Mercurial > pidgin

annotate libpurple/plugins/ssl/ssl-gnutls.c @ 19011:b4207894b534

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
- Verbosity in struct members.
author William Ehlhardt <williamehlhardt@gmail.com>
date Thu, 12 Jul 2007 00:55:35 +0000
parents 7fd9bd55f8d0
children 5157ebe90b93
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
15373
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
1 /**
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
2 * @file ssl-gnutls.c GNUTLS SSL plugin.
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
3 *
15822
32c366eeeb99 sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@gmail.com>
parents: 15784
diff changeset
4 * purple
15373
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
5 *
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
6 * Copyright (C) 2003 Christian Hammond <chipx86@gnupdate.org>
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
7 *
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
8 * This program is free software; you can redistribute it and/or modify
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
9 * it under the terms of the GNU General Public License as published by
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
10 * the Free Software Foundation; either version 2 of the License, or
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
11 * (at your option) any later version.
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
12 *
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
13 * This program is distributed in the hope that it will be useful,
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
16 * GNU General Public License for more details.
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
17 *
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
18 * You should have received a copy of the GNU General Public License
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
19 * along with this program; if not, write to the Free Software
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
21 */
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
22 #include "internal.h"
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
23 #include "debug.h"
17913
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
24 #include "certificate.h"
15373
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
25 #include "plugin.h"
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
26 #include "sslconn.h"
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
27 #include "version.h"
17766
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17252
diff changeset
28 #include "util.h"
15373
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
29
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
30 #define SSL_GNUTLS_PLUGIN_ID "ssl-gnutls"
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
31
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
32 #ifdef HAVE_GNUTLS
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
33
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
34 #include <gnutls/gnutls.h>
17766
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17252
diff changeset
35 #include <gnutls/x509.h>
15373
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
36
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
37 typedef struct
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
38 {
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
39 gnutls_session session;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
40 guint handshake_handler;
15822
32c366eeeb99 sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@gmail.com>
parents: 15784
diff changeset
41 } PurpleSslGnutlsData;
15373
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
42
15822
32c366eeeb99 sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@gmail.com>
parents: 15784
diff changeset
43 #define PURPLE_SSL_GNUTLS_DATA(gsc) ((PurpleSslGnutlsData *)gsc->private_data)
15373
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
44
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
45 static gnutls_certificate_client_credentials xcred;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
46
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
47 static void
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
48 ssl_gnutls_init_gnutls(void)
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
49 {
17911
91feef6cbede - GnuTLS uses glib memory mgmt
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17793
diff changeset
50 /* Configure GnuTLS to use glib memory management */
91feef6cbede - GnuTLS uses glib memory mgmt
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17793
diff changeset
51 /* I expect that this isn't really necessary, but it may prevent
91feef6cbede - GnuTLS uses glib memory mgmt
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17793
diff changeset
52 some bugs */
17913
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
53 /* TODO: It may be necessary to wrap this allocators for GnuTLS.
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
54 If there are strange bugs, perhaps look here (yes, I am a
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
55 hypocrite) */
17911
91feef6cbede - GnuTLS uses glib memory mgmt
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17793
diff changeset
56 gnutls_global_set_mem_functions(
17913
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
57 (gnutls_alloc_function) g_malloc0, /* malloc */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
58 (gnutls_alloc_function) g_malloc0, /* secure malloc */
17911
91feef6cbede - GnuTLS uses glib memory mgmt
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17793
diff changeset
59 NULL, /* mem_is_secure */
17913
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
60 (gnutls_realloc_function) g_realloc, /* realloc */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
61 (gnutls_free_function) g_free /* free */
17911
91feef6cbede - GnuTLS uses glib memory mgmt
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17793
diff changeset
62 );
91feef6cbede - GnuTLS uses glib memory mgmt
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17793
diff changeset
63
15373
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
64 gnutls_global_init();
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
65
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
66 gnutls_certificate_allocate_credentials(&xcred);
17913
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
67
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
68 /* TODO: I can likely remove this */
17781
3ce170204ef0 disapproval of revision '38e35430b0f7a8b7d764fca702732e7f1c652d02'
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17780
diff changeset
69 gnutls_certificate_set_x509_trust_file(xcred, "ca.pem",
3ce170204ef0 disapproval of revision '38e35430b0f7a8b7d764fca702732e7f1c652d02'
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17780
diff changeset
70 GNUTLS_X509_FMT_PEM);
15373
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
71 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
72
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
