pidgin: libpurple/plugins/ssl/ssl-gnutls.c annotate

annotate libpurple/plugins/ssl/ssl-gnutls.c @ 29656:9bfa52f8ee87

gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 This allows a site to add workarounds for connecting to specific servers (like the reporter's) which are horribly broken when it comes to TLS 1.0+. The format (to be documented in the ChangeLog) is host=priority pairs delimited by semicolons (also pending a confirmation that gnutls_priority_init's documentation is wrong about semicolon vs. colon).

author	Paul Aurich <paul@darkrain42.org>
date	Thu, 01 Apr 2010 04:09:05 +0000
parents	c35fd54ec64b
children	1b8ed243d6d1

rev	line source
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1 /**
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	2 * @file ssl-gnutls.c GNUTLS SSL plugin.
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	3 *
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	4 * purple
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	5 *
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	6 * Copyright (C) 2003 Christian Hammond <chipx86@gnupdate.org>
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	7 *
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	8 * This program is free software; you can redistribute it and/or modify
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	9 * it under the terms of the GNU General Public License as published by
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	10 * the Free Software Foundation; either version 2 of the License, or
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	11 * (at your option) any later version.
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	12 *
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	13 * This program is distributed in the hope that it will be useful,
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	16 * GNU General Public License for more details.
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	17 *
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	18 * You should have received a copy of the GNU General Public License
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	19 * along with this program; if not, write to the Free Software
19681 44b4e8bd759b The FSF changed its address a while ago; our files were out of date. John Bailey <rekkanoryo@rekkanoryo.org> parents: 19649 diff changeset	20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	21 */
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	22 #include "internal.h"
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	23 #include "debug.h"
17913 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	24 #include "certificate.h"
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	25 #include "plugin.h"
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	26 #include "sslconn.h"
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	27 #include "version.h"
17766 fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	28 #include "util.h"
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	29
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	30 #define SSL_GNUTLS_PLUGIN_ID "ssl-gnutls"
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	31
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	32 #include <gnutls/gnutls.h>
17766 fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	33 #include <gnutls/x509.h>
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	34
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	35 typedef struct
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	36 {
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	37 gnutls_session session;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	38 guint handshake_handler;
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	39 } PurpleSslGnutlsData;
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	40
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	41 #define PURPLE_SSL_GNUTLS_DATA(gsc) ((PurpleSslGnutlsData *)gsc->private_data)
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	42
29656 9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	43 static gnutls_certificate_client_credentials xcred = NULL;
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	44
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	45 #ifdef HAVE_GNUTLS_PRIORITY_FUNCS
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	46 /* Priority strings. The default one is, well, the default (and is always set).
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	47 * The hash table is of the form hostname => priority (both char *)
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	48 */
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	49 static char *default_priority = NULL;
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	50 static GHashTable *host_priorities = NULL;
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	51 #endif
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	52
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	53 static void
27183 e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27113 diff changeset	54 ssl_gnutls_log(int level, const char *str)
e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27113 diff changeset	55 {
e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27113 diff changeset	56 /* GnuTLS log messages include the '\n' */
e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27113 diff changeset	57 purple_debug_misc("gnutls", "lvl %d: %s", level, str);
e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27113 diff changeset	58 }
e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27113 diff changeset	59
e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27113 diff changeset	60 static void
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	61 ssl_gnutls_init_gnutls(void)
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	62 {
27183 e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27113 diff changeset	63 const char *debug_level;
29656 9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	64 const char *host_priorities_str;
27183 e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27113 diff changeset	65
17911 91feef6cbede - GnuTLS uses glib memory mgmt William Ehlhardt <williamehlhardt@gmail.com> parents: 17793 diff changeset	66 /* Configure GnuTLS to use glib memory management */
91feef6cbede - GnuTLS uses glib memory mgmt William Ehlhardt <williamehlhardt@gmail.com> parents: 17793 diff changeset	67 /* I expect that this isn't really necessary, but it may prevent
91feef6cbede - GnuTLS uses glib memory mgmt William Ehlhardt <williamehlhardt@gmail.com> parents: 17793 diff changeset	68 some bugs */
17913 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	69 /* TODO: It may be necessary to wrap this allocators for GnuTLS.
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	70 If there are strange bugs, perhaps look here (yes, I am a
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	71 hypocrite) */
17911 91feef6cbede - GnuTLS uses glib memory mgmt William Ehlhardt <williamehlhardt@gmail.com> parents: 17793 diff changeset	72 gnutls_global_set_mem_functions(
23276 b87ce62751a2 I can't think of any reason we would need to use the zero versions of Mark Doliner <mark@kingant.net> parents: 21678 diff changeset	73 (gnutls_alloc_function) g_malloc, /* malloc */
b87ce62751a2 I can't think of any reason we would need to use the zero versions of Mark Doliner <mark@kingant.net> parents: 21678 diff changeset	74 (gnutls_alloc_function) g_malloc, /* secure malloc */
17911 91feef6cbede - GnuTLS uses glib memory mgmt William Ehlhardt <williamehlhardt@gmail.com> parents: 17793 diff changeset	75 NULL, /* mem_is_secure */
17913 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	76 (gnutls_realloc_function) g_realloc, /* realloc */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	77 (gnutls_free_function) g_free /* free */
17911 91feef6cbede - GnuTLS uses glib memory mgmt William Ehlhardt <williamehlhardt@gmail.com> parents: 17793 diff changeset	78 );
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	79
27183 e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27113 diff changeset	80 debug_level = g_getenv("PURPLE_GNUTLS_DEBUG");
e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27113 diff changeset	81 if (debug_level) {
e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27113 diff changeset	82 int level = atoi(debug_level);
e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27113 diff changeset	83 if (level < 0) {
e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27113 diff changeset	84 purple_debug_warning("gnutls", "Assuming log level 0 instead of %d\n",
e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27113 diff changeset	85 level);
e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27113 diff changeset	86 level = 0;
e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27113 diff changeset	87 }
e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27113 diff changeset	88
e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27113 diff changeset	89 /* "The level is an integer between 0 and 9. Higher values mean more verbosity." */
e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27113 diff changeset	90 gnutls_global_set_log_level(level);
e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27113 diff changeset	91 gnutls_global_set_log_function(ssl_gnutls_log);
e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27113 diff changeset	92 }
e997e1e9b4f1 Allow GnuTLS logging to be controlled via PURPLE_GNUTLS_DEBUG envvar. Paul Aurich <paul@darkrain42.org> parents: 27113 diff changeset	93
29656 9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	94 /* Expected format: host=priority;host2=priority;*=priority
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	95 * where "*" is used to override the default priority string for
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	96 * libpurple.
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	97 */
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	98 host_priorities_str = g_getenv("PURPLE_GNUTLS_PRIORITIES");
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	99 if (host_priorities_str) {
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	100 #ifndef HAVE_GNUTLS_PRIORITY_FUNCS
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	101 purple_debug_warning("gnutls", "Warning, PURPLE_GNUTLS_PRIORITIES "
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	102 "environment variable set, but we were built "
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	103 "against an older GnuTLS that doesn't support "
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	104 "this. :-(");
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	105 #else /* HAVE_GNUTLS_PRIORITY_FUNCS */
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	106 char **entries = g_strsplit(host_priorities_str, ";", -1);
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	107 guint i;
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	108
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	109 host_priorities = g_hash_table_new_full(g_str_hash, g_str_equal,
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	110 g_free, g_free);
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	111
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	112 for (i = 0; entries[i]; ++i) {
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	113 char *host = entries[i];
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	114 char *equals = strchr(host, '=');
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	115 char *prio_str;
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	116
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	117 if (equals) {
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	118 *equals = '\0';
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	119 prio_str = equals + 1;
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	120
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	121 /* Empty? */
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	122 if (*prio_str == '\0') {
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	123 purple_debug_warning("gnutls", "Ignoring empty priority "
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	124 "string for %s\n", host);
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	125 } else {
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	126 /* TODO: Validate each of these and complain */
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	127 if (g_str_equal(host, "*")) {
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	128 /* Override the default priority */
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	129 g_free(default_priority);
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	130 default_priority = g_strdup(prio_str);
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	131 } else
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	132 g_hash_table_insert(host_priorities, g_strdup(host),
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	133 g_strdup(prio_str));
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	134 }
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	135 }
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	136 }
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	137
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	138 g_strfreev(entries);
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	139 #endif /* HAVE_GNUTLS_PRIORITY_FUNCS */
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	140 }
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	141
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	142 #ifdef HAVE_GNUTLS_PRIORITY_FUNCS
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	143 /* Make sure we set have a default priority! */
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	144 if (!default_priority)
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	145 default_priority = g_strdup("NORMAL:%SSL3_RECORD_VERSION");
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	146 #endif /* HAVE_GNUTLS_PRIORITY_FUNCS */
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	147
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	148 gnutls_global_init();
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	149
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	150 gnutls_certificate_allocate_credentials(&xcred);
17913 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	151
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	152 /* TODO: I can likely remove this */
17781 3ce170204ef0 disapproval of revision '38e35430b0f7a8b7d764fca702732e7f1c652d02' William Ehlhardt <williamehlhardt@gmail.com> parents: 17780 diff changeset	153 gnutls_certificate_set_x509_trust_file(xcred, "ca.pem",
3ce170204ef0 disapproval of revision '38e35430b0f7a8b7d764fca702732e7f1c652d02' William Ehlhardt <williamehlhardt@gmail.com> parents: 17780 diff changeset	154 GNUTLS_X509_FMT_PEM);
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	155 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	156
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	157 static gboolean
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	158 ssl_gnutls_init(void)
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	159 {
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	160 return TRUE;
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	161 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	162
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	163 static void
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	164 ssl_gnutls_uninit(void)
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	165 {
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	166 gnutls_global_deinit();
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	167
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	168 gnutls_certificate_free_credentials(xcred);
29656 9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	169 xcred = NULL;
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	170
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	171 #ifdef HAVE_GNUTLS_PRIORITY_FUNCS
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	172 if (host_priorities) {
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	173 g_hash_table_destroy(host_priorities);
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	174 host_priorities = NULL;
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	175 }
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	176
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	177 g_free(default_priority);
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	178 default_priority = NULL;
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	179 #endif
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	180 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	181
