 - Add debugging babble to check_signature_chain William Ehlhardt <williamehlhardt@gmail.com> parents: 19080 diff changeset	269 g_free(uid);
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	270
19077 8275c3cbc9da - Add purple_certificate_check_signature_chain William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	271 /* The issuer is now the next crt whose signature is to be
8275c3cbc9da - Add purple_certificate_check_signature_chain William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	272 checked */
8275c3cbc9da - Add purple_certificate_check_signature_chain William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	273 crt = issuer;
8275c3cbc9da - Add purple_certificate_check_signature_chain William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	274 }
8275c3cbc9da - Add purple_certificate_check_signature_chain William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	275
8275c3cbc9da - Add purple_certificate_check_signature_chain William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	276 /* If control reaches this point, the chain is valid */
19081 bdd8911d5031 - Add debugging babble to check_signature_chain William Ehlhardt <williamehlhardt@gmail.com> parents: 19080 diff changeset	277 purple_debug_info("certificate", "Chain is VALID\n");
19077 8275c3cbc9da - Add purple_certificate_check_signature_chain William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	278 return TRUE;
8275c3cbc9da - Add purple_certificate_check_signature_chain William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	279 }
8275c3cbc9da - Add purple_certificate_check_signature_chain William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	280
27671 99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	281 gboolean
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	282 purple_certificate_check_signature_chain(GList *chain)
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	283 {
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	284 return purple_certificate_check_signature_chain_with_failing(chain, NULL);
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	285 }
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	286
18988 4189fc3befba - Add purple_certificate_import William Ehlhardt <williamehlhardt@gmail.com> parents: 18987 diff changeset	287 PurpleCertificate *
18989 43d1ee6a3ed5 - Fixed naming issues in previous revision William Ehlhardt <williamehlhardt@gmail.com> parents: 18988 diff changeset	288 purple_certificate_import(PurpleCertificateScheme scheme, const gchar filename)
18988 4189fc3befba - Add purple_certificate_import William Ehlhardt <williamehlhardt@gmail.com> parents: 18987 diff changeset	289 {
4189fc3befba - Add purple_certificate_import William Ehlhardt <williamehlhardt@gmail.com> parents: 18987 diff changeset	290 g_return_val_if_fail(scheme, NULL);
4189fc3befba - Add purple_certificate_import William Ehlhardt <williamehlhardt@gmail.com> parents: 18987 diff changeset	291 g_return_val_if_fail(scheme->import_certificate, NULL);
4189fc3befba - Add purple_certificate_import William Ehlhardt <williamehlhardt@gmail.com> parents: 18987 diff changeset	292 g_return_val_if_fail(filename, NULL);
4189fc3befba - Add purple_certificate_import William Ehlhardt <williamehlhardt@gmail.com> parents: 18987 diff changeset	293
4189fc3befba - Add purple_certificate_import William Ehlhardt <williamehlhardt@gmail.com> parents: 18987 diff changeset	294 return (scheme->import_certificate)(filename);
4189fc3befba - Add purple_certificate_import William Ehlhardt <williamehlhardt@gmail.com> parents: 18987 diff changeset	295 }
4189fc3befba - Add purple_certificate_import William Ehlhardt <williamehlhardt@gmail.com> parents: 18987 diff changeset	296
18977 31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18976 diff changeset	297 gboolean
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18976 diff changeset	298 purple_certificate_export(const gchar filename, PurpleCertificate crt)
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18976 diff changeset	299 {
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18976 diff changeset	300 PurpleCertificateScheme *scheme;
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18976 diff changeset	301
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18976 diff changeset	302 g_return_val_if_fail(filename, FALSE);
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18976 diff changeset	303 g_return_val_if_fail(crt, FALSE);
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18976 diff changeset	304 g_return_val_if_fail(crt->scheme, FALSE);
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18976 diff changeset	305
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18976 diff changeset	306 scheme = crt->scheme;
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18976 diff changeset	307 g_return_val_if_fail(scheme->export_certificate, FALSE);
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18976 diff changeset	308
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18976 diff changeset	309 return (scheme->export_certificate)(filename, crt);
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18976 diff changeset	310 }
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18976 diff changeset	311
27669 4c5f35f2b1ff A better solution for verifying certificate chains with NSS 3.12.3. Paul Aurich <paul@darkrain42.org> parents: 27664 diff changeset	312 static gboolean
4c5f35f2b1ff A better solution for verifying certificate chains with NSS 3.12.3. Paul Aurich <paul@darkrain42.org> parents: 27664 diff changeset	313 byte_arrays_equal(const GByteArray array1, const GByteArray array2)
4c5f35f2b1ff A better solution for verifying certificate chains with NSS 3.12.3. Paul Aurich <paul@darkrain42.org> parents: 27664 diff changeset	314 {
4c5f35f2b1ff A better solution for verifying certificate chains with NSS 3.12.3. Paul Aurich <paul@darkrain42.org> parents: 27664 diff changeset	315 g_return_val_if_fail(array1 != NULL, FALSE);
4c5f35f2b1ff A better solution for verifying certificate chains with NSS 3.12.3. Paul Aurich <paul@darkrain42.org> parents: 27664 diff changeset	316 g_return_val_if_fail(array2 != NULL, FALSE);
4c5f35f2b1ff A better solution for verifying certificate chains with NSS 3.12.3. Paul Aurich <paul@darkrain42.org> parents: 27664 diff changeset	317
4c5f35f2b1ff A better solution for verifying certificate chains with NSS 3.12.3. Paul Aurich <paul@darkrain42.org> parents: 27664 diff changeset	318 return (array1->len == array2->len) &&
4c5f35f2b1ff A better solution for verifying certificate chains with NSS 3.12.3. Paul Aurich <paul@darkrain42.org> parents: 27664 diff changeset	319 (0 == memcmp(array1->data, array2->data, array1->len));
4c5f35f2b1ff A better solution for verifying certificate chains with NSS 3.12.3. Paul Aurich <paul@darkrain42.org> parents: 27664 diff changeset	320 }
4c5f35f2b1ff A better solution for verifying certificate chains with NSS 3.12.3. Paul Aurich <paul@darkrain42.org> parents: 27664 diff changeset	321
18953 89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	322 GByteArray *
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	323 purple_certificate_get_fingerprint_sha1(PurpleCertificate *crt)
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	324 {
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	325 PurpleCertificateScheme *scheme;
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	326 GByteArray *fpr;
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	327
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	328 g_return_val_if_fail(crt, NULL);
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	329 g_return_val_if_fail(crt->scheme, NULL);
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	330
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	331 scheme = crt->scheme;
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	332
18953 89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	333 g_return_val_if_fail(scheme->get_fingerprint_sha1, NULL);
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	334
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	335 fpr = (scheme->get_fingerprint_sha1)(crt);
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	336
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	337 return fpr;
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	338 }
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	339
18962 fcd05c39803e - Add purple_certificate_get_subject_name and associated libpurple William Ehlhardt <williamehlhardt@gmail.com> parents: 18960 diff changeset	340 gchar *
19080 3bdede51c007 - Expose get_unique_id and get_issuer_unique_id through libpurple functions William Ehlhardt <williamehlhardt@gmail.com> parents: 19078 diff changeset	341 purple_certificate_get_unique_id(PurpleCertificate *crt)
3bdede51c007 - Expose get_unique_id and get_issuer_unique_id through libpurple functions William Ehlhardt <williamehlhardt@gmail.com> parents: 19078 diff changeset	342 {
3bdede51c007 - Expose get_unique_id and get_issuer_unique_id through libpurple functions William Ehlhardt <williamehlhardt@gmail.com> parents: 19078 diff changeset	343 g_return_val_if_fail(crt, NULL);
3bdede51c007 - Expose get_unique_id and get_issuer_unique_id through libpurple functions William Ehlhardt <williamehlhardt@gmail.com> parents: 19078 diff changeset	344 g_return_val_if_fail(crt->scheme, NULL);
3bdede51c007 - Expose get_unique_id and get_issuer_unique_id through libpurple functions William Ehlhardt <williamehlhardt@gmail.com> parents: 19078 diff changeset	345 g_return_val_if_fail(crt->scheme->get_unique_id, NULL);
3bdede51c007 - Expose get_unique_id and get_issuer_unique_id through libpurple functions William Ehlhardt <williamehlhardt@gmail.com> parents: 19078 diff changeset	346
3bdede51c007 - Expose get_unique_id and get_issuer_unique_id through libpurple functions William Ehlhardt <williamehlhardt@gmail.com> parents: 19078 diff changeset	347 return (crt->scheme->get_unique_id)(crt);
3bdede51c007 - Expose get_unique_id and get_issuer_unique_id through libpurple functions William Ehlhardt <williamehlhardt@gmail.com> parents: 19078 diff changeset	348 }
3bdede51c007 - Expose get_unique_id and get_issuer_unique_id through libpurple functions William Ehlhardt <williamehlhardt@gmail.com> parents: 19078 diff changeset	349
3bdede51c007 - Expose get_unique_id and get_issuer_unique_id through libpurple functions William Ehlhardt <williamehlhardt@gmail.com> parents: 19078 diff changeset	350 gchar *
3bdede51c007 - Expose get_unique_id and get_issuer_unique_id through libpurple functions William Ehlhardt <williamehlhardt@gmail.com> parents: 19078 diff changeset	351 purple_certificate_get_issuer_unique_id(PurpleCertificate *crt)
3bdede51c007 - Expose get_unique_id and get_issuer_unique_id through libpurple functions William Ehlhardt <williamehlhardt@gmail.com> parents: 19078 diff changeset	352 {
3bdede51c007 - Expose get_unique_id and get_issuer_unique_id through libpurple functions William Ehlhardt <williamehlhardt@gmail.com> parents: 19078 diff changeset	353 g_return_val_if_fail(crt, NULL);
3bdede51c007 - Expose get_unique_id and get_issuer_unique_id through libpurple functions William Ehlhardt <williamehlhardt@gmail.com> parents: 19078 diff changeset	354 g_return_val_if_fail(crt->scheme, NULL);
3bdede51c007 - Expose get_unique_id and get_issuer_unique_id through libpurple functions William Ehlhardt <williamehlhardt@gmail.com> parents: 19078 diff changeset	355 g_return_val_if_fail(crt->scheme->get_issuer_unique_id, NULL);
3bdede51c007 - Expose get_unique_id and get_issuer_unique_id through libpurple functions William Ehlhardt <williamehlhardt@gmail.com> parents: 19078 diff changeset	356
3bdede51c007 - Expose get_unique_id and get_issuer_unique_id through libpurple functions William Ehlhardt <williamehlhardt@gmail.com> parents: 19078 diff changeset	357 return (crt->scheme->get_issuer_unique_id)(crt);
3bdede51c007 - Expose get_unique_id and get_issuer_unique_id through libpurple functions William Ehlhardt <williamehlhardt@gmail.com> parents: 19078 diff changeset	358 }
3bdede51c007 - Expose get_unique_id and get_issuer_unique_id through libpurple functions William Ehlhardt <williamehlhardt@gmail.com> parents: 19078 diff changeset	359
3bdede51c007 - Expose get_unique_id and get_issuer_unique_id through libpurple functions William Ehlhardt <williamehlhardt@gmail.com> parents: 19078 diff changeset	360 gchar *
18962 fcd05c39803e - Add purple_certificate_get_subject_name and associated libpurple William Ehlhardt <williamehlhardt@gmail.com> parents: 18960 diff changeset	361 purple_certificate_get_subject_name(PurpleCertificate *crt)
fcd05c39803e - Add purple_certificate_get_subject_name and associated libpurple William Ehlhardt <williamehlhardt@gmail.com> parents: 18960 diff changeset	362 {
fcd05c39803e - Add purple_certificate_get_subject_name and associated libpurple William Ehlhardt <williamehlhardt@gmail.com> parents: 18960 diff changeset	363 PurpleCertificateScheme *scheme;
fcd05c39803e - Add purple_certificate_get_subject_name and associated libpurple William Ehlhardt <williamehlhardt@gmail.com> parents: 18960 diff changeset	364 gchar *subject_name;
fcd05c39803e - Add purple_certificate_get_subject_name and associated libpurple William Ehlhardt <williamehlhardt@gmail.com> parents: 18960 diff changeset	365
fcd05c39803e - Add purple_certificate_get_subject_name and associated libpurple William Ehlhardt <williamehlhardt@gmail.com> parents: 18960 diff changeset	366 g_return_val_if_fail(crt, NULL);
fcd05c39803e - Add purple_certificate_get_subject_name and associated libpurple William Ehlhardt <williamehlhardt@gmail.com> parents: 18960 diff changeset	367 g_return_val_if_fail(crt->scheme, NULL);
fcd05c39803e - Add purple_certificate_get_subject_name and associated libpurple William Ehlhardt <williamehlhardt@gmail.com> parents: 18960 diff changeset	368
fcd05c39803e - Add purple_certificate_get_subject_name and associated libpurple William Ehlhardt <williamehlhardt@gmail.com> parents: 18960 diff changeset	369 scheme = crt->scheme;
fcd05c39803e - Add purple_certificate_get_subject_name and associated libpurple William Ehlhardt <williamehlhardt@gmail.com> parents: 18960 diff changeset	370
fcd05c39803e - Add purple_certificate_get_subject_name and associated libpurple William Ehlhardt <williamehlhardt@gmail.com> parents: 18960 diff changeset	371 g_return_val_if_fail(scheme->get_subject_name, NULL);
fcd05c39803e - Add purple_certificate_get_subject_name and associated libpurple William Ehlhardt <williamehlhardt@gmail.com> parents: 18960 diff changeset	372
fcd05c39803e - Add purple_certificate_get_subject_name and associated libpurple William Ehlhardt <williamehlhardt@gmail.com> parents: 18960 diff changeset	373 subject_name = (scheme->get_subject_name)(crt);
fcd05c39803e - Add purple_certificate_get_subject_name and associated libpurple William Ehlhardt <williamehlhardt@gmail.com> parents: 18960 diff changeset	374
fcd05c39803e - Add purple_certificate_get_subject_name and associated libpurple William Ehlhardt <williamehlhardt@gmail.com> parents: 18960 diff changeset	375 return subject_name;
fcd05c39803e - Add purple_certificate_get_subject_name and associated libpurple William Ehlhardt <williamehlhardt@gmail.com> parents: 18960 diff changeset	376 }
fcd05c39803e - Add purple_certificate_get_subject_name and associated libpurple William Ehlhardt <williamehlhardt@gmail.com> parents: 18960 diff changeset	377
19008 7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19001 diff changeset	378 gboolean
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19001 diff changeset	379 purple_certificate_check_subject_name(PurpleCertificate crt, const gchar name)
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19001 diff changeset	380 {
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19001 diff changeset	381 PurpleCertificateScheme *scheme;
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19001 diff changeset	382
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19001 diff changeset	383 g_return_val_if_fail(crt, FALSE);
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19001 diff changeset	384 g_return_val_if_fail(crt->scheme, FALSE);
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19001 diff changeset	385 g_return_val_if_fail(name, FALSE);
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19001 diff changeset	386
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19001 diff changeset	387 scheme = crt->scheme;
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19001 diff changeset	388
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19001 diff changeset	389 /* TODO: Instead of failing, maybe use get_subject_name and strcmp? */
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19001 diff changeset	390 g_return_val_if_fail(scheme->check_subject_name, FALSE);
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19001 diff changeset	391
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19001 diff changeset	392 return (scheme->check_subject_name)(crt, name);
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19001 diff changeset	393 }
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19001 diff changeset	394
19012 b1090cbfc286 - Add expiration/activation functions for Certificates William Ehlhardt <williamehlhardt@gmail.com> parents: 19010 diff changeset	395 gboolean
b1090cbfc286 - Add expiration/activation functions for Certificates William Ehlhardt <williamehlhardt@gmail.com> parents: 19010 diff changeset	396 purple_certificate_get_times(PurpleCertificate crt, time_t activation, time_t *expiration)
b1090cbfc286 - Add expiration/activation functions for Certificates William Ehlhardt <williamehlhardt@gmail.com> parents: 19010 diff changeset	397 {
b1090cbfc286 - Add expiration/activation functions for Certificates William Ehlhardt <williamehlhardt@gmail.com> parents: 19010 diff changeset	398 PurpleCertificateScheme *scheme;
b1090cbfc286 - Add expiration/activation functions for Certificates William Ehlhardt <williamehlhardt@gmail.com> parents: 19010 diff changeset	399
b1090cbfc286 - Add expiration/activation functions for Certificates William Ehlhardt <williamehlhardt@gmail.com> parents: 19010 diff changeset	400 g_return_val_if_fail(crt, FALSE);
b1090cbfc286 - Add expiration/activation functions for Certificates William Ehlhardt <williamehlhardt@gmail.com> parents: 19010 diff changeset	401
b1090cbfc286 - Add expiration/activation functions for Certificates William Ehlhardt <williamehlhardt@gmail.com> parents: 19010 diff changeset	402 scheme = crt->scheme;
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	403
19012 b1090cbfc286 - Add expiration/activation functions for Certificates William Ehlhardt <williamehlhardt@gmail.com> parents: 19010 diff changeset	404 g_return_val_if_fail(scheme, FALSE);
b1090cbfc286 - Add expiration/activation functions for Certificates William Ehlhardt <williamehlhardt@gmail.com> parents: 19010 diff changeset	405
b1090cbfc286 - Add expiration/activation functions for Certificates William Ehlhardt <williamehlhardt@gmail.com> parents: 19010 diff changeset	406 /* If both provided references are NULL, what are you doing calling
b1090cbfc286 - Add expiration/activation functions for Certificates William Ehlhardt <williamehlhardt@gmail.com> parents: 19010 diff changeset	407 this? */
b1090cbfc286 - Add expiration/activation functions for Certificates William Ehlhardt <williamehlhardt@gmail.com> parents: 19010 diff changeset	408 g_return_val_if_fail( (activation != NULL) \|\| (expiration != NULL), FALSE);
b1090cbfc286 - Add expiration/activation functions for Certificates William Ehlhardt <williamehlhardt@gmail.com> parents: 19010 diff changeset	409
19067 6c0aad79c4c5 - Change the internal structure of activation/expiration times to match William Ehlhardt <williamehlhardt@gmail.com> parents: 19063 diff changeset	410 /* Throw the request on down to the certscheme */
6c0aad79c4c5 - Change the internal structure of activation/expiration times to match William Ehlhardt <williamehlhardt@gmail.com> parents: 19063 diff changeset	411 return (scheme->get_times)(crt, activation, expiration);
19012 b1090cbfc286 - Add expiration/activation functions for Certificates William Ehlhardt <williamehlhardt@gmail.com> parents: 19010 diff changeset	412 }
b1090cbfc286 - Add expiration/activation functions for Certificates William Ehlhardt <williamehlhardt@gmail.com> parents: 19010 diff changeset	413
18984 2b4150624cf2 - Add purple_certificate_pool_mkpath helper function William Ehlhardt <williamehlhardt@gmail.com> parents: 18982 diff changeset	414 gchar *
2b4150624cf2 - Add purple_certificate_pool_mkpath helper function William Ehlhardt <williamehlhardt@gmail.com> parents: 18982 diff changeset	415 purple_certificate_pool_mkpath(PurpleCertificatePool pool, const gchar id)
2b4150624cf2 - Add purple_certificate_pool_mkpath helper function William Ehlhardt <williamehlhardt@gmail.com> parents: 18982 diff changeset	416 {
19010 0d4b84820390 - Fix overzealous escaping cause by ancestor revision William Ehlhardt <williamehlhardt@gmail.com> parents: 19009 diff changeset	417 gchar *path;
0d4b84820390 - Fix overzealous escaping cause by ancestor revision William Ehlhardt <williamehlhardt@gmail.com> parents: 19009 diff changeset	418 gchar esc_scheme_name, esc_name, *esc_id;
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	419
18984 2b4150624cf2 - Add purple_certificate_pool_mkpath helper function William Ehlhardt <williamehlhardt@gmail.com> parents: 18982 diff changeset	420 g_return_val_if_fail(pool, NULL);
2b4150624cf2 - Add purple_certificate_pool_mkpath helper function William Ehlhardt <williamehlhardt@gmail.com> parents: 18982 diff changeset	421 g_return_val_if_fail(pool->scheme_name, NULL);
2b4150624cf2 - Add purple_certificate_pool_mkpath helper function William Ehlhardt <williamehlhardt@gmail.com> parents: 18982 diff changeset	422 g_return_val_if_fail(pool->name, NULL);
2b4150624cf2 - Add purple_certificate_pool_mkpath helper function William Ehlhardt <williamehlhardt@gmail.com> parents: 18982 diff changeset	423
19010 0d4b84820390 - Fix overzealous escaping cause by ancestor revision William Ehlhardt <williamehlhardt@gmail.com> parents: 19009 diff changeset	424 /* Escape all the elements for filesystem-friendliness */
19033 6b4e874e47c1 - Handle NULLs given to certificate_pool_mkpath without causing errors William Ehlhardt <williamehlhardt@gmail.com> parents: 19027 diff changeset	425 esc_scheme_name = pool ? g_strdup(purple_escape_filename(pool->scheme_name)) : NULL;
6b4e874e47c1 - Handle NULLs given to certificate_pool_mkpath without causing errors William Ehlhardt <williamehlhardt@gmail.com> parents: 19027 diff changeset	426 esc_name = pool ? g_strdup(purple_escape_filename(pool->name)) : NULL;
6b4e874e47c1 - Handle NULLs given to certificate_pool_mkpath without causing errors William Ehlhardt <williamehlhardt@gmail.com> parents: 19027 diff changeset	427 esc_id = id ? g_strdup(purple_escape_filename(id)) : NULL;
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	428
18984 2b4150624cf2 - Add purple_certificate_pool_mkpath helper function William Ehlhardt <williamehlhardt@gmail.com> parents: 18982 diff changeset	429 path = g_build_filename(purple_user_dir(),
18986 dfd9f883b774 - Correct the certstore folder paths William Ehlhardt <williamehlhardt@gmail.com> parents: 18985 diff changeset	430 "certificates", /* TODO: constantize this? */
19010 0d4b84820390 - Fix overzealous escaping cause by ancestor revision William Ehlhardt <williamehlhardt@gmail.com> parents: 19009 diff changeset	431 esc_scheme_name,
0d4b84820390 - Fix overzealous escaping cause by ancestor revision William Ehlhardt <williamehlhardt@gmail.com> parents: 19009 diff changeset	432 esc_name,
0d4b84820390 - Fix overzealous escaping cause by ancestor revision William Ehlhardt <williamehlhardt@gmail.com> parents: 19009 diff changeset	433 esc_id,
18984 2b4150624cf2 - Add purple_certificate_pool_mkpath helper function William Ehlhardt <williamehlhardt@gmail.com> parents: 18982 diff changeset	434 NULL);
19009 b64aa0222a7a - pool_mkpath now runs purple_escape_filename on its return value William Ehlhardt <williamehlhardt@gmail.com> parents: 19008 diff changeset	435
19010 0d4b84820390 - Fix overzealous escaping cause by ancestor revision William Ehlhardt <williamehlhardt@gmail.com> parents: 19009 diff changeset	436 g_free(esc_scheme_name);
0d4b84820390 - Fix overzealous escaping cause by ancestor revision William Ehlhardt <williamehlhardt@gmail.com> parents: 19009 diff changeset	437 g_free(esc_name);
0d4b84820390 - Fix overzealous escaping cause by ancestor revision William Ehlhardt <williamehlhardt@gmail.com> parents: 19009 diff changeset	438 g_free(esc_id);
0d4b84820390 - Fix overzealous escaping cause by ancestor revision William Ehlhardt <williamehlhardt@gmail.com> parents: 19009 diff changeset	439 return path;
18984 2b4150624cf2 - Add purple_certificate_pool_mkpath helper function William Ehlhardt <williamehlhardt@gmail.com> parents: 18982 diff changeset	440 }
2b4150624cf2 - Add purple_certificate_pool_mkpath helper function William Ehlhardt <williamehlhardt@gmail.com> parents: 18982 diff changeset	441
18995 47b06daea9d1 - Add pool retrieve, contains, and store functions to certificate API William Ehlhardt <williamehlhardt@gmail.com> parents: 18993 diff changeset	442 gboolean
19034 8b627694bf4a - Add purple_certificate_pool_usable to check whether a pool's William Ehlhardt <williamehlhardt@gmail.com> parents: 19033 diff changeset	443 purple_certificate_pool_usable(PurpleCertificatePool *pool)
8b627694bf4a - Add purple_certificate_pool_usable to check whether a pool's William Ehlhardt <williamehlhardt@gmail.com> parents: 19033 diff changeset	444 {
8b627694bf4a - Add purple_certificate_pool_usable to check whether a pool's William Ehlhardt <williamehlhardt@gmail.com> parents: 19033 diff changeset	445 g_return_val_if_fail(pool, FALSE);
8b627694bf4a - Add purple_certificate_pool_usable to check whether a pool's William Ehlhardt <williamehlhardt@gmail.com> parents: 19033 diff changeset	446 g_return_val_if_fail(pool->scheme_name, FALSE);
8b627694bf4a - Add purple_certificate_pool_usable to check whether a pool's William Ehlhardt <williamehlhardt@gmail.com> parents: 19033 diff changeset	447
8b627694bf4a - Add purple_certificate_pool_usable to check whether a pool's William Ehlhardt <williamehlhardt@gmail.com> parents: 19033 diff changeset	448 /* Check that the pool's scheme is loaded */
8b627694bf4a - Add purple_certificate_pool_usable to check whether a pool's William Ehlhardt <williamehlhardt@gmail.com> parents: 19033 diff changeset	449 if (purple_certificate_find_scheme(pool->scheme_name) == NULL) {
8b627694bf4a - Add purple_certificate_pool_usable to check whether a pool's William Ehlhardt <williamehlhardt@gmail.com> parents: 19033 diff changeset	450 return FALSE;
8b627694bf4a - Add purple_certificate_pool_usable to check whether a pool's William Ehlhardt <williamehlhardt@gmail.com> parents: 19033 diff changeset	451 }
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	452
19034 8b627694bf4a - Add purple_certificate_pool_usable to check whether a pool's William Ehlhardt <williamehlhardt@gmail.com> parents: 19033 diff changeset	453 return TRUE;
8b627694bf4a - Add purple_certificate_pool_usable to check whether a pool's William Ehlhardt <williamehlhardt@gmail.com> parents: 19033 diff changeset	454 }
8b627694bf4a - Add purple_certificate_pool_usable to check whether a pool's William Ehlhardt <williamehlhardt@gmail.com> parents: 19033 diff changeset	455
19060 c79b54f03f9d - Add purple_certificate_pool_get_scheme helper function William Ehlhardt <williamehlhardt@gmail.com> parents: 19050 diff changeset	456 PurpleCertificateScheme *
c79b54f03f9d - Add purple_certificate_pool_get_scheme helper function William Ehlhardt <williamehlhardt@gmail.com> parents: 19050 diff changeset	457 purple_certificate_pool_get_scheme(PurpleCertificatePool *pool)
c79b54f03f9d - Add purple_certificate_pool_get_scheme helper function William Ehlhardt <williamehlhardt@gmail.com> parents: 19050 diff changeset	458 {
c79b54f03f9d - Add purple_certificate_pool_get_scheme helper function William Ehlhardt <williamehlhardt@gmail.com> parents: 19050 diff changeset	459 g_return_val_if_fail(pool, NULL);
c79b54f03f9d - Add purple_certificate_pool_get_scheme helper function William Ehlhardt <williamehlhardt@gmail.com> parents: 19050 diff changeset	460 g_return_val_if_fail(pool->scheme_name, NULL);
c79b54f03f9d - Add purple_certificate_pool_get_scheme helper function William Ehlhardt <williamehlhardt@gmail.com> parents: 19050 diff changeset	461
c79b54f03f9d - Add purple_certificate_pool_get_scheme helper function William Ehlhardt <williamehlhardt@gmail.com> parents: 19050 diff changeset	462 return purple_certificate_find_scheme(pool->scheme_name);
c79b54f03f9d - Add purple_certificate_pool_get_scheme helper function William Ehlhardt <williamehlhardt@gmail.com> parents: 19050 diff changeset	463 }
c79b54f03f9d - Add purple_certificate_pool_get_scheme helper function William Ehlhardt <williamehlhardt@gmail.com> parents: 19050 diff changeset	464
19034 8b627694bf4a - Add purple_certificate_pool_usable to check whether a pool's William Ehlhardt <williamehlhardt@gmail.com> parents: 19033 diff changeset	465 gboolean
18995 47b06daea9d1 - Add pool retrieve, contains, and store functions to certificate API William Ehlhardt <williamehlhardt@gmail.com> parents: 18993 diff changeset	466 purple_certificate_pool_contains(PurpleCertificatePool pool, const gchar id)
47b06daea9d1 - Add pool retrieve, contains, and store functions to certificate API William Ehlhardt <williamehlhardt@gmail.com> parents: 18993 diff changeset	467 {
47b06daea9d1 - Add pool retrieve, contains, and store functions to certificate API William Ehlhardt <williamehlhardt@gmail.com> parents: 18993 diff changeset	468 g_return_val_if_fail(pool, FALSE);
47b06daea9d1 - Add pool retrieve, contains, and store functions to certificate API William Ehlhardt <williamehlhardt@gmail.com> parents: 18993 diff changeset	469 g_return_val_if_fail(id, FALSE);
47b06daea9d1 - Add pool retrieve, contains, and store functions to certificate API William Ehlhardt <williamehlhardt@gmail.com> parents: 18993 diff changeset	470 g_return_val_if_fail(pool->cert_in_pool, FALSE);
47b06daea9d1 - Add pool retrieve, contains, and store functions to certificate API William Ehlhardt <williamehlhardt@gmail.com> parents: 18993 diff changeset	471
47b06daea9d1 - Add pool retrieve, contains, and store functions to certificate API William Ehlhardt <williamehlhardt@gmail.com> parents: 18993 diff changeset	472 return (pool->cert_in_pool)(id);
47b06daea9d1 - Add pool retrieve, contains, and store functions to certificate API William Ehlhardt <williamehlhardt@gmail.com> parents: 18993 diff changeset	473 }
47b06daea9d1 - Add pool retrieve, contains, and store functions to certificate API William Ehlhardt <williamehlhardt@gmail.com> parents: 18993 diff changeset	474
47b06daea9d1 - Add pool retrieve, contains, and store functions to certificate API William Ehlhardt <williamehlhardt@gmail.com> parents: 18993 diff changeset	475 PurpleCertificate *