73 static gboolean
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
74 ssl_gnutls_init(void)
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
75 {
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
76 return TRUE;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
77 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
78
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
79 static void
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
80 ssl_gnutls_uninit(void)
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
81 {
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
82 gnutls_global_deinit();
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
83
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
84 gnutls_certificate_free_credentials(xcred);
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
85 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
86
18955
f393eddab077 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18938
diff changeset
87 static void
f393eddab077 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18938
diff changeset
88 ssl_gnutls_verified_cb(PurpleCertificateVerificationStatus st,
f393eddab077 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18938
diff changeset
89 gpointer userdata)
f393eddab077 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18938
diff changeset
90 {
f393eddab077 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18938
diff changeset
91 PurpleSslConnection *gsc = (PurpleSslConnection *) userdata;
f393eddab077 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18938
diff changeset
92
f393eddab077 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18938
diff changeset
93 if (st == PURPLE_CERTIFICATE_VALID) {
f393eddab077 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18938
diff changeset
94 /* Certificate valid? Good! Do the connection! */
f393eddab077 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18938
diff changeset
95 gsc->connect_cb(gsc->connect_cb_data, gsc, PURPLE_INPUT_READ);
f393eddab077 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18938
diff changeset
96 } else {
f393eddab077 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18938
diff changeset
97 /* Otherwise, signal an error */
f393eddab077 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18938
diff changeset
98 if(gsc->error_cb != NULL)
f393eddab077 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18938
diff changeset
99 gsc->error_cb(gsc, PURPLE_SSL_CERTIFICATE_INVALID,
f393eddab077 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18938
diff changeset
100 gsc->connect_cb_data);
f393eddab077 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18938
diff changeset
101 purple_ssl_close(gsc);
f393eddab077 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18938
diff changeset
102 }
f393eddab077 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18938
diff changeset
103 }
f393eddab077 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18938
diff changeset
104
f393eddab077 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18938
diff changeset
105
15373
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
106
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
107 static void ssl_gnutls_handshake_cb(gpointer data, gint source,
15822
32c366eeeb99 sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@gmail.com>
parents: 15784
diff changeset
108 PurpleInputCondition cond)
15373
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
109 {
15822
32c366eeeb99 sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@gmail.com>
parents: 15784
diff changeset
110 PurpleSslConnection *gsc = data;
32c366eeeb99 sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@gmail.com>
parents: 15784
diff changeset
111 PurpleSslGnutlsData *gnutls_data = PURPLE_SSL_GNUTLS_DATA(gsc);
15373
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
112 ssize_t ret;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
113
18930
559f29b68dcf - Debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18927
diff changeset
114 purple_debug_info("gnutls", "Handshaking with %s\n", gsc->host);
15373
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
115 ret = gnutls_handshake(gnutls_data->session);
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
116
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
117 if(ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED)
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
118 return;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
119
15822
32c366eeeb99 sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@gmail.com>
parents: 15784
diff changeset
120 purple_input_remove(gnutls_data->handshake_handler);
15373
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
121 gnutls_data->handshake_handler = 0;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
122
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
123 if(ret != 0) {
15822
32c366eeeb99 sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@gmail.com>
parents: 15784
diff changeset
124 purple_debug_error("gnutls", "Handshake failed. Error %s\n",
15784
eed84b59c252 There were a few problems here
Mark Doliner <mark@kingant.net>
parents: 15373
diff changeset
125 gnutls_strerror(ret));
15373
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
126
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
127 if(gsc->error_cb != NULL)
15822
32c366eeeb99 sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@gmail.com>
parents: 15784
diff changeset
128 gsc->error_cb(gsc, PURPLE_SSL_HANDSHAKE_FAILED,
15373
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
129 gsc->connect_cb_data);
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
130
15822
32c366eeeb99 sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@gmail.com>
parents: 15784
diff changeset
131 purple_ssl_close(gsc);
15373
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
132 } else {
15822
32c366eeeb99 sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@gmail.com>
parents: 15784
diff changeset
133 purple_debug_info("gnutls", "Handshake complete\n");
15373
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
134
18938
f2ddc4b10d72 - Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18935
diff changeset
135 /* TODO: Remove all this debugging babble */
f2ddc4b10d72 - Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18935
diff changeset
136 /* Now we are cooking with gas! */
f2ddc4b10d72 - Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18935
diff changeset
137 PurpleSslOps *ops = purple_ssl_get_ops();
f2ddc4b10d72 - Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18935
diff changeset
138 GList * peers = ops->get_peer_certificates(gsc);
f2ddc4b10d72 - Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18935
diff changeset
139
f2ddc4b10d72 - Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18935
diff changeset
140 PurpleCertificateScheme *x509 =
f2ddc4b10d72 - Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18935
diff changeset
141 purple_certificate_find_scheme("x509");
f2ddc4b10d72 - Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18935
diff changeset
142
