Mercurial > pidgin
annotate libpurple/plugins/ssl/ssl-gnutls.c @ 29656:9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
This allows a site to add workarounds for connecting to specific servers
(like the reporter's) which are horribly broken when it comes to TLS 1.0+.
The format (to be documented in the ChangeLog) is host=priority pairs
delimited by semicolons (also pending a confirmation that
gnutls_priority_init's documentation is wrong about semicolon vs. colon).
author | Paul Aurich <paul@darkrain42.org> |
---|---|
date | Thu, 01 Apr 2010 04:09:05 +0000 |
parents | c35fd54ec64b |
children | 1b8ed243d6d1 |
rev | line source |
---|---|
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1 /** |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
2 * @file ssl-gnutls.c GNUTLS SSL plugin. |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
3 * |
15822 | 4 * purple |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
5 * |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
6 * Copyright (C) 2003 Christian Hammond <chipx86@gnupdate.org> |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
7 * |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
8 * This program is free software; you can redistribute it and/or modify |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
9 * it under the terms of the GNU General Public License as published by |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
10 * the Free Software Foundation; either version 2 of the License, or |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
11 * (at your option) any later version. |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
12 * |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
13 * This program is distributed in the hope that it will be useful, |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
16 * GNU General Public License for more details. |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
17 * |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
18 * You should have received a copy of the GNU General Public License |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
19 * along with this program; if not, write to the Free Software |
19681
44b4e8bd759b
The FSF changed its address a while ago; our files were out of date.
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
19649
diff
changeset
|
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
21 */ |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
22 #include "internal.h" |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
23 #include "debug.h" |
17913
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
24 #include "certificate.h" |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
25 #include "plugin.h" |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
26 #include "sslconn.h" |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
27 #include "version.h" |
17766
fe571cfcf225
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17252
diff
changeset
|
28 #include "util.h" |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
29 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
30 #define SSL_GNUTLS_PLUGIN_ID "ssl-gnutls" |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
31 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
32 #include <gnutls/gnutls.h> |
17766
fe571cfcf225
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17252
diff
changeset
|
33 #include <gnutls/x509.h> |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
34 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
35 typedef struct |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
36 { |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
37 gnutls_session session; |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
38 guint handshake_handler; |
15822 | 39 } PurpleSslGnutlsData; |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
40 |
15822 | 41 #define PURPLE_SSL_GNUTLS_DATA(gsc) ((PurpleSslGnutlsData *)gsc->private_data) |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
42 |
29656
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
43 static gnutls_certificate_client_credentials xcred = NULL; |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
44 |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
45 #ifdef HAVE_GNUTLS_PRIORITY_FUNCS |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
46 /* Priority strings. The default one is, well, the default (and is always set). |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
47 * The hash table is of the form hostname => priority (both char *) |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
48 */ |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
49 static char *default_priority = NULL; |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
50 static GHashTable *host_priorities = NULL; |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
51 #endif |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
52 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
53 static void |
27183
e997e1e9b4f1
Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar.
Paul Aurich <paul@darkrain42.org>
parents:
27113
diff
changeset
|
54 ssl_gnutls_log(int level, const char *str) |
e997e1e9b4f1
Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar.
Paul Aurich <paul@darkrain42.org>
parents:
27113
diff
changeset
|
55 { |
e997e1e9b4f1
Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar.
Paul Aurich <paul@darkrain42.org>
parents:
27113
diff
changeset
|
56 /* GnuTLS log messages include the '\n' */ |
e997e1e9b4f1
Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar.
Paul Aurich <paul@darkrain42.org>
parents:
27113
diff
changeset
|
57 purple_debug_misc("gnutls", "lvl %d: %s", level, str); |
e997e1e9b4f1
Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar.
Paul Aurich <paul@darkrain42.org>
parents:
27113
diff
changeset
|
58 } |
e997e1e9b4f1
Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar.
Paul Aurich <paul@darkrain42.org>
parents:
27113
diff
changeset
|
59 |
e997e1e9b4f1
Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar.
Paul Aurich <paul@darkrain42.org>
parents:
27113
diff
changeset
|
60 static void |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
61 ssl_gnutls_init_gnutls(void) |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
62 { |
27183
e997e1e9b4f1
Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar.
Paul Aurich <paul@darkrain42.org>
parents:
27113
diff
changeset
|
63 const char *debug_level; |
29656
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
64 const char *host_priorities_str; |
27183
e997e1e9b4f1
Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar.
Paul Aurich <paul@darkrain42.org>
parents:
27113
diff
changeset
|
65 |
17911
91feef6cbede
- GnuTLS uses glib memory mgmt
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17793
diff
changeset
|
66 /* Configure GnuTLS to use glib memory management */ |
91feef6cbede
- GnuTLS uses glib memory mgmt
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17793
diff
changeset
|
67 /* I expect that this isn't really necessary, but it may prevent |
91feef6cbede
- GnuTLS uses glib memory mgmt
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17793
diff
changeset
|
68 some bugs */ |
17913
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
69 /* TODO: It may be necessary to wrap this allocators for GnuTLS. |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
70 If there are strange bugs, perhaps look here (yes, I am a |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
71 hypocrite) */ |
17911
91feef6cbede
- GnuTLS uses glib memory mgmt
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17793
diff
changeset
|
72 gnutls_global_set_mem_functions( |
23276
b87ce62751a2
I can't think of any reason we would need to use the zero versions of
Mark Doliner <mark@kingant.net>
parents:
21678
diff
changeset
|
73 (gnutls_alloc_function) g_malloc, /* malloc */ |
b87ce62751a2
I can't think of any reason we would need to use the zero versions of
Mark Doliner <mark@kingant.net>
parents:
21678
diff
changeset
|
74 (gnutls_alloc_function) g_malloc, /* secure malloc */ |
17911
91feef6cbede
- GnuTLS uses glib memory mgmt
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17793
diff
changeset
|
75 NULL, /* mem_is_secure */ |
17913
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
76 (gnutls_realloc_function) g_realloc, /* realloc */ |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
77 (gnutls_free_function) g_free /* free */ |
17911
91feef6cbede
- GnuTLS uses glib memory mgmt
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17793
diff
changeset
|
78 ); |
19550
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
79 |
27183
e997e1e9b4f1
Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar.
Paul Aurich <paul@darkrain42.org>
parents:
27113
diff
changeset
|
80 debug_level = g_getenv("PURPLE_GNUTLS_DEBUG"); |
e997e1e9b4f1
Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar.
Paul Aurich <paul@darkrain42.org>
parents:
27113
diff
changeset
|
81 if (debug_level) { |
e997e1e9b4f1
Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar.
Paul Aurich <paul@darkrain42.org>
parents:
27113
diff
changeset
|
82 int level = atoi(debug_level); |
e997e1e9b4f1
Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar.
Paul Aurich <paul@darkrain42.org>
parents:
27113
diff
changeset
|
83 if (level < 0) { |
e997e1e9b4f1
Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar.
Paul Aurich <paul@darkrain42.org>
parents:
27113
diff
changeset
|
84 purple_debug_warning("gnutls", "Assuming log level 0 instead of %d\n", |
e997e1e9b4f1
Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar.
Paul Aurich <paul@darkrain42.org>
parents:
27113
diff
changeset
|
85 level); |
e997e1e9b4f1
Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar.
Paul Aurich <paul@darkrain42.org>
parents:
27113
diff
changeset
|
86 level = 0; |
e997e1e9b4f1
Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar.
Paul Aurich <paul@darkrain42.org>
parents:
27113
diff
changeset
|
87 } |
e997e1e9b4f1
Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar.
Paul Aurich <paul@darkrain42.org>
parents:
27113
diff
changeset
|
88 |
e997e1e9b4f1
Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar.
Paul Aurich <paul@darkrain42.org>
parents:
27113
diff
changeset
|
89 /* "The level is an integer between 0 and 9. Higher values mean more verbosity." */ |
e997e1e9b4f1
Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar.
Paul Aurich <paul@darkrain42.org>
parents:
27113
diff
changeset
|
90 gnutls_global_set_log_level(level); |
e997e1e9b4f1
Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar.
Paul Aurich <paul@darkrain42.org>
parents:
27113
diff
changeset
|
91 gnutls_global_set_log_function(ssl_gnutls_log); |
e997e1e9b4f1
Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar.
Paul Aurich <paul@darkrain42.org>
parents:
27113
diff
changeset
|
92 } |
e997e1e9b4f1
Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar.