47b06daea9d1 - Add pool retrieve, contains, and store functions to certificate API William Ehlhardt <williamehlhardt@gmail.com> parents: 18993 diff changeset	476 purple_certificate_pool_retrieve(PurpleCertificatePool pool, const gchar id)
47b06daea9d1 - Add pool retrieve, contains, and store functions to certificate API William Ehlhardt <williamehlhardt@gmail.com> parents: 18993 diff changeset	477 {
47b06daea9d1 - Add pool retrieve, contains, and store functions to certificate API William Ehlhardt <williamehlhardt@gmail.com> parents: 18993 diff changeset	478 g_return_val_if_fail(pool, NULL);
47b06daea9d1 - Add pool retrieve, contains, and store functions to certificate API William Ehlhardt <williamehlhardt@gmail.com> parents: 18993 diff changeset	479 g_return_val_if_fail(id, NULL);
47b06daea9d1 - Add pool retrieve, contains, and store functions to certificate API William Ehlhardt <williamehlhardt@gmail.com> parents: 18993 diff changeset	480 g_return_val_if_fail(pool->get_cert, NULL);
47b06daea9d1 - Add pool retrieve, contains, and store functions to certificate API William Ehlhardt <williamehlhardt@gmail.com> parents: 18993 diff changeset	481
47b06daea9d1 - Add pool retrieve, contains, and store functions to certificate API William Ehlhardt <williamehlhardt@gmail.com> parents: 18993 diff changeset	482 return (pool->get_cert)(id);
47b06daea9d1 - Add pool retrieve, contains, and store functions to certificate API William Ehlhardt <williamehlhardt@gmail.com> parents: 18993 diff changeset	483 }
47b06daea9d1 - Add pool retrieve, contains, and store functions to certificate API William Ehlhardt <williamehlhardt@gmail.com> parents: 18993 diff changeset	484
47b06daea9d1 - Add pool retrieve, contains, and store functions to certificate API William Ehlhardt <williamehlhardt@gmail.com> parents: 18993 diff changeset	485 gboolean
47b06daea9d1 - Add pool retrieve, contains, and store functions to certificate API William Ehlhardt <williamehlhardt@gmail.com> parents: 18993 diff changeset	486 purple_certificate_pool_store(PurpleCertificatePool pool, const gchar id, PurpleCertificate *crt)
47b06daea9d1 - Add pool retrieve, contains, and store functions to certificate API William Ehlhardt <williamehlhardt@gmail.com> parents: 18993 diff changeset	487 {
19046 8599a27ad69c - Emit certificate-stored signal in purple_certificate_pool_store William Ehlhardt <williamehlhardt@gmail.com> parents: 19044 diff changeset	488 gboolean ret = FALSE;
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	489
18995 47b06daea9d1 - Add pool retrieve, contains, and store functions to certificate API William Ehlhardt <williamehlhardt@gmail.com> parents: 18993 diff changeset	490 g_return_val_if_fail(pool, FALSE);
47b06daea9d1 - Add pool retrieve, contains, and store functions to certificate API William Ehlhardt <williamehlhardt@gmail.com> parents: 18993 diff changeset	491 g_return_val_if_fail(id, FALSE);
47b06daea9d1 - Add pool retrieve, contains, and store functions to certificate API William Ehlhardt <williamehlhardt@gmail.com> parents: 18993 diff changeset	492 g_return_val_if_fail(pool->put_cert, FALSE);
47b06daea9d1 - Add pool retrieve, contains, and store functions to certificate API William Ehlhardt <williamehlhardt@gmail.com> parents: 18993 diff changeset	493
18996 24fc5ca67afc - Do some weak checking to ensure that you don't attempt to store a William Ehlhardt <williamehlhardt@gmail.com> parents: 18995 diff changeset	494 /* Whether crt->scheme matches find_scheme(pool->scheme_name) is not
24fc5ca67afc - Do some weak checking to ensure that you don't attempt to store a William Ehlhardt <williamehlhardt@gmail.com> parents: 18995 diff changeset	495 relevant... I think... */
24fc5ca67afc - Do some weak checking to ensure that you don't attempt to store a William Ehlhardt <williamehlhardt@gmail.com> parents: 18995 diff changeset	496 g_return_val_if_fail(
24fc5ca67afc - Do some weak checking to ensure that you don't attempt to store a William Ehlhardt <williamehlhardt@gmail.com> parents: 18995 diff changeset	497 g_ascii_strcasecmp(pool->scheme_name, crt->scheme->name) == 0,
24fc5ca67afc - Do some weak checking to ensure that you don't attempt to store a William Ehlhardt <williamehlhardt@gmail.com> parents: 18995 diff changeset	498 FALSE);
18995 47b06daea9d1 - Add pool retrieve, contains, and store functions to certificate API William Ehlhardt <williamehlhardt@gmail.com> parents: 18993 diff changeset	499
19046 8599a27ad69c - Emit certificate-stored signal in purple_certificate_pool_store William Ehlhardt <williamehlhardt@gmail.com> parents: 19044 diff changeset	500 ret = (pool->put_cert)(id, crt);
8599a27ad69c - Emit certificate-stored signal in purple_certificate_pool_store William Ehlhardt <williamehlhardt@gmail.com> parents: 19044 diff changeset	501
19050 c563b8f84aa0 - Only emit certificate-stored and certificate-deleted if the operation William Ehlhardt <williamehlhardt@gmail.com> parents: 19049 diff changeset	502 /* Signal that the certificate was stored if success*/
c563b8f84aa0 - Only emit certificate-stored and certificate-deleted if the operation William Ehlhardt <williamehlhardt@gmail.com> parents: 19049 diff changeset	503 if (ret) {
c563b8f84aa0 - Only emit certificate-stored and certificate-deleted if the operation William Ehlhardt <williamehlhardt@gmail.com> parents: 19049 diff changeset	504 purple_signal_emit(pool, "certificate-stored",
c563b8f84aa0 - Only emit certificate-stored and certificate-deleted if the operation William Ehlhardt <williamehlhardt@gmail.com> parents: 19049 diff changeset	505 pool, id);
c563b8f84aa0 - Only emit certificate-stored and certificate-deleted if the operation William Ehlhardt <williamehlhardt@gmail.com> parents: 19049 diff changeset	506 }
19046 8599a27ad69c - Emit certificate-stored signal in purple_certificate_pool_store William Ehlhardt <williamehlhardt@gmail.com> parents: 19044 diff changeset	507
8599a27ad69c - Emit certificate-stored signal in purple_certificate_pool_store William Ehlhardt <williamehlhardt@gmail.com> parents: 19044 diff changeset	508 return ret;
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	509 }
18984 2b4150624cf2 - Add purple_certificate_pool_mkpath helper function William Ehlhardt <williamehlhardt@gmail.com> parents: 18982 diff changeset	510
19049 8cbc110456ac - Add purple_certificate_pool_delete William Ehlhardt <williamehlhardt@gmail.com> parents: 19048 diff changeset	511 gboolean
8cbc110456ac - Add purple_certificate_pool_delete William Ehlhardt <williamehlhardt@gmail.com> parents: 19048 diff changeset	512 purple_certificate_pool_delete(PurpleCertificatePool pool, const gchar id)
8cbc110456ac - Add purple_certificate_pool_delete William Ehlhardt <williamehlhardt@gmail.com> parents: 19048 diff changeset	513 {
8cbc110456ac - Add purple_certificate_pool_delete William Ehlhardt <williamehlhardt@gmail.com> parents: 19048 diff changeset	514 gboolean ret = FALSE;
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	515
19049 8cbc110456ac - Add purple_certificate_pool_delete William Ehlhardt <williamehlhardt@gmail.com> parents: 19048 diff changeset	516 g_return_val_if_fail(pool, FALSE);
8cbc110456ac - Add purple_certificate_pool_delete William Ehlhardt <williamehlhardt@gmail.com> parents: 19048 diff changeset	517 g_return_val_if_fail(id, FALSE);
8cbc110456ac - Add purple_certificate_pool_delete William Ehlhardt <williamehlhardt@gmail.com> parents: 19048 diff changeset	518 g_return_val_if_fail(pool->delete_cert, FALSE);
8cbc110456ac - Add purple_certificate_pool_delete William Ehlhardt <williamehlhardt@gmail.com> parents: 19048 diff changeset	519
8cbc110456ac - Add purple_certificate_pool_delete William Ehlhardt <williamehlhardt@gmail.com> parents: 19048 diff changeset	520 ret = (pool->delete_cert)(id);
8cbc110456ac - Add purple_certificate_pool_delete William Ehlhardt <williamehlhardt@gmail.com> parents: 19048 diff changeset	521
19050 c563b8f84aa0 - Only emit certificate-stored and certificate-deleted if the operation William Ehlhardt <williamehlhardt@gmail.com> parents: 19049 diff changeset	522 /* Signal that the certificate was deleted if success */
c563b8f84aa0 - Only emit certificate-stored and certificate-deleted if the operation William Ehlhardt <williamehlhardt@gmail.com> parents: 19049 diff changeset	523 if (ret) {
c563b8f84aa0 - Only emit certificate-stored and certificate-deleted if the operation William Ehlhardt <williamehlhardt@gmail.com> parents: 19049 diff changeset	524 purple_signal_emit(pool, "certificate-deleted",
c563b8f84aa0 - Only emit certificate-stored and certificate-deleted if the operation William Ehlhardt <williamehlhardt@gmail.com> parents: 19049 diff changeset	525 pool, id);
c563b8f84aa0 - Only emit certificate-stored and certificate-deleted if the operation William Ehlhardt <williamehlhardt@gmail.com> parents: 19049 diff changeset	526 }
19049 8cbc110456ac - Add purple_certificate_pool_delete William Ehlhardt <williamehlhardt@gmail.com> parents: 19048 diff changeset	527
8cbc110456ac - Add purple_certificate_pool_delete William Ehlhardt <williamehlhardt@gmail.com> parents: 19048 diff changeset	528 return ret;
8cbc110456ac - Add purple_certificate_pool_delete William Ehlhardt <williamehlhardt@gmail.com> parents: 19048 diff changeset	529 }
8cbc110456ac - Add purple_certificate_pool_delete William Ehlhardt <williamehlhardt@gmail.com> parents: 19048 diff changeset	530
19026 b3acaf46d9ad - Add pool_get_idlist / pool_destroy_idlist William Ehlhardt <williamehlhardt@gmail.com> parents: 19024 diff changeset	531 GList *
b3acaf46d9ad - Add pool_get_idlist / pool_destroy_idlist William Ehlhardt <williamehlhardt@gmail.com> parents: 19024 diff changeset	532 purple_certificate_pool_get_idlist(PurpleCertificatePool *pool)
b3acaf46d9ad - Add pool_get_idlist / pool_destroy_idlist William Ehlhardt <williamehlhardt@gmail.com> parents: 19024 diff changeset	533 {
b3acaf46d9ad - Add pool_get_idlist / pool_destroy_idlist William Ehlhardt <williamehlhardt@gmail.com> parents: 19024 diff changeset	534 g_return_val_if_fail(pool, NULL);
b3acaf46d9ad - Add pool_get_idlist / pool_destroy_idlist William Ehlhardt <williamehlhardt@gmail.com> parents: 19024 diff changeset	535 g_return_val_if_fail(pool->get_idlist, NULL);
b3acaf46d9ad - Add pool_get_idlist / pool_destroy_idlist William Ehlhardt <williamehlhardt@gmail.com> parents: 19024 diff changeset	536
b3acaf46d9ad - Add pool_get_idlist / pool_destroy_idlist William Ehlhardt <williamehlhardt@gmail.com> parents: 19024 diff changeset	537 return (pool->get_idlist)();
b3acaf46d9ad - Add pool_get_idlist / pool_destroy_idlist William Ehlhardt <williamehlhardt@gmail.com> parents: 19024 diff changeset	538 }
b3acaf46d9ad - Add pool_get_idlist / pool_destroy_idlist William Ehlhardt <williamehlhardt@gmail.com> parents: 19024 diff changeset	539
b3acaf46d9ad - Add pool_get_idlist / pool_destroy_idlist William Ehlhardt <williamehlhardt@gmail.com> parents: 19024 diff changeset	540 void
b3acaf46d9ad - Add pool_get_idlist / pool_destroy_idlist William Ehlhardt <williamehlhardt@gmail.com> parents: 19024 diff changeset	541 purple_certificate_pool_destroy_idlist(GList *idlist)
b3acaf46d9ad - Add pool_get_idlist / pool_destroy_idlist William Ehlhardt <williamehlhardt@gmail.com> parents: 19024 diff changeset	542 {
b3acaf46d9ad - Add pool_get_idlist / pool_destroy_idlist William Ehlhardt <williamehlhardt@gmail.com> parents: 19024 diff changeset	543 GList *l;
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	544
19026 b3acaf46d9ad - Add pool_get_idlist / pool_destroy_idlist William Ehlhardt <williamehlhardt@gmail.com> parents: 19024 diff changeset	545 /* Iterate through and free them strings */
b3acaf46d9ad - Add pool_get_idlist / pool_destroy_idlist William Ehlhardt <williamehlhardt@gmail.com> parents: 19024 diff changeset	546 for ( l = idlist; l; l = l->next ) {
b3acaf46d9ad - Add pool_get_idlist / pool_destroy_idlist William Ehlhardt <williamehlhardt@gmail.com> parents: 19024 diff changeset	547 g_free(l->data);
b3acaf46d9ad - Add pool_get_idlist / pool_destroy_idlist William Ehlhardt <williamehlhardt@gmail.com> parents: 19024 diff changeset	548 }
b3acaf46d9ad - Add pool_get_idlist / pool_destroy_idlist William Ehlhardt <williamehlhardt@gmail.com> parents: 19024 diff changeset	549
b3acaf46d9ad - Add pool_get_idlist / pool_destroy_idlist William Ehlhardt <williamehlhardt@gmail.com> parents: 19024 diff changeset	550 g_list_free(idlist);
b3acaf46d9ad - Add pool_get_idlist / pool_destroy_idlist William Ehlhardt <williamehlhardt@gmail.com> parents: 19024 diff changeset	551 }
b3acaf46d9ad - Add pool_get_idlist / pool_destroy_idlist William Ehlhardt <williamehlhardt@gmail.com> parents: 19024 diff changeset	552
b3acaf46d9ad - Add pool_get_idlist / pool_destroy_idlist William Ehlhardt <williamehlhardt@gmail.com> parents: 19024 diff changeset	553
18953 89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	554 /****************************************************************************/
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	555 /* Builtin Verifiers, Pools, etc. */
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	556 /****************************************************************************/
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	557
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	558 static void
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	559 x509_singleuse_verify_cb (PurpleCertificateVerificationRequest *vrq, gint id)
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	560 {
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	561 g_return_if_fail(vrq);
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	562
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	563 purple_debug_info("certificate/x509_singleuse",
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	564 "VRQ on cert from %s gave %d\n",
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	565 vrq->subject_name, id);
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	566
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	567 /* Signal what happened back to the caller */
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	568 if (1 == id) {
18953 89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	569 /* Accepted! */
19091 489889091b14 - Remove all usage of purple_certificate_verify_destroy, as it is William Ehlhardt <williamehlhardt@gmail.com> parents: 19090 diff changeset	570 purple_certificate_verify_complete(vrq,
489889091b14 - Remove all usage of purple_certificate_verify_destroy, as it is William Ehlhardt <williamehlhardt@gmail.com> parents: 19090 diff changeset	571 PURPLE_CERTIFICATE_VALID);
18953 89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	572 } else {
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	573 /* Not accepted */
19091 489889091b14 - Remove all usage of purple_certificate_verify_destroy, as it is William Ehlhardt <williamehlhardt@gmail.com> parents: 19090 diff changeset	574 purple_certificate_verify_complete(vrq,
489889091b14 - Remove all usage of purple_certificate_verify_destroy, as it is William Ehlhardt <williamehlhardt@gmail.com> parents: 19090 diff changeset	575 PURPLE_CERTIFICATE_INVALID);
18953 89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	576
19091 489889091b14 - Remove all usage of purple_certificate_verify_destroy, as it is William Ehlhardt <williamehlhardt@gmail.com> parents: 19090 diff changeset	577 }
18953 89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	578 }
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	579
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	580 static void
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	581 x509_singleuse_start_verify (PurpleCertificateVerificationRequest *vrq)
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	582 {
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	583 gchar *sha_asc;
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	584 GByteArray *sha_bin;
18964 7b03727b10b4 - x509_singleuse uses the subject_name field...somewhat William Ehlhardt <williamehlhardt@gmail.com> parents: 18962 diff changeset	585 gchar *cn;
7b03727b10b4 - x509_singleuse uses the subject_name field...somewhat William Ehlhardt <williamehlhardt@gmail.com> parents: 18962 diff changeset	586 const gchar *cn_match;
18953 89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	587 gchar primary, secondary;
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	588 PurpleCertificate crt = (PurpleCertificate ) vrq->cert_chain->data;
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	589
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	590 /* Pull out the SHA1 checksum */
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	591 sha_bin = purple_certificate_get_fingerprint_sha1(crt);
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	592 /* Now decode it for display */
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	593 sha_asc = purple_base16_encode_chunked(sha_bin->data,
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	594 sha_bin->len);
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	595
18964 7b03727b10b4 - x509_singleuse uses the subject_name field...somewhat William Ehlhardt <williamehlhardt@gmail.com> parents: 18962 diff changeset	596 /* Get the cert Common Name */
7b03727b10b4 - x509_singleuse uses the subject_name field...somewhat William Ehlhardt <williamehlhardt@gmail.com> parents: 18962 diff changeset	597 cn = purple_certificate_get_subject_name(crt);
7b03727b10b4 - x509_singleuse uses the subject_name field...somewhat William Ehlhardt <williamehlhardt@gmail.com> parents: 18962 diff changeset	598
7b03727b10b4 - x509_singleuse uses the subject_name field...somewhat William Ehlhardt <williamehlhardt@gmail.com> parents: 18962 diff changeset	599 /* Determine whether the name matches */
19496 004c3e257bd0 - Even more TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19495 diff changeset	600 if (purple_certificate_check_subject_name(crt, vrq->subject_name)) {
20270 d94432a338ab Translating the empty string is a bad idea. Richard Laager <rlaager@wiktel.com> parents: 20248 diff changeset	601 cn_match = "";
18964 7b03727b10b4 - x509_singleuse uses the subject_name field...somewhat William Ehlhardt <williamehlhardt@gmail.com> parents: 18962 diff changeset	602 } else {
7b03727b10b4 - x509_singleuse uses the subject_name field...somewhat William Ehlhardt <williamehlhardt@gmail.com> parents: 18962 diff changeset	603 cn_match = _("(DOES NOT MATCH)");
7b03727b10b4 - x509_singleuse uses the subject_name field...somewhat William Ehlhardt <williamehlhardt@gmail.com> parents: 18962 diff changeset	604 }
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	605
18953 89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	606 /* Make messages */
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	607 primary = g_strdup_printf(_("%s has presented the following certificate for just-this-once use:"), vrq->subject_name);
18964 7b03727b10b4 - x509_singleuse uses the subject_name field...somewhat William Ehlhardt <williamehlhardt@gmail.com> parents: 18962 diff changeset	608 secondary = g_strdup_printf(_("Common name: %s %s\nFingerprint (SHA1): %s"), cn, cn_match, sha_asc);
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	609
18953 89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	610 /* Make a semi-pretty display */
21099 51cf02dbdb0e disapproval of revision 'c484d979c4fda4433a9633ff8b69bd8a395c9479' Richard Laager <rlaager@wiktel.com> parents: 21095 diff changeset	611 purple_request_accept_cancel(
18953 89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	612 vrq->cb_data, /* TODO: Find what the handle ought to be */
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	613 _("Single-use Certificate Verification"),
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	614 primary,
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	615 secondary,
22143 70fc60344317 A few more of those "default_action" fixes Mark Doliner <mark@kingant.net> parents: 22142 diff changeset	616 0, /* Accept by default */
18953 89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	617 NULL, /* No account */
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	618 NULL, /* No other user */
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	619 NULL, /* No associated conversation */
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	620 vrq,
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	621 x509_singleuse_verify_cb,
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	622 x509_singleuse_verify_cb );
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	623
18953 89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	624 /* Cleanup */
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	625 g_free(primary);
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	626 g_free(secondary);
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	627 g_free(sha_asc);
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	628 g_byte_array_free(sha_bin, TRUE);
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	629 }
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	630
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	631 static void
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	632 x509_singleuse_destroy_request (PurpleCertificateVerificationRequest *vrq)
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	633 {
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	634 /* I don't do anything! */
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	635 }
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	636
22593 54e5371a6d5d Make x509_singleuse static Stu Tomlinson <stu@nosnilmot.com> parents: 22486 diff changeset	637 static PurpleCertificateVerifier x509_singleuse = {
18953 89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	638 "x509", /* Scheme name */
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	639 "singleuse", /* Verifier name */
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	640 x509_singleuse_start_verify, /* start_verification function */
19649 450f4a3c4c0f - Add purple_reserved fields to various structures. William Ehlhardt <williamehlhardt@gmail.com> parents: 19564 diff changeset	641 x509_singleuse_destroy_request, /* Request cleanup operation */
450f4a3c4c0f - Add purple_reserved fields to various structures. William Ehlhardt <williamehlhardt@gmail.com> parents: 19564 diff changeset	642
450f4a3c4c0f - Add purple_reserved fields to various structures. William Ehlhardt <williamehlhardt@gmail.com> parents: 19564 diff changeset	643 NULL,
450f4a3c4c0f - Add purple_reserved fields to various structures. William Ehlhardt <williamehlhardt@gmail.com> parents: 19564 diff changeset	644 NULL,
450f4a3c4c0f - Add purple_reserved fields to various structures. William Ehlhardt <williamehlhardt@gmail.com> parents: 19564 diff changeset	645 NULL,
450f4a3c4c0f - Add purple_reserved fields to various structures. William Ehlhardt <williamehlhardt@gmail.com> parents: 19564 diff changeset	646 NULL
18953 89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	647 };
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	648
89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	649
18975 172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons William Ehlhardt <williamehlhardt@gmail.com> parents: 18973 diff changeset	650
19093 f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	651 /*** X.509 Certificate Authority pool, keyed by Distinguished Name ***/
19094 dd9f69ebaae8 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19093 diff changeset	652 /* This is implemented in what may be the most inefficient and bugprone way
dd9f69ebaae8 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19093 diff changeset	653 possible; however, future optimizations should not be difficult. */
dd9f69ebaae8 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19093 diff changeset	654
19093 f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	655 static PurpleCertificatePool x509_ca;
18975 172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons William Ehlhardt <williamehlhardt@gmail.com> parents: 18973 diff changeset	656
19094 dd9f69ebaae8 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19093 diff changeset	657 /** Holds a key-value pair for quickish certificate lookup */
dd9f69ebaae8 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19093 diff changeset	658 typedef struct {
dd9f69ebaae8 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19093 diff changeset	659 gchar *dn;
dd9f69ebaae8 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19093 diff changeset	660 PurpleCertificate *crt;
dd9f69ebaae8 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19093 diff changeset	661 } x509_ca_element;
dd9f69ebaae8 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19093 diff changeset	662
19207 8926e15873ca - Add a helper function to destroy x509_ca_elements, and use it where William Ehlhardt <williamehlhardt@gmail.com> parents: 19206 diff changeset	663 static void
8926e15873ca - Add a helper function to destroy x509_ca_elements, and use it where William Ehlhardt <williamehlhardt@gmail.com> parents: 19206 diff changeset	664 x509_ca_element_free(x509_ca_element *el)
8926e15873ca - Add a helper function to destroy x509_ca_elements, and use it where William Ehlhardt <williamehlhardt@gmail.com> parents: 19206 diff changeset	665 {
8926e15873ca - Add a helper function to destroy x509_ca_elements, and use it where William Ehlhardt <williamehlhardt@gmail.com> parents: 19206 diff changeset	666 if (NULL == el) return;
8926e15873ca - Add a helper function to destroy x509_ca_elements, and use it where William Ehlhardt <williamehlhardt@gmail.com> parents: 19206 diff changeset	667
8926e15873ca - Add a helper function to destroy x509_ca_elements, and use it where William Ehlhardt <williamehlhardt@gmail.com> parents: 19206 diff changeset	668 g_free(el->dn);
8926e15873ca - Add a helper function to destroy x509_ca_elements, and use it where William Ehlhardt <williamehlhardt@gmail.com> parents: 19206 diff changeset	669 purple_certificate_destroy(el->crt);
8926e15873ca - Add a helper function to destroy x509_ca_elements, and use it where William Ehlhardt <williamehlhardt@gmail.com> parents: 19206 diff changeset	670 g_free(el);
8926e15873ca - Add a helper function to destroy x509_ca_elements, and use it where William Ehlhardt <williamehlhardt@gmail.com> parents: 19206 diff changeset	671 }
8926e15873ca - Add a helper function to destroy x509_ca_elements, and use it where William Ehlhardt <williamehlhardt@gmail.com> parents: 19206 diff changeset	672
19094 dd9f69ebaae8 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19093 diff changeset	673 /** System directory to probe for CA certificates */
19271 c28e1afe691b In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19211 diff changeset	674 /* This is set in the lazy_init function */
21647 a57adf1de9cb Patch from Florian Qu��ze (the InstantBird dude) to add a search path for Sadrul Habib Chowdhury <imadil@gmail.com> parents: 21561 diff changeset	675 static GList *x509_ca_paths = NULL;
19094 dd9f69ebaae8 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19093 diff changeset	676
dd9f69ebaae8 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19093 diff changeset	677 /** A list of loaded CAs, populated from the above path whenever the lazy_init
dd9f69ebaae8 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19093 diff changeset	678 happens. Contains pointers to x509_ca_elements */
dd9f69ebaae8 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19093 diff changeset	679 static GList *x509_ca_certs = NULL;
dd9f69ebaae8 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19093 diff changeset	680
dd9f69ebaae8 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19093 diff changeset	681 /** Used for lazy initialization purposes. */
dd9f69ebaae8 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19093 diff changeset	682 static gboolean x509_ca_initialized = FALSE;
dd9f69ebaae8 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19093 diff changeset	683
19201 73d8dd2169c4 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19096 diff changeset	684 /** Adds a certificate to the in-memory cache, doing nothing else */
73d8dd2169c4 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19096 diff changeset	685 static gboolean
73d8dd2169c4 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19096 diff changeset	686 x509_ca_quiet_put_cert(PurpleCertificate *crt)
73d8dd2169c4 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19096 diff changeset	687 {
73d8dd2169c4 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19096 diff changeset	688 x509_ca_element *el;
73d8dd2169c4 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19096 diff changeset	689
73d8dd2169c4 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19096 diff changeset	690 /* lazy_init calls this function, so calling lazy_init here is a
73d8dd2169c4 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19096 diff changeset	691 Bad Thing */
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	692
19201 73d8dd2169c4 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19096 diff changeset	693 g_return_val_if_fail(crt, FALSE);
73d8dd2169c4 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19096 diff changeset	694 g_return_val_if_fail(crt->scheme, FALSE);
73d8dd2169c4 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19096 diff changeset	695 /* Make sure that this is some kind of X.509 certificate */
73d8dd2169c4 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19096 diff changeset	696 /* TODO: Perhaps just check crt->scheme->name instead? */
73d8dd2169c4 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19096 diff changeset	697 g_return_val_if_fail(crt->scheme == purple_certificate_find_scheme(x509_ca.scheme_name), FALSE);
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	698
19201 73d8dd2169c4 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19096 diff changeset	699 el = g_new0(x509_ca_element, 1);
73d8dd2169c4 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19096 diff changeset	700 el->dn = purple_certificate_get_unique_id(crt);
73d8dd2169c4 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19096 diff changeset	701 el->crt = purple_certificate_copy(crt);
73d8dd2169c4 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19096 diff changeset	702 x509_ca_certs = g_list_prepend(x509_ca_certs, el);
73d8dd2169c4 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19096 diff changeset	703
73d8dd2169c4 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19096 diff changeset	704 return TRUE;
73d8dd2169c4 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19096 diff changeset	705 }
73d8dd2169c4 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19096 diff changeset	706
19271 c28e1afe691b In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19211 diff changeset	707 /* Since the libpurple CertificatePools get registered before plugins are
c28e1afe691b In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19211 diff changeset	708 loaded, an X.509 Scheme is generally not available when x509_ca_init is
c28e1afe691b In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19211 diff changeset	709 called, but x509_ca requires X.509 operations in order to properly load.