18955 f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	182 static void
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	183 ssl_gnutls_verified_cb(PurpleCertificateVerificationStatus st,
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	184 gpointer userdata)
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	185 {
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	186 PurpleSslConnection gsc = (PurpleSslConnection ) userdata;
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	187
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	188 if (st == PURPLE_CERTIFICATE_VALID) {
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	189 /* Certificate valid? Good! Do the connection! */
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	190 gsc->connect_cb(gsc->connect_cb_data, gsc, PURPLE_INPUT_READ);
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	191 } else {
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	192 /* Otherwise, signal an error */
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	193 if(gsc->error_cb != NULL)
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	194 gsc->error_cb(gsc, PURPLE_SSL_CERTIFICATE_INVALID,
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	195 gsc->connect_cb_data);
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	196 purple_ssl_close(gsc);
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	197 }
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	198 }
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	199
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	200
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	201
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	202 static void ssl_gnutls_handshake_cb(gpointer data, gint source,
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	203 PurpleInputCondition cond)
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	204 {
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	205 PurpleSslConnection *gsc = data;
32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	206 PurpleSslGnutlsData *gnutls_data = PURPLE_SSL_GNUTLS_DATA(gsc);
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	207 ssize_t ret;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	208
20255 07c103ac3795 applied changes from 5252885d793a4d288d92856d511d721bf5bb87ef Richard Laager <rlaager@wiktel.com> parents: 19681 diff changeset	209 /purple_debug_info("gnutls", "Handshaking with %s\n", gsc->host);/
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	210 ret = gnutls_handshake(gnutls_data->session);
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	211
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	212 if(ret == GNUTLS_E_AGAIN \|\| ret == GNUTLS_E_INTERRUPTED)
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	213 return;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	214
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	215 purple_input_remove(gnutls_data->handshake_handler);
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	216 gnutls_data->handshake_handler = 0;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	217
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	218 if(ret != 0) {
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	219 purple_debug_error("gnutls", "Handshake failed. Error %s\n",
15784 eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15373 diff changeset	220 gnutls_strerror(ret));
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	221
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	222 if(gsc->error_cb != NULL)
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	223 gsc->error_cb(gsc, PURPLE_SSL_HANDSHAKE_FAILED,
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	224 gsc->connect_cb_data);
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	225
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	226 purple_ssl_close(gsc);
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	227 } else {
18938 f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	228 /* Now we are cooking with gas! */
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	229 PurpleSslOps *ops = purple_ssl_get_ops();
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	230 GList * peers = ops->get_peer_certificates(gsc);
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	231
18938 f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	232 PurpleCertificateScheme *x509 =
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	233 purple_certificate_find_scheme("x509");
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	234
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	235 GList * l;
19549 5f4100c7dd00 Fix compiler warnings about having a variable declaration after some Mark Doliner <mark@kingant.net> parents: 19498 diff changeset	236
5f4100c7dd00 Fix compiler warnings about having a variable declaration after some Mark Doliner <mark@kingant.net> parents: 19498 diff changeset	237 /* TODO: Remove all this debugging babble */
5f4100c7dd00 Fix compiler warnings about having a variable declaration after some Mark Doliner <mark@kingant.net> parents: 19498 diff changeset	238 purple_debug_info("gnutls", "Handshake complete\n");
5f4100c7dd00 Fix compiler warnings about having a variable declaration after some Mark Doliner <mark@kingant.net> parents: 19498 diff changeset	239
18938 f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	240 for (l=peers; l; l = l->next) {
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	241 PurpleCertificate *crt = l->data;
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	242 GByteArray *z =
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	243 x509->get_fingerprint_sha1(crt);
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	244 gchar * fpr =
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	245 purple_base16_encode_chunked(z->data,
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	246 z->len);
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	247
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	248 purple_debug_info("gnutls/x509",
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	249 "Key print: %s\n",
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	250 fpr);
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	251
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	252 /* Kill the cert! */
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	253 x509->destroy_certificate(crt);
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	254
18938 f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	255 g_free(fpr);
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	256 g_byte_array_free(z, TRUE);
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	257 }
f2ddc4b10d72 - Add debugging babble William Ehlhardt <williamehlhardt@gmail.com> parents: 18935 diff changeset	258 g_list_free(peers);
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	259
17766 fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	260 {
20282 62b83cebbb59 applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e Richard Laager <rlaager@wiktel.com> parents: 20255 diff changeset	261 const gnutls_datum *cert_list;
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	262 unsigned int cert_list_size = 0;
20282 62b83cebbb59 applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e Richard Laager <rlaager@wiktel.com> parents: 20255 diff changeset	263 gnutls_session session=gnutls_data->session;
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	264 int i;
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	265
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	266 cert_list =
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	267 gnutls_certificate_get_peers(session, &cert_list_size);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	268
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	269 purple_debug_info("gnutls",
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	270 "Peer provided %d certs\n",
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	271 cert_list_size);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	272 for (i=0; i<cert_list_size; i++)
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	273 {
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	274 gchar fpr_bin[256];
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	275 gsize fpr_bin_sz = sizeof(fpr_bin);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	276 gchar * fpr_asc = NULL;
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	277 gchar tbuf[256];
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	278 gsize tsz=sizeof(tbuf);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	279 gchar * tasc = NULL;
20282 62b83cebbb59 applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e Richard Laager <rlaager@wiktel.com> parents: 20255 diff changeset	280 gnutls_x509_crt cert;
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	281
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	282 gnutls_x509_crt_init(&cert);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	283 gnutls_x509_crt_import (cert, &cert_list[i],
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	284 GNUTLS_X509_FMT_DER);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	285
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	286 gnutls_x509_crt_get_fingerprint(cert, GNUTLS_MAC_SHA,
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	287 fpr_bin, &fpr_bin_sz);
17766 fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	288
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	289 fpr_asc =
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	290 purple_base16_encode_chunked((const guchar *)fpr_bin, fpr_bin_sz);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	291
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	292 purple_debug_info("gnutls",
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	293 "Lvl %d SHA1 fingerprint: %s\n",
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	294 i, fpr_asc);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	295
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	296 tsz=sizeof(tbuf);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	297 gnutls_x509_crt_get_serial(cert,tbuf,&tsz);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	298 tasc=purple_base16_encode_chunked((const guchar *)tbuf, tsz);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	299 purple_debug_info("gnutls",
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	300 "Serial: %s\n",
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	301 tasc);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	302 g_free(tasc);
17766 fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth William Ehlhardt <williamehlhardt@gmail.com> parents: 17252 diff changeset	303
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	304 tsz=sizeof(tbuf);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	305 gnutls_x509_crt_get_dn (cert, tbuf, &tsz);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	306 purple_debug_info("gnutls",
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	307 "Cert DN: %s\n",
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	308 tbuf);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	309 tsz=sizeof(tbuf);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	310 gnutls_x509_crt_get_issuer_dn (cert, tbuf, &tsz);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	311 purple_debug_info("gnutls",
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	312 "Cert Issuer DN: %s\n",
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	313 tbuf);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	314
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	315 g_free(fpr_asc);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	316 fpr_asc = NULL;
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	317 gnutls_x509_crt_deinit(cert);
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	318 }
17781 3ce170204ef0 disapproval of revision '38e35430b0f7a8b7d764fca702732e7f1c652d02' William Ehlhardt <williamehlhardt@gmail.com> parents: 17780 diff changeset	319 }
18955 f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	320
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	321 /* TODO: The following logic should really be in libpurple */
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	322 /* If a Verifier was given, hand control over to it */
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	323 if (gsc->verifier) {
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	324 GList *peers;
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	325 /* First, get the peer cert chain */
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	326 peers = purple_ssl_get_peer_certificates(gsc);
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	327
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	328 /* Now kick off the verification process */
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	329 purple_certificate_verify(gsc->verifier,
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	330 gsc->host,
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	331 peers,
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	332 ssl_gnutls_verified_cb,
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	333 gsc);
19021 fcca10d0ac7d - purple_certificate_verify no longer takes possession of the William Ehlhardt <williamehlhardt@gmail.com> parents: 19019 diff changeset	334
fcca10d0ac7d - purple_certificate_verify no longer takes possession of the William Ehlhardt <williamehlhardt@gmail.com> parents: 19019 diff changeset	335 purple_certificate_destroy_list(peers);
18955 f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	336 } else {
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	337 /* Otherwise, just call the "connection complete"
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	338 callback */
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	339 gsc->connect_cb(gsc->connect_cb_data, gsc, cond);
f393eddab077 - ssl-gnutls plugin uses Verifiers now William Ehlhardt <williamehlhardt@gmail.com> parents: 18938 diff changeset	340 }
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	341 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	342
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	343 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	344
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	345
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	346 static void
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	347 ssl_gnutls_connect(PurpleSslConnection *gsc)
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	348 {
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	349 PurpleSslGnutlsData *gnutls_data;
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	350 static const int cert_type_priority[2] = { GNUTLS_CRT_X509, 0 };
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	351
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	352 gnutls_data = g_new0(PurpleSslGnutlsData, 1);
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	353 gsc->private_data = gnutls_data;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	354
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	355 gnutls_init(&gnutls_data->session, GNUTLS_CLIENT);
25499 309f6dca369a Use _set_default_priority on gnutls versions lacking _priority_set_direct. Ethan Blanton <elb@pidgin.im> parents: 25498 diff changeset	356 #ifdef HAVE_GNUTLS_PRIORITY_FUNCS
29656 9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	357 {
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	358 const char *prio_str = NULL;
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	359
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	360 /* Let's see if someone has specified a specific priority */
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	361 if (gsc->host && host_priorities)
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	362 prio_str = g_hash_table_lookup(host_priorities, gsc->host);
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	363
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	364 /* If not, let's use the default! */
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	365 if (!prio_str)
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	366 prio_str = default_priority;
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	367
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	368 /* TODO: Use a gnutls_priority_t cache, so this doesn't require three levels! */
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	369 /* The logic here is to try the specified string, fall back to the default
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	370 * (which may also be user-specified), and if that doesn't work, fall back
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	371 * to the default default (which I'm not sure is necessary, but whatever).