Paul Aurich <paul@darkrain42.org>
parents:
27113
diff
changeset
|
93 |
29656
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
94 /* Expected format: host=priority;host2=priority;*=priority |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
95 * where "*" is used to override the default priority string for |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
96 * libpurple. |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
97 */ |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
98 host_priorities_str = g_getenv("PURPLE_GNUTLS_PRIORITIES"); |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
99 if (host_priorities_str) { |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
100 #ifndef HAVE_GNUTLS_PRIORITY_FUNCS |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
101 purple_debug_warning("gnutls", "Warning, PURPLE_GNUTLS_PRIORITIES " |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
102 "environment variable set, but we were built " |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
103 "against an older GnuTLS that doesn't support " |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
104 "this. :-("); |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
105 #else /* HAVE_GNUTLS_PRIORITY_FUNCS */ |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
106 char **entries = g_strsplit(host_priorities_str, ";", -1); |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
107 guint i; |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
108 |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
109 host_priorities = g_hash_table_new_full(g_str_hash, g_str_equal, |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
110 g_free, g_free); |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
111 |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
112 for (i = 0; entries[i]; ++i) { |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
113 char *host = entries[i]; |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
114 char *equals = strchr(host, '='); |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
115 char *prio_str; |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
116 |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
117 if (equals) { |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
118 *equals = '\0'; |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
119 prio_str = equals + 1; |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
120 |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
121 /* Empty? */ |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
122 if (*prio_str == '\0') { |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
123 purple_debug_warning("gnutls", "Ignoring empty priority " |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
124 "string for %s\n", host); |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
125 } else { |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
126 /* TODO: Validate each of these and complain */ |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
127 if (g_str_equal(host, "*")) { |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
128 /* Override the default priority */ |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
129 g_free(default_priority); |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
130 default_priority = g_strdup(prio_str); |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
131 } else |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
132 g_hash_table_insert(host_priorities, g_strdup(host), |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
133 g_strdup(prio_str)); |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
134 } |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
135 } |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
136 } |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
137 |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
138 g_strfreev(entries); |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
139 #endif /* HAVE_GNUTLS_PRIORITY_FUNCS */ |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
140 } |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
141 |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
142 #ifdef HAVE_GNUTLS_PRIORITY_FUNCS |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
143 /* Make sure we set have a default priority! */ |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
144 if (!default_priority) |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
145 default_priority = g_strdup("NORMAL:%SSL3_RECORD_VERSION"); |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
146 #endif /* HAVE_GNUTLS_PRIORITY_FUNCS */ |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
147 |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
148 gnutls_global_init(); |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
149 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
150 gnutls_certificate_allocate_credentials(&xcred); |
17913
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
151 |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
152 /* TODO: I can likely remove this */ |
17781
3ce170204ef0
disapproval of revision '38e35430b0f7a8b7d764fca702732e7f1c652d02'
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17780
diff
changeset
|
153 gnutls_certificate_set_x509_trust_file(xcred, "ca.pem", |
3ce170204ef0
disapproval of revision '38e35430b0f7a8b7d764fca702732e7f1c652d02'
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17780
diff
changeset
|
154 GNUTLS_X509_FMT_PEM); |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
155 } |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
156 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
157 static gboolean |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
158 ssl_gnutls_init(void) |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
159 { |
19550
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
160 return TRUE; |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
161 } |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
162 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
163 static void |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
164 ssl_gnutls_uninit(void) |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
165 { |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
166 gnutls_global_deinit(); |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
167 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
168 gnutls_certificate_free_credentials(xcred); |
29656
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
169 xcred = NULL; |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
170 |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
171 #ifdef HAVE_GNUTLS_PRIORITY_FUNCS |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
172 if (host_priorities) { |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
173 g_hash_table_destroy(host_priorities); |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
174 host_priorities = NULL; |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
175 } |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
176 |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
177 g_free(default_priority); |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
178 default_priority = NULL; |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
179 #endif |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
180 } |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
181 |
18955
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
182 static void |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
183 ssl_gnutls_verified_cb(PurpleCertificateVerificationStatus st, |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
184 gpointer userdata) |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
185 { |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
186 PurpleSslConnection *gsc = (PurpleSslConnection *) userdata; |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
187 |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
188 if (st == PURPLE_CERTIFICATE_VALID) { |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
189 /* Certificate valid? Good! Do the connection! */ |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
190 gsc->connect_cb(gsc->connect_cb_data, gsc, PURPLE_INPUT_READ); |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
191 } else { |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
192 /* Otherwise, signal an error */ |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
193 if(gsc->error_cb != NULL) |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
194 gsc->error_cb(gsc, PURPLE_SSL_CERTIFICATE_INVALID, |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
195 gsc->connect_cb_data); |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
196 purple_ssl_close(gsc); |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
197 } |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
198 } |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
199 |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
200 |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
201 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
202 static void ssl_gnutls_handshake_cb(gpointer data, gint source, |
15822 | 203 PurpleInputCondition cond) |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
204 { |
15822 | 205 PurpleSslConnection *gsc = data; |
206 PurpleSslGnutlsData *gnutls_data = PURPLE_SSL_GNUTLS_DATA(gsc); | |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
207 ssize_t ret; |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
208 |
20255
07c103ac3795
applied changes from 5252885d793a4d288d92856d511d721bf5bb87ef
Richard Laager <rlaager@wiktel.com>
parents:
19681
diff
changeset
|
209 /*purple_debug_info("gnutls", "Handshaking with %s\n", gsc->host);*/ |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
210 ret = gnutls_handshake(gnutls_data->session); |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
211 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
212 if(ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED) |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
213 return; |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
214 |
15822 | 215 purple_input_remove(gnutls_data->handshake_handler); |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
216 gnutls_data->handshake_handler = 0; |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
217 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
218 if(ret != 0) { |
15822 | 219 purple_debug_error("gnutls", "Handshake failed. Error %s\n", |
15784
eed84b59c252
There were a few problems here
Mark Doliner <mark@kingant.net>
parents:
15373
diff
changeset
|
220 gnutls_strerror(ret)); |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
221 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
222 if(gsc->error_cb != NULL) |
15822 | 223 gsc->error_cb(gsc, PURPLE_SSL_HANDSHAKE_FAILED, |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
224 gsc->connect_cb_data); |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
225 |
15822 | 226 purple_ssl_close(gsc); |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
227 } else { |
18938
f2ddc4b10d72
- Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18935
diff
changeset
|
228 /* Now we are cooking with gas! */ |
f2ddc4b10d72
- Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18935
diff
changeset
|
229 PurpleSslOps *ops = purple_ssl_get_ops(); |
f2ddc4b10d72
- Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18935
diff
changeset
|
230 GList * peers = ops->get_peer_certificates(gsc); |
19550
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
231 |
18938
f2ddc4b10d72
- Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18935
diff
changeset
|
232 PurpleCertificateScheme *x509 = |
f2ddc4b10d72
- Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18935
diff
changeset
|
233 purple_certificate_find_scheme("x509"); |
f2ddc4b10d72
- Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18935
diff
changeset
|
234 |
f2ddc4b10d72
- Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18935
diff
changeset
|
235 GList * l; |
19549
5f4100c7dd00
Fix compiler warnings about having a variable declaration after some
Mark Doliner <mark@kingant.net>
parents:
19498
diff
changeset
|
236 |
5f4100c7dd00
Fix compiler warnings about having a variable declaration after some
Mark Doliner <mark@kingant.net>
parents:
19498
diff
changeset
|
237 /* TODO: Remove all this debugging babble */ |
5f4100c7dd00
Fix compiler warnings about having a variable declaration after some
Mark Doliner <mark@kingant.net>
parents:
19498
diff
changeset
|
238 purple_debug_info("gnutls", "Handshake complete\n"); |
5f4100c7dd00
Fix compiler warnings about having a variable declaration after some
Mark Doliner <mark@kingant.net>
parents:
19498
diff
changeset
|
239 |
18938
f2ddc4b10d72
- Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18935
diff
changeset
|
240 for (l=peers; l; l = l->next) { |
f2ddc4b10d72
- Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18935
diff
changeset
|
241 PurpleCertificate *crt = l->data; |
f2ddc4b10d72
- Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18935
diff
changeset
|
242 GByteArray *z = |
f2ddc4b10d72
- Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18935
diff
changeset
|
243 x509->get_fingerprint_sha1(crt); |
f2ddc4b10d72
- Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18935
diff
changeset
|
244 gchar * fpr = |
f2ddc4b10d72
- Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18935
diff
changeset
|
245 purple_base16_encode_chunked(z->data, |
f2ddc4b10d72
- Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18935
diff
changeset
|
246 z->len); |
f2ddc4b10d72
- Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18935
diff
changeset
|
247 |
f2ddc4b10d72
- Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18935
diff
changeset
|
248 purple_debug_info("gnutls/x509", |
f2ddc4b10d72
- Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18935
diff
changeset
|
249 "Key print: %s\n", |
f2ddc4b10d72
- Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18935
diff
changeset
|
250 fpr); |
f2ddc4b10d72
- Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18935
diff
changeset
|
251 |
f2ddc4b10d72
- Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18935
diff
changeset
|
252 /* Kill the cert! */ |
f2ddc4b10d72
- Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18935
diff
changeset
|
253 x509->destroy_certificate(crt); |
19550
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
254 |
18938
f2ddc4b10d72
- Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18935
diff
changeset
|
255 g_free(fpr); |
f2ddc4b10d72
- Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18935
diff
changeset
|
256 g_byte_array_free(z, TRUE); |
f2ddc4b10d72
- Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18935
diff
changeset
|
257 } |
f2ddc4b10d72
- Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18935
diff
changeset
|
258 g_list_free(peers); |
19550
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
259 |
17766
fe571cfcf225
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17252
diff
changeset
|
260 { |
20282
62b83cebbb59
applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e
Richard Laager <rlaager@wiktel.com>
parents:
20255
diff
changeset
|
261 const gnutls_datum *cert_list; |
19550
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
262 unsigned int cert_list_size = 0; |
20282
62b83cebbb59
applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e
Richard Laager <rlaager@wiktel.com>
parents:
20255
diff
changeset
|
263 gnutls_session session=gnutls_data->session; |
19550
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
264 int i; |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
265 |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
266 cert_list = |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
267 gnutls_certificate_get_peers(session, &cert_list_size); |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
268 |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
269 purple_debug_info("gnutls", |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
270 "Peer provided %d certs\n", |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
271 cert_list_size); |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
272 for (i=0; i<cert_list_size; i++) |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
273 { |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
274 gchar fpr_bin[256]; |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
275 gsize fpr_bin_sz = sizeof(fpr_bin); |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
276 gchar * fpr_asc = NULL; |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
277 gchar tbuf[256]; |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
278 gsize tsz=sizeof(tbuf); |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
279 gchar * tasc = NULL; |
20282
62b83cebbb59
applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e
Richard Laager <rlaager@wiktel.com>
parents:
20255
diff
changeset
|
280 gnutls_x509_crt cert; |
19550
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
281 |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
282 gnutls_x509_crt_init(&cert); |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
283 gnutls_x509_crt_import (cert, &cert_list[i], |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
284 GNUTLS_X509_FMT_DER); |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
285 |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
286 gnutls_x509_crt_get_fingerprint(cert, GNUTLS_MAC_SHA, |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
287 fpr_bin, &fpr_bin_sz); |
17766
fe571cfcf225
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17252
diff
changeset
|
288 |
19550
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
289 fpr_asc = |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
290 purple_base16_encode_chunked((const guchar *)fpr_bin, fpr_bin_sz); |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
291 |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
292 purple_debug_info("gnutls", |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
293 "Lvl %d SHA1 fingerprint: %s\n", |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
294 i, fpr_asc); |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
295 |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
296 tsz=sizeof(tbuf); |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
297 gnutls_x509_crt_get_serial(cert,tbuf,&tsz); |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
298 tasc=purple_base16_encode_chunked((const guchar *)tbuf, tsz); |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
299 purple_debug_info("gnutls", |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
300 "Serial: %s\n", |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
301 tasc); |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
302 g_free(tasc); |
17766
fe571cfcf225
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17252
diff
changeset
|
303 |
19550
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
304 tsz=sizeof(tbuf); |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
305 gnutls_x509_crt_get_dn (cert, tbuf, &tsz); |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
306 purple_debug_info("gnutls", |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
307 "Cert DN: %s\n", |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
308 tbuf); |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
309 tsz=sizeof(tbuf); |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
310 gnutls_x509_crt_get_issuer_dn (cert, tbuf, &tsz); |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
311 purple_debug_info("gnutls", |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
312 "Cert Issuer DN: %s\n", |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
313 tbuf); |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
314 |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
315 g_free(fpr_asc); |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
316 fpr_asc = NULL; |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
317 gnutls_x509_crt_deinit(cert); |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
318 } |
17781
3ce170204ef0
disapproval of revision '38e35430b0f7a8b7d764fca702732e7f1c652d02'
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17780
diff
changeset
|
319 } |
18955
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
320 |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
321 /* TODO: The following logic should really be in libpurple */ |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
322 /* If a Verifier was given, hand control over to it */ |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
323 if (gsc->verifier) { |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
324 GList *peers; |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
325 /* First, get the peer cert chain */ |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
326 peers = purple_ssl_get_peer_certificates(gsc); |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
327 |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
328 /* Now kick off the verification process */ |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
329 purple_certificate_verify(gsc->verifier, |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
330 gsc->host, |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
331 peers, |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
332 ssl_gnutls_verified_cb, |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
333 gsc); |
19021
fcca10d0ac7d
- purple_certificate_verify no longer takes possession of the
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19019
diff
changeset
|
334 |
fcca10d0ac7d
- purple_certificate_verify no longer takes possession of the
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19019
diff
changeset
|
335 purple_certificate_destroy_list(peers); |
18955
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
336 } else { |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
337 /* Otherwise, just call the "connection complete" |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
338 callback */ |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
339 gsc->connect_cb(gsc->connect_cb_data, gsc, cond); |
f393eddab077
- ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18938
diff
changeset
|
340 } |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
341 } |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
342 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
343 } |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
344 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
345 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
346 static void |
15822 | 347 ssl_gnutls_connect(PurpleSslConnection *gsc) |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
348 { |
15822 | 349 PurpleSslGnutlsData *gnutls_data; |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
350 static const int cert_type_priority[2] = { GNUTLS_CRT_X509, 0 }; |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
351 |
15822 | 352 gnutls_data = g_new0(PurpleSslGnutlsData, 1); |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
353 gsc->private_data = gnutls_data; |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
354 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
355 gnutls_init(&gnutls_data->session, GNUTLS_CLIENT); |
25499
309f6dca369a
Use _set_default_priority on gnutls versions lacking _priority_set_direct.