c28e1afe691b In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19211 diff changeset	710
c28e1afe691b In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19211 diff changeset	711 To solve this, I present the lazy_init function. It attempts to finish
c28e1afe691b In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19211 diff changeset	712 initialization of the Pool, but it usually fails when it is called from
c28e1afe691b In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19211 diff changeset	713 x509_ca_init. However, this is OK; initialization is then simply deferred
c28e1afe691b In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19211 diff changeset	714 until someone tries to use functions from the pool. */
19094 dd9f69ebaae8 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19093 diff changeset	715 static gboolean
dd9f69ebaae8 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19093 diff changeset	716 x509_ca_lazy_init(void)
dd9f69ebaae8 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19093 diff changeset	717 {
19095 cd70e75f9a83 - x509_ca_lazy_init is more implemented William Ehlhardt <williamehlhardt@gmail.com> parents: 19094 diff changeset	718 PurpleCertificateScheme *x509;
19201 73d8dd2169c4 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19096 diff changeset	719 GDir *certdir;
73d8dd2169c4 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19096 diff changeset	720 const gchar *entry;
73d8dd2169c4 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19096 diff changeset	721 GPatternSpec *pempat;
21647 a57adf1de9cb Patch from Florian Qu��ze (the InstantBird dude) to add a search path for Sadrul Habib Chowdhury <imadil@gmail.com> parents: 21561 diff changeset	722 GList *iter = NULL;
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	723
19094 dd9f69ebaae8 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19093 diff changeset	724 if (x509_ca_initialized) return TRUE;
dd9f69ebaae8 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19093 diff changeset	725
19095 cd70e75f9a83 - x509_ca_lazy_init is more implemented William Ehlhardt <williamehlhardt@gmail.com> parents: 19094 diff changeset	726 /* Check that X.509 is registered */
cd70e75f9a83 - x509_ca_lazy_init is more implemented William Ehlhardt <williamehlhardt@gmail.com> parents: 19094 diff changeset	727 x509 = purple_certificate_find_scheme(x509_ca.scheme_name);
cd70e75f9a83 - x509_ca_lazy_init is more implemented William Ehlhardt <williamehlhardt@gmail.com> parents: 19094 diff changeset	728 if ( !x509 ) {
27231 627d23bfdb05 Increase the logging level of some debugging messages that seemed to be a mauro.brasil@tqi.com.br parents: 25941 diff changeset	729 purple_debug_warning("certificate/x509/ca",
19095 cd70e75f9a83 - x509_ca_lazy_init is more implemented William Ehlhardt <williamehlhardt@gmail.com> parents: 19094 diff changeset	730 "Lazy init failed because an X.509 Scheme "
cd70e75f9a83 - x509_ca_lazy_init is more implemented William Ehlhardt <williamehlhardt@gmail.com> parents: 19094 diff changeset	731 "is not yet registered. Maybe it will be "
cd70e75f9a83 - x509_ca_lazy_init is more implemented William Ehlhardt <williamehlhardt@gmail.com> parents: 19094 diff changeset	732 "better later.\n");
cd70e75f9a83 - x509_ca_lazy_init is more implemented William Ehlhardt <williamehlhardt@gmail.com> parents: 19094 diff changeset	733 return FALSE;
cd70e75f9a83 - x509_ca_lazy_init is more implemented William Ehlhardt <williamehlhardt@gmail.com> parents: 19094 diff changeset	734 }
cd70e75f9a83 - x509_ca_lazy_init is more implemented William Ehlhardt <williamehlhardt@gmail.com> parents: 19094 diff changeset	735
19201 73d8dd2169c4 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19096 diff changeset	736 /* Use a glob to only read .pem files */
73d8dd2169c4 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19096 diff changeset	737 pempat = g_pattern_spec_new("*.pem");
73d8dd2169c4 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19096 diff changeset	738
21647 a57adf1de9cb Patch from Florian Qu��ze (the InstantBird dude) to add a search path for Sadrul Habib Chowdhury <imadil@gmail.com> parents: 21561 diff changeset	739 /* Populate the certificates pool from the search path(s) */
a57adf1de9cb Patch from Florian Qu��ze (the InstantBird dude) to add a search path for Sadrul Habib Chowdhury <imadil@gmail.com> parents: 21561 diff changeset	740 for (iter = x509_ca_paths; iter; iter = iter->next) {
a57adf1de9cb Patch from Florian Qu��ze (the InstantBird dude) to add a search path for Sadrul Habib Chowdhury <imadil@gmail.com> parents: 21561 diff changeset	741 certdir = g_dir_open(iter->data, 0, NULL);
a57adf1de9cb Patch from Florian Qu��ze (the InstantBird dude) to add a search path for Sadrul Habib Chowdhury <imadil@gmail.com> parents: 21561 diff changeset	742 if (!certdir) {
22486 3225c99785b8 Fix a bunch of compiler warnings caused by my addition of G_GNUC_PRINTF() Mark Doliner <mark@kingant.net> parents: 22143 diff changeset	743 purple_debug_error("certificate/x509/ca", "Couldn't open location '%s'\n", (const char *)iter->data);
19201 73d8dd2169c4 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19096 diff changeset	744 continue;
73d8dd2169c4 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19096 diff changeset	745 }
19095 cd70e75f9a83 - x509_ca_lazy_init is more implemented William Ehlhardt <williamehlhardt@gmail.com> parents: 19094 diff changeset	746
21647 a57adf1de9cb Patch from Florian Qu��ze (the InstantBird dude) to add a search path for Sadrul Habib Chowdhury <imadil@gmail.com> parents: 21561 diff changeset	747 while ( (entry = g_dir_read_name(certdir)) ) {
a57adf1de9cb Patch from Florian Qu��ze (the InstantBird dude) to add a search path for Sadrul Habib Chowdhury <imadil@gmail.com> parents: 21561 diff changeset	748 gchar *fullpath;
a57adf1de9cb Patch from Florian Qu��ze (the InstantBird dude) to add a search path for Sadrul Habib Chowdhury <imadil@gmail.com> parents: 21561 diff changeset	749 PurpleCertificate *crt;
a57adf1de9cb Patch from Florian Qu��ze (the InstantBird dude) to add a search path for Sadrul Habib Chowdhury <imadil@gmail.com> parents: 21561 diff changeset	750
a57adf1de9cb Patch from Florian Qu��ze (the InstantBird dude) to add a search path for Sadrul Habib Chowdhury <imadil@gmail.com> parents: 21561 diff changeset	751 if ( !g_pattern_match_string(pempat, entry) ) {
a57adf1de9cb Patch from Florian Qu��ze (the InstantBird dude) to add a search path for Sadrul Habib Chowdhury <imadil@gmail.com> parents: 21561 diff changeset	752 continue;
a57adf1de9cb Patch from Florian Qu��ze (the InstantBird dude) to add a search path for Sadrul Habib Chowdhury <imadil@gmail.com> parents: 21561 diff changeset	753 }
a57adf1de9cb Patch from Florian Qu��ze (the InstantBird dude) to add a search path for Sadrul Habib Chowdhury <imadil@gmail.com> parents: 21561 diff changeset	754
a57adf1de9cb Patch from Florian Qu��ze (the InstantBird dude) to add a search path for Sadrul Habib Chowdhury <imadil@gmail.com> parents: 21561 diff changeset	755 fullpath = g_build_filename(iter->data, entry, NULL);
a57adf1de9cb Patch from Florian Qu��ze (the InstantBird dude) to add a search path for Sadrul Habib Chowdhury <imadil@gmail.com> parents: 21561 diff changeset	756
a57adf1de9cb Patch from Florian Qu��ze (the InstantBird dude) to add a search path for Sadrul Habib Chowdhury <imadil@gmail.com> parents: 21561 diff changeset	757 /* TODO: Respond to a failure in the following? */
a57adf1de9cb Patch from Florian Qu��ze (the InstantBird dude) to add a search path for Sadrul Habib Chowdhury <imadil@gmail.com> parents: 21561 diff changeset	758 crt = purple_certificate_import(x509, fullpath);
19201 73d8dd2169c4 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19096 diff changeset	759
21647 a57adf1de9cb Patch from Florian Qu��ze (the InstantBird dude) to add a search path for Sadrul Habib Chowdhury <imadil@gmail.com> parents: 21561 diff changeset	760 if (x509_ca_quiet_put_cert(crt)) {
a57adf1de9cb Patch from Florian Qu��ze (the InstantBird dude) to add a search path for Sadrul Habib Chowdhury <imadil@gmail.com> parents: 21561 diff changeset	761 purple_debug_info("certificate/x509/ca",
a57adf1de9cb Patch from Florian Qu��ze (the InstantBird dude) to add a search path for Sadrul Habib Chowdhury <imadil@gmail.com> parents: 21561 diff changeset	762 "Loaded %s\n",
a57adf1de9cb Patch from Florian Qu��ze (the InstantBird dude) to add a search path for Sadrul Habib Chowdhury <imadil@gmail.com> parents: 21561 diff changeset	763 fullpath);
a57adf1de9cb Patch from Florian Qu��ze (the InstantBird dude) to add a search path for Sadrul Habib Chowdhury <imadil@gmail.com> parents: 21561 diff changeset	764 } else {
a57adf1de9cb Patch from Florian Qu��ze (the InstantBird dude) to add a search path for Sadrul Habib Chowdhury <imadil@gmail.com> parents: 21561 diff changeset	765 purple_debug_error("certificate/x509/ca",
a57adf1de9cb Patch from Florian Qu��ze (the InstantBird dude) to add a search path for Sadrul Habib Chowdhury <imadil@gmail.com> parents: 21561 diff changeset	766 "Failed to load %s\n",
a57adf1de9cb Patch from Florian Qu��ze (the InstantBird dude) to add a search path for Sadrul Habib Chowdhury <imadil@gmail.com> parents: 21561 diff changeset	767 fullpath);
a57adf1de9cb Patch from Florian Qu��ze (the InstantBird dude) to add a search path for Sadrul Habib Chowdhury <imadil@gmail.com> parents: 21561 diff changeset	768 }
a57adf1de9cb Patch from Florian Qu��ze (the InstantBird dude) to add a search path for Sadrul Habib Chowdhury <imadil@gmail.com> parents: 21561 diff changeset	769
a57adf1de9cb Patch from Florian Qu��ze (the InstantBird dude) to add a search path for Sadrul Habib Chowdhury <imadil@gmail.com> parents: 21561 diff changeset	770 purple_certificate_destroy(crt);
a57adf1de9cb Patch from Florian Qu��ze (the InstantBird dude) to add a search path for Sadrul Habib Chowdhury <imadil@gmail.com> parents: 21561 diff changeset	771 g_free(fullpath);
19201 73d8dd2169c4 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19096 diff changeset	772 }
21647 a57adf1de9cb Patch from Florian Qu��ze (the InstantBird dude) to add a search path for Sadrul Habib Chowdhury <imadil@gmail.com> parents: 21561 diff changeset	773 g_dir_close(certdir);
19201 73d8dd2169c4 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19096 diff changeset	774 }
73d8dd2169c4 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19096 diff changeset	775
73d8dd2169c4 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19096 diff changeset	776 g_pattern_spec_free(pempat);
21647 a57adf1de9cb Patch from Florian Qu��ze (the InstantBird dude) to add a search path for Sadrul Habib Chowdhury <imadil@gmail.com> parents: 21561 diff changeset	777
19095 cd70e75f9a83 - x509_ca_lazy_init is more implemented William Ehlhardt <williamehlhardt@gmail.com> parents: 19094 diff changeset	778 purple_debug_info("certificate/x509/ca",
cd70e75f9a83 - x509_ca_lazy_init is more implemented William Ehlhardt <williamehlhardt@gmail.com> parents: 19094 diff changeset	779 "Lazy init completed.\n");
19094 dd9f69ebaae8 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19093 diff changeset	780 x509_ca_initialized = TRUE;
dd9f69ebaae8 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19093 diff changeset	781 return TRUE;
dd9f69ebaae8 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19093 diff changeset	782 }
dd9f69ebaae8 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19093 diff changeset	783
19093 f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	784 static gboolean
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	785 x509_ca_init(void)
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	786 {
21647 a57adf1de9cb Patch from Florian Qu��ze (the InstantBird dude) to add a search path for Sadrul Habib Chowdhury <imadil@gmail.com> parents: 21561 diff changeset	787 /* Attempt to point at the appropriate system path */
a57adf1de9cb Patch from Florian Qu��ze (the InstantBird dude) to add a search path for Sadrul Habib Chowdhury <imadil@gmail.com> parents: 21561 diff changeset	788 if (NULL == x509_ca_paths) {
a57adf1de9cb Patch from Florian Qu��ze (the InstantBird dude) to add a search path for Sadrul Habib Chowdhury <imadil@gmail.com> parents: 21561 diff changeset	789 #ifdef _WIN32
a57adf1de9cb Patch from Florian Qu��ze (the InstantBird dude) to add a search path for Sadrul Habib Chowdhury <imadil@gmail.com> parents: 21561 diff changeset	790 x509_ca_paths = g_list_append(NULL, g_build_filename(DATADIR,
a57adf1de9cb Patch from Florian Qu��ze (the InstantBird dude) to add a search path for Sadrul Habib Chowdhury <imadil@gmail.com> parents: 21561 diff changeset	791 "ca-certs", NULL));
a57adf1de9cb Patch from Florian Qu��ze (the InstantBird dude) to add a search path for Sadrul Habib Chowdhury <imadil@gmail.com> parents: 21561 diff changeset	792 #else
23330 390384053186 Add a configure option, --with-ssl-certificates to allow packagers to Richard Laager <rlaager@wiktel.com> parents: 23036 diff changeset	793 # ifdef SSL_CERTIFICATES_DIR
23685 e72e03fb5ef1 Fix a crash on exit when using --with-system-ssl-certs Mark Doliner <mark@kingant.net> parents: 23330 diff changeset	794 x509_ca_paths = g_list_append(NULL, g_strdup(SSL_CERTIFICATES_DIR));
23330 390384053186 Add a configure option, --with-ssl-certificates to allow packagers to Richard Laager <rlaager@wiktel.com> parents: 23036 diff changeset	795 # else
390384053186 Add a configure option, --with-ssl-certificates to allow packagers to Richard Laager <rlaager@wiktel.com> parents: 23036 diff changeset	796 # endif
24732 d9e3434d6416 uncondtionally install some certificates and use them, References #6680. Ka-Hing Cheung <khc@hxbc.us> parents: 24270 diff changeset	797 x509_ca_paths = g_list_append(x509_ca_paths,
d9e3434d6416 uncondtionally install some certificates and use them, References #6680. Ka-Hing Cheung <khc@hxbc.us> parents: 24270 diff changeset	798 g_build_filename(DATADIR, "purple", "ca-certs", NULL));
21647 a57adf1de9cb Patch from Florian Qu��ze (the InstantBird dude) to add a search path for Sadrul Habib Chowdhury <imadil@gmail.com> parents: 21561 diff changeset	799 #endif
a57adf1de9cb Patch from Florian Qu��ze (the InstantBird dude) to add a search path for Sadrul Habib Chowdhury <imadil@gmail.com> parents: 21561 diff changeset	800 }
a57adf1de9cb Patch from Florian Qu��ze (the InstantBird dude) to add a search path for Sadrul Habib Chowdhury <imadil@gmail.com> parents: 21561 diff changeset	801
19094 dd9f69ebaae8 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19093 diff changeset	802 /* Attempt to initialize now, but if it doesn't work, that's OK;
dd9f69ebaae8 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19093 diff changeset	803 it will get done later */
dd9f69ebaae8 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19093 diff changeset	804 if ( ! x509_ca_lazy_init()) {
dd9f69ebaae8 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19093 diff changeset	805 purple_debug_info("certificate/x509/ca",
19095 cd70e75f9a83 - x509_ca_lazy_init is more implemented William Ehlhardt <williamehlhardt@gmail.com> parents: 19094 diff changeset	806 "Init failed, probably because a "
19094 dd9f69ebaae8 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19093 diff changeset	807 "dependency is not yet registered. "
dd9f69ebaae8 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19093 diff changeset	808 "It has been deferred to later.\n");
dd9f69ebaae8 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19093 diff changeset	809 }
21647 a57adf1de9cb Patch from Florian Qu��ze (the InstantBird dude) to add a search path for Sadrul Habib Chowdhury <imadil@gmail.com> parents: 21561 diff changeset	810
19093 f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	811 return TRUE;
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	812 }
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	813
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	814 static void
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	815 x509_ca_uninit(void)
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	816 {
19202 c0949e081f43 - Write the uninit function for x509_ca William Ehlhardt <williamehlhardt@gmail.com> parents: 19201 diff changeset	817 GList *l;
c0949e081f43 - Write the uninit function for x509_ca William Ehlhardt <williamehlhardt@gmail.com> parents: 19201 diff changeset	818
c0949e081f43 - Write the uninit function for x509_ca William Ehlhardt <williamehlhardt@gmail.com> parents: 19201 diff changeset	819 for (l = x509_ca_certs; l; l = l->next) {
c0949e081f43 - Write the uninit function for x509_ca William Ehlhardt <williamehlhardt@gmail.com> parents: 19201 diff changeset	820 x509_ca_element *el = l->data;
19207 8926e15873ca - Add a helper function to destroy x509_ca_elements, and use it where William Ehlhardt <williamehlhardt@gmail.com> parents: 19206 diff changeset	821 x509_ca_element_free(el);
19202 c0949e081f43 - Write the uninit function for x509_ca William Ehlhardt <williamehlhardt@gmail.com> parents: 19201 diff changeset	822 }
c0949e081f43 - Write the uninit function for x509_ca William Ehlhardt <williamehlhardt@gmail.com> parents: 19201 diff changeset	823 g_list_free(x509_ca_certs);
c0949e081f43 - Write the uninit function for x509_ca William Ehlhardt <williamehlhardt@gmail.com> parents: 19201 diff changeset	824 x509_ca_certs = NULL;
c0949e081f43 - Write the uninit function for x509_ca William Ehlhardt <williamehlhardt@gmail.com> parents: 19201 diff changeset	825 x509_ca_initialized = FALSE;
21647 a57adf1de9cb Patch from Florian Qu��ze (the InstantBird dude) to add a search path for Sadrul Habib Chowdhury <imadil@gmail.com> parents: 21561 diff changeset	826 g_list_foreach(x509_ca_paths, (GFunc)g_free, NULL);
a57adf1de9cb Patch from Florian Qu��ze (the InstantBird dude) to add a search path for Sadrul Habib Chowdhury <imadil@gmail.com> parents: 21561 diff changeset	827 g_list_free(x509_ca_paths);
a57adf1de9cb Patch from Florian Qu��ze (the InstantBird dude) to add a search path for Sadrul Habib Chowdhury <imadil@gmail.com> parents: 21561 diff changeset	828 x509_ca_paths = NULL;
19093 f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	829 }
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	830
19203 6034b8db9dc1 - Add a function to search the x509_ca internal structures for an id William Ehlhardt <williamehlhardt@gmail.com> parents: 19202 diff changeset	831 /** Look up a ca_element by dn */
6034b8db9dc1 - Add a function to search the x509_ca internal structures for an id William Ehlhardt <williamehlhardt@gmail.com> parents: 19202 diff changeset	832 static x509_ca_element *
19205 fff2bc09ec1a Cosmetics William Ehlhardt <williamehlhardt@gmail.com> parents: 19204 diff changeset	833 x509_ca_locate_cert(GList lst, const gchar dn)
19203 6034b8db9dc1 - Add a function to search the x509_ca internal structures for an id William Ehlhardt <williamehlhardt@gmail.com> parents: 19202 diff changeset	834 {
6034b8db9dc1 - Add a function to search the x509_ca internal structures for an id William Ehlhardt <williamehlhardt@gmail.com> parents: 19202 diff changeset	835 GList *cur;
6034b8db9dc1 - Add a function to search the x509_ca internal structures for an id William Ehlhardt <williamehlhardt@gmail.com> parents: 19202 diff changeset	836
6034b8db9dc1 - Add a function to search the x509_ca internal structures for an id William Ehlhardt <williamehlhardt@gmail.com> parents: 19202 diff changeset	837 for (cur = lst; cur; cur = cur->next) {
6034b8db9dc1 - Add a function to search the x509_ca internal structures for an id William Ehlhardt <williamehlhardt@gmail.com> parents: 19202 diff changeset	838 x509_ca_element *el = cur->data;
25894 a6e3cb32cdd2 Patch from Paul Aurich to add purple_strequal to help readability and simplicity of code. Ie, don't need to negate the value of strcmp, since this does a strcmp and does the negation for us Paul Aurich <paul@darkrain42.org> parents: 24840 diff changeset	839 if (purple_strequal(dn, el->dn)) {
19203 6034b8db9dc1 - Add a function to search the x509_ca internal structures for an id William Ehlhardt <williamehlhardt@gmail.com> parents: 19202 diff changeset	840 return el;
6034b8db9dc1 - Add a function to search the x509_ca internal structures for an id William Ehlhardt <williamehlhardt@gmail.com> parents: 19202 diff changeset	841 }
6034b8db9dc1 - Add a function to search the x509_ca internal structures for an id William Ehlhardt <williamehlhardt@gmail.com> parents: 19202 diff changeset	842 }
6034b8db9dc1 - Add a function to search the x509_ca internal structures for an id William Ehlhardt <williamehlhardt@gmail.com> parents: 19202 diff changeset	843 return NULL;
6034b8db9dc1 - Add a function to search the x509_ca internal structures for an id William Ehlhardt <williamehlhardt@gmail.com> parents: 19202 diff changeset	844 }
6034b8db9dc1 - Add a function to search the x509_ca internal structures for an id William Ehlhardt <williamehlhardt@gmail.com> parents: 19202 diff changeset	845
19093 f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	846 static gboolean
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	847 x509_ca_cert_in_pool(const gchar *id)
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	848 {
19094 dd9f69ebaae8 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19093 diff changeset	849 g_return_val_if_fail(x509_ca_lazy_init(), FALSE);
19093 f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	850 g_return_val_if_fail(id, FALSE);
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	851
19205 fff2bc09ec1a Cosmetics William Ehlhardt <williamehlhardt@gmail.com> parents: 19204 diff changeset	852 if (x509_ca_locate_cert(x509_ca_certs, id) != NULL) {
19204 2847b6c84d6c - Implement x509_ca cert_in_pool William Ehlhardt <williamehlhardt@gmail.com> parents: 19203 diff changeset	853 return TRUE;
2847b6c84d6c - Implement x509_ca cert_in_pool William Ehlhardt <williamehlhardt@gmail.com> parents: 19203 diff changeset	854 } else {
2847b6c84d6c - Implement x509_ca cert_in_pool William Ehlhardt <williamehlhardt@gmail.com> parents: 19203 diff changeset	855 return FALSE;
2847b6c84d6c - Implement x509_ca cert_in_pool William Ehlhardt <williamehlhardt@gmail.com> parents: 19203 diff changeset	856 }
2847b6c84d6c - Implement x509_ca cert_in_pool William Ehlhardt <williamehlhardt@gmail.com> parents: 19203 diff changeset	857
2847b6c84d6c - Implement x509_ca cert_in_pool William Ehlhardt <williamehlhardt@gmail.com> parents: 19203 diff changeset	858 return FALSE;
19093 f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	859 }
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	860
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	861 static PurpleCertificate *
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	862 x509_ca_get_cert(const gchar *id)
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	863 {
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	864 PurpleCertificate *crt = NULL;
19206 919395a01483 - Implement x509_ca_get_cert William Ehlhardt <williamehlhardt@gmail.com> parents: 19205 diff changeset	865 x509_ca_element *el;
19094 dd9f69ebaae8 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19093 diff changeset	866
dd9f69ebaae8 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19093 diff changeset	867 g_return_val_if_fail(x509_ca_lazy_init(), NULL);
19093 f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	868 g_return_val_if_fail(id, NULL);
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	869
19206 919395a01483 - Implement x509_ca_get_cert William Ehlhardt <williamehlhardt@gmail.com> parents: 19205 diff changeset	870 /* Search the memory-cached pool */
919395a01483 - Implement x509_ca_get_cert William Ehlhardt <williamehlhardt@gmail.com> parents: 19205 diff changeset	871 el = x509_ca_locate_cert(x509_ca_certs, id);
919395a01483 - Implement x509_ca_get_cert William Ehlhardt <williamehlhardt@gmail.com> parents: 19205 diff changeset	872
919395a01483 - Implement x509_ca_get_cert William Ehlhardt <williamehlhardt@gmail.com> parents: 19205 diff changeset	873 if (el != NULL) {
919395a01483 - Implement x509_ca_get_cert William Ehlhardt <williamehlhardt@gmail.com> parents: 19205 diff changeset	874 /* Make a copy of the memcached one for the function caller
919395a01483 - Implement x509_ca_get_cert William Ehlhardt <williamehlhardt@gmail.com> parents: 19205 diff changeset	875 to play with */
919395a01483 - Implement x509_ca_get_cert William Ehlhardt <williamehlhardt@gmail.com> parents: 19205 diff changeset	876 crt = purple_certificate_copy(el->crt);
919395a01483 - Implement x509_ca_get_cert William Ehlhardt <williamehlhardt@gmail.com> parents: 19205 diff changeset	877 } else {
919395a01483 - Implement x509_ca_get_cert William Ehlhardt <williamehlhardt@gmail.com> parents: 19205 diff changeset	878 crt = NULL;
19093 f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	879 }
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	880
19093 f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	881 return crt;
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	882 }
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	883
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	884 static gboolean
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	885 x509_ca_put_cert(const gchar id, PurpleCertificate crt)
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	886 {
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	887 gboolean ret = FALSE;
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	888
19094 dd9f69ebaae8 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19093 diff changeset	889 g_return_val_if_fail(x509_ca_lazy_init(), FALSE);
19093 f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	890
19096 81163e153778 - Add a hacked-up method of adding certs to the CA pool William Ehlhardt <williamehlhardt@gmail.com> parents: 19095 diff changeset	891 /* TODO: This is a quick way of doing this. At some point the change
81163e153778 - Add a hacked-up method of adding certs to the CA pool William Ehlhardt <williamehlhardt@gmail.com> parents: 19095 diff changeset	892 ought to be flushed to disk somehow. */
19201 73d8dd2169c4 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19096 diff changeset	893 ret = x509_ca_quiet_put_cert(crt);
19096 81163e153778 - Add a hacked-up method of adding certs to the CA pool William Ehlhardt <williamehlhardt@gmail.com> parents: 19095 diff changeset	894
19093 f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	895 return ret;
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	896 }
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	897
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	898 static gboolean
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	899 x509_ca_delete_cert(const gchar *id)
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	900 {
19208 7b81934f4c85 - Implement x509_ca_delete_cert William Ehlhardt <williamehlhardt@gmail.com> parents: 19207 diff changeset	901 x509_ca_element *el;
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	902
19094 dd9f69ebaae8 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19093 diff changeset	903 g_return_val_if_fail(x509_ca_lazy_init(), FALSE);
19093 f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	904 g_return_val_if_fail(id, FALSE);
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	905
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	906 /* Is the id even in the pool? */
19208 7b81934f4c85 - Implement x509_ca_delete_cert William Ehlhardt <williamehlhardt@gmail.com> parents: 19207 diff changeset	907 el = x509_ca_locate_cert(x509_ca_certs, id);
7b81934f4c85 - Implement x509_ca_delete_cert William Ehlhardt <williamehlhardt@gmail.com> parents: 19207 diff changeset	908 if ( el == NULL ) {
19094 dd9f69ebaae8 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19093 diff changeset	909 purple_debug_warning("certificate/x509/ca",
19093 f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	910 "Id %s wasn't in the pool\n",
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	911 id);
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	912 return FALSE;
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	913 }
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	914
19208 7b81934f4c85 - Implement x509_ca_delete_cert William Ehlhardt <williamehlhardt@gmail.com> parents: 19207 diff changeset	915 /* Unlink it from the memory cache and destroy it */
7b81934f4c85 - Implement x509_ca_delete_cert William Ehlhardt <williamehlhardt@gmail.com> parents: 19207 diff changeset	916 x509_ca_certs = g_list_remove(x509_ca_certs, el);
7b81934f4c85 - Implement x509_ca_delete_cert William Ehlhardt <williamehlhardt@gmail.com> parents: 19207 diff changeset	917 x509_ca_element_free(el);
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	918
19208 7b81934f4c85 - Implement x509_ca_delete_cert William Ehlhardt <williamehlhardt@gmail.com> parents: 19207 diff changeset	919 return TRUE;
19093 f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	920 }
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	921
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	922 static GList *
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	923 x509_ca_get_idlist(void)
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	924 {
19209 a6ab0ea47d0f - Implement x509_ca_get_idlist William Ehlhardt <williamehlhardt@gmail.com> parents: 19208 diff changeset	925 GList l, idlist;
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	926
19094 dd9f69ebaae8 In x509_ca pool: William Ehlhardt <williamehlhardt@gmail.com> parents: 19093 diff changeset	927 g_return_val_if_fail(x509_ca_lazy_init(), NULL);
19209 a6ab0ea47d0f - Implement x509_ca_get_idlist William Ehlhardt <williamehlhardt@gmail.com> parents: 19208 diff changeset	928
a6ab0ea47d0f - Implement x509_ca_get_idlist William Ehlhardt <williamehlhardt@gmail.com> parents: 19208 diff changeset	929 idlist = NULL;