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	372 */
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	373 if (gnutls_priority_set_direct(gnutls_data->session,
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	374 prio_str, NULL))
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	375 if (gnutls_priority_set_direct(gnutls_data->session, default_priority, NULL))
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	376 gnutls_priority_set_direct(gnutls_data->session, "NORMAL", NULL);
9bfa52f8ee87 gnutls: Allow overriding (per-host) of GnuTLS priorities via env. Fixes #11616 Paul Aurich <paul@darkrain42.org> parents: 29647 diff changeset	377 }
25499 309f6dca369a Use _set_default_priority on gnutls versions lacking _priority_set_direct. Ethan Blanton <elb@pidgin.im> parents: 25498 diff changeset	378 #else
309f6dca369a Use _set_default_priority on gnutls versions lacking _priority_set_direct. Ethan Blanton <elb@pidgin.im> parents: 25498 diff changeset	379 gnutls_set_default_priority(gnutls_data->session);
309f6dca369a Use _set_default_priority on gnutls versions lacking _priority_set_direct. Ethan Blanton <elb@pidgin.im> parents: 25498 diff changeset	380 #endif
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	381
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	382 gnutls_certificate_type_set_priority(gnutls_data->session,
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	383 cert_type_priority);
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	384
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	385 gnutls_credentials_set(gnutls_data->session, GNUTLS_CRD_CERTIFICATE,
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	386 xcred);
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	387
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	388 gnutls_transport_set_ptr(gnutls_data->session, GINT_TO_POINTER(gsc->fd));
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	389
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	390 gnutls_data->handshake_handler = purple_input_add(gsc->fd,
32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	391 PURPLE_INPUT_READ, ssl_gnutls_handshake_cb, gsc);
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	392
20255 07c103ac3795 applied changes from 5252885d793a4d288d92856d511d721bf5bb87ef Richard Laager <rlaager@wiktel.com> parents: 19681 diff changeset	393 purple_debug_info("gnutls", "Starting handshake with %s\n", gsc->host);
07c103ac3795 applied changes from 5252885d793a4d288d92856d511d721bf5bb87ef Richard Laager <rlaager@wiktel.com> parents: 19681 diff changeset	394
17252 a2edef5eb1b1 - Document some weird-looking logic in the GnuTLS plugin. William Ehlhardt <williamehlhardt@gmail.com> parents: 16665 diff changeset	395 /* Orborde asks: Why are we configuring a callback, then
a2edef5eb1b1 - Document some weird-looking logic in the GnuTLS plugin. William Ehlhardt <williamehlhardt@gmail.com> parents: 16665 diff changeset	396 immediately calling it?
a2edef5eb1b1 - Document some weird-looking logic in the GnuTLS plugin. William Ehlhardt <williamehlhardt@gmail.com> parents: 16665 diff changeset	397
a2edef5eb1b1 - Document some weird-looking logic in the GnuTLS plugin. William Ehlhardt <williamehlhardt@gmail.com> parents: 16665 diff changeset	398 Answer: gnutls_handshake (up in handshake_cb) needs to be called
a2edef5eb1b1 - Document some weird-looking logic in the GnuTLS plugin. William Ehlhardt <williamehlhardt@gmail.com> parents: 16665 diff changeset	399 once in order to get the ball rolling on the SSL connection.
a2edef5eb1b1 - Document some weird-looking logic in the GnuTLS plugin. William Ehlhardt <williamehlhardt@gmail.com> parents: 16665 diff changeset	400 Once it has done so, only then will the server reply, triggering
a2edef5eb1b1 - Document some weird-looking logic in the GnuTLS plugin. William Ehlhardt <williamehlhardt@gmail.com> parents: 16665 diff changeset	401 the callback.
a2edef5eb1b1 - Document some weird-looking logic in the GnuTLS plugin. William Ehlhardt <williamehlhardt@gmail.com> parents: 16665 diff changeset	402
a2edef5eb1b1 - Document some weird-looking logic in the GnuTLS plugin. William Ehlhardt <williamehlhardt@gmail.com> parents: 16665 diff changeset	403 Since the logic driving gnutls_handshake is the same with the first
a2edef5eb1b1 - Document some weird-looking logic in the GnuTLS plugin. William Ehlhardt <williamehlhardt@gmail.com> parents: 16665 diff changeset	404 and subsequent calls, we'll just fire the callback immediately to
a2edef5eb1b1 - Document some weird-looking logic in the GnuTLS plugin. William Ehlhardt <williamehlhardt@gmail.com> parents: 16665 diff changeset	405 accomplish this.
a2edef5eb1b1 - Document some weird-looking logic in the GnuTLS plugin. William Ehlhardt <williamehlhardt@gmail.com> parents: 16665 diff changeset	406 */
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	407 ssl_gnutls_handshake_cb(gsc, gsc->fd, PURPLE_INPUT_READ);
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	408 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	409
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	410 static void
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	411 ssl_gnutls_close(PurpleSslConnection *gsc)
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	412 {
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	413 PurpleSslGnutlsData *gnutls_data = PURPLE_SSL_GNUTLS_DATA(gsc);
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	414
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	415 if(!gnutls_data)
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	416 return;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	417
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	418 if(gnutls_data->handshake_handler)
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	419 purple_input_remove(gnutls_data->handshake_handler);
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	420
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	421 gnutls_bye(gnutls_data->session, GNUTLS_SHUT_RDWR);
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	422
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	423 gnutls_deinit(gnutls_data->session);
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	424
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	425 g_free(gnutls_data);
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	426 gsc->private_data = NULL;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	427 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	428
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	429 static size_t
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	430 ssl_gnutls_read(PurpleSslConnection gsc, void data, size_t len)
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	431 {
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	432 PurpleSslGnutlsData *gnutls_data = PURPLE_SSL_GNUTLS_DATA(gsc);
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	433 ssize_t s;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	434
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	435 s = gnutls_record_recv(gnutls_data->session, data, len);
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	436
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	437 if(s == GNUTLS_E_AGAIN \|\| s == GNUTLS_E_INTERRUPTED) {
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	438 s = -1;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	439 errno = EAGAIN;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	440 } else if(s < 0) {
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	441 purple_debug_error("gnutls", "receive failed: %s\n",
15784 eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15373 diff changeset	442 gnutls_strerror(s));
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15373 diff changeset	443 s = -1;
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15373 diff changeset	444 /*
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15373 diff changeset	445 * TODO: Set errno to something more appropriate. Or even
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15373 diff changeset	446 * better: allow ssl plugins to keep track of their
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15373 diff changeset	447 * own error message, then add a new ssl_ops function
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15373 diff changeset	448 * that returns the error message.
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15373 diff changeset	449 */
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15373 diff changeset	450 errno = EIO;
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	451 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	452
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	453 return s;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	454 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	455
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	456 static size_t
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	457 ssl_gnutls_write(PurpleSslConnection gsc, const void data, size_t len)
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	458 {
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	459 PurpleSslGnutlsData *gnutls_data = PURPLE_SSL_GNUTLS_DATA(gsc);
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	460 ssize_t s = 0;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	461
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	462 /* XXX: when will gnutls_data be NULL? */
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	463 if(gnutls_data)
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	464 s = gnutls_record_send(gnutls_data->session, data, len);
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	465
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	466 if(s == GNUTLS_E_AGAIN \|\| s == GNUTLS_E_INTERRUPTED) {
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	467 s = -1;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	468 errno = EAGAIN;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	469 } else if(s < 0) {
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	470 purple_debug_error("gnutls", "send failed: %s\n",
15784 eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15373 diff changeset	471 gnutls_strerror(s));
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15373 diff changeset	472 s = -1;
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15373 diff changeset	473 /*
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15373 diff changeset	474 * TODO: Set errno to something more appropriate. Or even
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15373 diff changeset	475 * better: allow ssl plugins to keep track of their
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15373 diff changeset	476 * own error message, then add a new ssl_ops function
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15373 diff changeset	477 * that returns the error message.
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15373 diff changeset	478 */
eed84b59c252 There were a few problems here Mark Doliner <mark@kingant.net> parents: 15373 diff changeset	479 errno = EIO;
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	480 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	481
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	482 return s;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	483 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	484
19491 4f472eef762c - TODO-whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19218 diff changeset	485 /* Forward declarations are fun! */
18189 030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	486 static PurpleCertificate *
20282 62b83cebbb59 applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e Richard Laager <rlaager@wiktel.com> parents: 20255 diff changeset	487 x509_import_from_datum(const gnutls_datum dt, gnutls_x509_crt_fmt mode);
17914 2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	488
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	489 static GList *
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	490 ssl_gnutls_get_peer_certificates(PurpleSslConnection * gsc)
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	491 {
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	492 PurpleSslGnutlsData *gnutls_data = PURPLE_SSL_GNUTLS_DATA(gsc);
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	493
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	494 /* List of Certificate instances to return */
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	495 GList * peer_certs = NULL;
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	496
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	497 /* List of raw certificates as given by GnuTLS */
20282 62b83cebbb59 applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e Richard Laager <rlaager@wiktel.com> parents: 20255 diff changeset	498 const gnutls_datum *cert_list;
17914 2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	499 unsigned int cert_list_size = 0;
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	500
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	501 unsigned int i;
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	502
17914 2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	503 /* This should never, ever happen. */
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	504 g_return_val_if_fail( gnutls_certificate_type_get (gnutls_data->session) == GNUTLS_CRT_X509, NULL);
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	505
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	506 /* Get the certificate list from GnuTLS */
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	507 /* TODO: I am _pretty sure_ this doesn't block or do other exciting things */
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	508 cert_list = gnutls_certificate_get_peers(gnutls_data->session,
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	509 &cert_list_size);
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	510
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	511 /* Convert each certificate to a Certificate and append it to the list */
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	512 for (i = 0; i < cert_list_size; i++) {
18189 030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	513 PurpleCertificate * newcrt = x509_import_from_datum(cert_list[i],
18186 80c909c5bb7a - Add a mode switch to allow DER or PEM imports (necessary because SSL certs William Ehlhardt <williamehlhardt@gmail.com> parents: 17914 diff changeset	514 GNUTLS_X509_FMT_DER);
17914 2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	515 /* Append is somewhat inefficient on linked lists, but is easy
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	516 to read. If someone complains, I'll change it.