Ethan Blanton <elb@pidgin.im>
parents:
25498
diff
changeset
|
356 #ifdef HAVE_GNUTLS_PRIORITY_FUNCS |
29656
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
357 { |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
358 const char *prio_str = NULL; |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
359 |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
360 /* Let's see if someone has specified a specific priority */ |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
361 if (gsc->host && host_priorities) |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
362 prio_str = g_hash_table_lookup(host_priorities, gsc->host); |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
363 |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
364 /* If not, let's use the default! */ |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
365 if (!prio_str) |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
366 prio_str = default_priority; |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
367 |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
368 /* TODO: Use a gnutls_priority_t cache, so this doesn't require three levels! */ |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
369 /* The logic here is to try the specified string, fall back to the default |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
370 * (which may also be user-specified), and if *that* doesn't work, fall back |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
371 * to the default default (which I'm not sure is necessary, but whatever). |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
372 */ |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
373 if (gnutls_priority_set_direct(gnutls_data->session, |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
374 prio_str, NULL)) |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
375 if (gnutls_priority_set_direct(gnutls_data->session, default_priority, NULL)) |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
376 gnutls_priority_set_direct(gnutls_data->session, "NORMAL", NULL); |
9bfa52f8ee87
gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616
Paul Aurich <paul@darkrain42.org>
parents:
29647
diff
changeset
|
377 } |
25499
309f6dca369a
Use _set_default_priority on gnutls versions lacking _priority_set_direct.
Ethan Blanton <elb@pidgin.im>
parents:
25498
diff
changeset
|
378 #else |
309f6dca369a
Use _set_default_priority on gnutls versions lacking _priority_set_direct.
Ethan Blanton <elb@pidgin.im>
parents:
25498
diff
changeset
|
379 gnutls_set_default_priority(gnutls_data->session); |
309f6dca369a
Use _set_default_priority on gnutls versions lacking _priority_set_direct.
Ethan Blanton <elb@pidgin.im>
parents:
25498
diff
changeset
|
380 #endif |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
381 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
382 gnutls_certificate_type_set_priority(gnutls_data->session, |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
383 cert_type_priority); |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
384 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
385 gnutls_credentials_set(gnutls_data->session, GNUTLS_CRD_CERTIFICATE, |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
386 xcred); |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
387 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
388 gnutls_transport_set_ptr(gnutls_data->session, GINT_TO_POINTER(gsc->fd)); |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
389 |
15822 | 390 gnutls_data->handshake_handler = purple_input_add(gsc->fd, |
391 PURPLE_INPUT_READ, ssl_gnutls_handshake_cb, gsc); | |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
392 |
20255
07c103ac3795
applied changes from 5252885d793a4d288d92856d511d721bf5bb87ef
Richard Laager <rlaager@wiktel.com>
parents:
19681
diff
changeset
|
393 purple_debug_info("gnutls", "Starting handshake with %s\n", gsc->host); |
07c103ac3795
applied changes from 5252885d793a4d288d92856d511d721bf5bb87ef
Richard Laager <rlaager@wiktel.com>
parents:
19681
diff
changeset
|
394 |
17252
a2edef5eb1b1
- Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
16665
diff
changeset
|
395 /* Orborde asks: Why are we configuring a callback, then |
a2edef5eb1b1
- Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
16665
diff
changeset
|
396 immediately calling it? |
a2edef5eb1b1
- Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
16665
diff
changeset
|
397 |
a2edef5eb1b1
- Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
16665
diff
changeset
|
398 Answer: gnutls_handshake (up in handshake_cb) needs to be called |
a2edef5eb1b1
- Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
16665
diff
changeset
|
399 once in order to get the ball rolling on the SSL connection. |
a2edef5eb1b1
- Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
16665
diff
changeset
|
400 Once it has done so, only then will the server reply, triggering |
a2edef5eb1b1
- Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
16665
diff
changeset
|
401 the callback. |
a2edef5eb1b1
- Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
16665
diff
changeset
|
402 |
a2edef5eb1b1
- Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
16665
diff
changeset
|
403 Since the logic driving gnutls_handshake is the same with the first |
a2edef5eb1b1
- Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
16665
diff
changeset
|
404 and subsequent calls, we'll just fire the callback immediately to |
a2edef5eb1b1
- Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
16665
diff
changeset
|
405 accomplish this. |
a2edef5eb1b1
- Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
16665
diff
changeset
|
406 */ |
15822 | 407 ssl_gnutls_handshake_cb(gsc, gsc->fd, PURPLE_INPUT_READ); |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
408 } |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
409 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
410 static void |
15822 | 411 ssl_gnutls_close(PurpleSslConnection *gsc) |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
412 { |
15822 | 413 PurpleSslGnutlsData *gnutls_data = PURPLE_SSL_GNUTLS_DATA(gsc); |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
414 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
415 if(!gnutls_data) |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
416 return; |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
417 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
418 if(gnutls_data->handshake_handler) |
15822 | 419 purple_input_remove(gnutls_data->handshake_handler); |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
420 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
421 gnutls_bye(gnutls_data->session, GNUTLS_SHUT_RDWR); |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
422 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
423 gnutls_deinit(gnutls_data->session); |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
424 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
425 g_free(gnutls_data); |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
426 gsc->private_data = NULL; |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
427 } |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
428 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
429 static size_t |
15822 | 430 ssl_gnutls_read(PurpleSslConnection *gsc, void *data, size_t len) |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
431 { |
15822 | 432 PurpleSslGnutlsData *gnutls_data = PURPLE_SSL_GNUTLS_DATA(gsc); |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
433 ssize_t s; |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
434 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
435 s = gnutls_record_recv(gnutls_data->session, data, len); |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
436 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
437 if(s == GNUTLS_E_AGAIN || s == GNUTLS_E_INTERRUPTED) { |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
438 s = -1; |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
439 errno = EAGAIN; |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
440 } else if(s < 0) { |
15822 | 441 purple_debug_error("gnutls", "receive failed: %s\n", |
15784
eed84b59c252
There were a few problems here
Mark Doliner <mark@kingant.net>
parents:
15373
diff
changeset
|
442 gnutls_strerror(s)); |
eed84b59c252
There were a few problems here
Mark Doliner <mark@kingant.net>
parents:
15373
diff
changeset
|
443 s = -1; |
eed84b59c252
There were a few problems here
Mark Doliner <mark@kingant.net>
parents:
15373
diff
changeset
|
444 /* |
eed84b59c252
There were a few problems here
Mark Doliner <mark@kingant.net>
parents:
15373
diff
changeset
|
445 * TODO: Set errno to something more appropriate. Or even |
eed84b59c252
There were a few problems here
Mark Doliner <mark@kingant.net>
parents:
15373
diff
changeset
|
446 * better: allow ssl plugins to keep track of their |
eed84b59c252
There were a few problems here
Mark Doliner <mark@kingant.net>
parents:
15373
diff
changeset
|
447 * own error message, then add a new ssl_ops function |
eed84b59c252
There were a few problems here
Mark Doliner <mark@kingant.net>
parents:
15373
diff
changeset
|
448 * that returns the error message. |
eed84b59c252
There were a few problems here
Mark Doliner <mark@kingant.net>
parents:
15373
diff
changeset
|
449 */ |
eed84b59c252
There were a few problems here
Mark Doliner <mark@kingant.net>
parents:
15373
diff
changeset
|
450 errno = EIO; |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
451 } |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
452 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
453 return s; |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
454 } |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
455 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
456 static size_t |
15822 | 457 ssl_gnutls_write(PurpleSslConnection *gsc, const void *data, size_t len) |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
458 { |
15822 | 459 PurpleSslGnutlsData *gnutls_data = PURPLE_SSL_GNUTLS_DATA(gsc); |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
460 ssize_t s = 0; |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
461 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
462 /* XXX: when will gnutls_data be NULL? */ |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
463 if(gnutls_data) |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
464 s = gnutls_record_send(gnutls_data->session, data, len); |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
465 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
466 if(s == GNUTLS_E_AGAIN || s == GNUTLS_E_INTERRUPTED) { |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
467 s = -1; |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
468 errno = EAGAIN; |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
469 } else if(s < 0) { |
15822 | 470 purple_debug_error("gnutls", "send failed: %s\n", |
15784
eed84b59c252
There were a few problems here
Mark Doliner <mark@kingant.net>
parents:
15373
diff
changeset
|
471 gnutls_strerror(s)); |
eed84b59c252
There were a few problems here
Mark Doliner <mark@kingant.net>
parents:
15373
diff
changeset
|
472 s = -1; |
eed84b59c252
There were a few problems here
Mark Doliner <mark@kingant.net>
parents:
15373
diff
changeset
|
473 /* |
eed84b59c252
There were a few problems here
Mark Doliner <mark@kingant.net>
parents:
15373
diff
changeset
|
474 * TODO: Set errno to something more appropriate. Or even |
eed84b59c252
There were a few problems here
Mark Doliner <mark@kingant.net>
parents:
15373
diff
changeset
|
475 * better: allow ssl plugins to keep track of their |
eed84b59c252
There were a few problems here
Mark Doliner <mark@kingant.net>
parents:
15373
diff
changeset
|
476 * own error message, then add a new ssl_ops function |
eed84b59c252
There were a few problems here
Mark Doliner <mark@kingant.net>
parents:
15373
diff
changeset
|
477 * that returns the error message. |
eed84b59c252
There were a few problems here
Mark Doliner <mark@kingant.net>
parents:
15373
diff
changeset
|
478 */ |
eed84b59c252
There were a few problems here
Mark Doliner <mark@kingant.net>
parents:
15373
diff
changeset
|
479 errno = EIO; |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
480 } |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
481 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
482 return s; |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
483 } |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
484 |
19491
4f472eef762c
- TODO-whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19218
diff
changeset
|
485 /* Forward declarations are fun! */ |
18189
030a2209ae96
- Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18188
diff
changeset
|
486 static PurpleCertificate * |
20282
62b83cebbb59
applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e
Richard Laager <rlaager@wiktel.com>
parents:
20255
diff
changeset
|
487 x509_import_from_datum(const gnutls_datum dt, gnutls_x509_crt_fmt mode); |
17914
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
488 |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
489 static GList * |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
490 ssl_gnutls_get_peer_certificates(PurpleSslConnection * gsc) |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
491 { |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
492 PurpleSslGnutlsData *gnutls_data = PURPLE_SSL_GNUTLS_DATA(gsc); |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
493 |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
494 /* List of Certificate instances to return */ |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
495 GList * peer_certs = NULL; |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
496 |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
497 /* List of raw certificates as given by GnuTLS */ |
20282
62b83cebbb59
applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e
Richard Laager <rlaager@wiktel.com>
parents:
20255
diff
changeset
|
498 const gnutls_datum *cert_list; |
17914
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
499 unsigned int cert_list_size = 0; |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
500 |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
501 unsigned int i; |
19550
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
502 |
17914
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
503 /* This should never, ever happen. */ |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
504 g_return_val_if_fail( gnutls_certificate_type_get (gnutls_data->session) == GNUTLS_CRT_X509, NULL); |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
505 |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
506 /* Get the certificate list from GnuTLS */ |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
507 /* TODO: I am _pretty sure_ this doesn't block or do other exciting things */ |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
508 cert_list = gnutls_certificate_get_peers(gnutls_data->session, |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
509 &cert_list_size); |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
510 |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
511 /* Convert each certificate to a Certificate and append it to the list */ |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
512 for (i = 0; i < cert_list_size; i++) { |
18189
030a2209ae96
- Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18188
diff
changeset
|
513 PurpleCertificate * newcrt = x509_import_from_datum(cert_list[i], |
18186
80c909c5bb7a
- Add a mode switch to allow DER or PEM imports (necessary because SSL certs
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17914
diff
changeset
|
514 GNUTLS_X509_FMT_DER); |
17914
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
515 /* Append is somewhat inefficient on linked lists, but is easy |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
516 to read. If someone complains, I'll change it. |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
517 TODO: Is anyone complaining? (Maybe elb?) */ |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
518 peer_certs = g_list_append(peer_certs, newcrt); |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
519 } |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
520 |
19491
4f472eef762c
- TODO-whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19218
diff
changeset
|
521 /* cert_list doesn't need free()-ing */ |
17914
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
522 |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
523 return peer_certs; |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
524 } |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
525 |
17913
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
526 /************************************************************************/ |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
527 /* X.509 functionality */ |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
528 /************************************************************************/ |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
529 const gchar * SCHEME_NAME = "x509"; |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
530 |
18189
030a2209ae96
- Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18188
diff
changeset
|
531 static PurpleCertificateScheme x509_gnutls; |
17913
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
532 |
19017
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
533 /** Refcounted GnuTLS certificate data instance */ |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
534 typedef struct { |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
535 gint refcount; |
20282
62b83cebbb59
applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e
Richard Laager <rlaager@wiktel.com>
parents:
20255
diff
changeset
|
536 gnutls_x509_crt crt; |
19017
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
537 } x509_crtdata_t; |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
538 |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
539 /** Helper functions for reference counting */ |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
540 static x509_crtdata_t * |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
541 x509_crtdata_addref(x509_crtdata_t *cd) |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
542 { |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
543 (cd->refcount)++; |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
544 return cd; |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
545 } |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
546 |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
547 static void |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
548 x509_crtdata_delref(x509_crtdata_t *cd) |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
549 { |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
550 (cd->refcount)--; |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
551 |
19552 | 552 if (cd->refcount < 0) |
19551
ce3dec442fec
Replace a call to g_assert() with a logging statement
Mark Doliner <mark@kingant.net>
parents:
19550
diff
changeset
|
553 g_critical("Refcount of x509_crtdata_t is %d, which is less " |
ce3dec442fec
Replace a call to g_assert() with a logging statement
Mark Doliner <mark@kingant.net>
parents:
19550
diff
changeset
|
554 "than zero!\n", cd->refcount); |
ce3dec442fec
Replace a call to g_assert() with a logging statement
Mark Doliner <mark@kingant.net>
parents:
19550
diff
changeset
|
555 |
19017
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
556 /* If the refcount reaches zero, kill the structure */ |
19551
ce3dec442fec
Replace a call to g_assert() with a logging statement
Mark Doliner <mark@kingant.net>
parents:
19550
diff
changeset
|
557 if (cd->refcount <= 0) { |
19017
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
558 /* Kill the internal data */ |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
559 gnutls_x509_crt_deinit( cd->crt ); |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
560 /* And kill the struct */ |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
561 g_free( cd ); |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
562 } |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
563 } |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
564 |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
565 /** Helper macro to retrieve the GnuTLS crt_t from a PurpleCertificate */ |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
566 #define X509_GET_GNUTLS_DATA(pcrt) ( ((x509_crtdata_t *) (pcrt->data))->crt) |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
567 |
20282
62b83cebbb59
applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e
Richard Laager <rlaager@wiktel.com>
parents:
20255
diff
changeset
|
568 /** Transforms a gnutls_datum containing an X.509 certificate into a Certificate instance under the x509_gnutls scheme |
17914
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
569 * |
18186
80c909c5bb7a
- Add a mode switch to allow DER or PEM imports (necessary because SSL certs
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17914
diff
changeset
|
570 * @param dt Datum to transform |
80c909c5bb7a
- Add a mode switch to allow DER or PEM imports (necessary because SSL certs
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17914
diff
changeset
|
571 * @param mode GnuTLS certificate format specifier (GNUTLS_X509_FMT_PEM for |
80c909c5bb7a
- Add a mode switch to allow DER or PEM imports (necessary because SSL certs
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17914
diff
changeset
|
572 * reading from files, and GNUTLS_X509_FMT_DER for converting |
80c909c5bb7a
- Add a mode switch to allow DER or PEM imports (necessary because SSL certs
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17914
diff
changeset
|
573 * "over the wire" certs for SSL) |
17914
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
574 * |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
575 * @return A newly allocated Certificate structure of the x509_gnutls scheme |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
576 */ |
18189
030a2209ae96
- Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18188
diff
changeset
|
577 static PurpleCertificate * |
20282
62b83cebbb59
applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e
Richard Laager <rlaager@wiktel.com>
parents:
20255
diff
changeset
|
578 x509_import_from_datum(const gnutls_datum dt, gnutls_x509_crt_fmt mode) |
17914
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
579 { |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
580 /* Internal certificate data structure */ |
19017
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
581 x509_crtdata_t *certdat; |
17914
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
582 /* New certificate to return */ |
18189
030a2209ae96
- Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18188
diff
changeset
|
583 PurpleCertificate * crt; |
17914
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
584 |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
585 /* Allocate and prepare the internal certificate data */ |
19017
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
586 certdat = g_new0(x509_crtdata_t, 1); |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
587 gnutls_x509_crt_init(&(certdat->crt)); |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
588 certdat->refcount = 0; |
19550
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
589 |
17914
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
590 /* Perform the actual certificate parse */ |
19017
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
591 /* Yes, certdat->crt should be passed as-is */ |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
592 gnutls_x509_crt_import(certdat->crt, &dt, mode); |
19550
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
593 |
17914
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
594 /* Allocate the certificate and load it with data */ |
18961
fa138dbacff5
- More g_new0 instead of g_new
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18955
diff
changeset
|
595 crt = g_new0(PurpleCertificate, 1); |
17914
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
596 crt->scheme = &x509_gnutls; |
19017
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
597 crt->data = x509_crtdata_addref(certdat); |
17914
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
598 |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
599 return crt; |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
600 } |
2f119e2a1b33
- Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
601 |
17913
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
602 /** Imports a PEM-formatted X.509 certificate from the specified file. |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
603 * @param filename Filename to import from. Format is PEM |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
604 * |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
605 * @return A newly allocated Certificate structure of the x509_gnutls scheme |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
606 */ |
18189
030a2209ae96
- Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18188
diff
changeset
|
607 static PurpleCertificate * |
17913
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
608 x509_import_from_file(const gchar * filename) |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
609 { |
18189
030a2209ae96
- Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18188
diff
changeset
|
610 PurpleCertificate *crt; /* Certificate being constructed */ |
17913
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
611 gchar *buf; /* Used to load the raw file data */ |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
612 gsize buf_sz; /* Size of the above */ |
20282
62b83cebbb59
applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e
Richard Laager <rlaager@wiktel.com>
parents:
20255
diff
changeset
|
613 gnutls_datum dt; /* Struct to pass down to GnuTLS */ |
17913
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
614 |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
615 purple_debug_info("gnutls", |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
616 "Attempting to load X.509 certificate from %s\n", |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
617 filename); |
19550
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
618 |
17913
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
619 /* Next, we'll simply yank the entire contents of the file |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
620 into memory */ |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
621 /* TODO: Should I worry about very large files here? */ |
19491
4f472eef762c
- TODO-whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19218
diff
changeset
|
622 g_return_val_if_fail( |
4f472eef762c
- TODO-whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19218
diff
changeset
|
623 g_file_get_contents(filename, |
17913
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
624 &buf, |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
625 &buf_sz, |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
626 NULL /* No error checking for now */ |
19491
4f472eef762c
- TODO-whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19218
diff
changeset
|
627 ), |
4f472eef762c
- TODO-whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19218
diff
changeset
|
628 NULL); |
19550
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
629 |
17913
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
630 /* Load the datum struct */ |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
631 dt.data = (unsigned char *) buf; |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
632 dt.size = buf_sz; |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
633 |
21678 | 634 /* Perform the conversion; files should be in PEM format */ |
635 crt = x509_import_from_datum(dt, GNUTLS_X509_FMT_PEM); | |
19550
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
636 |
17913
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
637 /* Cleanup */ |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
638 g_free(buf); |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
639 |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
640 return crt; |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
641 } |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
642 |
29647
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
643 /** Imports a number of PEM-formatted X.509 certificates from the specified file. |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
644 * @param filename Filename to import from. Format is PEM |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
645 * |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
646 * @return A newly allocated GSList of Certificate structures of the x509_gnutls scheme |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
647 */ |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
648 static GSList * |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
649 x509_importcerts_from_file(const gchar * filename) |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
650 { |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
651 PurpleCertificate *crt; /* Certificate being constructed */ |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
652 gchar *buf; /* Used to load the raw file data */ |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
653 gchar *begin, *end; |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
654 GSList *crts = NULL; |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
655 gsize buf_sz; /* Size of the above */ |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
656 gnutls_datum dt; /* Struct to pass down to GnuTLS */ |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
657 |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
658 purple_debug_info("gnutls", |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
659 "Attempting to load X.509 certificates from %s\n", |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
660 filename); |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
661 |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
662 /* Next, we'll simply yank the entire contents of the file |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
663 into memory */ |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
664 /* TODO: Should I worry about very large files here? */ |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
665 g_return_val_if_fail( |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
666 g_file_get_contents(filename, |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
667 &buf, |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
668 &buf_sz, |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
669 NULL /* No error checking for now */ |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
670 ), |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
671 NULL); |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
672 |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
673 begin = buf; |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
674 while((end = strstr(begin, "-----END CERTIFICATE-----")) != NULL) { |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
675 end += sizeof("-----END CERTIFICATE-----")-1; |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
676 /* Load the datum struct */ |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
677 dt.data = (unsigned char *) begin; |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
678 dt.size = (end-begin); |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
679 |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
680 /* Perform the conversion; files should be in PEM format */ |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
681 crt = x509_import_from_datum(dt, GNUTLS_X509_FMT_PEM); |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
682 crts = g_slist_prepend(crts, crt); |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
683 begin = end; |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
684 } |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
685 |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
686 /* Cleanup */ |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
687 g_free(buf); |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
688 |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
689 return crts; |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
690 } |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
691 |
18977
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
692 /** |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
693 * Exports a PEM-formatted X.509 certificate to the specified file. |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
694 * @param filename Filename to export to. Format will be PEM |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
695 * @param crt Certificate to export |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
696 * |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
697 * @return TRUE if success, otherwise FALSE |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
698 */ |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
699 static gboolean |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
700 x509_export_certificate(const gchar *filename, PurpleCertificate *crt) |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
701 { |
20282
62b83cebbb59
applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e
Richard Laager <rlaager@wiktel.com>
parents:
20255
diff
changeset
|
702 gnutls_x509_crt crt_dat; /* GnuTLS cert struct */ |
18977
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
703 int ret; |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
704 gchar * out_buf; /* Data to output */ |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
705 size_t out_size; /* Output size */ |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
706 gboolean success = FALSE; |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
707 |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
708 /* Paranoia paranoia paranoia! */ |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
709 g_return_val_if_fail(filename, FALSE); |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
710 g_return_val_if_fail(crt, FALSE); |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
711 g_return_val_if_fail(crt->scheme == &x509_gnutls, FALSE); |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
712 g_return_val_if_fail(crt->data, FALSE); |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
713 |
19017
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
714 crt_dat = X509_GET_GNUTLS_DATA(crt); |
18977
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
715 |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
716 /* Obtain the output size required */ |
19004
d4065b26dcac
- Fix intermittent crash due to uninitialized variable
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19003
diff
changeset
|
717 out_size = 0; |
18977
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
718 ret = gnutls_x509_crt_export(crt_dat, GNUTLS_X509_FMT_PEM, |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
719 NULL, /* Provide no buffer yet */ |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
720 &out_size /* Put size here */ |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