a6ab0ea47d0f - Implement x509_ca_get_idlist William Ehlhardt <williamehlhardt@gmail.com> parents: 19208 diff changeset	930 for (l = x509_ca_certs; l; l = l->next) {
a6ab0ea47d0f - Implement x509_ca_get_idlist William Ehlhardt <williamehlhardt@gmail.com> parents: 19208 diff changeset	931 x509_ca_element *el = l->data;
a6ab0ea47d0f - Implement x509_ca_get_idlist William Ehlhardt <williamehlhardt@gmail.com> parents: 19208 diff changeset	932 idlist = g_list_prepend(idlist, g_strdup(el->dn));
a6ab0ea47d0f - Implement x509_ca_get_idlist William Ehlhardt <williamehlhardt@gmail.com> parents: 19208 diff changeset	933 }
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	934
19209 a6ab0ea47d0f - Implement x509_ca_get_idlist William Ehlhardt <williamehlhardt@gmail.com> parents: 19208 diff changeset	935 return idlist;
19093 f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	936 }
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	937
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	938
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	939 static PurpleCertificatePool x509_ca = {
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	940 "x509", /* Scheme name */
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	941 "ca", /* Pool name */
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	942 N_("Certificate Authorities"),/* User-friendly name */
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	943 NULL, /* Internal data */
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	944 x509_ca_init, /* init */
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	945 x509_ca_uninit, /* uninit */
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	946 x509_ca_cert_in_pool, /* Certificate exists? */
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	947 x509_ca_get_cert, /* Cert retriever */
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	948 x509_ca_put_cert, /* Cert writer */
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	949 x509_ca_delete_cert, /* Cert remover */
19649 450f4a3c4c0f - Add purple_reserved fields to various structures. William Ehlhardt <williamehlhardt@gmail.com> parents: 19564 diff changeset	950 x509_ca_get_idlist, /* idlist retriever */
450f4a3c4c0f - Add purple_reserved fields to various structures. William Ehlhardt <williamehlhardt@gmail.com> parents: 19564 diff changeset	951
450f4a3c4c0f - Add purple_reserved fields to various structures. William Ehlhardt <williamehlhardt@gmail.com> parents: 19564 diff changeset	952 NULL,
450f4a3c4c0f - Add purple_reserved fields to various structures. William Ehlhardt <williamehlhardt@gmail.com> parents: 19564 diff changeset	953 NULL,
450f4a3c4c0f - Add purple_reserved fields to various structures. William Ehlhardt <williamehlhardt@gmail.com> parents: 19564 diff changeset	954 NULL,
450f4a3c4c0f - Add purple_reserved fields to various structures. William Ehlhardt <williamehlhardt@gmail.com> parents: 19564 diff changeset	955 NULL
450f4a3c4c0f - Add purple_reserved fields to various structures. William Ehlhardt <williamehlhardt@gmail.com> parents: 19564 diff changeset	956
19093 f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	957 };
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	958
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	959
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	960
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	961 /*** Cache of certificates given by TLS/SSL peers ***/
18975 172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons William Ehlhardt <williamehlhardt@gmail.com> parents: 18973 diff changeset	962 static PurpleCertificatePool x509_tls_peers;
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons William Ehlhardt <williamehlhardt@gmail.com> parents: 18973 diff changeset	963
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons William Ehlhardt <williamehlhardt@gmail.com> parents: 18973 diff changeset	964 static gboolean
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons William Ehlhardt <williamehlhardt@gmail.com> parents: 18973 diff changeset	965 x509_tls_peers_init(void)
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons William Ehlhardt <williamehlhardt@gmail.com> parents: 18973 diff changeset	966 {
18985 806c610ac5a0 - Add init for x509_tls_peers pool William Ehlhardt <williamehlhardt@gmail.com> parents: 18984 diff changeset	967 gchar *poolpath;
806c610ac5a0 - Add init for x509_tls_peers pool William Ehlhardt <williamehlhardt@gmail.com> parents: 18984 diff changeset	968 int ret;
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	969
18985 806c610ac5a0 - Add init for x509_tls_peers pool William Ehlhardt <williamehlhardt@gmail.com> parents: 18984 diff changeset	970 /* Set up key cache here if it isn't already done */
806c610ac5a0 - Add init for x509_tls_peers pool William Ehlhardt <williamehlhardt@gmail.com> parents: 18984 diff changeset	971 poolpath = purple_certificate_pool_mkpath(&x509_tls_peers, NULL);
806c610ac5a0 - Add init for x509_tls_peers pool William Ehlhardt <williamehlhardt@gmail.com> parents: 18984 diff changeset	972 ret = purple_build_dir(poolpath, 0700); /* Make it this user only */
18975 172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons William Ehlhardt <williamehlhardt@gmail.com> parents: 18973 diff changeset	973
27536 18a96fe78870 Don't fail an assertion and don't return FALSE if we can't create Mark Doliner <mark@kingant.net> parents: 27231 diff changeset	974 if (ret != 0)
18a96fe78870 Don't fail an assertion and don't return FALSE if we can't create Mark Doliner <mark@kingant.net> parents: 27231 diff changeset	975 purple_debug_info("certificate/tls_peers",
18a96fe78870 Don't fail an assertion and don't return FALSE if we can't create Mark Doliner <mark@kingant.net> parents: 27231 diff changeset	976 "Could not create %s. Certificates will not be cached.\n",
18a96fe78870 Don't fail an assertion and don't return FALSE if we can't create Mark Doliner <mark@kingant.net> parents: 27231 diff changeset	977 poolpath);
18a96fe78870 Don't fail an assertion and don't return FALSE if we can't create Mark Doliner <mark@kingant.net> parents: 27231 diff changeset	978
18985 806c610ac5a0 - Add init for x509_tls_peers pool William Ehlhardt <williamehlhardt@gmail.com> parents: 18984 diff changeset	979 g_free(poolpath);
806c610ac5a0 - Add init for x509_tls_peers pool William Ehlhardt <williamehlhardt@gmail.com> parents: 18984 diff changeset	980
18975 172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons William Ehlhardt <williamehlhardt@gmail.com> parents: 18973 diff changeset	981 return TRUE;
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons William Ehlhardt <williamehlhardt@gmail.com> parents: 18973 diff changeset	982 }
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons William Ehlhardt <williamehlhardt@gmail.com> parents: 18973 diff changeset	983
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons William Ehlhardt <williamehlhardt@gmail.com> parents: 18973 diff changeset	984 static gboolean
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons William Ehlhardt <williamehlhardt@gmail.com> parents: 18973 diff changeset	985 x509_tls_peers_cert_in_pool(const gchar *id)
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons William Ehlhardt <williamehlhardt@gmail.com> parents: 18973 diff changeset	986 {
18987 a763dd083b79 - Finished tls_peers cert_in_pool William Ehlhardt <williamehlhardt@gmail.com> parents: 18986 diff changeset	987 gchar *keypath;
a763dd083b79 - Finished tls_peers cert_in_pool William Ehlhardt <williamehlhardt@gmail.com> parents: 18986 diff changeset	988 gboolean ret = FALSE;
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	989
18975 172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons William Ehlhardt <williamehlhardt@gmail.com> parents: 18973 diff changeset	990 g_return_val_if_fail(id, FALSE);
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons William Ehlhardt <williamehlhardt@gmail.com> parents: 18973 diff changeset	991
18987 a763dd083b79 - Finished tls_peers cert_in_pool William Ehlhardt <williamehlhardt@gmail.com> parents: 18986 diff changeset	992 keypath = purple_certificate_pool_mkpath(&x509_tls_peers, id);
a763dd083b79 - Finished tls_peers cert_in_pool William Ehlhardt <williamehlhardt@gmail.com> parents: 18986 diff changeset	993
a763dd083b79 - Finished tls_peers cert_in_pool William Ehlhardt <williamehlhardt@gmail.com> parents: 18986 diff changeset	994 ret = g_file_test(keypath, G_FILE_TEST_IS_REGULAR);
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	995
18987 a763dd083b79 - Finished tls_peers cert_in_pool William Ehlhardt <williamehlhardt@gmail.com> parents: 18986 diff changeset	996 g_free(keypath);
a763dd083b79 - Finished tls_peers cert_in_pool William Ehlhardt <williamehlhardt@gmail.com> parents: 18986 diff changeset	997 return ret;
18975 172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons William Ehlhardt <williamehlhardt@gmail.com> parents: 18973 diff changeset	998 }
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons William Ehlhardt <williamehlhardt@gmail.com> parents: 18973 diff changeset	999
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons William Ehlhardt <williamehlhardt@gmail.com> parents: 18973 diff changeset	1000 static PurpleCertificate *
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons William Ehlhardt <williamehlhardt@gmail.com> parents: 18973 diff changeset	1001 x509_tls_peers_get_cert(const gchar *id)
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons William Ehlhardt <williamehlhardt@gmail.com> parents: 18973 diff changeset	1002 {
18987 a763dd083b79 - Finished tls_peers cert_in_pool William Ehlhardt <williamehlhardt@gmail.com> parents: 18986 diff changeset	1003 PurpleCertificateScheme *x509;
a763dd083b79 - Finished tls_peers cert_in_pool William Ehlhardt <williamehlhardt@gmail.com> parents: 18986 diff changeset	1004 PurpleCertificate *crt;
a763dd083b79 - Finished tls_peers cert_in_pool William Ehlhardt <williamehlhardt@gmail.com> parents: 18986 diff changeset	1005 gchar *keypath;
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	1006
18975 172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons William Ehlhardt <williamehlhardt@gmail.com> parents: 18973 diff changeset	1007 g_return_val_if_fail(id, NULL);
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons William Ehlhardt <williamehlhardt@gmail.com> parents: 18973 diff changeset	1008
18987 a763dd083b79 - Finished tls_peers cert_in_pool William Ehlhardt <williamehlhardt@gmail.com> parents: 18986 diff changeset	1009 /* Is it in the pool? */
a763dd083b79 - Finished tls_peers cert_in_pool William Ehlhardt <williamehlhardt@gmail.com> parents: 18986 diff changeset	1010 if ( !x509_tls_peers_cert_in_pool(id) ) {
a763dd083b79 - Finished tls_peers cert_in_pool William Ehlhardt <williamehlhardt@gmail.com> parents: 18986 diff changeset	1011 return NULL;
a763dd083b79 - Finished tls_peers cert_in_pool William Ehlhardt <williamehlhardt@gmail.com> parents: 18986 diff changeset	1012 }
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	1013
18987 a763dd083b79 - Finished tls_peers cert_in_pool William Ehlhardt <williamehlhardt@gmail.com> parents: 18986 diff changeset	1014 /* Look up the X.509 scheme */
a763dd083b79 - Finished tls_peers cert_in_pool William Ehlhardt <williamehlhardt@gmail.com> parents: 18986 diff changeset	1015 x509 = purple_certificate_find_scheme("x509");
a763dd083b79 - Finished tls_peers cert_in_pool William Ehlhardt <williamehlhardt@gmail.com> parents: 18986 diff changeset	1016 g_return_val_if_fail(x509, NULL);
a763dd083b79 - Finished tls_peers cert_in_pool William Ehlhardt <williamehlhardt@gmail.com> parents: 18986 diff changeset	1017
a763dd083b79 - Finished tls_peers cert_in_pool William Ehlhardt <williamehlhardt@gmail.com> parents: 18986 diff changeset	1018 /* Okay, now find and load that key */
a763dd083b79 - Finished tls_peers cert_in_pool William Ehlhardt <williamehlhardt@gmail.com> parents: 18986 diff changeset	1019 keypath = purple_certificate_pool_mkpath(&x509_tls_peers, id);
18990 3f2944bdb404 - Finish tls_peers get_cert William Ehlhardt <williamehlhardt@gmail.com> parents: 18989 diff changeset	1020 crt = purple_certificate_import(x509, keypath);
18987 a763dd083b79 - Finished tls_peers cert_in_pool William Ehlhardt <williamehlhardt@gmail.com> parents: 18986 diff changeset	1021
18990 3f2944bdb404 - Finish tls_peers get_cert William Ehlhardt <williamehlhardt@gmail.com> parents: 18989 diff changeset	1022 g_free(keypath);
18987 a763dd083b79 - Finished tls_peers cert_in_pool William Ehlhardt <williamehlhardt@gmail.com> parents: 18986 diff changeset	1023
18990 3f2944bdb404 - Finish tls_peers get_cert William Ehlhardt <williamehlhardt@gmail.com> parents: 18989 diff changeset	1024 return crt;
18975 172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons William Ehlhardt <williamehlhardt@gmail.com> parents: 18973 diff changeset	1025 }
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons William Ehlhardt <williamehlhardt@gmail.com> parents: 18973 diff changeset	1026
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons William Ehlhardt <williamehlhardt@gmail.com> parents: 18973 diff changeset	1027 static gboolean
18982 8948cd6bb8bc - CertificatePool put_cert now accepts an id argument William Ehlhardt <williamehlhardt@gmail.com> parents: 18977 diff changeset	1028 x509_tls_peers_put_cert(const gchar id, PurpleCertificate crt)
18975 172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons William Ehlhardt <williamehlhardt@gmail.com> parents: 18973 diff changeset	1029 {
18991 7a144f2229c6 - Add tls_peers put_cert William Ehlhardt <williamehlhardt@gmail.com> parents: 18990 diff changeset	1030 gboolean ret = FALSE;
7a144f2229c6 - Add tls_peers put_cert William Ehlhardt <williamehlhardt@gmail.com> parents: 18990 diff changeset	1031 gchar *keypath;
18975 172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons William Ehlhardt <williamehlhardt@gmail.com> parents: 18973 diff changeset	1032
18991 7a144f2229c6 - Add tls_peers put_cert William Ehlhardt <williamehlhardt@gmail.com> parents: 18990 diff changeset	1033 g_return_val_if_fail(crt, FALSE);
7a144f2229c6 - Add tls_peers put_cert William Ehlhardt <williamehlhardt@gmail.com> parents: 18990 diff changeset	1034 g_return_val_if_fail(crt->scheme, FALSE);
7a144f2229c6 - Add tls_peers put_cert William Ehlhardt <williamehlhardt@gmail.com> parents: 18990 diff changeset	1035 /* Make sure that this is some kind of X.509 certificate */
18992 605e69fa7108 - Comment change William Ehlhardt <williamehlhardt@gmail.com> parents: 18991 diff changeset	1036 /* TODO: Perhaps just check crt->scheme->name instead? */
18991 7a144f2229c6 - Add tls_peers put_cert William Ehlhardt <williamehlhardt@gmail.com> parents: 18990 diff changeset	1037 g_return_val_if_fail(crt->scheme == purple_certificate_find_scheme(x509_tls_peers.scheme_name), FALSE);
7a144f2229c6 - Add tls_peers put_cert William Ehlhardt <williamehlhardt@gmail.com> parents: 18990 diff changeset	1038
7a144f2229c6 - Add tls_peers put_cert William Ehlhardt <williamehlhardt@gmail.com> parents: 18990 diff changeset	1039 /* Work out the filename and export */
7a144f2229c6 - Add tls_peers put_cert William Ehlhardt <williamehlhardt@gmail.com> parents: 18990 diff changeset	1040 keypath = purple_certificate_pool_mkpath(&x509_tls_peers, id);
7a144f2229c6 - Add tls_peers put_cert William Ehlhardt <williamehlhardt@gmail.com> parents: 18990 diff changeset	1041 ret = purple_certificate_export(keypath, crt);
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	1042
18991 7a144f2229c6 - Add tls_peers put_cert William Ehlhardt <williamehlhardt@gmail.com> parents: 18990 diff changeset	1043 g_free(keypath);
7a144f2229c6 - Add tls_peers put_cert William Ehlhardt <williamehlhardt@gmail.com> parents: 18990 diff changeset	1044 return ret;
18975 172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons William Ehlhardt <williamehlhardt@gmail.com> parents: 18973 diff changeset	1045 }
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons William Ehlhardt <williamehlhardt@gmail.com> parents: 18973 diff changeset	1046
19047 3af5d9ed9ad3 - Write remove_cert function for tls_peers Pool William Ehlhardt <williamehlhardt@gmail.com> parents: 19046 diff changeset	1047 static gboolean
19048 fd0b4b2f6cf0 - remove_cert => delete_cert, because naming conventions are our William Ehlhardt <williamehlhardt@gmail.com> parents: 19047 diff changeset	1048 x509_tls_peers_delete_cert(const gchar *id)
19047 3af5d9ed9ad3 - Write remove_cert function for tls_peers Pool William Ehlhardt <williamehlhardt@gmail.com> parents: 19046 diff changeset	1049 {
3af5d9ed9ad3 - Write remove_cert function for tls_peers Pool William Ehlhardt <williamehlhardt@gmail.com> parents: 19046 diff changeset	1050 gboolean ret = FALSE;
3af5d9ed9ad3 - Write remove_cert function for tls_peers Pool William Ehlhardt <williamehlhardt@gmail.com> parents: 19046 diff changeset	1051 gchar *keypath;
3af5d9ed9ad3 - Write remove_cert function for tls_peers Pool William Ehlhardt <williamehlhardt@gmail.com> parents: 19046 diff changeset	1052
3af5d9ed9ad3 - Write remove_cert function for tls_peers Pool William Ehlhardt <williamehlhardt@gmail.com> parents: 19046 diff changeset	1053 g_return_val_if_fail(id, FALSE);
3af5d9ed9ad3 - Write remove_cert function for tls_peers Pool William Ehlhardt <williamehlhardt@gmail.com> parents: 19046 diff changeset	1054
3af5d9ed9ad3 - Write remove_cert function for tls_peers Pool William Ehlhardt <williamehlhardt@gmail.com> parents: 19046 diff changeset	1055 /* Is the id even in the pool? */
3af5d9ed9ad3 - Write remove_cert function for tls_peers Pool William Ehlhardt <williamehlhardt@gmail.com> parents: 19046 diff changeset	1056 if (!x509_tls_peers_cert_in_pool(id)) {
3af5d9ed9ad3 - Write remove_cert function for tls_peers Pool William Ehlhardt <williamehlhardt@gmail.com> parents: 19046 diff changeset	1057 purple_debug_warning("certificate/tls_peers",
3af5d9ed9ad3 - Write remove_cert function for tls_peers Pool William Ehlhardt <williamehlhardt@gmail.com> parents: 19046 diff changeset	1058 "Id %s wasn't in the pool\n",
3af5d9ed9ad3 - Write remove_cert function for tls_peers Pool William Ehlhardt <williamehlhardt@gmail.com> parents: 19046 diff changeset	1059 id);
3af5d9ed9ad3 - Write remove_cert function for tls_peers Pool William Ehlhardt <williamehlhardt@gmail.com> parents: 19046 diff changeset	1060 return FALSE;
3af5d9ed9ad3 - Write remove_cert function for tls_peers Pool William Ehlhardt <williamehlhardt@gmail.com> parents: 19046 diff changeset	1061 }
3af5d9ed9ad3 - Write remove_cert function for tls_peers Pool William Ehlhardt <williamehlhardt@gmail.com> parents: 19046 diff changeset	1062
3af5d9ed9ad3 - Write remove_cert function for tls_peers Pool William Ehlhardt <williamehlhardt@gmail.com> parents: 19046 diff changeset	1063 /* OK, so work out the keypath and delete the thing */
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	1064 keypath = purple_certificate_pool_mkpath(&x509_tls_peers, id);
19047 3af5d9ed9ad3 - Write remove_cert function for tls_peers Pool William Ehlhardt <williamehlhardt@gmail.com> parents: 19046 diff changeset	1065 if ( unlink(keypath) != 0 ) {
3af5d9ed9ad3 - Write remove_cert function for tls_peers Pool William Ehlhardt <williamehlhardt@gmail.com> parents: 19046 diff changeset	1066 purple_debug_error("certificate/tls_peers",
3af5d9ed9ad3 - Write remove_cert function for tls_peers Pool William Ehlhardt <williamehlhardt@gmail.com> parents: 19046 diff changeset	1067 "Unlink of %s failed!\n",
3af5d9ed9ad3 - Write remove_cert function for tls_peers Pool William Ehlhardt <williamehlhardt@gmail.com> parents: 19046 diff changeset	1068 keypath);
3af5d9ed9ad3 - Write remove_cert function for tls_peers Pool William Ehlhardt <williamehlhardt@gmail.com> parents: 19046 diff changeset	1069 ret = FALSE;
3af5d9ed9ad3 - Write remove_cert function for tls_peers Pool William Ehlhardt <williamehlhardt@gmail.com> parents: 19046 diff changeset	1070 } else {
3af5d9ed9ad3 - Write remove_cert function for tls_peers Pool William Ehlhardt <williamehlhardt@gmail.com> parents: 19046 diff changeset	1071 ret = TRUE;
3af5d9ed9ad3 - Write remove_cert function for tls_peers Pool William Ehlhardt <williamehlhardt@gmail.com> parents: 19046 diff changeset	1072 }
3af5d9ed9ad3 - Write remove_cert function for tls_peers Pool William Ehlhardt <williamehlhardt@gmail.com> parents: 19046 diff changeset	1073
3af5d9ed9ad3 - Write remove_cert function for tls_peers Pool William Ehlhardt <williamehlhardt@gmail.com> parents: 19046 diff changeset	1074 g_free(keypath);
3af5d9ed9ad3 - Write remove_cert function for tls_peers Pool William Ehlhardt <williamehlhardt@gmail.com> parents: 19046 diff changeset	1075 return ret;
3af5d9ed9ad3 - Write remove_cert function for tls_peers Pool William Ehlhardt <williamehlhardt@gmail.com> parents: 19046 diff changeset	1076 }
3af5d9ed9ad3 - Write remove_cert function for tls_peers Pool William Ehlhardt <williamehlhardt@gmail.com> parents: 19046 diff changeset	1077
19027 15d9031e03b2 - Add get_idlist support to tls_peers CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19026 diff changeset	1078 static GList *
15d9031e03b2 - Add get_idlist support to tls_peers CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19026 diff changeset	1079 x509_tls_peers_get_idlist(void)
15d9031e03b2 - Add get_idlist support to tls_peers CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19026 diff changeset	1080 {
15d9031e03b2 - Add get_idlist support to tls_peers CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19026 diff changeset	1081 GList *idlist = NULL;
15d9031e03b2 - Add get_idlist support to tls_peers CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19026 diff changeset	1082 GDir *dir;
15d9031e03b2 - Add get_idlist support to tls_peers CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19026 diff changeset	1083 const gchar *entry;
15d9031e03b2 - Add get_idlist support to tls_peers CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19026 diff changeset	1084 gchar *poolpath;
15d9031e03b2 - Add get_idlist support to tls_peers CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19026 diff changeset	1085
15d9031e03b2 - Add get_idlist support to tls_peers CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19026 diff changeset	1086 /* Get a handle on the pool directory */
15d9031e03b2 - Add get_idlist support to tls_peers CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19026 diff changeset	1087 poolpath = purple_certificate_pool_mkpath(&x509_tls_peers, NULL);
15d9031e03b2 - Add get_idlist support to tls_peers CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19026 diff changeset	1088 dir = g_dir_open(poolpath,
15d9031e03b2 - Add get_idlist support to tls_peers CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19026 diff changeset	1089 0, /* No flags */
15d9031e03b2 - Add get_idlist support to tls_peers CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19026 diff changeset	1090 NULL); /* Not interested in what the error is */
15d9031e03b2 - Add get_idlist support to tls_peers CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19026 diff changeset	1091 g_free(poolpath);
15d9031e03b2 - Add get_idlist support to tls_peers CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19026 diff changeset	1092
15d9031e03b2 - Add get_idlist support to tls_peers CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19026 diff changeset	1093 g_return_val_if_fail(dir, NULL);
15d9031e03b2 - Add get_idlist support to tls_peers CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19026 diff changeset	1094
15d9031e03b2 - Add get_idlist support to tls_peers CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19026 diff changeset	1095 /* Traverse the directory listing and create an idlist */
15d9031e03b2 - Add get_idlist support to tls_peers CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19026 diff changeset	1096 while ( (entry = g_dir_read_name(dir)) != NULL ) {
19078 3987f76c0e4b - tls_peers pool unescapes filenames in its directory, as it should William Ehlhardt <williamehlhardt@gmail.com> parents: 19077 diff changeset	1097 /* Unescape the filename */
3987f76c0e4b - tls_peers pool unescapes filenames in its directory, as it should William Ehlhardt <williamehlhardt@gmail.com> parents: 19077 diff changeset	1098 const char *unescaped = purple_unescape_filename(entry);
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	1099
19027 15d9031e03b2 - Add get_idlist support to tls_peers CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19026 diff changeset	1100 /* Copy the entry name into our list (GLib owns the original
15d9031e03b2 - Add get_idlist support to tls_peers CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19026 diff changeset	1101 string) */
19078 3987f76c0e4b - tls_peers pool unescapes filenames in its directory, as it should William Ehlhardt <williamehlhardt@gmail.com> parents: 19077 diff changeset	1102 idlist = g_list_prepend(idlist, g_strdup(unescaped));
19027 15d9031e03b2 - Add get_idlist support to tls_peers CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19026 diff changeset	1103 }
15d9031e03b2 - Add get_idlist support to tls_peers CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19026 diff changeset	1104
15d9031e03b2 - Add get_idlist support to tls_peers CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19026 diff changeset	1105 /* Release the directory */
15d9031e03b2 - Add get_idlist support to tls_peers CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19026 diff changeset	1106 g_dir_close(dir);
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	1107
19027 15d9031e03b2 - Add get_idlist support to tls_peers CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19026 diff changeset	1108 return idlist;
15d9031e03b2 - Add get_idlist support to tls_peers CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19026 diff changeset	1109 }
15d9031e03b2 - Add get_idlist support to tls_peers CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19026 diff changeset	1110
18975 172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons William Ehlhardt <williamehlhardt@gmail.com> parents: 18973 diff changeset	1111 static PurpleCertificatePool x509_tls_peers = {
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons William Ehlhardt <williamehlhardt@gmail.com> parents: 18973 diff changeset	1112 "x509", /* Scheme name */
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons William Ehlhardt <williamehlhardt@gmail.com> parents: 18973 diff changeset	1113 "tls_peers", /* Pool name */
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons William Ehlhardt <williamehlhardt@gmail.com> parents: 18973 diff changeset	1114 N_("SSL Peers Cache"), /* User-friendly name */
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons William Ehlhardt <williamehlhardt@gmail.com> parents: 18973 diff changeset	1115 NULL, /* Internal data */
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons William Ehlhardt <williamehlhardt@gmail.com> parents: 18973 diff changeset	1116 x509_tls_peers_init, /* init */
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons William Ehlhardt <williamehlhardt@gmail.com> parents: 18973 diff changeset	1117 NULL, /* uninit not required */
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons William Ehlhardt <williamehlhardt@gmail.com> parents: 18973 diff changeset	1118 x509_tls_peers_cert_in_pool, /* Certificate exists? */
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons William Ehlhardt <williamehlhardt@gmail.com> parents: 18973 diff changeset	1119 x509_tls_peers_get_cert, /* Cert retriever */
19026 b3acaf46d9ad - Add pool_get_idlist / pool_destroy_idlist William Ehlhardt <williamehlhardt@gmail.com> parents: 19024 diff changeset	1120 x509_tls_peers_put_cert, /* Cert writer */
19049 8cbc110456ac - Add purple_certificate_pool_delete William Ehlhardt <williamehlhardt@gmail.com> parents: 19048 diff changeset	1121 x509_tls_peers_delete_cert, /* Cert remover */
19649 450f4a3c4c0f - Add purple_reserved fields to various structures. William Ehlhardt <williamehlhardt@gmail.com> parents: 19564 diff changeset	1122 x509_tls_peers_get_idlist, /* idlist retriever */
450f4a3c4c0f - Add purple_reserved fields to various structures. William Ehlhardt <williamehlhardt@gmail.com> parents: 19564 diff changeset	1123
450f4a3c4c0f - Add purple_reserved fields to various structures. William Ehlhardt <williamehlhardt@gmail.com> parents: 19564 diff changeset	1124 NULL,
450f4a3c4c0f - Add purple_reserved fields to various structures. William Ehlhardt <williamehlhardt@gmail.com> parents: 19564 diff changeset	1125 NULL,
450f4a3c4c0f - Add purple_reserved fields to various structures. William Ehlhardt <williamehlhardt@gmail.com> parents: 19564 diff changeset	1126 NULL,
450f4a3c4c0f - Add purple_reserved fields to various structures. William Ehlhardt <williamehlhardt@gmail.com> parents: 19564 diff changeset	1127 NULL
18975 172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons William Ehlhardt <williamehlhardt@gmail.com> parents: 18973 diff changeset	1128 };
18993 33fb4930ad2b - Add x509_tls_cached skeleton William Ehlhardt <williamehlhardt@gmail.com> parents: 18992 diff changeset	1129
33fb4930ad2b - Add x509_tls_cached skeleton William Ehlhardt <williamehlhardt@gmail.com> parents: 18992 diff changeset	1130
19093 f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	1131 /*** A Verifier that uses the tls_peers cache and the CA pool to validate certificates ***/
18993 33fb4930ad2b - Add x509_tls_cached skeleton William Ehlhardt <williamehlhardt@gmail.com> parents: 18992 diff changeset	1132 static PurpleCertificateVerifier x509_tls_cached;
33fb4930ad2b - Add x509_tls_cached skeleton William Ehlhardt <williamehlhardt@gmail.com> parents: 18992 diff changeset	1133
19330 b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1134
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1135 /* The following is several hacks piled together and needs to be fixed.