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	517 TODO: Is anyone complaining? (Maybe elb?) */
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	518 peer_certs = g_list_append(peer_certs, newcrt);
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	519 }
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	520
19491 4f472eef762c - TODO-whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19218 diff changeset	521 /* cert_list doesn't need free()-ing */
17914 2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	522
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	523 return peer_certs;
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	524 }
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	525
17913 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	526 /************************************************************************/
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	527 /* X.509 functionality */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	528 /************************************************************************/
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	529 const gchar * SCHEME_NAME = "x509";
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	530
18189 030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	531 static PurpleCertificateScheme x509_gnutls;
17913 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	532
19017 e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	533 /** Refcounted GnuTLS certificate data instance */
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	534 typedef struct {
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	535 gint refcount;
20282 62b83cebbb59 applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e Richard Laager <rlaager@wiktel.com> parents: 20255 diff changeset	536 gnutls_x509_crt crt;
19017 e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	537 } x509_crtdata_t;
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	538
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	539 /** Helper functions for reference counting */
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	540 static x509_crtdata_t *
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	541 x509_crtdata_addref(x509_crtdata_t *cd)
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	542 {
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	543 (cd->refcount)++;
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	544 return cd;
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	545 }
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	546
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	547 static void
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	548 x509_crtdata_delref(x509_crtdata_t *cd)
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	549 {
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	550 (cd->refcount)--;
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	551
19552 c35c3c3fc4cf refcount of 0 is normal Mark Doliner <mark@kingant.net> parents: 19551 diff changeset	552 if (cd->refcount < 0)
19551 ce3dec442fec Replace a call to g_assert() with a logging statement Mark Doliner <mark@kingant.net> parents: 19550 diff changeset	553 g_critical("Refcount of x509_crtdata_t is %d, which is less "
ce3dec442fec Replace a call to g_assert() with a logging statement Mark Doliner <mark@kingant.net> parents: 19550 diff changeset	554 "than zero!\n", cd->refcount);
ce3dec442fec Replace a call to g_assert() with a logging statement Mark Doliner <mark@kingant.net> parents: 19550 diff changeset	555
19017 e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	556 /* If the refcount reaches zero, kill the structure */
19551 ce3dec442fec Replace a call to g_assert() with a logging statement Mark Doliner <mark@kingant.net> parents: 19550 diff changeset	557 if (cd->refcount <= 0) {
19017 e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	558 /* Kill the internal data */
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	559 gnutls_x509_crt_deinit( cd->crt );
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	560 /* And kill the struct */
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	561 g_free( cd );
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	562 }
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	563 }
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	564
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	565 /** Helper macro to retrieve the GnuTLS crt_t from a PurpleCertificate */
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	566 #define X509_GET_GNUTLS_DATA(pcrt) ( ((x509_crtdata_t *) (pcrt->data))->crt)
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	567
20282 62b83cebbb59 applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e Richard Laager <rlaager@wiktel.com> parents: 20255 diff changeset	568 /** Transforms a gnutls_datum containing an X.509 certificate into a Certificate instance under the x509_gnutls scheme
17914 2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	569 *
18186 80c909c5bb7a - Add a mode switch to allow DER or PEM imports (necessary because SSL certs William Ehlhardt <williamehlhardt@gmail.com> parents: 17914 diff changeset	570 * @param dt Datum to transform
80c909c5bb7a - Add a mode switch to allow DER or PEM imports (necessary because SSL certs William Ehlhardt <williamehlhardt@gmail.com> parents: 17914 diff changeset	571 * @param mode GnuTLS certificate format specifier (GNUTLS_X509_FMT_PEM for
80c909c5bb7a - Add a mode switch to allow DER or PEM imports (necessary because SSL certs William Ehlhardt <williamehlhardt@gmail.com> parents: 17914 diff changeset	572 * reading from files, and GNUTLS_X509_FMT_DER for converting
80c909c5bb7a - Add a mode switch to allow DER or PEM imports (necessary because SSL certs William Ehlhardt <williamehlhardt@gmail.com> parents: 17914 diff changeset	573 * "over the wire" certs for SSL)
17914 2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	574 *
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	575 * @return A newly allocated Certificate structure of the x509_gnutls scheme
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	576 */
18189 030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	577 static PurpleCertificate *
20282 62b83cebbb59 applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e Richard Laager <rlaager@wiktel.com> parents: 20255 diff changeset	578 x509_import_from_datum(const gnutls_datum dt, gnutls_x509_crt_fmt mode)
17914 2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	579 {
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	580 /* Internal certificate data structure */
19017 e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	581 x509_crtdata_t *certdat;
17914 2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	582 /* New certificate to return */
18189 030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	583 PurpleCertificate * crt;
17914 2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	584
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	585 /* Allocate and prepare the internal certificate data */
19017 e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	586 certdat = g_new0(x509_crtdata_t, 1);
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	587 gnutls_x509_crt_init(&(certdat->crt));
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	588 certdat->refcount = 0;
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	589
17914 2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	590 /* Perform the actual certificate parse */
19017 e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	591 /* Yes, certdat->crt should be passed as-is */
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	592 gnutls_x509_crt_import(certdat->crt, &dt, mode);
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	593
17914 2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	594 /* Allocate the certificate and load it with data */
18961 fa138dbacff5 - More g_new0 instead of g_new William Ehlhardt <williamehlhardt@gmail.com> parents: 18955 diff changeset	595 crt = g_new0(PurpleCertificate, 1);
17914 2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	596 crt->scheme = &x509_gnutls;
19017 e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	597 crt->data = x509_crtdata_addref(certdat);
17914 2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	598
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	599 return crt;
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	600 }
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function William Ehlhardt <williamehlhardt@gmail.com> parents: 17913 diff changeset	601
17913 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	602 /** Imports a PEM-formatted X.509 certificate from the specified file.
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	603 * @param filename Filename to import from. Format is PEM
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	604 *
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	605 * @return A newly allocated Certificate structure of the x509_gnutls scheme
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	606 */
18189 030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	607 static PurpleCertificate *
17913 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	608 x509_import_from_file(const gchar * filename)
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	609 {
18189 030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	610 PurpleCertificate crt; / Certificate being constructed */
17913 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	611 gchar buf; / Used to load the raw file data */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	612 gsize buf_sz; /* Size of the above */
20282 62b83cebbb59 applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e Richard Laager <rlaager@wiktel.com> parents: 20255 diff changeset	613 gnutls_datum dt; /* Struct to pass down to GnuTLS */
17913 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	614
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	615 purple_debug_info("gnutls",
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	616 "Attempting to load X.509 certificate from %s\n",
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	617 filename);
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	618
17913 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	619 /* Next, we'll simply yank the entire contents of the file
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	620 into memory */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	621 /* TODO: Should I worry about very large files here? */
19491 4f472eef762c - TODO-whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19218 diff changeset	622 g_return_val_if_fail(
4f472eef762c - TODO-whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19218 diff changeset	623 g_file_get_contents(filename,
17913 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	624 &buf,
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	625 &buf_sz,
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	626 NULL /* No error checking for now */
19491 4f472eef762c - TODO-whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19218 diff changeset	627 ),
4f472eef762c - TODO-whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19218 diff changeset	628 NULL);
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	629
17913 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	630 /* Load the datum struct */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	631 dt.data = (unsigned char *) buf;
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	632 dt.size = buf_sz;
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	633
21678 a890a1574703 Boo for C99 in the core Ethan Blanton <elb@pidgin.im> parents: 21030 diff changeset	634 /* Perform the conversion; files should be in PEM format */
a890a1574703 Boo for C99 in the core Ethan Blanton <elb@pidgin.im> parents: 21030 diff changeset	635 crt = x509_import_from_datum(dt, GNUTLS_X509_FMT_PEM);
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	636
17913 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	637 /* Cleanup */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	638 g_free(buf);
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	639
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	640 return crt;
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	641 }
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	642
29647 c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	643 /** Imports a number of PEM-formatted X.509 certificates from the specified file.
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	644 * @param filename Filename to import from. Format is PEM
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	645 *
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	646 * @return A newly allocated GSList of Certificate structures of the x509_gnutls scheme
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	647 */
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	648 static GSList *
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	649 x509_importcerts_from_file(const gchar * filename)
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	650 {
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	651 PurpleCertificate crt; / Certificate being constructed */
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	652 gchar buf; / Used to load the raw file data */
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	653 gchar begin, end;
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	654 GSList *crts = NULL;
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	655 gsize buf_sz; /* Size of the above */
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	656 gnutls_datum dt; /* Struct to pass down to GnuTLS */
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	657
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	658 purple_debug_info("gnutls",
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	659 "Attempting to load X.509 certificates from %s\n",
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	660 filename);
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	661
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	662 /* Next, we'll simply yank the entire contents of the file
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	663 into memory */
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	664 /* TODO: Should I worry about very large files here? */
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	665 g_return_val_if_fail(
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	666 g_file_get_contents(filename,
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	667 &buf,
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	668 &buf_sz,
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	669 NULL /* No error checking for now */
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	670 ),
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	671 NULL);
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	672
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	673 begin = buf;
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	674 while((end = strstr(begin, "-----END CERTIFICATE-----")) != NULL) {
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	675 end += sizeof("-----END CERTIFICATE-----")-1;
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	676 /* Load the datum struct */
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	677 dt.data = (unsigned char *) begin;
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	678 dt.size = (end-begin);
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	679
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	680 /* Perform the conversion; files should be in PEM format */
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	681 crt = x509_import_from_datum(dt, GNUTLS_X509_FMT_PEM);
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	682 crts = g_slist_prepend(crts, crt);
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	683 begin = end;
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	684 }
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	685
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	686 /* Cleanup */
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	687 g_free(buf);
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	688
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	689 return crts;
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	690 }
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	691
18977 31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	692 /**
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	693 * Exports a PEM-formatted X.509 certificate to the specified file.