721 ); |
19002
daeca1b9ebdb
- Fix an incorrect assertion in GnuTLS plugin
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18977
diff
changeset
|
722 g_return_val_if_fail(ret == GNUTLS_E_SHORT_MEMORY_BUFFER, FALSE); |
18977
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
723 |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
724 /* Now allocate a buffer and *really* export it */ |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
725 out_buf = g_new0(gchar, out_size); |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
726 ret = gnutls_x509_crt_export(crt_dat, GNUTLS_X509_FMT_PEM, |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
727 out_buf, /* Export to our new buffer */ |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
728 &out_size /* Put size here */ |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
729 ); |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
730 if (ret != 0) { |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
731 purple_debug_error("gnutls/x509", |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
732 "Failed to export cert to buffer with code %d\n", |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
733 ret); |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
734 g_free(out_buf); |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
735 return FALSE; |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
736 } |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
737 |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
738 /* Write it out to an actual file */ |
19498
7589b218f89a
- Add purple_util_write_data_to_file_absolute; glib's
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19494
diff
changeset
|
739 success = purple_util_write_data_to_file_absolute(filename, |
7589b218f89a
- Add purple_util_write_data_to_file_absolute; glib's
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19494
diff
changeset
|
740 out_buf, out_size); |
18977
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
741 |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
742 g_free(out_buf); |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
743 return success; |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
744 } |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
745 |
19019
e179e7e6ded7
- Add GnuTLS X.509 cert copy operator
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19018
diff
changeset
|
746 static PurpleCertificate * |
e179e7e6ded7
- Add GnuTLS X.509 cert copy operator
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19018
diff
changeset
|
747 x509_copy_certificate(PurpleCertificate *crt) |
e179e7e6ded7
- Add GnuTLS X.509 cert copy operator
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19018
diff
changeset
|
748 { |
e179e7e6ded7
- Add GnuTLS X.509 cert copy operator
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19018
diff
changeset
|
749 x509_crtdata_t *crtdat; |
e179e7e6ded7
- Add GnuTLS X.509 cert copy operator
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19018
diff
changeset
|
750 PurpleCertificate *newcrt; |
e179e7e6ded7
- Add GnuTLS X.509 cert copy operator
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19018
diff
changeset
|
751 |
e179e7e6ded7
- Add GnuTLS X.509 cert copy operator
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19018
diff
changeset
|
752 g_return_val_if_fail(crt, NULL); |
e179e7e6ded7
- Add GnuTLS X.509 cert copy operator
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19018
diff
changeset
|
753 g_return_val_if_fail(crt->scheme == &x509_gnutls, NULL); |
e179e7e6ded7
- Add GnuTLS X.509 cert copy operator
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19018
diff
changeset
|
754 |
e179e7e6ded7
- Add GnuTLS X.509 cert copy operator
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19018
diff
changeset
|
755 crtdat = (x509_crtdata_t *) crt->data; |
e179e7e6ded7
- Add GnuTLS X.509 cert copy operator
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19018
diff
changeset
|
756 |
e179e7e6ded7
- Add GnuTLS X.509 cert copy operator
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19018
diff
changeset
|
757 newcrt = g_new0(PurpleCertificate, 1); |
e179e7e6ded7
- Add GnuTLS X.509 cert copy operator
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19018
diff
changeset
|
758 newcrt->scheme = &x509_gnutls; |
e179e7e6ded7
- Add GnuTLS X.509 cert copy operator
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19018
diff
changeset
|
759 newcrt->data = x509_crtdata_addref(crtdat); |
e179e7e6ded7
- Add GnuTLS X.509 cert copy operator
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19018
diff
changeset
|
760 |
e179e7e6ded7
- Add GnuTLS X.509 cert copy operator
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19018
diff
changeset
|
761 return newcrt; |
e179e7e6ded7
- Add GnuTLS X.509 cert copy operator
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19018
diff
changeset
|
762 } |
17913
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
763 /** Frees a Certificate |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
764 * |
19550
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
765 * Destroys a Certificate's internal data structures and frees the pointer |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
766 * given. |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
767 * @param crt Certificate instance to be destroyed. It WILL NOT be destroyed |
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
768 * if it is not of the correct CertificateScheme. Can be NULL |
17913
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
769 * |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
770 */ |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
771 static void |
18189
030a2209ae96
- Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18188
diff
changeset
|
772 x509_destroy_certificate(PurpleCertificate * crt) |
17913
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
773 { |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
774 if (NULL == crt) return; |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
775 |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
776 /* Check that the scheme is x509_gnutls */ |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
777 if ( crt->scheme != &x509_gnutls ) { |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
778 purple_debug_error("gnutls", |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
779 "destroy_certificate attempted on certificate of wrong scheme (scheme was %s, expected %s)\n", |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
780 crt->scheme->name, |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
781 SCHEME_NAME); |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
782 return; |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
783 } |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
784 |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
785 g_return_if_fail(crt->data != NULL); |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
786 g_return_if_fail(crt->scheme != NULL); |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
787 |
19017
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
788 /* Use the reference counting system to free (or not) the |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
789 underlying data */ |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
790 x509_crtdata_delref((x509_crtdata_t *)crt->data); |
19550
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
791 |
17913
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
792 /* Kill the structure itself */ |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
793 g_free(crt); |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
794 } |
55a0b0a42000
- Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17911
diff
changeset
|
795 |
18191
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
796 /** Determines whether one certificate has been issued and signed by another |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
797 * |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
798 * @param crt Certificate to check the signature of |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
799 * @param issuer Issuer's certificate |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
800 * |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
801 * @return TRUE if crt was signed and issued by issuer, otherwise FALSE |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
802 * @TODO Modify this function to return a reason for invalidity? |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
803 */ |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
804 static gboolean |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
805 x509_certificate_signed_by(PurpleCertificate * crt, |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
806 PurpleCertificate * issuer) |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
807 { |
20282
62b83cebbb59
applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e
Richard Laager <rlaager@wiktel.com>
parents:
20255
diff
changeset
|
808 gnutls_x509_crt crt_dat; |
62b83cebbb59
applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e
Richard Laager <rlaager@wiktel.com>
parents:
20255
diff
changeset
|
809 gnutls_x509_crt issuer_dat; |
19212
2c7c934bfb4e
- Fix x509_signed_by. Apparently I can't read documentation.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19079
diff
changeset
|
810 unsigned int verify; /* used to store result from GnuTLS verifier */ |
18191
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
811 int ret; |
27655
0ac5a002dd6d
Add a debug log message when MD5 is used in a verification chain. Refs #4458.
Paul Aurich <paul@darkrain42.org>
parents:
27183
diff
changeset
|
812 gchar *crt_id = NULL; |
0ac5a002dd6d
Add a debug log message when MD5 is used in a verification chain. Refs #4458.
Paul Aurich <paul@darkrain42.org>
parents:
27183
diff
changeset
|
813 gchar *issuer_id = NULL; |
19550
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
814 |
18191
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
815 g_return_val_if_fail(crt, FALSE); |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
816 g_return_val_if_fail(issuer, FALSE); |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
817 |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
818 /* Verify that both certs are the correct scheme */ |
18963
146907cd3b07
- Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18961
diff
changeset
|
819 g_return_val_if_fail(crt->scheme == &x509_gnutls, FALSE); |
146907cd3b07
- Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18961
diff
changeset
|
820 g_return_val_if_fail(issuer->scheme == &x509_gnutls, FALSE); |
18191
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
821 |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
822 /* TODO: check for more nullness? */ |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
823 |
19017
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
824 crt_dat = X509_GET_GNUTLS_DATA(crt); |
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
825 issuer_dat = X509_GET_GNUTLS_DATA(issuer); |
18191
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
826 |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
827 /* First, let's check that crt.issuer is actually issuer */ |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
828 ret = gnutls_x509_crt_check_issuer(crt_dat, issuer_dat); |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
829 if (ret <= 0) { |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
830 |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
831 if (ret < 0) { |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
832 purple_debug_error("gnutls/x509", |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
833 "GnuTLS error %d while checking certificate issuer match.", |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
834 ret); |
19212
2c7c934bfb4e
- Fix x509_signed_by. Apparently I can't read documentation.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19079
diff
changeset
|
835 } else { |
2c7c934bfb4e
- Fix x509_signed_by. Apparently I can't read documentation.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19079
diff
changeset
|
836 gchar *crt_id, *issuer_id, *crt_issuer_id; |
2c7c934bfb4e
- Fix x509_signed_by. Apparently I can't read documentation.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19079
diff
changeset
|
837 crt_id = purple_certificate_get_unique_id(crt); |
2c7c934bfb4e
- Fix x509_signed_by. Apparently I can't read documentation.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19079
diff
changeset
|
838 issuer_id = purple_certificate_get_unique_id(issuer); |
2c7c934bfb4e
- Fix x509_signed_by. Apparently I can't read documentation.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19079
diff
changeset
|
839 crt_issuer_id = |
2c7c934bfb4e
- Fix x509_signed_by. Apparently I can't read documentation.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19079
diff
changeset
|
840 purple_certificate_get_issuer_unique_id(crt); |
2c7c934bfb4e
- Fix x509_signed_by. Apparently I can't read documentation.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19079
diff
changeset
|
841 purple_debug_info("gnutls/x509", |
28358
401a00227615
ssl-gnutls: I think this error message makes a little more sense.
Paul Aurich <paul@darkrain42.org>
parents:
28355
diff
changeset
|
842 "Certificate %s is issued by " |
401a00227615
ssl-gnutls: I think this error message makes a little more sense.
Paul Aurich <paul@darkrain42.org>
parents:
28355
diff
changeset
|
843 "%s, which does not match %s.\n", |
20285
3b459f294dc1
applied changes from f143c30a12f30c53e017f1bfc22ccddee96036fc
Richard Laager <rlaager@wiktel.com>
parents:
20284
diff
changeset
|
844 crt_id ? crt_id : "(null)", |
3b459f294dc1
applied changes from f143c30a12f30c53e017f1bfc22ccddee96036fc
Richard Laager <rlaager@wiktel.com>
parents:
20284
diff
changeset
|
845 crt_issuer_id ? crt_issuer_id : "(null)", |
3b459f294dc1
applied changes from f143c30a12f30c53e017f1bfc22ccddee96036fc
Richard Laager <rlaager@wiktel.com>
parents:
20284
diff
changeset
|
846 issuer_id ? issuer_id : "(null)"); |
19212
2c7c934bfb4e
- Fix x509_signed_by. Apparently I can't read documentation.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19079
diff
changeset
|
847 g_free(crt_id); |
2c7c934bfb4e
- Fix x509_signed_by. Apparently I can't read documentation.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19079
diff
changeset
|
848 g_free(issuer_id); |
2c7c934bfb4e
- Fix x509_signed_by. Apparently I can't read documentation.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19079
diff
changeset
|
849 g_free(crt_issuer_id); |
18191
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
850 } |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
851 |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
852 /* The issuer is not correct, or there were errors */ |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
853 return FALSE; |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
854 } |
19550
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
855 |
18191
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
856 /* Now, check the signature */ |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
857 /* The second argument is a ptr to an array of "trusted" issuer certs, |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
858 but we're only using one trusted one */ |
19218
0e17da726a8c
- x509_signed_by now accepts a signature by an X.509 version 1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19215
diff
changeset
|
859 ret = gnutls_x509_crt_verify(crt_dat, &issuer_dat, 1, |
0e17da726a8c
- x509_signed_by now accepts a signature by an X.509 version 1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19215
diff
changeset
|
860 /* Permit signings by X.509v1 certs |
0e17da726a8c
- x509_signed_by now accepts a signature by an X.509 version 1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19215
diff
changeset
|
861 (Verisign and possibly others have |
0e17da726a8c
- x509_signed_by now accepts a signature by an X.509 version 1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19215
diff
changeset
|
862 root certificates that predate the |
0e17da726a8c
- x509_signed_by now accepts a signature by an X.509 version 1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19215
diff
changeset
|
863 current standard) */ |
0e17da726a8c
- x509_signed_by now accepts a signature by an X.509 version 1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19215
diff
changeset
|
864 GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT, |
0e17da726a8c
- x509_signed_by now accepts a signature by an X.509 version 1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19215
diff
changeset
|
865 &verify); |
19550
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
866 |
19212
2c7c934bfb4e
- Fix x509_signed_by. Apparently I can't read documentation.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19079
diff
changeset
|
867 if (ret != 0) { |
18191
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
868 purple_debug_error("gnutls/x509", |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
869 "Attempted certificate verification caused a GnuTLS error code %d. I will just say the signature is bad, but you should look into this.\n", ret); |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
870 return FALSE; |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
871 } |
19212
2c7c934bfb4e
- Fix x509_signed_by. Apparently I can't read documentation.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19079
diff
changeset
|
872 |
28355
13a229a062c6
Check the GnuTLS version before using a recent-ish flag. Fixes #10412.