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1136 * It exists because show_cert (see its comments) needs the original reason
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1137 * given to user_auth in order to rebuild the dialog.
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1138 */
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1139 /* TODO: This will cause a ua_ctx to become memleaked if the request(s) get
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1140 closed by handle or otherwise abnormally. */
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1141 typedef struct {
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1142 PurpleCertificateVerificationRequest *vrq;
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1143 gchar *reason;
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1144 } x509_tls_cached_ua_ctx;
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1145
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1146 static x509_tls_cached_ua_ctx *
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1147 x509_tls_cached_ua_ctx_new(PurpleCertificateVerificationRequest *vrq,
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1148 const gchar *reason)
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1149 {
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1150 x509_tls_cached_ua_ctx *c;
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1151
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1152 c = g_new0(x509_tls_cached_ua_ctx, 1);
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1153 c->vrq = vrq;
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1154 c->reason = g_strdup(reason);
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1155
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1156 return c;
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1157 }
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1158
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1159
18993 33fb4930ad2b - Add x509_tls_cached skeleton William Ehlhardt <williamehlhardt@gmail.com> parents: 18992 diff changeset	1160 static void
19330 b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1161 x509_tls_cached_ua_ctx_free(x509_tls_cached_ua_ctx *c)
19001 b207701cb5a3 - Wrote the logic for the "previously unknown host" condition in William Ehlhardt <williamehlhardt@gmail.com> parents: 19000 diff changeset	1162 {
19330 b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1163 g_return_if_fail(c);
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1164 g_free(c->reason);
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1165 g_free(c);
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1166 }
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1167
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1168 static void
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1169 x509_tls_cached_user_auth(PurpleCertificateVerificationRequest *vrq,
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1170 const gchar *reason);
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1171
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1172 static void
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1173 x509_tls_cached_show_cert(x509_tls_cached_ua_ctx *c, gint id)
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1174 {
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1175 PurpleCertificate *disp_crt = c->vrq->cert_chain->data;
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1176
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1177 /* Since clicking a button closes the request, show it again */
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1178 x509_tls_cached_user_auth(c->vrq, c->reason);
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1179
19564 4a1812e1ec35 When you have a certificate dialog and you click on "View Certificate", Mark Doliner <mark@kingant.net> parents: 19553 diff changeset	1180 /* Show the certificate AFTER re-opening the dialog so that this
4a1812e1ec35 When you have a certificate dialog and you click on "View Certificate", Mark Doliner <mark@kingant.net> parents: 19553 diff changeset	1181 appears above the other */
4a1812e1ec35 When you have a certificate dialog and you click on "View Certificate", Mark Doliner <mark@kingant.net> parents: 19553 diff changeset	1182 purple_certificate_display_x509(disp_crt);
4a1812e1ec35 When you have a certificate dialog and you click on "View Certificate", Mark Doliner <mark@kingant.net> parents: 19553 diff changeset	1183
19330 b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1184 x509_tls_cached_ua_ctx_free(c);
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1185 }
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1186
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1187 static void
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1188 x509_tls_cached_user_auth_cb (x509_tls_cached_ua_ctx *c, gint id)
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1189 {
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1190 PurpleCertificateVerificationRequest *vrq;
19001 b207701cb5a3 - Wrote the logic for the "previously unknown host" condition in William Ehlhardt <williamehlhardt@gmail.com> parents: 19000 diff changeset	1191 PurpleCertificatePool *tls_peers;
19330 b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1192
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1193 g_return_if_fail(c);
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1194 g_return_if_fail(c->vrq);
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	1195
19330 b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1196 vrq = c->vrq;
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1197
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1198 x509_tls_cached_ua_ctx_free(c);
19001 b207701cb5a3 - Wrote the logic for the "previously unknown host" condition in William Ehlhardt <williamehlhardt@gmail.com> parents: 19000 diff changeset	1199
b207701cb5a3 - Wrote the logic for the "previously unknown host" condition in William Ehlhardt <williamehlhardt@gmail.com> parents: 19000 diff changeset	1200 tls_peers = purple_certificate_find_pool("x509","tls_peers");
b207701cb5a3 - Wrote the logic for the "previously unknown host" condition in William Ehlhardt <williamehlhardt@gmail.com> parents: 19000 diff changeset	1201
19331 920984752314 - Fix the interpretation of the "accept cert? yes/no" choice id given by William Ehlhardt <williamehlhardt@gmail.com> parents: 19330 diff changeset	1202 if (2 == id) {
19001 b207701cb5a3 - Wrote the logic for the "previously unknown host" condition in William Ehlhardt <williamehlhardt@gmail.com> parents: 19000 diff changeset	1203 gchar *cache_id = vrq->subject_name;
b207701cb5a3 - Wrote the logic for the "previously unknown host" condition in William Ehlhardt <williamehlhardt@gmail.com> parents: 19000 diff changeset	1204 purple_debug_info("certificate/x509/tls_cached",
b207701cb5a3 - Wrote the logic for the "previously unknown host" condition in William Ehlhardt <williamehlhardt@gmail.com> parents: 19000 diff changeset	1205 "User ACCEPTED cert\nCaching first in chain for future use as %s...\n",
b207701cb5a3 - Wrote the logic for the "previously unknown host" condition in William Ehlhardt <williamehlhardt@gmail.com> parents: 19000 diff changeset	1206 cache_id);
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	1207
19001 b207701cb5a3 - Wrote the logic for the "previously unknown host" condition in William Ehlhardt <williamehlhardt@gmail.com> parents: 19000 diff changeset	1208 purple_certificate_pool_store(tls_peers, cache_id,
b207701cb5a3 - Wrote the logic for the "previously unknown host" condition in William Ehlhardt <williamehlhardt@gmail.com> parents: 19000 diff changeset	1209 vrq->cert_chain->data);
19091 489889091b14 - Remove all usage of purple_certificate_verify_destroy, as it is William Ehlhardt <williamehlhardt@gmail.com> parents: 19090 diff changeset	1210
489889091b14 - Remove all usage of purple_certificate_verify_destroy, as it is William Ehlhardt <williamehlhardt@gmail.com> parents: 19090 diff changeset	1211 purple_certificate_verify_complete(vrq,
489889091b14 - Remove all usage of purple_certificate_verify_destroy, as it is William Ehlhardt <williamehlhardt@gmail.com> parents: 19090 diff changeset	1212 PURPLE_CERTIFICATE_VALID);
19001 b207701cb5a3 - Wrote the logic for the "previously unknown host" condition in William Ehlhardt <williamehlhardt@gmail.com> parents: 19000 diff changeset	1213 } else {
27231 627d23bfdb05 Increase the logging level of some debugging messages that seemed to be a mauro.brasil@tqi.com.br parents: 25941 diff changeset	1214 purple_debug_warning("certificate/x509/tls_cached",
19001 b207701cb5a3 - Wrote the logic for the "previously unknown host" condition in William Ehlhardt <williamehlhardt@gmail.com> parents: 19000 diff changeset	1215 "User REJECTED cert\n");
19091 489889091b14 - Remove all usage of purple_certificate_verify_destroy, as it is William Ehlhardt <williamehlhardt@gmail.com> parents: 19090 diff changeset	1216 purple_certificate_verify_complete(vrq,
489889091b14 - Remove all usage of purple_certificate_verify_destroy, as it is William Ehlhardt <williamehlhardt@gmail.com> parents: 19090 diff changeset	1217 PURPLE_CERTIFICATE_INVALID);
19001 b207701cb5a3 - Wrote the logic for the "previously unknown host" condition in William Ehlhardt <williamehlhardt@gmail.com> parents: 19000 diff changeset	1218 }
b207701cb5a3 - Wrote the logic for the "previously unknown host" condition in William Ehlhardt <williamehlhardt@gmail.com> parents: 19000 diff changeset	1219 }
b207701cb5a3 - Wrote the logic for the "previously unknown host" condition in William Ehlhardt <williamehlhardt@gmail.com> parents: 19000 diff changeset	1220
19515 b62683f4120d There's some disagreement over the response-id sent to the callbacks to Sadrul Habib Chowdhury <imadil@gmail.com> parents: 19504 diff changeset	1221 static void
b62683f4120d There's some disagreement over the response-id sent to the callbacks to Sadrul Habib Chowdhury <imadil@gmail.com> parents: 19504 diff changeset	1222 x509_tls_cached_user_auth_accept_cb(x509_tls_cached_ua_ctx *c, gint ignore)
b62683f4120d There's some disagreement over the response-id sent to the callbacks to Sadrul Habib Chowdhury <imadil@gmail.com> parents: 19504 diff changeset	1223 {
b62683f4120d There's some disagreement over the response-id sent to the callbacks to Sadrul Habib Chowdhury <imadil@gmail.com> parents: 19504 diff changeset	1224 x509_tls_cached_user_auth_cb(c, 2);
b62683f4120d There's some disagreement over the response-id sent to the callbacks to Sadrul Habib Chowdhury <imadil@gmail.com> parents: 19504 diff changeset	1225 }
b62683f4120d There's some disagreement over the response-id sent to the callbacks to Sadrul Habib Chowdhury <imadil@gmail.com> parents: 19504 diff changeset	1226
b62683f4120d There's some disagreement over the response-id sent to the callbacks to Sadrul Habib Chowdhury <imadil@gmail.com> parents: 19504 diff changeset	1227 static void
b62683f4120d There's some disagreement over the response-id sent to the callbacks to Sadrul Habib Chowdhury <imadil@gmail.com> parents: 19504 diff changeset	1228 x509_tls_cached_user_auth_reject_cb(x509_tls_cached_ua_ctx *c, gint ignore)
b62683f4120d There's some disagreement over the response-id sent to the callbacks to Sadrul Habib Chowdhury <imadil@gmail.com> parents: 19504 diff changeset	1229 {
b62683f4120d There's some disagreement over the response-id sent to the callbacks to Sadrul Habib Chowdhury <imadil@gmail.com> parents: 19504 diff changeset	1230 x509_tls_cached_user_auth_cb(c, 1);
b62683f4120d There's some disagreement over the response-id sent to the callbacks to Sadrul Habib Chowdhury <imadil@gmail.com> parents: 19504 diff changeset	1231 }
b62683f4120d There's some disagreement over the response-id sent to the callbacks to Sadrul Habib Chowdhury <imadil@gmail.com> parents: 19504 diff changeset	1232
19330 b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1233 /** Validates a certificate by asking the user
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1234 * @param reason String to explain why the user needs to accept/refuse the
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1235 * certificate.
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1236 * @todo Needs a handle argument
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1237 */
19001 b207701cb5a3 - Wrote the logic for the "previously unknown host" condition in William Ehlhardt <williamehlhardt@gmail.com> parents: 19000 diff changeset	1238 static void
19330 b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1239 x509_tls_cached_user_auth(PurpleCertificateVerificationRequest *vrq,
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1240 const gchar *reason)
19000 986413850713 - More skeletonizing for tls_cached logic. William Ehlhardt <williamehlhardt@gmail.com> parents: 18999 diff changeset	1241 {
19330 b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1242 gchar *primary;
19001 b207701cb5a3 - Wrote the logic for the "previously unknown host" condition in William Ehlhardt <williamehlhardt@gmail.com> parents: 19000 diff changeset	1243
b207701cb5a3 - Wrote the logic for the "previously unknown host" condition in William Ehlhardt <williamehlhardt@gmail.com> parents: 19000 diff changeset	1244 /* Make messages */
19330 b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1245 primary = g_strdup_printf(_("Accept certificate for %s?"),
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1246 vrq->subject_name);
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	1247
19001 b207701cb5a3 - Wrote the logic for the "previously unknown host" condition in William Ehlhardt <williamehlhardt@gmail.com> parents: 19000 diff changeset	1248 /* Make a semi-pretty display */
21099 51cf02dbdb0e disapproval of revision 'c484d979c4fda4433a9633ff8b69bd8a395c9479' Richard Laager <rlaager@wiktel.com> parents: 21095 diff changeset	1249 purple_request_action(
19001 b207701cb5a3 - Wrote the logic for the "previously unknown host" condition in William Ehlhardt <williamehlhardt@gmail.com> parents: 19000 diff changeset	1250 vrq->cb_data, /* TODO: Find what the handle ought to be */
b207701cb5a3 - Wrote the logic for the "previously unknown host" condition in William Ehlhardt <williamehlhardt@gmail.com> parents: 19000 diff changeset	1251 _("SSL Certificate Verification"),
b207701cb5a3 - Wrote the logic for the "previously unknown host" condition in William Ehlhardt <williamehlhardt@gmail.com> parents: 19000 diff changeset	1252 primary,
19330 b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1253 reason,
22142 1f3f2d2c9a2b A few more "purple_request_action" default action corrections Mark Doliner <mark@kingant.net> parents: 21929 diff changeset	1254 0, /* Accept by default */
19001 b207701cb5a3 - Wrote the logic for the "previously unknown host" condition in William Ehlhardt <williamehlhardt@gmail.com> parents: 19000 diff changeset	1255 NULL, /* No account */
b207701cb5a3 - Wrote the logic for the "previously unknown host" condition in William Ehlhardt <williamehlhardt@gmail.com> parents: 19000 diff changeset	1256 NULL, /* No other user */
b207701cb5a3 - Wrote the logic for the "previously unknown host" condition in William Ehlhardt <williamehlhardt@gmail.com> parents: 19000 diff changeset	1257 NULL, /* No associated conversation */
19330 b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1258 x509_tls_cached_ua_ctx_new(vrq, reason),
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1259 3, /* Number of actions */
19534 126c5235627b - Change wording on certificate accept/reject dialog William Ehlhardt <williamehlhardt@gmail.com> parents: 19517 diff changeset	1260 _("Accept"), x509_tls_cached_user_auth_accept_cb,
126c5235627b - Change wording on certificate accept/reject dialog William Ehlhardt <williamehlhardt@gmail.com> parents: 19517 diff changeset	1261 _("Reject"), x509_tls_cached_user_auth_reject_cb,
19330 b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1262 _("_View Certificate..."), x509_tls_cached_show_cert);
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	1263
19001 b207701cb5a3 - Wrote the logic for the "previously unknown host" condition in William Ehlhardt <williamehlhardt@gmail.com> parents: 19000 diff changeset	1264 /* Cleanup */
b207701cb5a3 - Wrote the logic for the "previously unknown host" condition in William Ehlhardt <williamehlhardt@gmail.com> parents: 19000 diff changeset	1265 g_free(primary);
19000 986413850713 - More skeletonizing for tls_cached logic. William Ehlhardt <williamehlhardt@gmail.com> parents: 18999 diff changeset	1266 }
986413850713 - More skeletonizing for tls_cached logic. William Ehlhardt <williamehlhardt@gmail.com> parents: 18999 diff changeset	1267
986413850713 - More skeletonizing for tls_cached logic. William Ehlhardt <williamehlhardt@gmail.com> parents: 18999 diff changeset	1268 static void
21929 cedbb3860134 If a peer certificate does not match our cached cert, do not auto reject it! Stu Tomlinson <stu@nosnilmot.com> parents: 21927 diff changeset	1269 x509_tls_cached_unknown_peer(PurpleCertificateVerificationRequest *vrq);
cedbb3860134 If a peer certificate does not match our cached cert, do not auto reject it! Stu Tomlinson <stu@nosnilmot.com> parents: 21927 diff changeset	1270
cedbb3860134 If a peer certificate does not match our cached cert, do not auto reject it! Stu Tomlinson <stu@nosnilmot.com> parents: 21927 diff changeset	1271 static void
19086 e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into William Ehlhardt <williamehlhardt@gmail.com> parents: 19085 diff changeset	1272 x509_tls_cached_cert_in_cache(PurpleCertificateVerificationRequest *vrq)
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into William Ehlhardt <williamehlhardt@gmail.com> parents: 19085 diff changeset	1273 {
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into William Ehlhardt <williamehlhardt@gmail.com> parents: 19085 diff changeset	1274 /* TODO: Looking this up by name over and over is expensive.
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into William Ehlhardt <williamehlhardt@gmail.com> parents: 19085 diff changeset	1275 Fix, please! */
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into William Ehlhardt <williamehlhardt@gmail.com> parents: 19085 diff changeset	1276 PurpleCertificatePool *tls_peers =
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into William Ehlhardt <williamehlhardt@gmail.com> parents: 19085 diff changeset	1277 purple_certificate_find_pool(x509_tls_cached.scheme_name,
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into William Ehlhardt <williamehlhardt@gmail.com> parents: 19085 diff changeset	1278 "tls_peers");
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into William Ehlhardt <williamehlhardt@gmail.com> parents: 19085 diff changeset	1279
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into William Ehlhardt <williamehlhardt@gmail.com> parents: 19085 diff changeset	1280 /* The peer's certificate should be the first in the list */
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into William Ehlhardt <williamehlhardt@gmail.com> parents: 19085 diff changeset	1281 PurpleCertificate *peer_crt =
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into William Ehlhardt <williamehlhardt@gmail.com> parents: 19085 diff changeset	1282 (PurpleCertificate *) vrq->cert_chain->data;
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	1283
19086 e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into William Ehlhardt <williamehlhardt@gmail.com> parents: 19085 diff changeset	1284 PurpleCertificate *cached_crt;
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into William Ehlhardt <williamehlhardt@gmail.com> parents: 19085 diff changeset	1285 GByteArray peer_fpr, cached_fpr;
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into William Ehlhardt <williamehlhardt@gmail.com> parents: 19085 diff changeset	1286
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into William Ehlhardt <williamehlhardt@gmail.com> parents: 19085 diff changeset	1287 /* Load up the cached certificate */
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into William Ehlhardt <williamehlhardt@gmail.com> parents: 19085 diff changeset	1288 cached_crt = purple_certificate_pool_retrieve(
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into William Ehlhardt <williamehlhardt@gmail.com> parents: 19085 diff changeset	1289 tls_peers, vrq->subject_name);
19553 f36d0d2bf6f2 - Remove g_assert()s. Fixes #2859 William Ehlhardt <williamehlhardt@gmail.com> parents: 19534 diff changeset	1290 if ( !cached_crt ) {
27567 199cf148cdf8 Continue verification when we can't find a cached peer. Fixes #9664. Paul Aurich <paul@darkrain42.org> parents: 27536 diff changeset	1291 purple_debug_warning("certificate/x509/tls_cached",
19553 f36d0d2bf6f2 - Remove g_assert()s. Fixes #2859 William Ehlhardt <williamehlhardt@gmail.com> parents: 19534 diff changeset	1292 "Lookup failed on cached certificate!\n"
27567 199cf148cdf8 Continue verification when we can't find a cached peer. Fixes #9664. Paul Aurich <paul@darkrain42.org> parents: 27536 diff changeset	1293 "Falling back to full verification.\n");
199cf148cdf8 Continue verification when we can't find a cached peer. Fixes #9664. Paul Aurich <paul@darkrain42.org> parents: 27536 diff changeset	1294 /* vrq now becomes the problem of unknown_peer */
199cf148cdf8 Continue verification when we can't find a cached peer. Fixes #9664. Paul Aurich <paul@darkrain42.org> parents: 27536 diff changeset	1295 x509_tls_cached_unknown_peer(vrq);
24840 7608cf033a88 Prevent a NULL ptr deref when unexpected stuff happens in the cert cache. Fixes #7776,#7769 Daniel Atallah <daniel.atallah@gmail.com> parents: 24732 diff changeset	1296 return;
19553 f36d0d2bf6f2 - Remove g_assert()s. Fixes #2859 William Ehlhardt <williamehlhardt@gmail.com> parents: 19534 diff changeset	1297 }
19086 e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into William Ehlhardt <williamehlhardt@gmail.com> parents: 19085 diff changeset	1298
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into William Ehlhardt <williamehlhardt@gmail.com> parents: 19085 diff changeset	1299 /* Now get SHA1 sums for both and compare them */
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into William Ehlhardt <williamehlhardt@gmail.com> parents: 19085 diff changeset	1300 /* TODO: This is not an elegant way to compare certs */
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into William Ehlhardt <williamehlhardt@gmail.com> parents: 19085 diff changeset	1301 peer_fpr = purple_certificate_get_fingerprint_sha1(peer_crt);
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into William Ehlhardt <williamehlhardt@gmail.com> parents: 19085 diff changeset	1302 cached_fpr = purple_certificate_get_fingerprint_sha1(cached_crt);
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into William Ehlhardt <williamehlhardt@gmail.com> parents: 19085 diff changeset	1303 if (!memcmp(peer_fpr->data, cached_fpr->data, peer_fpr->len)) {
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into William Ehlhardt <williamehlhardt@gmail.com> parents: 19085 diff changeset	1304 purple_debug_info("certificate/x509/tls_cached",
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into William Ehlhardt <williamehlhardt@gmail.com> parents: 19085 diff changeset	1305 "Peer cert matched cached\n");
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into William Ehlhardt <williamehlhardt@gmail.com> parents: 19085 diff changeset	1306 /* vrq is now finished */
19091 489889091b14 - Remove all usage of purple_certificate_verify_destroy, as it is William Ehlhardt <williamehlhardt@gmail.com> parents: 19090 diff changeset	1307 purple_certificate_verify_complete(vrq,
489889091b14 - Remove all usage of purple_certificate_verify_destroy, as it is William Ehlhardt <williamehlhardt@gmail.com> parents: 19090 diff changeset	1308 PURPLE_CERTIFICATE_VALID);
19086 e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into William Ehlhardt <williamehlhardt@gmail.com> parents: 19085 diff changeset	1309 } else {
27231 627d23bfdb05 Increase the logging level of some debugging messages that seemed to be a mauro.brasil@tqi.com.br parents: 25941 diff changeset	1310 purple_debug_error("certificate/x509/tls_cached",
19086 e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into William Ehlhardt <williamehlhardt@gmail.com> parents: 19085 diff changeset	1311 "Peer cert did NOT match cached\n");
21929 cedbb3860134 If a peer certificate does not match our cached cert, do not auto reject it! Stu Tomlinson <stu@nosnilmot.com> parents: 21927 diff changeset	1312 /* vrq now becomes the problem of the user */
cedbb3860134 If a peer certificate does not match our cached cert, do not auto reject it! Stu Tomlinson <stu@nosnilmot.com> parents: 21927 diff changeset	1313 x509_tls_cached_unknown_peer(vrq);
19086 e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into William Ehlhardt <williamehlhardt@gmail.com> parents: 19085 diff changeset	1314 }
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	1315
19086 e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into William Ehlhardt <williamehlhardt@gmail.com> parents: 19085 diff changeset	1316 purple_certificate_destroy(cached_crt);
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into William Ehlhardt <williamehlhardt@gmail.com> parents: 19085 diff changeset	1317 g_byte_array_free(peer_fpr, TRUE);
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into William Ehlhardt <williamehlhardt@gmail.com> parents: 19085 diff changeset	1318 g_byte_array_free(cached_fpr, TRUE);
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into William Ehlhardt <williamehlhardt@gmail.com> parents: 19085 diff changeset	1319 }
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into William Ehlhardt <williamehlhardt@gmail.com> parents: 19085 diff changeset	1320
19085 1bd9557f866e In tls_cached Verifier: William Ehlhardt <williamehlhardt@gmail.com> parents: 19084 diff changeset	1321 /* For when we've never communicated with this party before */
19688 936f4de347c3 - Add specific notification for self-signed certificates. Fixes #2874 William Ehlhardt <williamehlhardt@gmail.com> parents: 19681 diff changeset	1322 /* TODO: Need ways to specify possibly multiple problems with a cert, or at
936f4de347c3 - Add specific notification for self-signed certificates. Fixes #2874 William Ehlhardt <williamehlhardt@gmail.com> parents: 19681 diff changeset	1323 least reprioritize them. For example, maybe the signature ought to be
21927 a464f202e6c4 Add the StartCom Free SSL Certificate Authority certificate (as used by Stu Tomlinson <stu@nosnilmot.com> parents: 21887 diff changeset	1324 checked BEFORE the hostname checking?