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	694 * @param filename Filename to export to. Format will be PEM
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	695 * @param crt Certificate to export
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	696 *
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	697 * @return TRUE if success, otherwise FALSE
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	698 */
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	699 static gboolean
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	700 x509_export_certificate(const gchar filename, PurpleCertificate crt)
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	701 {
20282 62b83cebbb59 applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e Richard Laager <rlaager@wiktel.com> parents: 20255 diff changeset	702 gnutls_x509_crt crt_dat; /* GnuTLS cert struct */
18977 31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	703 int ret;
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	704 gchar * out_buf; /* Data to output */
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	705 size_t out_size; /* Output size */
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	706 gboolean success = FALSE;
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	707
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	708 /* Paranoia paranoia paranoia! */
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	709 g_return_val_if_fail(filename, FALSE);
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	710 g_return_val_if_fail(crt, FALSE);
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	711 g_return_val_if_fail(crt->scheme == &x509_gnutls, FALSE);
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	712 g_return_val_if_fail(crt->data, FALSE);
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	713
19017 e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	714 crt_dat = X509_GET_GNUTLS_DATA(crt);
18977 31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	715
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	716 /* Obtain the output size required */
19004 d4065b26dcac - Fix intermittent crash due to uninitialized variable William Ehlhardt <williamehlhardt@gmail.com> parents: 19003 diff changeset	717 out_size = 0;
18977 31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	718 ret = gnutls_x509_crt_export(crt_dat, GNUTLS_X509_FMT_PEM,
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	719 NULL, /* Provide no buffer yet */
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	720 &out_size /* Put size here */
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	721 );
19002 daeca1b9ebdb - Fix an incorrect assertion in GnuTLS plugin William Ehlhardt <williamehlhardt@gmail.com> parents: 18977 diff changeset	722 g_return_val_if_fail(ret == GNUTLS_E_SHORT_MEMORY_BUFFER, FALSE);
18977 31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	723
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	724 /* Now allocate a buffer and really export it */
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	725 out_buf = g_new0(gchar, out_size);
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	726 ret = gnutls_x509_crt_export(crt_dat, GNUTLS_X509_FMT_PEM,
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	727 out_buf, /* Export to our new buffer */
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	728 &out_size /* Put size here */
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	729 );
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	730 if (ret != 0) {
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	731 purple_debug_error("gnutls/x509",
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	732 "Failed to export cert to buffer with code %d\n",
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	733 ret);
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	734 g_free(out_buf);
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	735 return FALSE;
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	736 }
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	737
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	738 /* Write it out to an actual file */
19498 7589b218f89a - Add purple_util_write_data_to_file_absolute; glib's William Ehlhardt <williamehlhardt@gmail.com> parents: 19494 diff changeset	739 success = purple_util_write_data_to_file_absolute(filename,
7589b218f89a - Add purple_util_write_data_to_file_absolute; glib's William Ehlhardt <williamehlhardt@gmail.com> parents: 19494 diff changeset	740 out_buf, out_size);
18977 31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	741
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	742 g_free(out_buf);
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	743 return success;
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	744 }
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	745
19019 e179e7e6ded7 - Add GnuTLS X.509 cert copy operator William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	746 static PurpleCertificate *
e179e7e6ded7 - Add GnuTLS X.509 cert copy operator William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	747 x509_copy_certificate(PurpleCertificate *crt)
e179e7e6ded7 - Add GnuTLS X.509 cert copy operator William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	748 {
e179e7e6ded7 - Add GnuTLS X.509 cert copy operator William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	749 x509_crtdata_t *crtdat;
e179e7e6ded7 - Add GnuTLS X.509 cert copy operator William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	750 PurpleCertificate *newcrt;
e179e7e6ded7 - Add GnuTLS X.509 cert copy operator William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	751
e179e7e6ded7 - Add GnuTLS X.509 cert copy operator William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	752 g_return_val_if_fail(crt, NULL);
e179e7e6ded7 - Add GnuTLS X.509 cert copy operator William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	753 g_return_val_if_fail(crt->scheme == &x509_gnutls, NULL);
e179e7e6ded7 - Add GnuTLS X.509 cert copy operator William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	754
e179e7e6ded7 - Add GnuTLS X.509 cert copy operator William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	755 crtdat = (x509_crtdata_t *) crt->data;
e179e7e6ded7 - Add GnuTLS X.509 cert copy operator William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	756
e179e7e6ded7 - Add GnuTLS X.509 cert copy operator William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	757 newcrt = g_new0(PurpleCertificate, 1);
e179e7e6ded7 - Add GnuTLS X.509 cert copy operator William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	758 newcrt->scheme = &x509_gnutls;
e179e7e6ded7 - Add GnuTLS X.509 cert copy operator William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	759 newcrt->data = x509_crtdata_addref(crtdat);
e179e7e6ded7 - Add GnuTLS X.509 cert copy operator William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	760
e179e7e6ded7 - Add GnuTLS X.509 cert copy operator William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	761 return newcrt;
e179e7e6ded7 - Add GnuTLS X.509 cert copy operator William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	762 }
17913 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	763 /** Frees a Certificate
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	764 *
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	765 * Destroys a Certificate's internal data structures and frees the pointer
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	766 * given.
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	767 * @param crt Certificate instance to be destroyed. It WILL NOT be destroyed
0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	768 * if it is not of the correct CertificateScheme. Can be NULL
17913 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	769 *
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	770 */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	771 static void
18189 030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	772 x509_destroy_certificate(PurpleCertificate * crt)
17913 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	773 {
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	774 if (NULL == crt) return;
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	775
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	776 /* Check that the scheme is x509_gnutls */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	777 if ( crt->scheme != &x509_gnutls ) {
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	778 purple_debug_error("gnutls",
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	779 "destroy_certificate attempted on certificate of wrong scheme (scheme was %s, expected %s)\n",
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	780 crt->scheme->name,
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	781 SCHEME_NAME);
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	782 return;
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	783 }
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	784
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	785 g_return_if_fail(crt->data != NULL);
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	786 g_return_if_fail(crt->scheme != NULL);
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	787
19017 e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	788 /* Use the reference counting system to free (or not) the
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	789 underlying data */
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	790 x509_crtdata_delref((x509_crtdata_t *)crt->data);
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	791
17913 55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	792 /* Kill the structure itself */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	793 g_free(crt);
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	794 }
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h William Ehlhardt <williamehlhardt@gmail.com> parents: 17911 diff changeset	795
18191 a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	796 /** Determines whether one certificate has been issued and signed by another
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	797 *
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	798 * @param crt Certificate to check the signature of
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	799 * @param issuer Issuer's certificate
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	800 *
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	801 * @return TRUE if crt was signed and issued by issuer, otherwise FALSE
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	802 * @TODO Modify this function to return a reason for invalidity?
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	803 */
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	804 static gboolean
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	805 x509_certificate_signed_by(PurpleCertificate * crt,
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	806 PurpleCertificate * issuer)
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	807 {
20282 62b83cebbb59 applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e Richard Laager <rlaager@wiktel.com> parents: 20255 diff changeset	808 gnutls_x509_crt crt_dat;
62b83cebbb59 applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e Richard Laager <rlaager@wiktel.com> parents: 20255 diff changeset	809 gnutls_x509_crt issuer_dat;
19212 2c7c934bfb4e - Fix x509_signed_by. Apparently I can't read documentation. William Ehlhardt <williamehlhardt@gmail.com> parents: 19079 diff changeset	810 unsigned int verify; /* used to store result from GnuTLS verifier */
18191 a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	811 int ret;
27655 0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27183 diff changeset	812 gchar *crt_id = NULL;
0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27183 diff changeset	813 gchar *issuer_id = NULL;
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	814
18191 a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	815 g_return_val_if_fail(crt, FALSE);
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	816 g_return_val_if_fail(issuer, FALSE);
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	817
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	818 /* Verify that both certs are the correct scheme */
18963 146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	819 g_return_val_if_fail(crt->scheme == &x509_gnutls, FALSE);
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	820 g_return_val_if_fail(issuer->scheme == &x509_gnutls, FALSE);
18191 a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	821
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	822 /* TODO: check for more nullness? */
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	823
19017 e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	824 crt_dat = X509_GET_GNUTLS_DATA(crt);
e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	825 issuer_dat = X509_GET_GNUTLS_DATA(issuer);
18191 a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	826
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	827 /* First, let's check that crt.issuer is actually issuer */
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	828 ret = gnutls_x509_crt_check_issuer(crt_dat, issuer_dat);
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	829 if (ret <= 0) {
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	830
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	831 if (ret < 0) {
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	832 purple_debug_error("gnutls/x509",
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	833 "GnuTLS error %d while checking certificate issuer match.",
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	834 ret);
19212 2c7c934bfb4e - Fix x509_signed_by. Apparently I can't read documentation. William Ehlhardt <williamehlhardt@gmail.com> parents: 19079 diff changeset	835 } else {
2c7c934bfb4e - Fix x509_signed_by. Apparently I can't read documentation. William Ehlhardt <williamehlhardt@gmail.com> parents: 19079 diff changeset	836 gchar crt_id, issuer_id, *crt_issuer_id;
2c7c934bfb4e - Fix x509_signed_by. Apparently I can't read documentation. William Ehlhardt <williamehlhardt@gmail.com> parents: 19079 diff changeset	837 crt_id = purple_certificate_get_unique_id(crt);
2c7c934bfb4e - Fix x509_signed_by. Apparently I can't read documentation. William Ehlhardt <williamehlhardt@gmail.com> parents: 19079 diff changeset	838 issuer_id = purple_certificate_get_unique_id(issuer);
2c7c934bfb4e - Fix x509_signed_by. Apparently I can't read documentation. William Ehlhardt <williamehlhardt@gmail.com> parents: 19079 diff changeset	839 crt_issuer_id =
2c7c934bfb4e - Fix x509_signed_by. Apparently I can't read documentation. William Ehlhardt <williamehlhardt@gmail.com> parents: 19079 diff changeset	840 purple_certificate_get_issuer_unique_id(crt);
2c7c934bfb4e - Fix x509_signed_by. Apparently I can't read documentation. William Ehlhardt <williamehlhardt@gmail.com> parents: 19079 diff changeset	841 purple_debug_info("gnutls/x509",
28358 401a00227615 ssl-gnutls: I think this error message makes a little more sense. Paul Aurich <paul@darkrain42.org> parents: 28355 diff changeset	842 "Certificate %s is issued by "
401a00227615 ssl-gnutls: I think this error message makes a little more sense. Paul Aurich <paul@darkrain42.org> parents: 28355 diff changeset	843 "%s, which does not match %s.\n",
20285 3b459f294dc1 applied changes from f143c30a12f30c53e017f1bfc22ccddee96036fc Richard Laager <rlaager@wiktel.com> parents: 20284 diff changeset	844 crt_id ? crt_id : "(null)",
3b459f294dc1 applied changes from f143c30a12f30c53e017f1bfc22ccddee96036fc Richard Laager <rlaager@wiktel.com> parents: 20284 diff changeset	845 crt_issuer_id ? crt_issuer_id : "(null)",
3b459f294dc1 applied changes from f143c30a12f30c53e017f1bfc22ccddee96036fc Richard Laager <rlaager@wiktel.com> parents: 20284 diff changeset	846 issuer_id ? issuer_id : "(null)");
19212 2c7c934bfb4e - Fix x509_signed_by. Apparently I can't read documentation. William Ehlhardt <williamehlhardt@gmail.com> parents: 19079 diff changeset	847 g_free(crt_id);
2c7c934bfb4e - Fix x509_signed_by. Apparently I can't read documentation. William Ehlhardt <williamehlhardt@gmail.com> parents: 19079 diff changeset	848 g_free(issuer_id);
2c7c934bfb4e - Fix x509_signed_by. Apparently I can't read documentation. William Ehlhardt <williamehlhardt@gmail.com> parents: 19079 diff changeset	849 g_free(crt_issuer_id);
18191 a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	850 }
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	851
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	852 /* The issuer is not correct, or there were errors */
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	853 return FALSE;
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	854 }
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	855
18191 a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	856 /* Now, check the signature */
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	857 /* The second argument is a ptr to an array of "trusted" issuer certs,
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	858 but we're only using one trusted one */
19218 0e17da726a8c - x509_signed_by now accepts a signature by an X.509 version 1 William Ehlhardt <williamehlhardt@gmail.com> parents: 19215 diff changeset	859 ret = gnutls_x509_crt_verify(crt_dat, &issuer_dat, 1,
0e17da726a8c - x509_signed_by now accepts a signature by an X.509 version 1 William Ehlhardt <williamehlhardt@gmail.com> parents: 19215 diff changeset	860 /* Permit signings by X.509v1 certs
0e17da726a8c - x509_signed_by now accepts a signature by an X.509 version 1 William Ehlhardt <williamehlhardt@gmail.com> parents: 19215 diff changeset	861 (Verisign and possibly others have
0e17da726a8c - x509_signed_by now accepts a signature by an X.509 version 1 William Ehlhardt <williamehlhardt@gmail.com> parents: 19215 diff changeset	862 root certificates that predate the
0e17da726a8c - x509_signed_by now accepts a signature by an X.509 version 1 William Ehlhardt <williamehlhardt@gmail.com> parents: 19215 diff changeset	863 current standard) */
0e17da726a8c - x509_signed_by now accepts a signature by an X.509 version 1 William Ehlhardt <williamehlhardt@gmail.com> parents: 19215 diff changeset	864 GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT,
0e17da726a8c - x509_signed_by now accepts a signature by an X.509 version 1 William Ehlhardt <williamehlhardt@gmail.com> parents: 19215 diff changeset	865 &verify);
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	866
19212 2c7c934bfb4e - Fix x509_signed_by. Apparently I can't read documentation. William Ehlhardt <williamehlhardt@gmail.com> parents: 19079 diff changeset	867 if (ret != 0) {
18191 a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	868 purple_debug_error("gnutls/x509",
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	869 "Attempted certificate verification caused a GnuTLS error code %d. I will just say the signature is bad, but you should look into this.\n", ret);
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	870 return FALSE;
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	871 }
19212 2c7c934bfb4e - Fix x509_signed_by. Apparently I can't read documentation. William Ehlhardt <williamehlhardt@gmail.com> parents: 19079 diff changeset	872
28355 13a229a062c6 Check the GnuTLS version before using a recent-ish flag. Fixes #10412. Paul Aurich <paul@darkrain42.org> parents: 27655 diff changeset	873 #ifdef HAVE_GNUTLS_CERT_INSECURE_ALGORITHM
27655 0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27183 diff changeset	874 if (verify & GNUTLS_CERT_INSECURE_ALGORITHM) {
0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27183 diff changeset	875 /*
0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27183 diff changeset	876 * A certificate in the chain is signed with an insecure
0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27183 diff changeset	877 * algorithm. Put a warning into the log to make this error
0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27183 diff changeset	878 * perfectly clear as soon as someone looks at the debug log is
0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27183 diff changeset	879 * generated.