Paul Aurich <paul@darkrain42.org>
parents:
27655
diff
changeset
|
873 #ifdef HAVE_GNUTLS_CERT_INSECURE_ALGORITHM |
27655
0ac5a002dd6d
Add a debug log message when MD5 is used in a verification chain. Refs #4458.
Paul Aurich <paul@darkrain42.org>
parents:
27183
diff
changeset
|
874 if (verify & GNUTLS_CERT_INSECURE_ALGORITHM) { |
0ac5a002dd6d
Add a debug log message when MD5 is used in a verification chain. Refs #4458.
Paul Aurich <paul@darkrain42.org>
parents:
27183
diff
changeset
|
875 /* |
0ac5a002dd6d
Add a debug log message when MD5 is used in a verification chain. Refs #4458.
Paul Aurich <paul@darkrain42.org>
parents:
27183
diff
changeset
|
876 * A certificate in the chain is signed with an insecure |
0ac5a002dd6d
Add a debug log message when MD5 is used in a verification chain. Refs #4458.
Paul Aurich <paul@darkrain42.org>
parents:
27183
diff
changeset
|
877 * algorithm. Put a warning into the log to make this error |
0ac5a002dd6d
Add a debug log message when MD5 is used in a verification chain. Refs #4458.
Paul Aurich <paul@darkrain42.org>
parents:
27183
diff
changeset
|
878 * perfectly clear as soon as someone looks at the debug log is |
0ac5a002dd6d
Add a debug log message when MD5 is used in a verification chain. Refs #4458.
Paul Aurich <paul@darkrain42.org>
parents:
27183
diff
changeset
|
879 * generated. |
0ac5a002dd6d
Add a debug log message when MD5 is used in a verification chain. Refs #4458.
Paul Aurich <paul@darkrain42.org>
parents:
27183
diff
changeset
|
880 */ |
0ac5a002dd6d
Add a debug log message when MD5 is used in a verification chain. Refs #4458.
Paul Aurich <paul@darkrain42.org>
parents:
27183
diff
changeset
|
881 crt_id = purple_certificate_get_unique_id(crt); |
0ac5a002dd6d
Add a debug log message when MD5 is used in a verification chain. Refs #4458.
Paul Aurich <paul@darkrain42.org>
parents:
27183
diff
changeset
|
882 issuer_id = purple_certificate_get_issuer_unique_id(crt); |
0ac5a002dd6d
Add a debug log message when MD5 is used in a verification chain. Refs #4458.
Paul Aurich <paul@darkrain42.org>
parents:
27183
diff
changeset
|
883 purple_debug_warning("gnutls/x509", |
0ac5a002dd6d
Add a debug log message when MD5 is used in a verification chain. Refs #4458.
Paul Aurich <paul@darkrain42.org>
parents:
27183
diff
changeset
|
884 "Insecure hash algorithm used by %s to sign %s\n", |
0ac5a002dd6d
Add a debug log message when MD5 is used in a verification chain. Refs #4458.
Paul Aurich <paul@darkrain42.org>
parents:
27183
diff
changeset
|
885 issuer_id, crt_id); |
0ac5a002dd6d
Add a debug log message when MD5 is used in a verification chain. Refs #4458.
Paul Aurich <paul@darkrain42.org>
parents:
27183
diff
changeset
|
886 } |
28355
13a229a062c6
Check the GnuTLS version before using a recent-ish flag. Fixes #10412.
Paul Aurich <paul@darkrain42.org>
parents:
27655
diff
changeset
|
887 #endif |
27655
0ac5a002dd6d
Add a debug log message when MD5 is used in a verification chain. Refs #4458.
Paul Aurich <paul@darkrain42.org>
parents:
27183
diff
changeset
|
888 |
19212
2c7c934bfb4e
- Fix x509_signed_by. Apparently I can't read documentation.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19079
diff
changeset
|
889 if (verify & GNUTLS_CERT_INVALID) { |
18191
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
890 /* Signature didn't check out, but at least |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
891 there were no errors*/ |
27655
0ac5a002dd6d
Add a debug log message when MD5 is used in a verification chain. Refs #4458.
Paul Aurich <paul@darkrain42.org>
parents:
27183
diff
changeset
|
892 if (!crt_id) |
0ac5a002dd6d
Add a debug log message when MD5 is used in a verification chain. Refs #4458.
Paul Aurich <paul@darkrain42.org>
parents:
27183
diff
changeset
|
893 crt_id = purple_certificate_get_unique_id(crt); |
0ac5a002dd6d
Add a debug log message when MD5 is used in a verification chain. Refs #4458.
Paul Aurich <paul@darkrain42.org>
parents:
27183
diff
changeset
|
894 if (!issuer_id) |
0ac5a002dd6d
Add a debug log message when MD5 is used in a verification chain. Refs #4458.
Paul Aurich <paul@darkrain42.org>
parents:
27183
diff
changeset
|
895 issuer_id = purple_certificate_get_issuer_unique_id(crt); |
0ac5a002dd6d
Add a debug log message when MD5 is used in a verification chain. Refs #4458.
Paul Aurich <paul@darkrain42.org>
parents:
27183
diff
changeset
|
896 purple_debug_error("gnutls/x509", |
0ac5a002dd6d
Add a debug log message when MD5 is used in a verification chain. Refs #4458.
Paul Aurich <paul@darkrain42.org>
parents:
27183
diff
changeset
|
897 "Bad signature from %s on %s\n", |
19212
2c7c934bfb4e
- Fix x509_signed_by. Apparently I can't read documentation.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19079
diff
changeset
|
898 issuer_id, crt_id); |
2c7c934bfb4e
- Fix x509_signed_by. Apparently I can't read documentation.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19079
diff
changeset
|
899 g_free(crt_id); |
2c7c934bfb4e
- Fix x509_signed_by. Apparently I can't read documentation.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19079
diff
changeset
|
900 g_free(issuer_id); |
19550
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
901 |
18191
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
902 return FALSE; |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
903 } /* if (ret, etc.) */ |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
904 |
19212
2c7c934bfb4e
- Fix x509_signed_by. Apparently I can't read documentation.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19079
diff
changeset
|
905 /* If we got here, the signature is good */ |
2c7c934bfb4e
- Fix x509_signed_by. Apparently I can't read documentation.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19079
diff
changeset
|
906 return TRUE; |
18191
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
907 } |
a4336814bfd4
- Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18189
diff
changeset
|
908 |
18935
cb9d2b9ad6bc
- Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18934
diff
changeset
|
909 static GByteArray * |
cb9d2b9ad6bc
- Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18934
diff
changeset
|
910 x509_sha1sum(PurpleCertificate *crt) |
cb9d2b9ad6bc
- Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18934
diff
changeset
|
911 { |
cb9d2b9ad6bc
- Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18934
diff
changeset
|
912 size_t hashlen = 20; /* SHA1 hashes are 20 bytes */ |
cb9d2b9ad6bc
- Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18934
diff
changeset
|
913 size_t tmpsz = hashlen; /* Throw-away variable for GnuTLS to stomp on*/ |
20282
62b83cebbb59
applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e
Richard Laager <rlaager@wiktel.com>
parents:
20255
diff
changeset
|
914 gnutls_x509_crt crt_dat; |
18935
cb9d2b9ad6bc
- Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18934
diff
changeset
|
915 GByteArray *hash; /**< Final hash container */ |
cb9d2b9ad6bc
- Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18934
diff
changeset
|
916 guchar hashbuf[hashlen]; /**< Temporary buffer to contain hash */ |
cb9d2b9ad6bc
- Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18934
diff
changeset
|
917 |
cb9d2b9ad6bc
- Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18934
diff
changeset
|
918 g_return_val_if_fail(crt, NULL); |
cb9d2b9ad6bc
- Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18934
diff
changeset
|
919 |
19017
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
920 crt_dat = X509_GET_GNUTLS_DATA(crt); |
18935
cb9d2b9ad6bc
- Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18934
diff
changeset
|
921 |
cb9d2b9ad6bc
- Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18934
diff
changeset
|
922 /* Extract the fingerprint */ |
19492
447470c8111a
- More TODO whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19491
diff
changeset
|
923 g_return_val_if_fail( |
447470c8111a
- More TODO whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19491
diff
changeset
|
924 0 == gnutls_x509_crt_get_fingerprint(crt_dat, GNUTLS_MAC_SHA, |
447470c8111a
- More TODO whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19491
diff
changeset
|
925 hashbuf, &tmpsz), |
447470c8111a
- More TODO whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19491
diff
changeset
|
926 NULL); |
18935
cb9d2b9ad6bc
- Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18934
diff
changeset
|
927 |
cb9d2b9ad6bc
- Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18934
diff
changeset
|
928 /* This shouldn't happen */ |
cb9d2b9ad6bc
- Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18934
diff
changeset
|
929 g_return_val_if_fail(tmpsz == hashlen, NULL); |
19550
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
930 |
18935
cb9d2b9ad6bc
- Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18934
diff
changeset
|
931 /* Okay, now create and fill hash array */ |
cb9d2b9ad6bc
- Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18934
diff
changeset
|
932 hash = g_byte_array_new(); |
cb9d2b9ad6bc
- Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18934
diff
changeset
|
933 g_byte_array_append(hash, hashbuf, hashlen); |
cb9d2b9ad6bc
- Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18934
diff
changeset
|
934 |
cb9d2b9ad6bc
- Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18934
diff
changeset
|
935 return hash; |
cb9d2b9ad6bc
- Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18934
diff
changeset
|
936 } |
cb9d2b9ad6bc
- Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18934
diff
changeset
|
937 |
18963
146907cd3b07
- Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18961
diff
changeset
|
938 static gchar * |
19079
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
939 x509_cert_dn (PurpleCertificate *crt) |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
940 { |
20282
62b83cebbb59
applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e
Richard Laager <rlaager@wiktel.com>
parents:
20255
diff
changeset
|
941 gnutls_x509_crt cert_dat; |
19079
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
942 gchar *dn = NULL; |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
943 size_t dn_size; |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
944 |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
945 g_return_val_if_fail(crt, NULL); |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
946 g_return_val_if_fail(crt->scheme == &x509_gnutls, NULL); |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
947 |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
948 cert_dat = X509_GET_GNUTLS_DATA(crt); |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
949 |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
950 /* Figure out the length of the Distinguished Name */ |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
951 /* Claim that the buffer is size 0 so GnuTLS just tells us how much |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
952 space it needs */ |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
953 dn_size = 0; |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
954 gnutls_x509_crt_get_dn(cert_dat, dn, &dn_size); |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
955 |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
956 /* Now allocate and get the Distinguished Name */ |
20283
5edb55b70108
applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971
Richard Laager <rlaager@wiktel.com>
parents:
20282
diff
changeset
|
957 /* Old versions of GnuTLS have an off-by-one error in reporting |
5edb55b70108
applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971
Richard Laager <rlaager@wiktel.com>
parents:
20282
diff
changeset
|
958 the size of the needed buffer in some functions, so allocate |
5edb55b70108
applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971
Richard Laager <rlaager@wiktel.com>
parents:
20282
diff
changeset
|
959 an extra byte */ |
5edb55b70108
applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971
Richard Laager <rlaager@wiktel.com>
parents:
20282
diff
changeset
|
960 dn = g_new0(gchar, ++dn_size); |
19493
e147c3a821dd
- Errorchecking in x509_cert_dn
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19492
diff
changeset
|
961 if (0 != gnutls_x509_crt_get_dn(cert_dat, dn, &dn_size)) { |
e147c3a821dd
- Errorchecking in x509_cert_dn
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19492
diff
changeset
|
962 purple_debug_error("gnutls/x509", |
e147c3a821dd
- Errorchecking in x509_cert_dn
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19492
diff
changeset
|
963 "Failed to get Distinguished Name\n"); |
e147c3a821dd
- Errorchecking in x509_cert_dn
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19492
diff
changeset
|
964 g_free(dn); |
e147c3a821dd
- Errorchecking in x509_cert_dn
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19492
diff
changeset
|
965 return NULL; |
e147c3a821dd
- Errorchecking in x509_cert_dn
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19492
diff
changeset
|
966 } |
19550
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
967 |
19079
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
968 return dn; |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
969 } |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
970 |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
971 static gchar * |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
972 x509_issuer_dn (PurpleCertificate *crt) |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