a464f202e6c4 Add the StartCom Free SSL Certificate Authority certificate (as used by Stu Tomlinson <stu@nosnilmot.com> parents: 21887 diff changeset	1325 Stu thinks we should check the signature before the name, so we do now.
a464f202e6c4 Add the StartCom Free SSL Certificate Authority certificate (as used by Stu Tomlinson <stu@nosnilmot.com> parents: 21887 diff changeset	1326 The above TODO still stands. */
19085 1bd9557f866e In tls_cached Verifier: William Ehlhardt <williamehlhardt@gmail.com> parents: 19084 diff changeset	1327 static void
1bd9557f866e In tls_cached Verifier: William Ehlhardt <williamehlhardt@gmail.com> parents: 19084 diff changeset	1328 x509_tls_cached_unknown_peer(PurpleCertificateVerificationRequest *vrq)
1bd9557f866e In tls_cached Verifier: William Ehlhardt <williamehlhardt@gmail.com> parents: 19084 diff changeset	1329 {
19089 c8962b52579e - Wrote a tls_cached unknown_peer function that does many fun things, William Ehlhardt <williamehlhardt@gmail.com> parents: 19088 diff changeset	1330 PurpleCertificatePool ca, tls_peers;
27671 99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1331 PurpleCertificate *peer_crt;
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1332 PurpleCertificate *failing_crt;
19089 c8962b52579e - Wrote a tls_cached unknown_peer function that does many fun things, William Ehlhardt <williamehlhardt@gmail.com> parents: 19088 diff changeset	1333 GList *chain = vrq->cert_chain;
27671 99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1334 gboolean chain_validated = FALSE;
19089 c8962b52579e - Wrote a tls_cached unknown_peer function that does many fun things, William Ehlhardt <williamehlhardt@gmail.com> parents: 19088 diff changeset	1335
19090 5310b1294287 - Add HOSTNAME CHECKING to tls_cached unknown_peer mode, which is kind William Ehlhardt <williamehlhardt@gmail.com> parents: 19089 diff changeset	1336 peer_crt = (PurpleCertificate *) chain->data;
5310b1294287 - Add HOSTNAME CHECKING to tls_cached unknown_peer mode, which is kind William Ehlhardt <williamehlhardt@gmail.com> parents: 19089 diff changeset	1337
19688 936f4de347c3 - Add specific notification for self-signed certificates. Fixes #2874 William Ehlhardt <williamehlhardt@gmail.com> parents: 19681 diff changeset	1338 /* TODO: Figure out a way to check for a bad signature, as opposed to
936f4de347c3 - Add specific notification for self-signed certificates. Fixes #2874 William Ehlhardt <williamehlhardt@gmail.com> parents: 19681 diff changeset	1339 "not self-signed" */
936f4de347c3 - Add specific notification for self-signed certificates. Fixes #2874 William Ehlhardt <williamehlhardt@gmail.com> parents: 19681 diff changeset	1340 if ( purple_certificate_signed_by(peer_crt, peer_crt) ) {
936f4de347c3 - Add specific notification for self-signed certificates. Fixes #2874 William Ehlhardt <williamehlhardt@gmail.com> parents: 19681 diff changeset	1341 gchar *msg;
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	1342
19688 936f4de347c3 - Add specific notification for self-signed certificates. Fixes #2874 William Ehlhardt <williamehlhardt@gmail.com> parents: 19681 diff changeset	1343 purple_debug_info("certificate/x509/tls_cached",
936f4de347c3 - Add specific notification for self-signed certificates. Fixes #2874 William Ehlhardt <williamehlhardt@gmail.com> parents: 19681 diff changeset	1344 "Certificate for %s is self-signed.\n",
936f4de347c3 - Add specific notification for self-signed certificates. Fixes #2874 William Ehlhardt <williamehlhardt@gmail.com> parents: 19681 diff changeset	1345 vrq->subject_name);
936f4de347c3 - Add specific notification for self-signed certificates. Fixes #2874 William Ehlhardt <williamehlhardt@gmail.com> parents: 19681 diff changeset	1346
936f4de347c3 - Add specific notification for self-signed certificates. Fixes #2874 William Ehlhardt <williamehlhardt@gmail.com> parents: 19681 diff changeset	1347 /* Prompt the user to authenticate the certificate */
936f4de347c3 - Add specific notification for self-signed certificates. Fixes #2874 William Ehlhardt <williamehlhardt@gmail.com> parents: 19681 diff changeset	1348 /* vrq will be completed by user_auth */
936f4de347c3 - Add specific notification for self-signed certificates. Fixes #2874 William Ehlhardt <williamehlhardt@gmail.com> parents: 19681 diff changeset	1349 msg = g_strdup_printf(_("The certificate presented by \"%s\" "
936f4de347c3 - Add specific notification for self-signed certificates. Fixes #2874 William Ehlhardt <williamehlhardt@gmail.com> parents: 19681 diff changeset	1350 "is self-signed. It cannot be "
936f4de347c3 - Add specific notification for self-signed certificates. Fixes #2874 William Ehlhardt <williamehlhardt@gmail.com> parents: 19681 diff changeset	1351 "automatically checked."),
936f4de347c3 - Add specific notification for self-signed certificates. Fixes #2874 William Ehlhardt <williamehlhardt@gmail.com> parents: 19681 diff changeset	1352 vrq->subject_name);
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	1353
19688 936f4de347c3 - Add specific notification for self-signed certificates. Fixes #2874 William Ehlhardt <williamehlhardt@gmail.com> parents: 19681 diff changeset	1354 x509_tls_cached_user_auth(vrq,msg);
936f4de347c3 - Add specific notification for self-signed certificates. Fixes #2874 William Ehlhardt <williamehlhardt@gmail.com> parents: 19681 diff changeset	1355
936f4de347c3 - Add specific notification for self-signed certificates. Fixes #2874 William Ehlhardt <williamehlhardt@gmail.com> parents: 19681 diff changeset	1356 g_free(msg);
936f4de347c3 - Add specific notification for self-signed certificates. Fixes #2874 William Ehlhardt <williamehlhardt@gmail.com> parents: 19681 diff changeset	1357 return;
21927 a464f202e6c4 Add the StartCom Free SSL Certificate Authority certificate (as used by Stu Tomlinson <stu@nosnilmot.com> parents: 21887 diff changeset	1358 } /* if (self signed) */
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	1359
19089 c8962b52579e - Wrote a tls_cached unknown_peer function that does many fun things, William Ehlhardt <williamehlhardt@gmail.com> parents: 19088 diff changeset	1360 /* Next, attempt to verify the last certificate against a CA */
c8962b52579e - Wrote a tls_cached unknown_peer function that does many fun things, William Ehlhardt <williamehlhardt@gmail.com> parents: 19088 diff changeset	1361 ca = purple_certificate_find_pool(x509_tls_cached.scheme_name, "ca");
c8962b52579e - Wrote a tls_cached unknown_peer function that does many fun things, William Ehlhardt <williamehlhardt@gmail.com> parents: 19088 diff changeset	1362
27671 99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1363 /* Next, check that the certificate chain is valid */
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1364 if (purple_certificate_check_signature_chain_with_failing(chain,
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1365 &failing_crt))
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1366 chain_validated = TRUE;
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1367 else {
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1368 /*
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1369 * Check if the failing certificate is in the CA store. If it is, then
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1370 * consider this fully validated. This works around issues with some
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1371 * prominent intermediate CAs whose signature is md5WithRSAEncryption.
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1372 * I'm looking at CACert Class 3 here. See #4458 for details.
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1373 */
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1374 if (ca) {
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1375 gchar *uid = purple_certificate_get_unique_id(failing_crt);
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1376 PurpleCertificate *ca_crt = purple_certificate_pool_retrieve(ca, uid);
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1377 if (ca_crt != NULL) {
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1378 GByteArray *failing_fpr;
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1379 GByteArray *ca_fpr;
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1380 failing_fpr = purple_certificate_get_fingerprint_sha1(failing_crt);
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1381 ca_fpr = purple_certificate_get_fingerprint_sha1(ca_crt);
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1382 if (byte_arrays_equal(failing_fpr, ca_fpr)) {
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1383 purple_debug_info("certificate/x509/tls_cached",
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1384 "Full chain verification failed (probably a bad "
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1385 "signature algorithm), but found the last "
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1386 "certificate %s in the CA pool.\n", uid);
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1387 chain_validated = TRUE;
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1388 }
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1389
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1390 g_byte_array_free(failing_fpr, TRUE);
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1391 g_byte_array_free(ca_fpr, TRUE);
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1392 }
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1393
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1394 purple_certificate_destroy(ca_crt);
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1395 g_free(uid);
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1396 }
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1397
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1398 /*
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1399 * If we get here, either the cert matched the stuff right above
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1400 * or it didn't, in which case we give up and complain to the user.
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1401 */
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1402 if (!chain_validated) {
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1403 /* TODO: Tell the user where the chain broke? */
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1404 /* TODO: This error will hopelessly confuse any
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1405 non-elite user. */
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1406 gchar *secondary;
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1407
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1408 secondary = g_strdup_printf(_("The certificate chain presented"
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1409 " for %s is not valid."),
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1410 vrq->subject_name);
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1411
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1412 /* TODO: Make this error either block the ensuing SSL
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1413 connection error until the user dismisses this one, or
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1414 stifle it. */
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1415 purple_notify_error(NULL, /* TODO: Probably wrong. */
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1416 _("SSL Certificate Error"),
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1417 _("Invalid certificate chain"),
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1418 secondary );
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1419 g_free(secondary);
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1420
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1421 /* Okay, we're done here */
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1422 purple_certificate_verify_complete(vrq,
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1423 PURPLE_CERTIFICATE_INVALID);
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1424 return;
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1425 }
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1426 } /* if (signature chain not good) */
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1427
19089 c8962b52579e - Wrote a tls_cached unknown_peer function that does many fun things, William Ehlhardt <williamehlhardt@gmail.com> parents: 19088 diff changeset	1428 /* If, for whatever reason, there is no Certificate Authority pool
c8962b52579e - Wrote a tls_cached unknown_peer function that does many fun things, William Ehlhardt <williamehlhardt@gmail.com> parents: 19088 diff changeset	1429 loaded, we will simply present it to the user for checking. */
c8962b52579e - Wrote a tls_cached unknown_peer function that does many fun things, William Ehlhardt <williamehlhardt@gmail.com> parents: 19088 diff changeset	1430 if ( !ca ) {
c8962b52579e - Wrote a tls_cached unknown_peer function that does many fun things, William Ehlhardt <williamehlhardt@gmail.com> parents: 19088 diff changeset	1431 purple_debug_error("certificate/x509/tls_cached",
c8962b52579e - Wrote a tls_cached unknown_peer function that does many fun things, William Ehlhardt <williamehlhardt@gmail.com> parents: 19088 diff changeset	1432 "No X.509 Certificate Authority pool "
c8962b52579e - Wrote a tls_cached unknown_peer function that does many fun things, William Ehlhardt <williamehlhardt@gmail.com> parents: 19088 diff changeset	1433 "could be found!\n");
19330 b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1434
19089 c8962b52579e - Wrote a tls_cached unknown_peer function that does many fun things, William Ehlhardt <williamehlhardt@gmail.com> parents: 19088 diff changeset	1435 /* vrq will be completed by user_auth */
19330 b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1436 x509_tls_cached_user_auth(vrq,_("You have no database of root "
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1437 "certificates, so this "
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1438 "certificate cannot be "
b65a23799dc2 In tls_cached: William Ehlhardt <williamehlhardt@gmail.com> parents: 19329 diff changeset	1439 "validated."));
19089 c8962b52579e - Wrote a tls_cached unknown_peer function that does many fun things, William Ehlhardt <williamehlhardt@gmail.com> parents: 19088 diff changeset	1440 return;
c8962b52579e - Wrote a tls_cached unknown_peer function that does many fun things, William Ehlhardt <williamehlhardt@gmail.com> parents: 19088 diff changeset	1441 }
c8962b52579e - Wrote a tls_cached unknown_peer function that does many fun things, William Ehlhardt <williamehlhardt@gmail.com> parents: 19088 diff changeset	1442
27671 99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1443 if (!chain_validated) {
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1444 GByteArray last_fpr, ca_fpr;
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1445 PurpleCertificate ca_crt, end_crt;
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1446 gchar *ca_id;
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1447
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1448 end_crt = g_list_last(chain)->data;
19089 c8962b52579e - Wrote a tls_cached unknown_peer function that does many fun things, William Ehlhardt <williamehlhardt@gmail.com> parents: 19088 diff changeset	1449
27671 99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1450 /* Attempt to look up the last certificate's issuer */
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1451 ca_id = purple_certificate_get_issuer_unique_id(end_crt);
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1452 purple_debug_info("certificate/x509/tls_cached",
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1453 "Checking for a CA with DN=%s\n",
19089 c8962b52579e - Wrote a tls_cached unknown_peer function that does many fun things, William Ehlhardt <williamehlhardt@gmail.com> parents: 19088 diff changeset	1454 ca_id);
27671 99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1455 ca_crt = purple_certificate_pool_retrieve(ca, ca_id);
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1456 if ( NULL == ca_crt ) {
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1457 purple_debug_warning("certificate/x509/tls_cached",
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1458 "Certificate Authority with DN='%s' not "
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1459 "found. I'll prompt the user, I guess.\n",
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1460 ca_id);
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1461 g_free(ca_id);
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1462 /* vrq will be completed by user_auth */
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1463 x509_tls_cached_user_auth(vrq,_("The root certificate this "
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1464 "one claims to be issued by "
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1465 "is unknown to Pidgin."));
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1466 return;
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1467 }
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1468
19089 c8962b52579e - Wrote a tls_cached unknown_peer function that does many fun things, William Ehlhardt <williamehlhardt@gmail.com> parents: 19088 diff changeset	1469 g_free(ca_id);
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	1470
27671 99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1471 /*
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1472 * Check the fingerprints; if they match, then this certificate is one
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1473 * of the designated "trusted roots", and we don't need to verify the
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1474 * signature. This is good because some of the older roots are self-signed
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1475 * with bad hash algorithms that we don't want to allow in any other
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1476 * circumstances (one of Verisign's root CAs is self-signed with MD2).
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1477 *
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1478 * If the fingerprints don't match, we'll fall back to checking the
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1479 * signature.
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1480 *
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1481 * GnuTLS doesn't seem to include the final root in the verification
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1482 * list, so this check will never succeed. NSS does include it in
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1483 * the list, so here we are.
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1484 */
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1485 last_fpr = purple_certificate_get_fingerprint_sha1(end_crt);
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1486 ca_fpr = purple_certificate_get_fingerprint_sha1(ca_crt);
27669 4c5f35f2b1ff A better solution for verifying certificate chains with NSS 3.12.3. Paul Aurich <paul@darkrain42.org> parents: 27664 diff changeset	1487
27671 99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1488 if ( !byte_arrays_equal(last_fpr, ca_fpr) &&
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1489 !purple_certificate_signed_by(end_crt, ca_crt) )
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1490 {
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1491 /* TODO: If signed_by ever returns a reason, maybe mention
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1492 that, too. */
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1493 /* TODO: Also mention the CA involved. While I could do this
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1494 now, a full DN is a little much with which to assault the
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1495 user's poor, leaky eyes. */
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1496 /* TODO: This error message makes my eyes cross, and I wrote it */
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1497 gchar * secondary =
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1498 g_strdup_printf(_("The certificate chain presented by "
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1499 "%s does not have a valid digital "
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1500 "signature from the Certificate "
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1501 "Authority from which it claims to "
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1502 "have a signature."),
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1503 vrq->subject_name);
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	1504
27671 99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1505 purple_notify_error(NULL, /* TODO: Probably wrong */
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1506 _("SSL Certificate Error"),
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1507 _("Invalid certificate authority"
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1508 " signature"),
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1509 secondary);
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1510 g_free(secondary);
19089 c8962b52579e - Wrote a tls_cached unknown_peer function that does many fun things, William Ehlhardt <williamehlhardt@gmail.com> parents: 19088 diff changeset	1511
27671 99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1512 /* Signal "bad cert" */
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1513 purple_certificate_verify_complete(vrq,
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1514 PURPLE_CERTIFICATE_INVALID);
27669 4c5f35f2b1ff A better solution for verifying certificate chains with NSS 3.12.3. Paul Aurich <paul@darkrain42.org> parents: 27664 diff changeset	1515
27671 99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1516 purple_certificate_destroy(ca_crt);
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1517 g_byte_array_free(ca_fpr, TRUE);
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1518 g_byte_array_free(last_fpr, TRUE);
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1519 return;
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1520 } /* if (CA signature not good) */
19089 c8962b52579e - Wrote a tls_cached unknown_peer function that does many fun things, William Ehlhardt <williamehlhardt@gmail.com> parents: 19088 diff changeset	1521
27671 99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1522 g_byte_array_free(ca_fpr, TRUE);
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1523 g_byte_array_free(last_fpr, TRUE);
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458. Paul Aurich <paul@darkrain42.org> parents: 27669 diff changeset	1524 }
27669 4c5f35f2b1ff A better solution for verifying certificate chains with NSS 3.12.3. Paul Aurich <paul@darkrain42.org> parents: 27664 diff changeset	1525
21927 a464f202e6c4 Add the StartCom Free SSL Certificate Authority certificate (as used by Stu Tomlinson <stu@nosnilmot.com> parents: 21887 diff changeset	1526 /* Last, check that the hostname matches */
a464f202e6c4 Add the StartCom Free SSL Certificate Authority certificate (as used by Stu Tomlinson <stu@nosnilmot.com> parents: 21887 diff changeset	1527 if ( ! purple_certificate_check_subject_name(peer_crt,
a464f202e6c4 Add the StartCom Free SSL Certificate Authority certificate (as used by Stu Tomlinson <stu@nosnilmot.com> parents: 21887 diff changeset	1528 vrq->subject_name) ) {
a464f202e6c4 Add the StartCom Free SSL Certificate Authority certificate (as used by Stu Tomlinson <stu@nosnilmot.com> parents: 21887 diff changeset	1529 gchar *sn = purple_certificate_get_subject_name(peer_crt);
a464f202e6c4 Add the StartCom Free SSL Certificate Authority certificate (as used by Stu Tomlinson <stu@nosnilmot.com> parents: 21887 diff changeset	1530 gchar *msg;
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	1531
27231 627d23bfdb05 Increase the logging level of some debugging messages that seemed to be a mauro.brasil@tqi.com.br parents: 25941 diff changeset	1532 purple_debug_error("certificate/x509/tls_cached",
21927 a464f202e6c4 Add the StartCom Free SSL Certificate Authority certificate (as used by Stu Tomlinson <stu@nosnilmot.com> parents: 21887 diff changeset	1533 "Name mismatch: Certificate given for %s "
a464f202e6c4 Add the StartCom Free SSL Certificate Authority certificate (as used by Stu Tomlinson <stu@nosnilmot.com> parents: 21887 diff changeset	1534 "has a name of %s\n",
a464f202e6c4 Add the StartCom Free SSL Certificate Authority certificate (as used by Stu Tomlinson <stu@nosnilmot.com> parents: 21887 diff changeset	1535 vrq->subject_name, sn);
a464f202e6c4 Add the StartCom Free SSL Certificate Authority certificate (as used by Stu Tomlinson <stu@nosnilmot.com> parents: 21887 diff changeset	1536
a464f202e6c4 Add the StartCom Free SSL Certificate Authority certificate (as used by Stu Tomlinson <stu@nosnilmot.com> parents: 21887 diff changeset	1537 /* Prompt the user to authenticate the certificate */
a464f202e6c4 Add the StartCom Free SSL Certificate Authority certificate (as used by Stu Tomlinson <stu@nosnilmot.com> parents: 21887 diff changeset	1538 /* TODO: Provide the user with more guidance about why he is
a464f202e6c4 Add the StartCom Free SSL Certificate Authority certificate (as used by Stu Tomlinson <stu@nosnilmot.com> parents: 21887 diff changeset	1539 being prompted */
a464f202e6c4 Add the StartCom Free SSL Certificate Authority certificate (as used by Stu Tomlinson <stu@nosnilmot.com> parents: 21887 diff changeset	1540 /* vrq will be completed by user_auth */
a464f202e6c4 Add the StartCom Free SSL Certificate Authority certificate (as used by Stu Tomlinson <stu@nosnilmot.com> parents: 21887 diff changeset	1541 msg = g_strdup_printf(_("The certificate presented by \"%s\" "
a464f202e6c4 Add the StartCom Free SSL Certificate Authority certificate (as used by Stu Tomlinson <stu@nosnilmot.com> parents: 21887 diff changeset	1542 "claims to be from \"%s\" instead. "
a464f202e6c4 Add the StartCom Free SSL Certificate Authority certificate (as used by Stu Tomlinson <stu@nosnilmot.com> parents: 21887 diff changeset	1543 "This could mean that you are not "
a464f202e6c4 Add the StartCom Free SSL Certificate Authority certificate (as used by Stu Tomlinson <stu@nosnilmot.com> parents: 21887 diff changeset	1544 "connecting to the service you "
a464f202e6c4 Add the StartCom Free SSL Certificate Authority certificate (as used by Stu Tomlinson <stu@nosnilmot.com> parents: 21887 diff changeset	1545 "believe you are."),
a464f202e6c4 Add the StartCom Free SSL Certificate Authority certificate (as used by Stu Tomlinson <stu@nosnilmot.com> parents: 21887 diff changeset	1546 vrq->subject_name, sn);
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	1547
21927 a464f202e6c4 Add the StartCom Free SSL Certificate Authority certificate (as used by Stu Tomlinson <stu@nosnilmot.com> parents: 21887 diff changeset	1548 x509_tls_cached_user_auth(vrq,msg);
a464f202e6c4 Add the StartCom Free SSL Certificate Authority certificate (as used by Stu Tomlinson <stu@nosnilmot.com> parents: 21887 diff changeset	1549
a464f202e6c4 Add the StartCom Free SSL Certificate Authority certificate (as used by Stu Tomlinson <stu@nosnilmot.com> parents: 21887 diff changeset	1550 g_free(sn);
a464f202e6c4 Add the StartCom Free SSL Certificate Authority certificate (as used by Stu Tomlinson <stu@nosnilmot.com> parents: 21887 diff changeset	1551 g_free(msg);
a464f202e6c4 Add the StartCom Free SSL Certificate Authority certificate (as used by Stu Tomlinson <stu@nosnilmot.com> parents: 21887 diff changeset	1552 return;
a464f202e6c4 Add the StartCom Free SSL Certificate Authority certificate (as used by Stu Tomlinson <stu@nosnilmot.com> parents: 21887 diff changeset	1553 } /* if (name mismatch) */
a464f202e6c4 Add the StartCom Free SSL Certificate Authority certificate (as used by Stu Tomlinson <stu@nosnilmot.com> parents: 21887 diff changeset	1554
19089 c8962b52579e - Wrote a tls_cached unknown_peer function that does many fun things, William Ehlhardt <williamehlhardt@gmail.com> parents: 19088 diff changeset	1555 /* If we reach this point, the certificate is good. */
c8962b52579e - Wrote a tls_cached unknown_peer function that does many fun things, William Ehlhardt <williamehlhardt@gmail.com> parents: 19088 diff changeset	1556 /* Look up the local cache and store it there for future use */
c8962b52579e - Wrote a tls_cached unknown_peer function that does many fun things, William Ehlhardt <williamehlhardt@gmail.com> parents: 19088 diff changeset	1557 tls_peers = purple_certificate_find_pool(x509_tls_cached.scheme_name,
c8962b52579e - Wrote a tls_cached unknown_peer function that does many fun things, William Ehlhardt <williamehlhardt@gmail.com> parents: 19088 diff changeset	1558 "tls_peers");
c8962b52579e - Wrote a tls_cached unknown_peer function that does many fun things, William Ehlhardt <williamehlhardt@gmail.com> parents: 19088 diff changeset	1559
c8962b52579e - Wrote a tls_cached unknown_peer function that does many fun things, William Ehlhardt <williamehlhardt@gmail.com> parents: 19088 diff changeset	1560 if (tls_peers) {
19553 f36d0d2bf6f2 - Remove g_assert()s. Fixes #2859 William Ehlhardt <williamehlhardt@gmail.com> parents: 19534 diff changeset	1561 if (!purple_certificate_pool_store(tls_peers,vrq->subject_name,
f36d0d2bf6f2 - Remove g_assert()s. Fixes #2859 William Ehlhardt <williamehlhardt@gmail.com> parents: 19534 diff changeset	1562 peer_crt) ) {
f36d0d2bf6f2 - Remove g_assert()s. Fixes #2859 William Ehlhardt <williamehlhardt@gmail.com> parents: 19534 diff changeset	1563 purple_debug_error("certificate/x509/tls_cached",
f36d0d2bf6f2 - Remove g_assert()s. Fixes #2859 William Ehlhardt <williamehlhardt@gmail.com> parents: 19534 diff changeset	1564 "FAILED to cache peer certificate\n");
f36d0d2bf6f2 - Remove g_assert()s. Fixes #2859 William Ehlhardt <williamehlhardt@gmail.com> parents: 19534 diff changeset	1565 }
19089 c8962b52579e - Wrote a tls_cached unknown_peer function that does many fun things, William Ehlhardt <williamehlhardt@gmail.com> parents: 19088 diff changeset	1566 } else {
c8962b52579e - Wrote a tls_cached unknown_peer function that does many fun things, William Ehlhardt <williamehlhardt@gmail.com> parents: 19088 diff changeset	1567 purple_debug_error("certificate/x509/tls_cached",
c8962b52579e - Wrote a tls_cached unknown_peer function that does many fun things, William Ehlhardt <williamehlhardt@gmail.com> parents: 19088 diff changeset	1568 "Unable to locate tls_peers certificate "
c8962b52579e - Wrote a tls_cached unknown_peer function that does many fun things, William Ehlhardt <williamehlhardt@gmail.com> parents: 19088 diff changeset	1569 "cache.\n");
c8962b52579e - Wrote a tls_cached unknown_peer function that does many fun things, William Ehlhardt <williamehlhardt@gmail.com> parents: 19088 diff changeset	1570 }
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	1571
19089 c8962b52579e - Wrote a tls_cached unknown_peer function that does many fun things, William Ehlhardt <williamehlhardt@gmail.com> parents: 19088 diff changeset	1572 /* Whew! Done! */
c8962b52579e - Wrote a tls_cached unknown_peer function that does many fun things, William Ehlhardt <williamehlhardt@gmail.com> parents: 19088 diff changeset	1573 purple_certificate_verify_complete(vrq, PURPLE_CERTIFICATE_VALID);
19085 1bd9557f866e In tls_cached Verifier: William Ehlhardt <williamehlhardt@gmail.com> parents: 19084 diff changeset	1574 }
1bd9557f866e In tls_cached Verifier: William Ehlhardt <williamehlhardt@gmail.com> parents: 19084 diff changeset	1575
19000 986413850713 - More skeletonizing for tls_cached logic. William Ehlhardt <williamehlhardt@gmail.com> parents: 18999 diff changeset	1576 static void
18993 33fb4930ad2b - Add x509_tls_cached skeleton William Ehlhardt <williamehlhardt@gmail.com> parents: 18992 diff changeset	1577 x509_tls_cached_start_verify(PurpleCertificateVerificationRequest *vrq)
33fb4930ad2b - Add x509_tls_cached skeleton William Ehlhardt <williamehlhardt@gmail.com> parents: 18992 diff changeset	1578 {
18999 7fbd0a6ac8d6 - Made a logic skeleton for tls_cached verifier William Ehlhardt <williamehlhardt@gmail.com> parents: 18996 diff changeset	1579 const gchar tls_peers_name = "tls_peers"; / Name of local cache */
7fbd0a6ac8d6 - Made a logic skeleton for tls_cached verifier William Ehlhardt <williamehlhardt@gmail.com> parents: 18996 diff changeset	1580 PurpleCertificatePool *tls_peers;
27664 151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	1581 time_t now, activation, expiration;
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	1582 gboolean ret;
18999 7fbd0a6ac8d6 - Made a logic skeleton for tls_cached verifier William Ehlhardt <williamehlhardt@gmail.com> parents: 18996 diff changeset	1583
18993 33fb4930ad2b - Add x509_tls_cached skeleton William Ehlhardt <williamehlhardt@gmail.com> parents: 18992 diff changeset	1584 g_return_if_fail(vrq);
18999 7fbd0a6ac8d6 - Made a logic skeleton for tls_cached verifier William Ehlhardt <williamehlhardt@gmail.com> parents: 18996 diff changeset	1585
7fbd0a6ac8d6 - Made a logic skeleton for tls_cached verifier William Ehlhardt <williamehlhardt@gmail.com> parents: 18996 diff changeset	1586 purple_debug_info("certificate/x509/tls_cached",
7fbd0a6ac8d6 - Made a logic skeleton for tls_cached verifier William Ehlhardt <williamehlhardt@gmail.com> parents: 18996 diff changeset	1587 "Starting verify for %s\n",
7fbd0a6ac8d6 - Made a logic skeleton for tls_cached verifier William Ehlhardt <williamehlhardt@gmail.com> parents: 18996 diff changeset	1588 vrq->subject_name);
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	1589
27664 151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	1590 /*
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	1591 * Verify the first certificate (the main one) has been activated and
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	1592 * isn't expired, i.e. activation < now < expiration.