0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27183 diff changeset	880 */
0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27183 diff changeset	881 crt_id = purple_certificate_get_unique_id(crt);
0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27183 diff changeset	882 issuer_id = purple_certificate_get_issuer_unique_id(crt);
0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27183 diff changeset	883 purple_debug_warning("gnutls/x509",
0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27183 diff changeset	884 "Insecure hash algorithm used by %s to sign %s\n",
0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27183 diff changeset	885 issuer_id, crt_id);
0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27183 diff changeset	886 }
28355 13a229a062c6 Check the GnuTLS version before using a recent-ish flag. Fixes #10412. Paul Aurich <paul@darkrain42.org> parents: 27655 diff changeset	887 #endif
27655 0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27183 diff changeset	888
19212 2c7c934bfb4e - Fix x509_signed_by. Apparently I can't read documentation. William Ehlhardt <williamehlhardt@gmail.com> parents: 19079 diff changeset	889 if (verify & GNUTLS_CERT_INVALID) {
18191 a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	890 /* Signature didn't check out, but at least
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	891 there were no errors*/
27655 0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27183 diff changeset	892 if (!crt_id)
0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27183 diff changeset	893 crt_id = purple_certificate_get_unique_id(crt);
0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27183 diff changeset	894 if (!issuer_id)
0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27183 diff changeset	895 issuer_id = purple_certificate_get_issuer_unique_id(crt);
0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27183 diff changeset	896 purple_debug_error("gnutls/x509",
0ac5a002dd6d Add a debug log message when MD5 is used in a verification chain. Refs #4458. Paul Aurich <paul@darkrain42.org> parents: 27183 diff changeset	897 "Bad signature from %s on %s\n",
19212 2c7c934bfb4e - Fix x509_signed_by. Apparently I can't read documentation. William Ehlhardt <williamehlhardt@gmail.com> parents: 19079 diff changeset	898 issuer_id, crt_id);
2c7c934bfb4e - Fix x509_signed_by. Apparently I can't read documentation. William Ehlhardt <williamehlhardt@gmail.com> parents: 19079 diff changeset	899 g_free(crt_id);
2c7c934bfb4e - Fix x509_signed_by. Apparently I can't read documentation. William Ehlhardt <williamehlhardt@gmail.com> parents: 19079 diff changeset	900 g_free(issuer_id);
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	901
18191 a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	902 return FALSE;
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	903 } /* if (ret, etc.) */
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	904
19212 2c7c934bfb4e - Fix x509_signed_by. Apparently I can't read documentation. William Ehlhardt <williamehlhardt@gmail.com> parents: 19079 diff changeset	905 /* If we got here, the signature is good */
2c7c934bfb4e - Fix x509_signed_by. Apparently I can't read documentation. William Ehlhardt <williamehlhardt@gmail.com> parents: 19079 diff changeset	906 return TRUE;
18191 a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	907 }
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer William Ehlhardt <williamehlhardt@gmail.com> parents: 18189 diff changeset	908
18935 cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	909 static GByteArray *
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	910 x509_sha1sum(PurpleCertificate *crt)
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	911 {
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	912 size_t hashlen = 20; /* SHA1 hashes are 20 bytes */
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	913 size_t tmpsz = hashlen; /* Throw-away variable for GnuTLS to stomp on*/
20282 62b83cebbb59 applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e Richard Laager <rlaager@wiktel.com> parents: 20255 diff changeset	914 gnutls_x509_crt crt_dat;
18935 cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	915 GByteArray hash; /< Final hash container /
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	916 guchar hashbuf[hashlen]; /*< Temporary buffer to contain hash /
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	917
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	918 g_return_val_if_fail(crt, NULL);
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	919
19017 e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	920 crt_dat = X509_GET_GNUTLS_DATA(crt);
18935 cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	921
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	922 /* Extract the fingerprint */
19492 447470c8111a - More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19491 diff changeset	923 g_return_val_if_fail(
447470c8111a - More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19491 diff changeset	924 0 == gnutls_x509_crt_get_fingerprint(crt_dat, GNUTLS_MAC_SHA,
447470c8111a - More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19491 diff changeset	925 hashbuf, &tmpsz),
447470c8111a - More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19491 diff changeset	926 NULL);
18935 cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	927
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	928 /* This shouldn't happen */
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	929 g_return_val_if_fail(tmpsz == hashlen, NULL);
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	930
18935 cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	931 /* Okay, now create and fill hash array */
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	932 hash = g_byte_array_new();
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	933 g_byte_array_append(hash, hashbuf, hashlen);
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	934
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	935 return hash;
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	936 }
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	937
18963 146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	938 static gchar *
19079 05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	939 x509_cert_dn (PurpleCertificate *crt)
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	940 {
20282 62b83cebbb59 applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e Richard Laager <rlaager@wiktel.com> parents: 20255 diff changeset	941 gnutls_x509_crt cert_dat;
19079 05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	942 gchar *dn = NULL;
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	943 size_t dn_size;
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	944
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	945 g_return_val_if_fail(crt, NULL);
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	946 g_return_val_if_fail(crt->scheme == &x509_gnutls, NULL);
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	947
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	948 cert_dat = X509_GET_GNUTLS_DATA(crt);
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	949
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	950 /* Figure out the length of the Distinguished Name */
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	951 /* Claim that the buffer is size 0 so GnuTLS just tells us how much
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	952 space it needs */
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	953 dn_size = 0;
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	954 gnutls_x509_crt_get_dn(cert_dat, dn, &dn_size);
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	955
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	956 /* Now allocate and get the Distinguished Name */
20283 5edb55b70108 applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971 Richard Laager <rlaager@wiktel.com> parents: 20282 diff changeset	957 /* Old versions of GnuTLS have an off-by-one error in reporting
5edb55b70108 applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971 Richard Laager <rlaager@wiktel.com> parents: 20282 diff changeset	958 the size of the needed buffer in some functions, so allocate
5edb55b70108 applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971 Richard Laager <rlaager@wiktel.com> parents: 20282 diff changeset	959 an extra byte */
5edb55b70108 applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971 Richard Laager <rlaager@wiktel.com> parents: 20282 diff changeset	960 dn = g_new0(gchar, ++dn_size);
19493 e147c3a821dd - Errorchecking in x509_cert_dn William Ehlhardt <williamehlhardt@gmail.com> parents: 19492 diff changeset	961 if (0 != gnutls_x509_crt_get_dn(cert_dat, dn, &dn_size)) {
e147c3a821dd - Errorchecking in x509_cert_dn William Ehlhardt <williamehlhardt@gmail.com> parents: 19492 diff changeset	962 purple_debug_error("gnutls/x509",
e147c3a821dd - Errorchecking in x509_cert_dn William Ehlhardt <williamehlhardt@gmail.com> parents: 19492 diff changeset	963 "Failed to get Distinguished Name\n");
e147c3a821dd - Errorchecking in x509_cert_dn William Ehlhardt <williamehlhardt@gmail.com> parents: 19492 diff changeset	964 g_free(dn);
e147c3a821dd - Errorchecking in x509_cert_dn William Ehlhardt <williamehlhardt@gmail.com> parents: 19492 diff changeset	965 return NULL;
e147c3a821dd - Errorchecking in x509_cert_dn William Ehlhardt <williamehlhardt@gmail.com> parents: 19492 diff changeset	966 }
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	967
19079 05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	968 return dn;
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	969 }
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	970
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	971 static gchar *
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	972 x509_issuer_dn (PurpleCertificate *crt)
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	973 {
20282 62b83cebbb59 applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e Richard Laager <rlaager@wiktel.com> parents: 20255 diff changeset	974 gnutls_x509_crt cert_dat;
19079 05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	975 gchar *dn = NULL;
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	976 size_t dn_size;
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	977
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	978 g_return_val_if_fail(crt, NULL);
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	979 g_return_val_if_fail(crt->scheme == &x509_gnutls, NULL);
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	980
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	981 cert_dat = X509_GET_GNUTLS_DATA(crt);
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	982
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	983 /* Figure out the length of the Distinguished Name */
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	984 /* Claim that the buffer is size 0 so GnuTLS just tells us how much
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	985 space it needs */
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	986 dn_size = 0;
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	987 gnutls_x509_crt_get_issuer_dn(cert_dat, dn, &dn_size);
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	988
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	989 /* Now allocate and get the Distinguished Name */
20283 5edb55b70108 applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971 Richard Laager <rlaager@wiktel.com> parents: 20282 diff changeset	990 /* Old versions of GnuTLS have an off-by-one error in reporting
5edb55b70108 applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971 Richard Laager <rlaager@wiktel.com> parents: 20282 diff changeset	991 the size of the needed buffer in some functions, so allocate