973 { |
20282
62b83cebbb59
applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e
Richard Laager <rlaager@wiktel.com>
parents:
20255
diff
changeset
|
974 gnutls_x509_crt cert_dat; |
19079
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
975 gchar *dn = NULL; |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
976 size_t dn_size; |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
977 |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
978 g_return_val_if_fail(crt, NULL); |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
979 g_return_val_if_fail(crt->scheme == &x509_gnutls, NULL); |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
980 |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
981 cert_dat = X509_GET_GNUTLS_DATA(crt); |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
982 |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
983 /* Figure out the length of the Distinguished Name */ |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
984 /* Claim that the buffer is size 0 so GnuTLS just tells us how much |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
985 space it needs */ |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
986 dn_size = 0; |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
987 gnutls_x509_crt_get_issuer_dn(cert_dat, dn, &dn_size); |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
988 |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
989 /* Now allocate and get the Distinguished Name */ |
20283
5edb55b70108
applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971
Richard Laager <rlaager@wiktel.com>
parents:
20282
diff
changeset
|
990 /* Old versions of GnuTLS have an off-by-one error in reporting |
5edb55b70108
applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971
Richard Laager <rlaager@wiktel.com>
parents:
20282
diff
changeset
|
991 the size of the needed buffer in some functions, so allocate |
5edb55b70108
applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971
Richard Laager <rlaager@wiktel.com>
parents:
20282
diff
changeset
|
992 an extra byte */ |
5edb55b70108
applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971
Richard Laager <rlaager@wiktel.com>
parents:
20282
diff
changeset
|
993 dn = g_new0(gchar, ++dn_size); |
19494
280c6ec32ca6
- Yet More TODO whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19493
diff
changeset
|
994 if (0 != gnutls_x509_crt_get_issuer_dn(cert_dat, dn, &dn_size)) { |
280c6ec32ca6
- Yet More TODO whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19493
diff
changeset
|
995 purple_debug_error("gnutls/x509", |
280c6ec32ca6
- Yet More TODO whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19493
diff
changeset
|
996 "Failed to get issuer's Distinguished " |
280c6ec32ca6
- Yet More TODO whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19493
diff
changeset
|
997 "Name\n"); |
280c6ec32ca6
- Yet More TODO whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19493
diff
changeset
|
998 g_free(dn); |
280c6ec32ca6
- Yet More TODO whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19493
diff
changeset
|
999 return NULL; |
280c6ec32ca6
- Yet More TODO whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19493
diff
changeset
|
1000 } |
19550
0a6ed4e36ca8
Get rid of some stray whitespace and consistently use tab indentation
Mark Doliner <mark@kingant.net>
parents:
19549
diff
changeset
|
1001 |
19079
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
1002 return dn; |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
1003 } |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
1004 |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
1005 static gchar * |
18963
146907cd3b07
- Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18961
diff
changeset
|
1006 x509_common_name (PurpleCertificate *crt) |
146907cd3b07
- Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18961
diff
changeset
|
1007 { |
20282
62b83cebbb59
applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e
Richard Laager <rlaager@wiktel.com>
parents:
20255
diff
changeset
|
1008 gnutls_x509_crt cert_dat; |
18963
146907cd3b07
- Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18961
diff
changeset
|
1009 gchar *cn = NULL; |
146907cd3b07
- Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18961
diff
changeset
|
1010 size_t cn_size; |
19494
280c6ec32ca6
- Yet More TODO whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19493
diff
changeset
|
1011 int ret; |
18963
146907cd3b07
- Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18961
diff
changeset
|
1012 |
146907cd3b07
- Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18961
diff
changeset
|
1013 g_return_val_if_fail(crt, NULL); |
146907cd3b07
- Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18961
diff
changeset
|
1014 g_return_val_if_fail(crt->scheme == &x509_gnutls, NULL); |
146907cd3b07
- Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18961
diff
changeset
|
1015 |
19017
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
1016 cert_dat = X509_GET_GNUTLS_DATA(crt); |
18963
146907cd3b07
- Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18961
diff
changeset
|
1017 |
146907cd3b07
- Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18961
diff
changeset
|
1018 /* Figure out the length of the Common Name */ |
146907cd3b07
- Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18961
diff
changeset
|
1019 /* Claim that the buffer is size 0 so GnuTLS just tells us how much |
146907cd3b07
- Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18961
diff
changeset
|
1020 space it needs */ |
146907cd3b07
- Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18961
diff
changeset
|
1021 cn_size = 0; |
146907cd3b07
- Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18961
diff
changeset
|
1022 gnutls_x509_crt_get_dn_by_oid(cert_dat, |
146907cd3b07
- Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18961
diff
changeset
|
1023 GNUTLS_OID_X520_COMMON_NAME, |
146907cd3b07
- Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18961
diff
changeset
|
1024 0, /* First CN found, please */ |
146907cd3b07
- Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18961
diff
changeset
|
1025 0, /* Not in raw mode */ |
146907cd3b07
- Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18961
diff
changeset
|
1026 cn, &cn_size); |
146907cd3b07
- Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18961
diff
changeset
|
1027 |
146907cd3b07
- Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18961
diff
changeset
|
1028 /* Now allocate and get the Common Name */ |
20283
5edb55b70108
applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971
Richard Laager <rlaager@wiktel.com>
parents:
20282
diff
changeset
|
1029 /* Old versions of GnuTLS have an off-by-one error in reporting |
5edb55b70108
applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971
Richard Laager <rlaager@wiktel.com>
parents:
20282
diff
changeset
|
1030 the size of the needed buffer in some functions, so allocate |
5edb55b70108
applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971
Richard Laager <rlaager@wiktel.com>
parents:
20282
diff
changeset
|
1031 an extra byte */ |
5edb55b70108
applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971
Richard Laager <rlaager@wiktel.com>
parents:
20282
diff
changeset
|
1032 cn = g_new0(gchar, ++cn_size); |
19494
280c6ec32ca6
- Yet More TODO whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19493
diff
changeset
|
1033 ret = gnutls_x509_crt_get_dn_by_oid(cert_dat, |
280c6ec32ca6
- Yet More TODO whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19493
diff
changeset
|
1034 GNUTLS_OID_X520_COMMON_NAME, |
280c6ec32ca6
- Yet More TODO whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19493
diff
changeset
|
1035 0, /* First CN found, please */ |
280c6ec32ca6
- Yet More TODO whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19493
diff
changeset
|
1036 0, /* Not in raw mode */ |
280c6ec32ca6
- Yet More TODO whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19493
diff
changeset
|
1037 cn, &cn_size); |
280c6ec32ca6
- Yet More TODO whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19493
diff
changeset
|
1038 if (ret != 0) { |
280c6ec32ca6
- Yet More TODO whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19493
diff
changeset
|
1039 purple_debug_error("gnutls/x509", |
280c6ec32ca6
- Yet More TODO whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19493
diff
changeset
|
1040 "Failed to get Common Name\n"); |
280c6ec32ca6
- Yet More TODO whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19493
diff
changeset
|
1041 g_free(cn); |
280c6ec32ca6
- Yet More TODO whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19493
diff
changeset
|
1042 return NULL; |
280c6ec32ca6
- Yet More TODO whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19493
diff
changeset
|
1043 } |
280c6ec32ca6
- Yet More TODO whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19493
diff
changeset
|
1044 |
18963
146907cd3b07
- Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18961
diff
changeset
|
1045 return cn; |
146907cd3b07
- Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18961
diff
changeset
|
1046 } |
146907cd3b07
- Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18961
diff
changeset
|
1047 |
19008
7fd9bd55f8d0
- Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19007
diff
changeset
|
1048 static gboolean |
7fd9bd55f8d0
- Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19007
diff
changeset
|
1049 x509_check_name (PurpleCertificate *crt, const gchar *name) |
7fd9bd55f8d0
- Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19007
diff
changeset
|
1050 { |
20282
62b83cebbb59
applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e
Richard Laager <rlaager@wiktel.com>
parents:
20255
diff
changeset
|
1051 gnutls_x509_crt crt_dat; |
19008
7fd9bd55f8d0
- Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19007
diff
changeset
|
1052 |
7fd9bd55f8d0
- Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19007
diff
changeset
|
1053 g_return_val_if_fail(crt, FALSE); |
7fd9bd55f8d0
- Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19007
diff
changeset
|
1054 g_return_val_if_fail(crt->scheme == &x509_gnutls, FALSE); |
7fd9bd55f8d0
- Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19007
diff
changeset
|
1055 g_return_val_if_fail(name, FALSE); |
7fd9bd55f8d0
- Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19007
diff
changeset
|
1056 |
19017
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
1057 crt_dat = X509_GET_GNUTLS_DATA(crt); |
19008
7fd9bd55f8d0
- Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19007
diff
changeset
|
1058 |
7fd9bd55f8d0
- Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19007
diff
changeset
|
1059 if (gnutls_x509_crt_check_hostname(crt_dat, name)) { |
7fd9bd55f8d0
- Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19007
diff
changeset
|
1060 return TRUE; |
7fd9bd55f8d0
- Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19007
diff
changeset
|
1061 } else { |
7fd9bd55f8d0
- Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19007
diff
changeset
|
1062 return FALSE; |
7fd9bd55f8d0
- Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19007
diff
changeset
|
1063 } |
7fd9bd55f8d0
- Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19007
diff
changeset
|
1064 } |
7fd9bd55f8d0
- Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19007
diff
changeset
|
1065 |
19067
6c0aad79c4c5
- Change the internal structure of activation/expiration times to match
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19021
diff
changeset
|
1066 static gboolean |
6c0aad79c4c5
- Change the internal structure of activation/expiration times to match
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19021
diff
changeset
|
1067 x509_times (PurpleCertificate *crt, time_t *activation, time_t *expiration) |
19013
5157ebe90b93
- Add activation/expiration time retrievers to GnuTLS plugin
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19008
diff
changeset
|
1068 { |
20282
62b83cebbb59
applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e
Richard Laager <rlaager@wiktel.com>
parents:
20255
diff
changeset
|
1069 gnutls_x509_crt crt_dat; |
19067
6c0aad79c4c5
- Change the internal structure of activation/expiration times to match
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19021
diff
changeset
|
1070 /* GnuTLS time functions return this on error */ |
6c0aad79c4c5
- Change the internal structure of activation/expiration times to match
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19021
diff
changeset
|
1071 const time_t errval = (time_t) (-1); |
20332
3a9709bfde65
applied changes from 4d50bf3b08569aa2108a9f5da47fb1548d0c7dd9
Luke Schierer <lschiere@pidgin.im>
parents:
20285
diff
changeset
|
1072 gboolean success = TRUE; |
19067
6c0aad79c4c5
- Change the internal structure of activation/expiration times to match
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19021
diff
changeset
|
1073 |
6c0aad79c4c5
- Change the internal structure of activation/expiration times to match
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19021
diff
changeset
|
1074 g_return_val_if_fail(crt, FALSE); |
6c0aad79c4c5
- Change the internal structure of activation/expiration times to match
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19021
diff
changeset
|
1075 g_return_val_if_fail(crt->scheme == &x509_gnutls, FALSE); |
19013
5157ebe90b93
- Add activation/expiration time retrievers to GnuTLS plugin