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	1593 */
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	1594 now = time(NULL);
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	1595 ret = purple_certificate_get_times(vrq->cert_chain->data, &activation,
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	1596 &expiration);
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	1597 if (!ret \|\| now > expiration \|\| now < activation) {
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	1598 gchar *secondary;
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	1599
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	1600 if (!ret)
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	1601 purple_debug_error("certificate/x509/tls_cached",
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	1602 "Failed to get validity times for certificate %s\n",
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	1603 vrq->subject_name);
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	1604 else if (now > expiration)
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	1605 purple_debug_error("certificate/x509/tls_cached",
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	1606 "Certificate %s expired at %s\n",
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	1607 vrq->subject_name, ctime(&expiration));
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	1608 else
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	1609 purple_debug_error("certificate/x509/tls_cached",
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	1610 "Certificate %s is not yet valid, will be at %s\n",
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	1611 vrq->subject_name, ctime(&activation));
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	1612
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	1613 /* FIXME 2.6.1 */
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	1614 secondary = g_strdup_printf(_("The certificate chain presented"
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	1615 " for %s is not valid."),
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	1616 vrq->subject_name);
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	1617
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	1618 purple_notify_error(NULL, /* TODO: Probably wrong. */
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	1619 _("SSL Certificate Error"),
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	1620 _("Invalid certificate chain"),
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	1621 secondary );
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	1622 g_free(secondary);
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	1623
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	1624 /* Okay, we're done here */
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	1625 purple_certificate_verify_complete(vrq,
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	1626 PURPLE_CERTIFICATE_INVALID);
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	1627 return;
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	1628 }
151ec92db74c Check expiration/activation times on certificates. Closes #8226. Paul Aurich <paul@darkrain42.org> parents: 27567 diff changeset	1629
18999 7fbd0a6ac8d6 - Made a logic skeleton for tls_cached verifier William Ehlhardt <williamehlhardt@gmail.com> parents: 18996 diff changeset	1630 tls_peers = purple_certificate_find_pool(x509_tls_cached.scheme_name,tls_peers_name);
7fbd0a6ac8d6 - Made a logic skeleton for tls_cached verifier William Ehlhardt <williamehlhardt@gmail.com> parents: 18996 diff changeset	1631
7fbd0a6ac8d6 - Made a logic skeleton for tls_cached verifier William Ehlhardt <williamehlhardt@gmail.com> parents: 18996 diff changeset	1632 if (!tls_peers) {
7fbd0a6ac8d6 - Made a logic skeleton for tls_cached verifier William Ehlhardt <williamehlhardt@gmail.com> parents: 18996 diff changeset	1633 purple_debug_error("certificate/x509/tls_cached",
23987 11f98b1e605b remove misleading portion of the debug line Ka-Hing Cheung <khc@hxbc.us> parents: 23685 diff changeset	1634 "Couldn't find local peers cache %s\n",
18999 7fbd0a6ac8d6 - Made a logic skeleton for tls_cached verifier William Ehlhardt <williamehlhardt@gmail.com> parents: 18996 diff changeset	1635 tls_peers_name);
19091 489889091b14 - Remove all usage of purple_certificate_verify_destroy, as it is William Ehlhardt <williamehlhardt@gmail.com> parents: 19090 diff changeset	1636
20247 e6315ec87124 applied changes from 92e6c32278d711f0d5807c4d931b26162e4a720f Richard Laager <rlaager@wiktel.com> parents: 19688 diff changeset	1637
e6315ec87124 applied changes from 92e6c32278d711f0d5807c4d931b26162e4a720f Richard Laager <rlaager@wiktel.com> parents: 19688 diff changeset	1638 /* vrq now becomes the problem of unknown_peer */
e6315ec87124 applied changes from 92e6c32278d711f0d5807c4d931b26162e4a720f Richard Laager <rlaager@wiktel.com> parents: 19688 diff changeset	1639 x509_tls_cached_unknown_peer(vrq);
18999 7fbd0a6ac8d6 - Made a logic skeleton for tls_cached verifier William Ehlhardt <williamehlhardt@gmail.com> parents: 18996 diff changeset	1640 return;
7fbd0a6ac8d6 - Made a logic skeleton for tls_cached verifier William Ehlhardt <williamehlhardt@gmail.com> parents: 18996 diff changeset	1641 }
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	1642
18999 7fbd0a6ac8d6 - Made a logic skeleton for tls_cached verifier William Ehlhardt <williamehlhardt@gmail.com> parents: 18996 diff changeset	1643 /* Check if the peer has a certificate cached already */
7fbd0a6ac8d6 - Made a logic skeleton for tls_cached verifier William Ehlhardt <williamehlhardt@gmail.com> parents: 18996 diff changeset	1644 purple_debug_info("certificate/x509/tls_cached",
7fbd0a6ac8d6 - Made a logic skeleton for tls_cached verifier William Ehlhardt <williamehlhardt@gmail.com> parents: 18996 diff changeset	1645 "Checking for cached cert...\n");
7fbd0a6ac8d6 - Made a logic skeleton for tls_cached verifier William Ehlhardt <williamehlhardt@gmail.com> parents: 18996 diff changeset	1646 if (purple_certificate_pool_contains(tls_peers, vrq->subject_name)) {
7fbd0a6ac8d6 - Made a logic skeleton for tls_cached verifier William Ehlhardt <williamehlhardt@gmail.com> parents: 18996 diff changeset	1647 purple_debug_info("certificate/x509/tls_cached",
7fbd0a6ac8d6 - Made a logic skeleton for tls_cached verifier William Ehlhardt <williamehlhardt@gmail.com> parents: 18996 diff changeset	1648 "...Found cached cert\n");
19086 e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into William Ehlhardt <williamehlhardt@gmail.com> parents: 19085 diff changeset	1649 /* vrq is now the responsibility of cert_in_cache */
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into William Ehlhardt <williamehlhardt@gmail.com> parents: 19085 diff changeset	1650 x509_tls_cached_cert_in_cache(vrq);
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into William Ehlhardt <williamehlhardt@gmail.com> parents: 19085 diff changeset	1651 } else {
27231 627d23bfdb05 Increase the logging level of some debugging messages that seemed to be a mauro.brasil@tqi.com.br parents: 25941 diff changeset	1652 purple_debug_warning("certificate/x509/tls_cached",
18999 7fbd0a6ac8d6 - Made a logic skeleton for tls_cached verifier William Ehlhardt <williamehlhardt@gmail.com> parents: 18996 diff changeset	1653 "...Not in cache\n");
19000 986413850713 - More skeletonizing for tls_cached logic. William Ehlhardt <williamehlhardt@gmail.com> parents: 18999 diff changeset	1654 /* vrq now becomes the problem of unknown_peer */
986413850713 - More skeletonizing for tls_cached logic. William Ehlhardt <williamehlhardt@gmail.com> parents: 18999 diff changeset	1655 x509_tls_cached_unknown_peer(vrq);
18999 7fbd0a6ac8d6 - Made a logic skeleton for tls_cached verifier William Ehlhardt <williamehlhardt@gmail.com> parents: 18996 diff changeset	1656 }
18993 33fb4930ad2b - Add x509_tls_cached skeleton William Ehlhardt <williamehlhardt@gmail.com> parents: 18992 diff changeset	1657 }
33fb4930ad2b - Add x509_tls_cached skeleton William Ehlhardt <williamehlhardt@gmail.com> parents: 18992 diff changeset	1658
33fb4930ad2b - Add x509_tls_cached skeleton William Ehlhardt <williamehlhardt@gmail.com> parents: 18992 diff changeset	1659 static void
33fb4930ad2b - Add x509_tls_cached skeleton William Ehlhardt <williamehlhardt@gmail.com> parents: 18992 diff changeset	1660 x509_tls_cached_destroy_request(PurpleCertificateVerificationRequest *vrq)
33fb4930ad2b - Add x509_tls_cached skeleton William Ehlhardt <williamehlhardt@gmail.com> parents: 18992 diff changeset	1661 {
33fb4930ad2b - Add x509_tls_cached skeleton William Ehlhardt <williamehlhardt@gmail.com> parents: 18992 diff changeset	1662 g_return_if_fail(vrq);
33fb4930ad2b - Add x509_tls_cached skeleton William Ehlhardt <williamehlhardt@gmail.com> parents: 18992 diff changeset	1663 }
33fb4930ad2b - Add x509_tls_cached skeleton William Ehlhardt <williamehlhardt@gmail.com> parents: 18992 diff changeset	1664
33fb4930ad2b - Add x509_tls_cached skeleton William Ehlhardt <williamehlhardt@gmail.com> parents: 18992 diff changeset	1665 static PurpleCertificateVerifier x509_tls_cached = {
33fb4930ad2b - Add x509_tls_cached skeleton William Ehlhardt <williamehlhardt@gmail.com> parents: 18992 diff changeset	1666 "x509", /* Scheme name */
33fb4930ad2b - Add x509_tls_cached skeleton William Ehlhardt <williamehlhardt@gmail.com> parents: 18992 diff changeset	1667 "tls_cached", /* Verifier name */
33fb4930ad2b - Add x509_tls_cached skeleton William Ehlhardt <williamehlhardt@gmail.com> parents: 18992 diff changeset	1668 x509_tls_cached_start_verify, /* Verification begin */
19649 450f4a3c4c0f - Add purple_reserved fields to various structures. William Ehlhardt <williamehlhardt@gmail.com> parents: 19564 diff changeset	1669 x509_tls_cached_destroy_request,/* Request cleanup */
450f4a3c4c0f - Add purple_reserved fields to various structures. William Ehlhardt <williamehlhardt@gmail.com> parents: 19564 diff changeset	1670
450f4a3c4c0f - Add purple_reserved fields to various structures. William Ehlhardt <williamehlhardt@gmail.com> parents: 19564 diff changeset	1671 NULL,
450f4a3c4c0f - Add purple_reserved fields to various structures. William Ehlhardt <williamehlhardt@gmail.com> parents: 19564 diff changeset	1672 NULL,
450f4a3c4c0f - Add purple_reserved fields to various structures. William Ehlhardt <williamehlhardt@gmail.com> parents: 19564 diff changeset	1673 NULL,
450f4a3c4c0f - Add purple_reserved fields to various structures. William Ehlhardt <williamehlhardt@gmail.com> parents: 19564 diff changeset	1674 NULL
450f4a3c4c0f - Add purple_reserved fields to various structures. William Ehlhardt <williamehlhardt@gmail.com> parents: 19564 diff changeset	1675
18993 33fb4930ad2b - Add x509_tls_cached skeleton William Ehlhardt <williamehlhardt@gmail.com> parents: 18992 diff changeset	1676 };
18975 172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons William Ehlhardt <williamehlhardt@gmail.com> parents: 18973 diff changeset	1677
18950 f78a9efa9eaf - Add purple_certificate_register_builtins William Ehlhardt <williamehlhardt@gmail.com> parents: 18949 diff changeset	1678 /****************************************************************************/
f78a9efa9eaf - Add purple_certificate_register_builtins William Ehlhardt <williamehlhardt@gmail.com> parents: 18949 diff changeset	1679 /* Subsystem */
f78a9efa9eaf - Add purple_certificate_register_builtins William Ehlhardt <williamehlhardt@gmail.com> parents: 18949 diff changeset	1680 /****************************************************************************/
f78a9efa9eaf - Add purple_certificate_register_builtins William Ehlhardt <williamehlhardt@gmail.com> parents: 18949 diff changeset	1681 void
18957 9205841eed06 - Certificate system now has init and uninit like other systems William Ehlhardt <williamehlhardt@gmail.com> parents: 18953 diff changeset	1682 purple_certificate_init(void)
18950 f78a9efa9eaf - Add purple_certificate_register_builtins William Ehlhardt <williamehlhardt@gmail.com> parents: 18949 diff changeset	1683 {
18957 9205841eed06 - Certificate system now has init and uninit like other systems William Ehlhardt <williamehlhardt@gmail.com> parents: 18953 diff changeset	1684 /* Register builtins */
18953 89b32569890c - Add purple_certificate_get_fingerprint_sha1 William Ehlhardt <williamehlhardt@gmail.com> parents: 18952 diff changeset	1685 purple_certificate_register_verifier(&x509_singleuse);
19093 f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool William Ehlhardt <williamehlhardt@gmail.com> parents: 19092 diff changeset	1686 purple_certificate_register_pool(&x509_ca);
18975 172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons William Ehlhardt <williamehlhardt@gmail.com> parents: 18973 diff changeset	1687 purple_certificate_register_pool(&x509_tls_peers);
18993 33fb4930ad2b - Add x509_tls_cached skeleton William Ehlhardt <williamehlhardt@gmail.com> parents: 18992 diff changeset	1688 purple_certificate_register_verifier(&x509_tls_cached);
18950 f78a9efa9eaf - Add purple_certificate_register_builtins William Ehlhardt <williamehlhardt@gmail.com> parents: 18949 diff changeset	1689 }
18946 617447a71ab7 - Add certificate_destroy and certificate_destroy_list William Ehlhardt <williamehlhardt@gmail.com> parents: 18943 diff changeset	1690
18957 9205841eed06 - Certificate system now has init and uninit like other systems William Ehlhardt <williamehlhardt@gmail.com> parents: 18953 diff changeset	1691 void
9205841eed06 - Certificate system now has init and uninit like other systems William Ehlhardt <williamehlhardt@gmail.com> parents: 18953 diff changeset	1692 purple_certificate_uninit(void)
9205841eed06 - Certificate system now has init and uninit like other systems William Ehlhardt <williamehlhardt@gmail.com> parents: 18953 diff changeset	1693 {
19024 264f00bc8f22 - Change certificate_uninit to unregister all Pools, Schemes, and William Ehlhardt <williamehlhardt@gmail.com> parents: 19023 diff changeset	1694 /* Unregister all Verifiers */
25375 fc8fd4fef166 Fix a crash on exit with a patch from im.pidgin.next.minor. Elliott Sales de Andrade <qulogic@pidgin.im> parents: 24840 diff changeset	1695 g_list_foreach(cert_verifiers, (GFunc)purple_certificate_unregister_verifier, NULL);
19024 264f00bc8f22 - Change certificate_uninit to unregister all Pools, Schemes, and William Ehlhardt <williamehlhardt@gmail.com> parents: 19023 diff changeset	1696
264f00bc8f22 - Change certificate_uninit to unregister all Pools, Schemes, and William Ehlhardt <williamehlhardt@gmail.com> parents: 19023 diff changeset	1697 /* Unregister all Pools */
25375 fc8fd4fef166 Fix a crash on exit with a patch from im.pidgin.next.minor. Elliott Sales de Andrade <qulogic@pidgin.im> parents: 24840 diff changeset	1698 g_list_foreach(cert_pools, (GFunc)purple_certificate_unregister_pool, NULL);
18957 9205841eed06 - Certificate system now has init and uninit like other systems William Ehlhardt <williamehlhardt@gmail.com> parents: 18953 diff changeset	1699 }
9205841eed06 - Certificate system now has init and uninit like other systems William Ehlhardt <williamehlhardt@gmail.com> parents: 18953 diff changeset	1700
19022 1f07f96dc1ce - Add purple_certificate_get_handle William Ehlhardt <williamehlhardt@gmail.com> parents: 19021 diff changeset	1701 gpointer
1f07f96dc1ce - Add purple_certificate_get_handle William Ehlhardt <williamehlhardt@gmail.com> parents: 19021 diff changeset	1702 purple_certificate_get_handle(void)
1f07f96dc1ce - Add purple_certificate_get_handle William Ehlhardt <williamehlhardt@gmail.com> parents: 19021 diff changeset	1703 {
1f07f96dc1ce - Add purple_certificate_get_handle William Ehlhardt <williamehlhardt@gmail.com> parents: 19021 diff changeset	1704 static gint handle;
1f07f96dc1ce - Add purple_certificate_get_handle William Ehlhardt <williamehlhardt@gmail.com> parents: 19021 diff changeset	1705 return &handle;
1f07f96dc1ce - Add purple_certificate_get_handle William Ehlhardt <williamehlhardt@gmail.com> parents: 19021 diff changeset	1706 }
1f07f96dc1ce - Add purple_certificate_get_handle William Ehlhardt <williamehlhardt@gmail.com> parents: 19021 diff changeset	1707
18192 dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	1708 PurpleCertificateScheme *
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	1709 purple_certificate_find_scheme(const gchar *name)
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	1710 {
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	1711 PurpleCertificateScheme *scheme = NULL;
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	1712 GList *l;
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	1713
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	1714 g_return_val_if_fail(name, NULL);
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	1715
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	1716 /* Traverse the list of registered schemes and locate the
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	1717 one whose name matches */
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	1718 for(l = cert_schemes; l; l = l->next) {
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	1719 scheme = (PurpleCertificateScheme *)(l->data);
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	1720
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	1721 /* Name matches? that's our man */
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	1722 if(!g_ascii_strcasecmp(scheme->name, name))
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	1723 return scheme;
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	1724 }
17910 668a294f9a72 - Added certificate.[ch] and got them integrated into the build William Ehlhardt <williamehlhardt@gmail.com> parents: diff changeset	1725
18192 dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	1726 purple_debug_warning("certificate",
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	1727 "CertificateScheme %s requested but not found.\n",
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	1728 name);
17910 668a294f9a72 - Added certificate.[ch] and got them integrated into the build William Ehlhardt <williamehlhardt@gmail.com> parents: diff changeset	1729
18192 dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	1730 /* TODO: Signalling and such? */
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	1731
18192 dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	1732 return NULL;
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	1733 }
17910 668a294f9a72 - Added certificate.[ch] and got them integrated into the build William Ehlhardt <williamehlhardt@gmail.com> parents: diff changeset	1734
19023 eb86ff3ba21a - Add get_pools, get_verifiers, and get_schemes William Ehlhardt <williamehlhardt@gmail.com> parents: 19022 diff changeset	1735 GList *
eb86ff3ba21a - Add get_pools, get_verifiers, and get_schemes William Ehlhardt <williamehlhardt@gmail.com> parents: 19022 diff changeset	1736 purple_certificate_get_schemes(void)
eb86ff3ba21a - Add get_pools, get_verifiers, and get_schemes William Ehlhardt <williamehlhardt@gmail.com> parents: 19022 diff changeset	1737 {
eb86ff3ba21a - Add get_pools, get_verifiers, and get_schemes William Ehlhardt <williamehlhardt@gmail.com> parents: 19022 diff changeset	1738 return cert_schemes;
eb86ff3ba21a - Add get_pools, get_verifiers, and get_schemes William Ehlhardt <williamehlhardt@gmail.com> parents: 19022 diff changeset	1739 }
eb86ff3ba21a - Add get_pools, get_verifiers, and get_schemes William Ehlhardt <williamehlhardt@gmail.com> parents: 19022 diff changeset	1740
18192 dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	1741 gboolean
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	1742 purple_certificate_register_scheme(PurpleCertificateScheme *scheme)
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	1743 {
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	1744 g_return_val_if_fail(scheme != NULL, FALSE);
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	1745
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	1746 /* Make sure no scheme is registered with the same name */
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	1747 if (purple_certificate_find_scheme(scheme->name) != NULL) {
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	1748 return FALSE;
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	1749 }
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	1750
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	1751 /* Okay, we're golden. Register it. */
18972 486563a6bb5c - prepend > append William Ehlhardt <williamehlhardt@gmail.com> parents: 18971 diff changeset	1752 cert_schemes = g_list_prepend(cert_schemes, scheme);
18192 dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	1753
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	1754 /* TODO: Signalling and such? */
19063 2f51578e6602 - Add debugging babble for registers/unregisters William Ehlhardt <williamehlhardt@gmail.com> parents: 19060 diff changeset	1755
2f51578e6602 - Add debugging babble for registers/unregisters William Ehlhardt <williamehlhardt@gmail.com> parents: 19060 diff changeset	1756 purple_debug_info("certificate",
2f51578e6602 - Add debugging babble for registers/unregisters William Ehlhardt <williamehlhardt@gmail.com> parents: 19060 diff changeset	1757 "CertificateScheme %s registered\n",
2f51578e6602 - Add debugging babble for registers/unregisters William Ehlhardt <williamehlhardt@gmail.com> parents: 19060 diff changeset	1758 scheme->name);
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	1759
18192 dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	1760 return TRUE;
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	1761 }
18926 8c4d52bc0319 - Add unregister_scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18192 diff changeset	1762
8c4d52bc0319 - Add unregister_scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18192 diff changeset	1763 gboolean
8c4d52bc0319 - Add unregister_scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18192 diff changeset	1764 purple_certificate_unregister_scheme(PurpleCertificateScheme *scheme)
8c4d52bc0319 - Add unregister_scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18192 diff changeset	1765 {
8c4d52bc0319 - Add unregister_scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18192 diff changeset	1766 if (NULL == scheme) {
8c4d52bc0319 - Add unregister_scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18192 diff changeset	1767 purple_debug_warning("certificate",
18973 28673b6fb8a2 - Fix some errors and return values William Ehlhardt <williamehlhardt@gmail.com> parents: 18972 diff changeset	1768 "Attempting to unregister NULL scheme\n");
28673b6fb8a2 - Fix some errors and return values William Ehlhardt <williamehlhardt@gmail.com> parents: 18972 diff changeset	1769 return FALSE;
18926 8c4d52bc0319 - Add unregister_scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18192 diff changeset	1770 }
8c4d52bc0319 - Add unregister_scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18192 diff changeset	1771
8c4d52bc0319 - Add unregister_scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18192 diff changeset	1772 /* TODO: signalling? */
8c4d52bc0319 - Add unregister_scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18192 diff changeset	1773
18941 425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1774 /* TODO: unregister all CertificateVerifiers for this scheme?*/
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1775 /* TODO: unregister all CertificatePools for this scheme? */
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1776 /* Neither of the above should be necessary, though */
18926 8c4d52bc0319 - Add unregister_scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18192 diff changeset	1777 cert_schemes = g_list_remove(cert_schemes, scheme);
8c4d52bc0319 - Add unregister_scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18192 diff changeset	1778
19063 2f51578e6602 - Add debugging babble for registers/unregisters William Ehlhardt <williamehlhardt@gmail.com> parents: 19060 diff changeset	1779 purple_debug_info("certificate",
2f51578e6602 - Add debugging babble for registers/unregisters William Ehlhardt <williamehlhardt@gmail.com> parents: 19060 diff changeset	1780 "CertificateScheme %s unregistered\n",
2f51578e6602 - Add debugging babble for registers/unregisters William Ehlhardt <williamehlhardt@gmail.com> parents: 19060 diff changeset	1781 scheme->name);
2f51578e6602 - Add debugging babble for registers/unregisters William Ehlhardt <williamehlhardt@gmail.com> parents: 19060 diff changeset	1782
2f51578e6602 - Add debugging babble for registers/unregisters William Ehlhardt <williamehlhardt@gmail.com> parents: 19060 diff changeset	1783
18926 8c4d52bc0319 - Add unregister_scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18192 diff changeset	1784 return TRUE;
8c4d52bc0319 - Add unregister_scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18192 diff changeset	1785 }
18941 425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1786
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1787 PurpleCertificateVerifier *
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1788 purple_certificate_find_verifier(const gchar scheme_name, const gchar ver_name)
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1789 {
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1790 PurpleCertificateVerifier *vr = NULL;
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1791 GList *l;
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1792
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1793 g_return_val_if_fail(scheme_name, NULL);
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1794 g_return_val_if_fail(ver_name, NULL);
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1795
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1796 /* Traverse the list of registered verifiers and locate the
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1797 one whose name matches */
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1798 for(l = cert_verifiers; l; l = l->next) {
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1799 vr = (PurpleCertificateVerifier *)(l->data);
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1800
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1801 /* Scheme and name match? */
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1802 if(!g_ascii_strcasecmp(vr->scheme_name, scheme_name) &&
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1803 !g_ascii_strcasecmp(vr->name, ver_name))
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1804 return vr;
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1805 }
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1806
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1807 purple_debug_warning("certificate",
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1808 "CertificateVerifier %s, %s requested but not found.\n",
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1809 scheme_name, ver_name);
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1810
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1811 /* TODO: Signalling and such? */
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	1812
18941 425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1813 return NULL;
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1814 }
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1815
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1816
19023 eb86ff3ba21a - Add get_pools, get_verifiers, and get_schemes William Ehlhardt <williamehlhardt@gmail.com> parents: 19022 diff changeset	1817 GList *
eb86ff3ba21a - Add get_pools, get_verifiers, and get_schemes William Ehlhardt <williamehlhardt@gmail.com> parents: 19022 diff changeset	1818 purple_certificate_get_verifiers(void)
eb86ff3ba21a - Add get_pools, get_verifiers, and get_schemes William Ehlhardt <williamehlhardt@gmail.com> parents: 19022 diff changeset	1819 {
eb86ff3ba21a - Add get_pools, get_verifiers, and get_schemes William Ehlhardt <williamehlhardt@gmail.com> parents: 19022 diff changeset	1820 return cert_verifiers;
eb86ff3ba21a - Add get_pools, get_verifiers, and get_schemes William Ehlhardt <williamehlhardt@gmail.com> parents: 19022 diff changeset	1821 }
eb86ff3ba21a - Add get_pools, get_verifiers, and get_schemes William Ehlhardt <williamehlhardt@gmail.com> parents: 19022 diff changeset	1822
18941 425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1823 gboolean
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1824 purple_certificate_register_verifier(PurpleCertificateVerifier *vr)
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1825 {
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1826 g_return_val_if_fail(vr != NULL, FALSE);
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1827
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1828 /* Make sure no verifier is registered with the same scheme/name */
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1829 if (purple_certificate_find_verifier(vr->scheme_name, vr->name) != NULL) {
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1830 return FALSE;
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1831 }