5edb55b70108 applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971 Richard Laager <rlaager@wiktel.com> parents: 20282 diff changeset	992 an extra byte */
5edb55b70108 applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971 Richard Laager <rlaager@wiktel.com> parents: 20282 diff changeset	993 dn = g_new0(gchar, ++dn_size);
19494 280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	994 if (0 != gnutls_x509_crt_get_issuer_dn(cert_dat, dn, &dn_size)) {
280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	995 purple_debug_error("gnutls/x509",
280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	996 "Failed to get issuer's Distinguished "
280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	997 "Name\n");
280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	998 g_free(dn);
280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	999 return NULL;
280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	1000 }
19550 0a6ed4e36ca8 Get rid of some stray whitespace and consistently use tab indentation Mark Doliner <mark@kingant.net> parents: 19549 diff changeset	1001
19079 05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1002 return dn;
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1003 }
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1004
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1005 static gchar *
18963 146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1006 x509_common_name (PurpleCertificate *crt)
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1007 {
20282 62b83cebbb59 applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e Richard Laager <rlaager@wiktel.com> parents: 20255 diff changeset	1008 gnutls_x509_crt cert_dat;
18963 146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1009 gchar *cn = NULL;
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1010 size_t cn_size;
19494 280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	1011 int ret;
18963 146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1012
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1013 g_return_val_if_fail(crt, NULL);
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1014 g_return_val_if_fail(crt->scheme == &x509_gnutls, NULL);
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1015
19017 e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	1016 cert_dat = X509_GET_GNUTLS_DATA(crt);
18963 146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1017
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1018 /* Figure out the length of the Common Name */
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1019 /* Claim that the buffer is size 0 so GnuTLS just tells us how much
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1020 space it needs */
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1021 cn_size = 0;
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1022 gnutls_x509_crt_get_dn_by_oid(cert_dat,
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1023 GNUTLS_OID_X520_COMMON_NAME,
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1024 0, /* First CN found, please */
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1025 0, /* Not in raw mode */
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1026 cn, &cn_size);
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1027
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1028 /* Now allocate and get the Common Name */
20283 5edb55b70108 applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971 Richard Laager <rlaager@wiktel.com> parents: 20282 diff changeset	1029 /* Old versions of GnuTLS have an off-by-one error in reporting
5edb55b70108 applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971 Richard Laager <rlaager@wiktel.com> parents: 20282 diff changeset	1030 the size of the needed buffer in some functions, so allocate
5edb55b70108 applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971 Richard Laager <rlaager@wiktel.com> parents: 20282 diff changeset	1031 an extra byte */
5edb55b70108 applied changes from 38a516984dfbc8fb0def05acb69fc1180ec0b971 Richard Laager <rlaager@wiktel.com> parents: 20282 diff changeset	1032 cn = g_new0(gchar, ++cn_size);
19494 280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	1033 ret = gnutls_x509_crt_get_dn_by_oid(cert_dat,
280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	1034 GNUTLS_OID_X520_COMMON_NAME,
280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	1035 0, /* First CN found, please */
280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	1036 0, /* Not in raw mode */
280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	1037 cn, &cn_size);
280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	1038 if (ret != 0) {
280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	1039 purple_debug_error("gnutls/x509",
280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	1040 "Failed to get Common Name\n");
280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	1041 g_free(cn);
280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	1042 return NULL;
280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	1043 }
280c6ec32ca6 - Yet More TODO whacking William Ehlhardt <williamehlhardt@gmail.com> parents: 19493 diff changeset	1044
18963 146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1045 return cn;
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1046 }
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme William Ehlhardt <williamehlhardt@gmail.com> parents: 18961 diff changeset	1047
19008 7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	1048 static gboolean
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	1049 x509_check_name (PurpleCertificate crt, const gchar name)
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	1050 {
20282 62b83cebbb59 applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e Richard Laager <rlaager@wiktel.com> parents: 20255 diff changeset	1051 gnutls_x509_crt crt_dat;
19008 7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	1052
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	1053 g_return_val_if_fail(crt, FALSE);
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	1054 g_return_val_if_fail(crt->scheme == &x509_gnutls, FALSE);
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	1055 g_return_val_if_fail(name, FALSE);
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	1056
19017 e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	1057 crt_dat = X509_GET_GNUTLS_DATA(crt);
19008 7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	1058
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	1059 if (gnutls_x509_crt_check_hostname(crt_dat, name)) {
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	1060 return TRUE;
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	1061 } else {
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	1062 return FALSE;
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	1063 }
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	1064 }
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	1065
19067 6c0aad79c4c5 - Change the internal structure of activation/expiration times to match William Ehlhardt <williamehlhardt@gmail.com> parents: 19021 diff changeset	1066 static gboolean
6c0aad79c4c5 - Change the internal structure of activation/expiration times to match William Ehlhardt <williamehlhardt@gmail.com> parents: 19021 diff changeset	1067 x509_times (PurpleCertificate crt, time_t activation, time_t *expiration)
19013 5157ebe90b93 - Add activation/expiration time retrievers to GnuTLS plugin William Ehlhardt <williamehlhardt@gmail.com> parents: 19008 diff changeset	1068 {
20282 62b83cebbb59 applied changes from 8b8bc5b1ef1263e1c0f00a9ed208accff09d988e Richard Laager <rlaager@wiktel.com> parents: 20255 diff changeset	1069 gnutls_x509_crt crt_dat;
19067 6c0aad79c4c5 - Change the internal structure of activation/expiration times to match William Ehlhardt <williamehlhardt@gmail.com> parents: 19021 diff changeset	1070 /* GnuTLS time functions return this on error */
6c0aad79c4c5 - Change the internal structure of activation/expiration times to match William Ehlhardt <williamehlhardt@gmail.com> parents: 19021 diff changeset	1071 const time_t errval = (time_t) (-1);
20332 3a9709bfde65 applied changes from 4d50bf3b08569aa2108a9f5da47fb1548d0c7dd9 Luke Schierer <lschiere@pidgin.im> parents: 20285 diff changeset	1072 gboolean success = TRUE;
19067 6c0aad79c4c5 - Change the internal structure of activation/expiration times to match William Ehlhardt <williamehlhardt@gmail.com> parents: 19021 diff changeset	1073
6c0aad79c4c5 - Change the internal structure of activation/expiration times to match William Ehlhardt <williamehlhardt@gmail.com> parents: 19021 diff changeset	1074 g_return_val_if_fail(crt, FALSE);
6c0aad79c4c5 - Change the internal structure of activation/expiration times to match William Ehlhardt <williamehlhardt@gmail.com> parents: 19021 diff changeset	1075 g_return_val_if_fail(crt->scheme == &x509_gnutls, FALSE);
19013 5157ebe90b93 - Add activation/expiration time retrievers to GnuTLS plugin William Ehlhardt <williamehlhardt@gmail.com> parents: 19008 diff changeset	1076
19017 e6558bae2bc6 - GnuTLS plugin now uses reference counting to manage its underlying William Ehlhardt <williamehlhardt@gmail.com> parents: 19013 diff changeset	1077 crt_dat = X509_GET_GNUTLS_DATA(crt);
19013 5157ebe90b93 - Add activation/expiration time retrievers to GnuTLS plugin William Ehlhardt <williamehlhardt@gmail.com> parents: 19008 diff changeset	1078
19067 6c0aad79c4c5 - Change the internal structure of activation/expiration times to match William Ehlhardt <williamehlhardt@gmail.com> parents: 19021 diff changeset	1079 if (activation) {
6c0aad79c4c5 - Change the internal structure of activation/expiration times to match William Ehlhardt <williamehlhardt@gmail.com> parents: 19021 diff changeset	1080 *activation = gnutls_x509_crt_get_activation_time(crt_dat);
20332 3a9709bfde65 applied changes from 4d50bf3b08569aa2108a9f5da47fb1548d0c7dd9 Luke Schierer <lschiere@pidgin.im> parents: 20285 diff changeset	1081 if (*activation == errval)
3a9709bfde65 applied changes from 4d50bf3b08569aa2108a9f5da47fb1548d0c7dd9 Luke Schierer <lschiere@pidgin.im> parents: 20285 diff changeset	1082 success = FALSE;
19067 6c0aad79c4c5 - Change the internal structure of activation/expiration times to match William Ehlhardt <williamehlhardt@gmail.com> parents: 19021 diff changeset	1083 }
6c0aad79c4c5 - Change the internal structure of activation/expiration times to match William Ehlhardt <williamehlhardt@gmail.com> parents: 19021 diff changeset	1084 if (expiration) {
6c0aad79c4c5 - Change the internal structure of activation/expiration times to match William Ehlhardt <williamehlhardt@gmail.com> parents: 19021 diff changeset	1085 *expiration = gnutls_x509_crt_get_expiration_time(crt_dat);
20332 3a9709bfde65 applied changes from 4d50bf3b08569aa2108a9f5da47fb1548d0c7dd9 Luke Schierer <lschiere@pidgin.im> parents: 20285 diff changeset	1086 if (*expiration == errval)
3a9709bfde65 applied changes from 4d50bf3b08569aa2108a9f5da47fb1548d0c7dd9 Luke Schierer <lschiere@pidgin.im> parents: 20285 diff changeset	1087 success = FALSE;
19067 6c0aad79c4c5 - Change the internal structure of activation/expiration times to match William Ehlhardt <williamehlhardt@gmail.com> parents: 19021 diff changeset	1088 }
19013 5157ebe90b93 - Add activation/expiration time retrievers to GnuTLS plugin William Ehlhardt <williamehlhardt@gmail.com> parents: 19008 diff changeset	1089
20332 3a9709bfde65 applied changes from 4d50bf3b08569aa2108a9f5da47fb1548d0c7dd9 Luke Schierer <lschiere@pidgin.im> parents: 20285 diff changeset	1090 return success;
19013 5157ebe90b93 - Add activation/expiration time retrievers to GnuTLS plugin William Ehlhardt <williamehlhardt@gmail.com> parents: 19008 diff changeset	1091 }