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19008
diff
changeset
|
1076 |
19017
e6558bae2bc6
- GnuTLS plugin now uses reference counting to manage its underlying
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19013
diff
changeset
|
1077 crt_dat = X509_GET_GNUTLS_DATA(crt); |
19013
5157ebe90b93
- Add activation/expiration time retrievers to GnuTLS plugin
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19008
diff
changeset
|
1078 |
19067
6c0aad79c4c5
- Change the internal structure of activation/expiration times to match
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19021
diff
changeset
|
1079 if (activation) { |
6c0aad79c4c5
- Change the internal structure of activation/expiration times to match
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19021
diff
changeset
|
1080 *activation = gnutls_x509_crt_get_activation_time(crt_dat); |
20332
3a9709bfde65
applied changes from 4d50bf3b08569aa2108a9f5da47fb1548d0c7dd9
Luke Schierer <lschiere@pidgin.im>
parents:
20285
diff
changeset
|
1081 if (*activation == errval) |
3a9709bfde65
applied changes from 4d50bf3b08569aa2108a9f5da47fb1548d0c7dd9
Luke Schierer <lschiere@pidgin.im>
parents:
20285
diff
changeset
|
1082 success = FALSE; |
19067
6c0aad79c4c5
- Change the internal structure of activation/expiration times to match
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19021
diff
changeset
|
1083 } |
6c0aad79c4c5
- Change the internal structure of activation/expiration times to match
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19021
diff
changeset
|
1084 if (expiration) { |
6c0aad79c4c5
- Change the internal structure of activation/expiration times to match
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19021
diff
changeset
|
1085 *expiration = gnutls_x509_crt_get_expiration_time(crt_dat); |
20332
3a9709bfde65
applied changes from 4d50bf3b08569aa2108a9f5da47fb1548d0c7dd9
Luke Schierer <lschiere@pidgin.im>
parents:
20285
diff
changeset
|
1086 if (*expiration == errval) |
3a9709bfde65
applied changes from 4d50bf3b08569aa2108a9f5da47fb1548d0c7dd9
Luke Schierer <lschiere@pidgin.im>
parents:
20285
diff
changeset
|
1087 success = FALSE; |
19067
6c0aad79c4c5
- Change the internal structure of activation/expiration times to match
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19021
diff
changeset
|
1088 } |
19013
5157ebe90b93
- Add activation/expiration time retrievers to GnuTLS plugin
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19008
diff
changeset
|
1089 |
20332
3a9709bfde65
applied changes from 4d50bf3b08569aa2108a9f5da47fb1548d0c7dd9
Luke Schierer <lschiere@pidgin.im>
parents:
20285
diff
changeset
|
1090 return success; |
19013
5157ebe90b93
- Add activation/expiration time retrievers to GnuTLS plugin
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19008
diff
changeset
|
1091 } |
5157ebe90b93
- Add activation/expiration time retrievers to GnuTLS plugin
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19008
diff
changeset
|
1092 |
18189
030a2209ae96
- Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18188
diff
changeset
|
1093 /* X.509 certificate operations provided by this plugin */ |
030a2209ae96
- Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18188
diff
changeset
|
1094 static PurpleCertificateScheme x509_gnutls = { |
030a2209ae96
- Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18188
diff
changeset
|
1095 "x509", /* Scheme name */ |
030a2209ae96
- Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18188
diff
changeset
|
1096 N_("X.509 Certificates"), /* User-visible scheme name */ |
030a2209ae96
- Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18188
diff
changeset
|
1097 x509_import_from_file, /* Certificate import function */ |
18977
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18963
diff
changeset
|
1098 x509_export_certificate, /* Certificate export function */ |
19019
e179e7e6ded7
- Add GnuTLS X.509 cert copy operator
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19018
diff
changeset
|
1099 x509_copy_certificate, /* Copy */ |
18934
04be1b885ef3
- Add more to the Certificate struct
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18930
diff
changeset
|
1100 x509_destroy_certificate, /* Destroy cert */ |
19076
daa68185a018
- Add purple_certificate_signed_by
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19067
diff
changeset
|
1101 x509_certificate_signed_by, /* Signature checker */ |
18935
cb9d2b9ad6bc
- Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18934
diff
changeset
|
1102 x509_sha1sum, /* SHA1 fingerprint */ |
19079
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
1103 x509_cert_dn, /* Unique ID */ |
05ae340c42cc
- Add unique_id and issuer_unique_id constructions (defined as Distinguished
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
1104 x509_issuer_dn, /* Issuer Unique ID */ |
19006
dc60287ce426
- Add get_activation_time and get_expiration_time to CertificateScheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19004
diff
changeset
|
1105 x509_common_name, /* Subject name */ |
19008
7fd9bd55f8d0
- Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19007
diff
changeset
|
1106 x509_check_name, /* Check subject name */ |
19649
450f4a3c4c0f
- Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19552
diff
changeset
|
1107 x509_times, /* Activation/Expiration time */ |
29647
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
28358
diff
changeset
|
1108 x509_importcerts_from_file, /* Multiple certificates import function */ |
19649
450f4a3c4c0f
- Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19552
diff
changeset
|
1109 |
450f4a3c4c0f
- Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19552
diff
changeset
|
1110 NULL, |
450f4a3c4c0f
- Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19552
diff
changeset
|
1111 NULL, |
450f4a3c4c0f
- Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19552
diff
changeset
|
1112 NULL |
450f4a3c4c0f
- Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19552
diff
changeset
|
1113 |
18189
030a2209ae96
- Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18188
diff
changeset
|
1114 }; |
030a2209ae96
- Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18188
diff
changeset
|
1115 |
15822 | 1116 static PurpleSslOps ssl_ops = |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1117 { |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1118 ssl_gnutls_init, |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1119 ssl_gnutls_uninit, |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1120 ssl_gnutls_connect, |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1121 ssl_gnutls_close, |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1122 ssl_gnutls_read, |
16665
6531f1a2e1d7
Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents:
15822
diff
changeset
|
1123 ssl_gnutls_write, |
18187
33690062e8b3
- Expose get_peer_certificates in the SslOps struct, and modify gnutls
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18186
diff
changeset
|
1124 ssl_gnutls_get_peer_certificates, |
16665
6531f1a2e1d7
Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents:
15822
diff
changeset
|
1125 |
6531f1a2e1d7
Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents:
15822
diff
changeset
|
1126 /* padding */ |
6531f1a2e1d7
Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents:
15822
diff
changeset
|
1127 NULL, |
6531f1a2e1d7
Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents:
15822
diff
changeset
|
1128 NULL, |
6531f1a2e1d7
Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents:
15822
diff
changeset
|
1129 NULL |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1130 }; |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1131 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1132 static gboolean |
15822 | 1133 plugin_load(PurplePlugin *plugin) |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1134 { |
15822 | 1135 if(!purple_ssl_get_ops()) { |
1136 purple_ssl_set_ops(&ssl_ops); | |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1137 } |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1138 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1139 /* Init GNUTLS now so others can use it even if sslconn never does */ |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1140 ssl_gnutls_init_gnutls(); |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1141 |
19215
ab91044a914e
- Move ssl-gnutls x509 registration until after GnuTLS itself is inited
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19212
diff
changeset
|
1142 /* Register that we're providing an X.509 CertScheme */ |
ab91044a914e
- Move ssl-gnutls x509 registration until after GnuTLS itself is inited
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19212
diff
changeset
|
1143 purple_certificate_register_scheme( &x509_gnutls ); |
ab91044a914e
- Move ssl-gnutls x509 registration until after GnuTLS itself is inited
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19212
diff
changeset
|
1144 |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1145 return TRUE; |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1146 } |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1147 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1148 static gboolean |
15822 | 1149 plugin_unload(PurplePlugin *plugin) |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1150 { |
15822 | 1151 if(purple_ssl_get_ops() == &ssl_ops) { |
1152 purple_ssl_set_ops(NULL); | |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1153 } |
18927
9abc911c65aa
- GnuTLS plugin registers an x509 certscheme now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18191
diff
changeset
|
1154 |
9abc911c65aa
- GnuTLS plugin registers an x509 certscheme now
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18191
diff
changeset
|
1155 purple_certificate_unregister_scheme( &x509_gnutls ); |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1156 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1157 return TRUE; |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1158 } |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1159 |
15822 | 1160 static PurplePluginInfo info = |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1161 { |
15822 | 1162 PURPLE_PLUGIN_MAGIC, |
1163 PURPLE_MAJOR_VERSION, | |
1164 PURPLE_MINOR_VERSION, | |
1165 PURPLE_PLUGIN_STANDARD, /**< type */ | |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1166 NULL, /**< ui_requirement */ |
15822 | 1167 PURPLE_PLUGIN_FLAG_INVISIBLE, /**< flags */ |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1168 NULL, /**< dependencies */ |
15822 | 1169 PURPLE_PRIORITY_DEFAULT, /**< priority */ |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1170 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1171 SSL_GNUTLS_PLUGIN_ID, /**< id */ |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1172 N_("GNUTLS"), /**< name */ |
21030
3cc856ca2338
Add a --with-extraversion option to ./configure so packagers can fine tune
Stu Tomlinson <stu@nosnilmot.com>
parents:
20332
diff
changeset
|
1173 DISPLAY_VERSION, /**< version */ |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1174 /** summary */ |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1175 N_("Provides SSL support through GNUTLS."), |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1176 /** description */ |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1177 N_("Provides SSL support through GNUTLS."), |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1178 "Christian Hammond <chipx86@gnupdate.org>", |
15822 | 1179 PURPLE_WEBSITE, /**< homepage */ |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1180 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1181 plugin_load, /**< load */ |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1182 plugin_unload, /**< unload */ |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1183 NULL, /**< destroy */ |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1184 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1185 NULL, /**< ui_info */ |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1186 NULL, /**< extra_info */ |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1187 NULL, /**< prefs_info */ |
16665
6531f1a2e1d7
Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents:
15822
diff
changeset
|
1188 NULL, /**< actions */ |
6531f1a2e1d7
Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents:
15822
diff
changeset
|
1189 |
6531f1a2e1d7
Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents:
15822
diff
changeset
|
1190 /* padding */ |
6531f1a2e1d7
Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents:
15822
diff
changeset
|
1191 NULL, |
6531f1a2e1d7
Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents:
15822
diff
changeset
|
1192 NULL, |
6531f1a2e1d7
Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents:
15822
diff
changeset
|
1193 NULL, |
6531f1a2e1d7
Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents:
15822
diff
changeset
|
1194 NULL |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1195 }; |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1196 |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1197 static void |
15822 | 1198 init_plugin(PurplePlugin *plugin) |
15373
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1199 { |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1200 } |
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1201 |
15822 | 1202 PURPLE_INIT_PLUGIN(ssl_gnutls, init_plugin, info) |