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1832
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1833 /* Okay, we're golden. Register it. */
18972 486563a6bb5c - prepend > append William Ehlhardt <williamehlhardt@gmail.com> parents: 18971 diff changeset	1834 cert_verifiers = g_list_prepend(cert_verifiers, vr);
18941 425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1835
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1836 /* TODO: Signalling and such? */
19063 2f51578e6602 - Add debugging babble for registers/unregisters William Ehlhardt <williamehlhardt@gmail.com> parents: 19060 diff changeset	1837
2f51578e6602 - Add debugging babble for registers/unregisters William Ehlhardt <williamehlhardt@gmail.com> parents: 19060 diff changeset	1838 purple_debug_info("certificate",
2f51578e6602 - Add debugging babble for registers/unregisters William Ehlhardt <williamehlhardt@gmail.com> parents: 19060 diff changeset	1839 "CertificateVerifier %s registered\n",
2f51578e6602 - Add debugging babble for registers/unregisters William Ehlhardt <williamehlhardt@gmail.com> parents: 19060 diff changeset	1840 vr->name);
18941 425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1841 return TRUE;
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1842 }
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1843
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1844 gboolean
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1845 purple_certificate_unregister_verifier(PurpleCertificateVerifier *vr)
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1846 {
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1847 if (NULL == vr) {
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1848 purple_debug_warning("certificate",
18973 28673b6fb8a2 - Fix some errors and return values William Ehlhardt <williamehlhardt@gmail.com> parents: 18972 diff changeset	1849 "Attempting to unregister NULL verifier\n");
28673b6fb8a2 - Fix some errors and return values William Ehlhardt <williamehlhardt@gmail.com> parents: 18972 diff changeset	1850 return FALSE;
18941 425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1851 }
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1852
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1853 /* TODO: signalling? */
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1854
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1855 cert_verifiers = g_list_remove(cert_verifiers, vr);
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1856
19063 2f51578e6602 - Add debugging babble for registers/unregisters William Ehlhardt <williamehlhardt@gmail.com> parents: 19060 diff changeset	1857
2f51578e6602 - Add debugging babble for registers/unregisters William Ehlhardt <williamehlhardt@gmail.com> parents: 19060 diff changeset	1858 purple_debug_info("certificate",
2f51578e6602 - Add debugging babble for registers/unregisters William Ehlhardt <williamehlhardt@gmail.com> parents: 19060 diff changeset	1859 "CertificateVerifier %s unregistered\n",
2f51578e6602 - Add debugging babble for registers/unregisters William Ehlhardt <williamehlhardt@gmail.com> parents: 19060 diff changeset	1860 vr->name);
2f51578e6602 - Add debugging babble for registers/unregisters William Ehlhardt <williamehlhardt@gmail.com> parents: 19060 diff changeset	1861
18941 425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1862 return TRUE;
425f494bd1ec - CertificateVerifier register/unregister/find William Ehlhardt <williamehlhardt@gmail.com> parents: 18926 diff changeset	1863 }
18971 898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1864
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1865 PurpleCertificatePool *
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1866 purple_certificate_find_pool(const gchar scheme_name, const gchar pool_name)
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1867 {
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1868 PurpleCertificatePool *pool = NULL;
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1869 GList *l;
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1870
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1871 g_return_val_if_fail(scheme_name, NULL);
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1872 g_return_val_if_fail(pool_name, NULL);
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1873
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1874 /* Traverse the list of registered pools and locate the
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1875 one whose name matches */
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1876 for(l = cert_pools; l; l = l->next) {
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1877 pool = (PurpleCertificatePool *)(l->data);
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1878
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1879 /* Scheme and name match? */
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1880 if(!g_ascii_strcasecmp(pool->scheme_name, scheme_name) &&
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1881 !g_ascii_strcasecmp(pool->name, pool_name))
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1882 return pool;
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1883 }
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1884
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1885 purple_debug_warning("certificate",
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1886 "CertificatePool %s, %s requested but not found.\n",
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1887 scheme_name, pool_name);
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1888
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1889 /* TODO: Signalling and such? */
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	1890
18971 898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1891 return NULL;
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1892
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1893 }
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1894
19023 eb86ff3ba21a - Add get_pools, get_verifiers, and get_schemes William Ehlhardt <williamehlhardt@gmail.com> parents: 19022 diff changeset	1895 GList *
eb86ff3ba21a - Add get_pools, get_verifiers, and get_schemes William Ehlhardt <williamehlhardt@gmail.com> parents: 19022 diff changeset	1896 purple_certificate_get_pools(void)
eb86ff3ba21a - Add get_pools, get_verifiers, and get_schemes William Ehlhardt <williamehlhardt@gmail.com> parents: 19022 diff changeset	1897 {
eb86ff3ba21a - Add get_pools, get_verifiers, and get_schemes William Ehlhardt <williamehlhardt@gmail.com> parents: 19022 diff changeset	1898 return cert_pools;
eb86ff3ba21a - Add get_pools, get_verifiers, and get_schemes William Ehlhardt <williamehlhardt@gmail.com> parents: 19022 diff changeset	1899 }
18971 898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1900
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1901 gboolean
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1902 purple_certificate_register_pool(PurpleCertificatePool *pool)
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1903 {
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1904 g_return_val_if_fail(pool, FALSE);
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1905 g_return_val_if_fail(pool->scheme_name, FALSE);
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1906 g_return_val_if_fail(pool->name, FALSE);
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1907 g_return_val_if_fail(pool->fullname, FALSE);
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1908
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1909 /* Make sure no pools are registered under this name */
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1910 if (purple_certificate_find_pool(pool->scheme_name, pool->name)) {
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1911 return FALSE;
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1912 }
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1913
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1914 /* Initialize the pool if needed */
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1915 if (pool->init) {
21655 10a2ac84349d Simplify this a little bit. Most of this change is just removing Mark Doliner <mark@kingant.net> parents: 21561 diff changeset	1916 gboolean success;
10a2ac84349d Simplify this a little bit. Most of this change is just removing Mark Doliner <mark@kingant.net> parents: 21561 diff changeset	1917
18975 172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons William Ehlhardt <williamehlhardt@gmail.com> parents: 18973 diff changeset	1918 success = pool->init();
21655 10a2ac84349d Simplify this a little bit. Most of this change is just removing Mark Doliner <mark@kingant.net> parents: 21561 diff changeset	1919 if (!success)
10a2ac84349d Simplify this a little bit. Most of this change is just removing Mark Doliner <mark@kingant.net> parents: 21561 diff changeset	1920 return FALSE;
18971 898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1921 }
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1922
21655 10a2ac84349d Simplify this a little bit. Most of this change is just removing Mark Doliner <mark@kingant.net> parents: 21561 diff changeset	1923 /* Register the Pool */
10a2ac84349d Simplify this a little bit. Most of this change is just removing Mark Doliner <mark@kingant.net> parents: 21561 diff changeset	1924 cert_pools = g_list_prepend(cert_pools, pool);
10a2ac84349d Simplify this a little bit. Most of this change is just removing Mark Doliner <mark@kingant.net> parents: 21561 diff changeset	1925
10a2ac84349d Simplify this a little bit. Most of this change is just removing Mark Doliner <mark@kingant.net> parents: 21561 diff changeset	1926 /* TODO: Emit a signal that the pool got registered */
19044 602295db8e6b - Register the certificate-stored and certificate-deleted signals William Ehlhardt <williamehlhardt@gmail.com> parents: 19034 diff changeset	1927
21655 10a2ac84349d Simplify this a little bit. Most of this change is just removing Mark Doliner <mark@kingant.net> parents: 21561 diff changeset	1928 PURPLE_DBUS_REGISTER_POINTER(pool, PurpleCertificatePool);
10a2ac84349d Simplify this a little bit. Most of this change is just removing Mark Doliner <mark@kingant.net> parents: 21561 diff changeset	1929 purple_signal_register(pool, /* Signals emitted from pool */
10a2ac84349d Simplify this a little bit. Most of this change is just removing Mark Doliner <mark@kingant.net> parents: 21561 diff changeset	1930 "certificate-stored",
10a2ac84349d Simplify this a little bit. Most of this change is just removing Mark Doliner <mark@kingant.net> parents: 21561 diff changeset	1931 purple_marshal_VOID__POINTER_POINTER,
10a2ac84349d Simplify this a little bit. Most of this change is just removing Mark Doliner <mark@kingant.net> parents: 21561 diff changeset	1932 NULL, /* No callback return value */
10a2ac84349d Simplify this a little bit. Most of this change is just removing Mark Doliner <mark@kingant.net> parents: 21561 diff changeset	1933 2, /* Two non-data arguments */
10a2ac84349d Simplify this a little bit. Most of this change is just removing Mark Doliner <mark@kingant.net> parents: 21561 diff changeset	1934 purple_value_new(PURPLE_TYPE_SUBTYPE,
10a2ac84349d Simplify this a little bit. Most of this change is just removing Mark Doliner <mark@kingant.net> parents: 21561 diff changeset	1935 PURPLE_SUBTYPE_CERTIFICATEPOOL),
10a2ac84349d Simplify this a little bit. Most of this change is just removing Mark Doliner <mark@kingant.net> parents: 21561 diff changeset	1936 purple_value_new(PURPLE_TYPE_STRING));
19044 602295db8e6b - Register the certificate-stored and certificate-deleted signals William Ehlhardt <williamehlhardt@gmail.com> parents: 19034 diff changeset	1937
21655 10a2ac84349d Simplify this a little bit. Most of this change is just removing Mark Doliner <mark@kingant.net> parents: 21561 diff changeset	1938 purple_signal_register(pool, /* Signals emitted from pool */
10a2ac84349d Simplify this a little bit. Most of this change is just removing Mark Doliner <mark@kingant.net> parents: 21561 diff changeset	1939 "certificate-deleted",
10a2ac84349d Simplify this a little bit. Most of this change is just removing Mark Doliner <mark@kingant.net> parents: 21561 diff changeset	1940 purple_marshal_VOID__POINTER_POINTER,
10a2ac84349d Simplify this a little bit. Most of this change is just removing Mark Doliner <mark@kingant.net> parents: 21561 diff changeset	1941 NULL, /* No callback return value */
10a2ac84349d Simplify this a little bit. Most of this change is just removing Mark Doliner <mark@kingant.net> parents: 21561 diff changeset	1942 2, /* Two non-data arguments */
10a2ac84349d Simplify this a little bit. Most of this change is just removing Mark Doliner <mark@kingant.net> parents: 21561 diff changeset	1943 purple_value_new(PURPLE_TYPE_SUBTYPE,
10a2ac84349d Simplify this a little bit. Most of this change is just removing Mark Doliner <mark@kingant.net> parents: 21561 diff changeset	1944 PURPLE_SUBTYPE_CERTIFICATEPOOL),
10a2ac84349d Simplify this a little bit. Most of this change is just removing Mark Doliner <mark@kingant.net> parents: 21561 diff changeset	1945 purple_value_new(PURPLE_TYPE_STRING));
19063 2f51578e6602 - Add debugging babble for registers/unregisters William Ehlhardt <williamehlhardt@gmail.com> parents: 19060 diff changeset	1946
21655 10a2ac84349d Simplify this a little bit. Most of this change is just removing Mark Doliner <mark@kingant.net> parents: 21561 diff changeset	1947 purple_debug_info("certificate",
10a2ac84349d Simplify this a little bit. Most of this change is just removing Mark Doliner <mark@kingant.net> parents: 21561 diff changeset	1948 "CertificatePool %s registered\n",
10a2ac84349d Simplify this a little bit. Most of this change is just removing Mark Doliner <mark@kingant.net> parents: 21561 diff changeset	1949 pool->name);
10a2ac84349d Simplify this a little bit. Most of this change is just removing Mark Doliner <mark@kingant.net> parents: 21561 diff changeset	1950
10a2ac84349d Simplify this a little bit. Most of this change is just removing Mark Doliner <mark@kingant.net> parents: 21561 diff changeset	1951 return TRUE;
18971 898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1952 }
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1953
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1954 gboolean
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1955 purple_certificate_unregister_pool(PurpleCertificatePool *pool)
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1956 {
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1957 if (NULL == pool) {
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1958 purple_debug_warning("certificate",
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1959 "Attempting to unregister NULL pool\n");
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1960 return FALSE;
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1961 }
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1962
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1963 /* Check that the pool is registered */
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1964 if (!g_list_find(cert_pools, pool)) {
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1965 purple_debug_warning("certificate",
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1966 "Pool to unregister isn't registered!\n");
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1967
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1968 return FALSE;
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1969 }
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1970
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1971 /* Uninit the pool if needed */
19517 7bea9c9fd2a5 (Un)Register the pools with DBus to avoid a runtime fit. Sadrul Habib Chowdhury <imadil@gmail.com> parents: 19515 diff changeset	1972 PURPLE_DBUS_UNREGISTER_POINTER(pool);
18971 898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1973 if (pool->uninit) {
18975 172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons William Ehlhardt <williamehlhardt@gmail.com> parents: 18973 diff changeset	1974 pool->uninit();
18971 898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1975 }
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1976
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1977 cert_pools = g_list_remove(cert_pools, pool);
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	1978
18971 898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1979 /* TODO: Signalling? */
19044 602295db8e6b - Register the certificate-stored and certificate-deleted signals William Ehlhardt <williamehlhardt@gmail.com> parents: 19034 diff changeset	1980 purple_signal_unregister(pool, "certificate-stored");
602295db8e6b - Register the certificate-stored and certificate-deleted signals William Ehlhardt <williamehlhardt@gmail.com> parents: 19034 diff changeset	1981 purple_signal_unregister(pool, "certificate-deleted");
25924 584063555949 Remove trailing whitespace Mark Doliner <mark@kingant.net> parents: 25894 diff changeset	1982
19063 2f51578e6602 - Add debugging babble for registers/unregisters William Ehlhardt <williamehlhardt@gmail.com> parents: 19060 diff changeset	1983 purple_debug_info("certificate",
2f51578e6602 - Add debugging babble for registers/unregisters William Ehlhardt <williamehlhardt@gmail.com> parents: 19060 diff changeset	1984 "CertificatePool %s unregistered\n",
2f51578e6602 - Add debugging babble for registers/unregisters William Ehlhardt <williamehlhardt@gmail.com> parents: 19060 diff changeset	1985 pool->name);
18971 898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1986 return TRUE;
898e2bd70f23 - Add find, register, and unregister for CertificatePools William Ehlhardt <williamehlhardt@gmail.com> parents: 18964 diff changeset	1987 }
19329 e93db0c87b26 - Add purple_certificate_display_x509 William Ehlhardt <williamehlhardt@gmail.com> parents: 19271 diff changeset	1988
e93db0c87b26 - Add purple_certificate_display_x509 William Ehlhardt <williamehlhardt@gmail.com> parents: 19271 diff changeset	1989 /****************************************************************************/
e93db0c87b26 - Add purple_certificate_display_x509 William Ehlhardt <williamehlhardt@gmail.com> parents: 19271 diff changeset	1990 /* Scheme-specific functions */
e93db0c87b26 - Add purple_certificate_display_x509 William Ehlhardt <williamehlhardt@gmail.com> parents: 19271 diff changeset	1991 /****************************************************************************/
e93db0c87b26 - Add purple_certificate_display_x509 William Ehlhardt <williamehlhardt@gmail.com> parents: 19271 diff changeset	1992
e93db0c87b26 - Add purple_certificate_display_x509 William Ehlhardt <williamehlhardt@gmail.com> parents: 19271 diff changeset	1993 void
e93db0c87b26 - Add purple_certificate_display_x509 William Ehlhardt <williamehlhardt@gmail.com> parents: 19271 diff changeset	1994 purple_certificate_display_x509(PurpleCertificate *crt)
e93db0c87b26 - Add purple_certificate_display_x509 William Ehlhardt <williamehlhardt@gmail.com> parents: 19271 diff changeset	1995 {
e93db0c87b26 - Add purple_certificate_display_x509 William Ehlhardt <williamehlhardt@gmail.com> parents: 19271 diff changeset	1996 gchar *sha_asc;
e93db0c87b26 - Add purple_certificate_display_x509 William Ehlhardt <williamehlhardt@gmail.com> parents: 19271 diff changeset	1997 GByteArray *sha_bin;
e93db0c87b26 - Add purple_certificate_display_x509 William Ehlhardt <williamehlhardt@gmail.com> parents: 19271 diff changeset	1998 gchar *cn;
e93db0c87b26 - Add purple_certificate_display_x509 William Ehlhardt <williamehlhardt@gmail.com> parents: 19271 diff changeset	1999 time_t activation, expiration;
19504 d5ecaf5bce93 Fix the win32 build for the cert SoC branch merge. Daniel Atallah <daniel.atallah@gmail.com> parents: 19497 diff changeset	2000 gchar activ_str, expir_str;
19332 6e0521bb0853 - Fix some g_free()s of string constants that caused crashing William Ehlhardt <williamehlhardt@gmail.com> parents: 19331 diff changeset	2001 gchar *secondary;
19329 e93db0c87b26 - Add purple_certificate_display_x509 William Ehlhardt <williamehlhardt@gmail.com> parents: 19271 diff changeset	2002
e93db0c87b26 - Add purple_certificate_display_x509 William Ehlhardt <williamehlhardt@gmail.com> parents: 19271 diff changeset	2003 /* Pull out the SHA1 checksum */
e93db0c87b26 - Add purple_certificate_display_x509 William Ehlhardt <williamehlhardt@gmail.com> parents: 19271 diff changeset	2004 sha_bin = purple_certificate_get_fingerprint_sha1(crt);
e93db0c87b26 - Add purple_certificate_display_x509 William Ehlhardt <williamehlhardt@gmail.com> parents: 19271 diff changeset	2005 /* Now decode it for display */
e93db0c87b26 - Add purple_certificate_display_x509 William Ehlhardt <williamehlhardt@gmail.com> parents: 19271 diff changeset	2006 sha_asc = purple_base16_encode_chunked(sha_bin->data,
e93db0c87b26 - Add purple_certificate_display_x509 William Ehlhardt <williamehlhardt@gmail.com> parents: 19271 diff changeset	2007 sha_bin->len);
e93db0c87b26 - Add purple_certificate_display_x509 William Ehlhardt <williamehlhardt@gmail.com> parents: 19271 diff changeset	2008
e93db0c87b26 - Add purple_certificate_display_x509 William Ehlhardt <williamehlhardt@gmail.com> parents: 19271 diff changeset	2009 /* Get the cert Common Name */
e93db0c87b26 - Add purple_certificate_display_x509 William Ehlhardt <williamehlhardt@gmail.com> parents: 19271 diff changeset	2010 /* TODO: Will break on CA certs */
e93db0c87b26 - Add purple_certificate_display_x509 William Ehlhardt <williamehlhardt@gmail.com> parents: 19271 diff changeset	2011 cn = purple_certificate_get_subject_name(crt);
e93db0c87b26 - Add purple_certificate_display_x509 William Ehlhardt <williamehlhardt@gmail.com> parents: 19271 diff changeset	2012
e93db0c87b26 - Add purple_certificate_display_x509 William Ehlhardt <williamehlhardt@gmail.com> parents: 19271 diff changeset	2013 /* Get the certificate times */
e93db0c87b26 - Add purple_certificate_display_x509 William Ehlhardt <williamehlhardt@gmail.com> parents: 19271 diff changeset	2014 /* TODO: Check the times against localtime */
e93db0c87b26 - Add purple_certificate_display_x509 William Ehlhardt <williamehlhardt@gmail.com> parents: 19271 diff changeset	2015 /* TODO: errorcheck? */
19553 f36d0d2bf6f2 - Remove g_assert()s. Fixes #2859 William Ehlhardt <williamehlhardt@gmail.com> parents: 19534 diff changeset	2016 if (!purple_certificate_get_times(crt, &activation, &expiration)) {
f36d0d2bf6f2 - Remove g_assert()s. Fixes #2859 William Ehlhardt <williamehlhardt@gmail.com> parents: 19534 diff changeset	2017 purple_debug_error("certificate",
f36d0d2bf6f2 - Remove g_assert()s. Fixes #2859 William Ehlhardt <williamehlhardt@gmail.com> parents: 19534 diff changeset	2018 "Failed to get certificate times!\n");
f36d0d2bf6f2 - Remove g_assert()s. Fixes #2859 William Ehlhardt <williamehlhardt@gmail.com> parents: 19534 diff changeset	2019 activation = expiration = 0;
f36d0d2bf6f2 - Remove g_assert()s. Fixes #2859 William Ehlhardt <williamehlhardt@gmail.com> parents: 19534 diff changeset	2020 }
19504 d5ecaf5bce93 Fix the win32 build for the cert SoC branch merge. Daniel Atallah <daniel.atallah@gmail.com> parents: 19497 diff changeset	2021 activ_str = g_strdup(ctime(&activation));
d5ecaf5bce93 Fix the win32 build for the cert SoC branch merge. Daniel Atallah <daniel.atallah@gmail.com> parents: 19497 diff changeset	2022 expir_str = g_strdup(ctime(&expiration));
d5ecaf5bce93 Fix the win32 build for the cert SoC branch merge. Daniel Atallah <daniel.atallah@gmail.com> parents: 19497 diff changeset	2023
19329 e93db0c87b26 - Add purple_certificate_display_x509 William Ehlhardt <williamehlhardt@gmail.com> parents: 19271 diff changeset	2024 /* Make messages */
e93db0c87b26 - Add purple_certificate_display_x509 William Ehlhardt <williamehlhardt@gmail.com> parents: 19271 diff changeset	2025 secondary = g_strdup_printf(_("Common name: %s\n\n"
24270 e265e7066598 Fix a printf("%s", NULL). Fixes #7289. Daniel Atallah <daniel.atallah@gmail.com> parents: 23987 diff changeset	2026 "Fingerprint (SHA1): %s\n\n"
e265e7066598 Fix a printf("%s", NULL). Fixes #7289. Daniel Atallah <daniel.atallah@gmail.com> parents: 23987 diff changeset	2027 "Activation date: %s\n"
e265e7066598 Fix a printf("%s", NULL). Fixes #7289. Daniel Atallah <daniel.atallah@gmail.com> parents: 23987 diff changeset	2028 "Expiration date: %s\n"),
e265e7066598 Fix a printf("%s", NULL). Fixes #7289. Daniel Atallah <daniel.atallah@gmail.com> parents: 23987 diff changeset	2029 cn ? cn : "(null)",
e265e7066598 Fix a printf("%s", NULL). Fixes #7289. Daniel Atallah <daniel.atallah@gmail.com> parents: 23987 diff changeset	2030 sha_asc ? sha_asc : "(null)",
e265e7066598 Fix a printf("%s", NULL). Fixes #7289. Daniel Atallah <daniel.atallah@gmail.com> parents: 23987 diff changeset	2031 activ_str ? activ_str : "(null)",
e265e7066598 Fix a printf("%s", NULL). Fixes #7289. Daniel Atallah <daniel.atallah@gmail.com> parents: 23987 diff changeset	2032 expir_str ? expir_str : "(null)");
19504 d5ecaf5bce93 Fix the win32 build for the cert SoC branch merge. Daniel Atallah <daniel.atallah@gmail.com> parents: 19497 diff changeset	2033
19329 e93db0c87b26 - Add purple_certificate_display_x509 William Ehlhardt <williamehlhardt@gmail.com> parents: 19271 diff changeset	2034 /* Make a semi-pretty display */
e93db0c87b26 - Add purple_certificate_display_x509 William Ehlhardt <williamehlhardt@gmail.com> parents: 19271 diff changeset	2035 purple_notify_info(
e93db0c87b26 - Add purple_certificate_display_x509 William Ehlhardt <williamehlhardt@gmail.com> parents: 19271 diff changeset	2036 NULL, /* TODO: Find what the handle ought to be */
19332 6e0521bb0853 - Fix some g_free()s of string constants that caused crashing William Ehlhardt <williamehlhardt@gmail.com> parents: 19331 diff changeset	2037 _("Certificate Information"),
6e0521bb0853 - Fix some g_free()s of string constants that caused crashing William Ehlhardt <williamehlhardt@gmail.com> parents: 19331 diff changeset	2038 "",
19329 e93db0c87b26 - Add purple_certificate_display_x509 William Ehlhardt <williamehlhardt@gmail.com> parents: 19271 diff changeset	2039 secondary);
19504 d5ecaf5bce93 Fix the win32 build for the cert SoC branch merge. Daniel Atallah <daniel.atallah@gmail.com> parents: 19497 diff changeset	2040
19329 e93db0c87b26 - Add purple_certificate_display_x509 William Ehlhardt <williamehlhardt@gmail.com> parents: 19271 diff changeset	2041 /* Cleanup */
e93db0c87b26 - Add purple_certificate_display_x509 William Ehlhardt <williamehlhardt@gmail.com> parents: 19271 diff changeset	2042 g_free(cn);
e93db0c87b26 - Add purple_certificate_display_x509 William Ehlhardt <williamehlhardt@gmail.com> parents: 19271 diff changeset	2043 g_free(secondary);
e93db0c87b26 - Add purple_certificate_display_x509 William Ehlhardt <williamehlhardt@gmail.com> parents: 19271 diff changeset	2044 g_free(sha_asc);
19504 d5ecaf5bce93 Fix the win32 build for the cert SoC branch merge. Daniel Atallah <daniel.atallah@gmail.com> parents: 19497 diff changeset	2045 g_free(activ_str);
d5ecaf5bce93 Fix the win32 build for the cert SoC branch merge. Daniel Atallah <daniel.atallah@gmail.com> parents: 19497 diff changeset	2046 g_free(expir_str);
19329 e93db0c87b26 - Add purple_certificate_display_x509 William Ehlhardt <williamehlhardt@gmail.com> parents: 19271 diff changeset	2047 g_byte_array_free(sha_bin, TRUE);
e93db0c87b26 - Add purple_certificate_display_x509 William Ehlhardt <williamehlhardt@gmail.com> parents: 19271 diff changeset	2048 }
e93db0c87b26 - Add purple_certificate_display_x509 William Ehlhardt <williamehlhardt@gmail.com> parents: 19271 diff changeset	2049
21647 a57adf1de9cb Patch from Florian Qu��ze (the InstantBird dude) to add a search path for Sadrul Habib Chowdhury <imadil@gmail.com> parents: 21561 diff changeset	2050 void purple_certificate_add_ca_search_path(const char *path)
a57adf1de9cb Patch from Florian Qu��ze (the InstantBird dude) to add a search path for Sadrul Habib Chowdhury <imadil@gmail.com> parents: 21561 diff changeset	2051 {
a57adf1de9cb Patch from Florian Qu��ze (the InstantBird dude) to add a search path for Sadrul Habib Chowdhury <imadil@gmail.com> parents: 21561 diff changeset	2052 if (g_list_find_custom(x509_ca_paths, path, (GCompareFunc)strcmp))
a57adf1de9cb Patch from Florian Qu��ze (the InstantBird dude) to add a search path for Sadrul Habib Chowdhury <imadil@gmail.com> parents: 21561 diff changeset	2053 return;
a57adf1de9cb Patch from Florian Qu��ze (the InstantBird dude) to add a search path for Sadrul Habib Chowdhury <imadil@gmail.com> parents: 21561 diff changeset	2054 x509_ca_paths = g_list_append(x509_ca_paths, g_strdup(path));
a57adf1de9cb Patch from Florian Qu��ze (the InstantBird dude) to add a search path for Sadrul Habib Chowdhury <imadil@gmail.com> parents: 21561 diff changeset	2055 }
a57adf1de9cb Patch from Florian Qu��ze (the InstantBird dude) to add a search path for Sadrul Habib Chowdhury <imadil@gmail.com> parents: 21561 diff changeset	2056

Mercurial > pidgin

annotate libpurple/certificate.c @ 27671:99baf778e0b9