5157ebe90b93 - Add activation/expiration time retrievers to GnuTLS plugin William Ehlhardt <williamehlhardt@gmail.com> parents: 19008 diff changeset	1092
18189 030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	1093 /* X.509 certificate operations provided by this plugin */
030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	1094 static PurpleCertificateScheme x509_gnutls = {
030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	1095 "x509", /* Scheme name */
030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	1096 N_("X.509 Certificates"), /* User-visible scheme name */
030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	1097 x509_import_from_file, /* Certificate import function */
18977 31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff William Ehlhardt <williamehlhardt@gmail.com> parents: 18963 diff changeset	1098 x509_export_certificate, /* Certificate export function */
19019 e179e7e6ded7 - Add GnuTLS X.509 cert copy operator William Ehlhardt <williamehlhardt@gmail.com> parents: 19018 diff changeset	1099 x509_copy_certificate, /* Copy */
18934 04be1b885ef3 - Add more to the Certificate struct William Ehlhardt <williamehlhardt@gmail.com> parents: 18930 diff changeset	1100 x509_destroy_certificate, /* Destroy cert */
19076 daa68185a018 - Add purple_certificate_signed_by William Ehlhardt <williamehlhardt@gmail.com> parents: 19067 diff changeset	1101 x509_certificate_signed_by, /* Signature checker */
18935 cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter William Ehlhardt <williamehlhardt@gmail.com> parents: 18934 diff changeset	1102 x509_sha1sum, /* SHA1 fingerprint */
19079 05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1103 x509_cert_dn, /* Unique ID */
05ae340c42cc - Add unique_id and issuer_unique_id constructions (defined as Distinguished William Ehlhardt <williamehlhardt@gmail.com> parents: 19076 diff changeset	1104 x509_issuer_dn, /* Issuer Unique ID */
19006 dc60287ce426 - Add get_activation_time and get_expiration_time to CertificateScheme William Ehlhardt <williamehlhardt@gmail.com> parents: 19004 diff changeset	1105 x509_common_name, /* Subject name */
19008 7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery William Ehlhardt <williamehlhardt@gmail.com> parents: 19007 diff changeset	1106 x509_check_name, /* Check subject name */
19649 450f4a3c4c0f - Add purple_reserved fields to various structures. William Ehlhardt <williamehlhardt@gmail.com> parents: 19552 diff changeset	1107 x509_times, /* Activation/Expiration time */
29647 c35fd54ec64b Implement reading multiple certificates from a single "bundle" of Stu Tomlinson <stu@nosnilmot.com> parents: 28358 diff changeset	1108 x509_importcerts_from_file, /* Multiple certificates import function */
19649 450f4a3c4c0f - Add purple_reserved fields to various structures. William Ehlhardt <williamehlhardt@gmail.com> parents: 19552 diff changeset	1109
450f4a3c4c0f - Add purple_reserved fields to various structures. William Ehlhardt <williamehlhardt@gmail.com> parents: 19552 diff changeset	1110 NULL,
450f4a3c4c0f - Add purple_reserved fields to various structures. William Ehlhardt <williamehlhardt@gmail.com> parents: 19552 diff changeset	1111 NULL,
450f4a3c4c0f - Add purple_reserved fields to various structures. William Ehlhardt <williamehlhardt@gmail.com> parents: 19552 diff changeset	1112 NULL
450f4a3c4c0f - Add purple_reserved fields to various structures. William Ehlhardt <williamehlhardt@gmail.com> parents: 19552 diff changeset	1113
18189 030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	1114 };
030a2209ae96 - Style issues William Ehlhardt <williamehlhardt@gmail.com> parents: 18188 diff changeset	1115
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	1116 static PurpleSslOps ssl_ops =
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1117 {
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1118 ssl_gnutls_init,
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1119 ssl_gnutls_uninit,
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1120 ssl_gnutls_connect,
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1121 ssl_gnutls_close,
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1122 ssl_gnutls_read,
16665 6531f1a2e1d7 Added NULL pads to ssl stuff Gary Kramlich <grim@reaperworld.com> parents: 15822 diff changeset	1123 ssl_gnutls_write,
18187 33690062e8b3 - Expose get_peer_certificates in the SslOps struct, and modify gnutls William Ehlhardt <williamehlhardt@gmail.com> parents: 18186 diff changeset	1124 ssl_gnutls_get_peer_certificates,
16665 6531f1a2e1d7 Added NULL pads to ssl stuff Gary Kramlich <grim@reaperworld.com> parents: 15822 diff changeset	1125
6531f1a2e1d7 Added NULL pads to ssl stuff Gary Kramlich <grim@reaperworld.com> parents: 15822 diff changeset	1126 /* padding */
6531f1a2e1d7 Added NULL pads to ssl stuff Gary Kramlich <grim@reaperworld.com> parents: 15822 diff changeset	1127 NULL,
6531f1a2e1d7 Added NULL pads to ssl stuff Gary Kramlich <grim@reaperworld.com> parents: 15822 diff changeset	1128 NULL,
6531f1a2e1d7 Added NULL pads to ssl stuff Gary Kramlich <grim@reaperworld.com> parents: 15822 diff changeset	1129 NULL
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1130 };
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1131
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1132 static gboolean
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	1133 plugin_load(PurplePlugin *plugin)
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1134 {
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	1135 if(!purple_ssl_get_ops()) {
32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	1136 purple_ssl_set_ops(&ssl_ops);
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1137 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1138
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1139 /* Init GNUTLS now so others can use it even if sslconn never does */
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1140 ssl_gnutls_init_gnutls();
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1141
19215 ab91044a914e - Move ssl-gnutls x509 registration until after GnuTLS itself is inited William Ehlhardt <williamehlhardt@gmail.com> parents: 19212 diff changeset	1142 /* Register that we're providing an X.509 CertScheme */
ab91044a914e - Move ssl-gnutls x509 registration until after GnuTLS itself is inited William Ehlhardt <williamehlhardt@gmail.com> parents: 19212 diff changeset	1143 purple_certificate_register_scheme( &x509_gnutls );
ab91044a914e - Move ssl-gnutls x509 registration until after GnuTLS itself is inited William Ehlhardt <williamehlhardt@gmail.com> parents: 19212 diff changeset	1144
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1145 return TRUE;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1146 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1147
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1148 static gboolean
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	1149 plugin_unload(PurplePlugin *plugin)
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1150 {
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	1151 if(purple_ssl_get_ops() == &ssl_ops) {
32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	1152 purple_ssl_set_ops(NULL);
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1153 }
18927 9abc911c65aa - GnuTLS plugin registers an x509 certscheme now William Ehlhardt <williamehlhardt@gmail.com> parents: 18191 diff changeset	1154
9abc911c65aa - GnuTLS plugin registers an x509 certscheme now William Ehlhardt <williamehlhardt@gmail.com> parents: 18191 diff changeset	1155 purple_certificate_unregister_scheme( &x509_gnutls );
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1156
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1157 return TRUE;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1158 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1159
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	1160 static PurplePluginInfo info =
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1161 {
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	1162 PURPLE_PLUGIN_MAGIC,
32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	1163 PURPLE_MAJOR_VERSION,
32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	1164 PURPLE_MINOR_VERSION,
32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	1165 PURPLE_PLUGIN_STANDARD, /*< type /
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1166 NULL, /*< ui_requirement /
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	1167 PURPLE_PLUGIN_FLAG_INVISIBLE, /*< flags /
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1168 NULL, /*< dependencies /
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	1169 PURPLE_PRIORITY_DEFAULT, /*< priority /
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1170
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1171 SSL_GNUTLS_PLUGIN_ID, /*< id /
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1172 N_("GNUTLS"), /*< name /
21030 3cc856ca2338 Add a --with-extraversion option to ./configure so packagers can fine tune Stu Tomlinson <stu@nosnilmot.com> parents: 20332 diff changeset	1173 DISPLAY_VERSION, /*< version /
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1174 /** summary */
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1175 N_("Provides SSL support through GNUTLS."),
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1176 /** description */
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1177 N_("Provides SSL support through GNUTLS."),
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1178 "Christian Hammond <chipx86@gnupdate.org>",
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	1179 PURPLE_WEBSITE, /*< homepage /
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1180
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1181 plugin_load, /*< load /
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1182 plugin_unload, /*< unload /
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1183 NULL, /*< destroy /
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1184
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1185 NULL, /*< ui_info /
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1186 NULL, /*< extra_info /
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1187 NULL, /*< prefs_info /
16665 6531f1a2e1d7 Added NULL pads to ssl stuff Gary Kramlich <grim@reaperworld.com> parents: 15822 diff changeset	1188 NULL, /*< actions /
6531f1a2e1d7 Added NULL pads to ssl stuff Gary Kramlich <grim@reaperworld.com> parents: 15822 diff changeset	1189
6531f1a2e1d7 Added NULL pads to ssl stuff Gary Kramlich <grim@reaperworld.com> parents: 15822 diff changeset	1190 /* padding */
6531f1a2e1d7 Added NULL pads to ssl stuff Gary Kramlich <grim@reaperworld.com> parents: 15822 diff changeset	1191 NULL,
6531f1a2e1d7 Added NULL pads to ssl stuff Gary Kramlich <grim@reaperworld.com> parents: 15822 diff changeset	1192 NULL,
6531f1a2e1d7 Added NULL pads to ssl stuff Gary Kramlich <grim@reaperworld.com> parents: 15822 diff changeset	1193 NULL,
6531f1a2e1d7 Added NULL pads to ssl stuff Gary Kramlich <grim@reaperworld.com> parents: 15822 diff changeset	1194 NULL
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1195 };
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1196
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1197 static void
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	1198 init_plugin(PurplePlugin *plugin)
15373 5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1199 {
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1200 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/ Sean Egan <seanegan@gmail.com> parents: diff changeset	1201
15822 32c366eeeb99 sed -ie 's/gaim/purple/g' Sean Egan <seanegan@gmail.com> parents: 15784 diff changeset	1202 PURPLE_INIT_PLUGIN(ssl_gnutls, init_plugin, info)

Mercurial > pidgin

annotate libpurple/plugins/ssl/ssl-gnutls.c @ 29656:9bfa52f8ee87