f2ddc4b10d72 - Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18935
diff changeset
143 GList * l;
f2ddc4b10d72 - Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18935
diff changeset
144 for (l=peers; l; l = l->next) {
f2ddc4b10d72 - Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18935
diff changeset
145 PurpleCertificate *crt = l->data;
f2ddc4b10d72 - Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18935
diff changeset
146 GByteArray *z =
f2ddc4b10d72 - Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18935
diff changeset
147 x509->get_fingerprint_sha1(crt);
f2ddc4b10d72 - Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18935
diff changeset
148 gchar * fpr =
f2ddc4b10d72 - Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18935
diff changeset
149 purple_base16_encode_chunked(z->data,
f2ddc4b10d72 - Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18935
diff changeset
150 z->len);
f2ddc4b10d72 - Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18935
diff changeset
151
f2ddc4b10d72 - Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18935
diff changeset
152 purple_debug_info("gnutls/x509",
f2ddc4b10d72 - Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18935
diff changeset
153 "Key print: %s\n",
f2ddc4b10d72 - Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18935
diff changeset
154 fpr);
f2ddc4b10d72 - Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18935
diff changeset
155
f2ddc4b10d72 - Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18935
diff changeset
156 /* Kill the cert! */
f2ddc4b10d72 - Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18935
diff changeset
157 x509->destroy_certificate(crt);
f2ddc4b10d72 - Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18935
diff changeset
158
f2ddc4b10d72 - Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18935
diff changeset
159 g_free(fpr);
f2ddc4b10d72 - Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18935
diff changeset
160 g_byte_array_free(z, TRUE);
f2ddc4b10d72 - Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18935
diff changeset
161 }
f2ddc4b10d72 - Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18935
diff changeset
162 g_list_free(peers);
f2ddc4b10d72 - Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18935
diff changeset
163
17766
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17252
diff changeset
164 {
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17252
diff changeset
165 const gnutls_datum_t *cert_list;
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17252
diff changeset
166 unsigned int cert_list_size = 0;
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17252
diff changeset
167 gnutls_session_t session=gnutls_data->session;
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17252
diff changeset
168
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17252
diff changeset
169 cert_list =
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17252
diff changeset
170 gnutls_certificate_get_peers(session, &cert_list_size);
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17252
diff changeset
171
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17252
diff changeset
172 purple_debug_info("gnutls",
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17252
diff changeset
173 "Peer provided %d certs\n",
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17252
diff changeset
174 cert_list_size);
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17252
diff changeset
175 int i;
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17252
diff changeset
176 for (i=0; i<cert_list_size; i++)
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17252
diff changeset
177 {
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17252
diff changeset
178 gchar fpr_bin[256];
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17252
diff changeset
179 gsize fpr_bin_sz = sizeof(fpr_bin);
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17252
diff changeset
180 gchar * fpr_asc = NULL;
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17252
diff changeset
181 gchar tbuf[256];
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17252
diff changeset
182 gsize tsz=sizeof(tbuf);
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17252
diff changeset
183 gchar * tasc = NULL;
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17252
diff changeset
184 gnutls_x509_crt_t cert;
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17252
diff changeset
185
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17252
diff changeset
186 gnutls_x509_crt_init(&cert);
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17252
diff changeset
187 gnutls_x509_crt_import (cert, &cert_list[i],
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17252
diff changeset
188 GNUTLS_X509_FMT_DER);
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17252
diff changeset
189
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17252
diff changeset
190 gnutls_x509_crt_get_fingerprint(cert, GNUTLS_MAC_SHA,
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17252
diff changeset
191 fpr_bin, &fpr_bin_sz);
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17252
diff changeset
192
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17252
diff changeset
193 fpr_asc =
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17252
diff changeset
194 purple_base16_encode_chunked(fpr_bin,fpr_bin_sz);
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17252
diff changeset
195
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17252
diff changeset
196 purple_debug_info("gnutls",
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17252
diff changeset
197 "Lvl %d SHA1 fingerprint: %s\n",
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17252
diff changeset
198 i, fpr_asc);
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17252
diff changeset
199
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17252
diff changeset
200 tsz=sizeof(tbuf);
17781
3ce170204ef0 disapproval of revision '38e35430b0f7a8b7d764fca702732e7f1c652d02'
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17780
diff changeset
201 gnutls_x509_crt_get_serial(cert,tbuf,&tsz);
17766
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17252
diff changeset
202 tasc=
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17252
diff changeset
203 purple_base16_encode_chunked(tbuf, tsz);
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17252
diff changeset
204 purple_debug_info("gnutls",
17781
3ce170204ef0 disapproval of revision '38e35430b0f7a8b7d764fca702732e7f1c652d02'
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17780
diff changeset
205 "Serial: %s\n",
3ce170204ef0 disapproval of revision '38e35430b0f7a8b7d764fca702732e7f1c652d02'
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17780
diff changeset
206 tasc);
17766
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17252
diff changeset
207 g_free(tasc);
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17252
diff changeset
208
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17252
diff changeset
209 tsz=sizeof(tbuf);
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17252
diff changeset
210 gnutls_x509_crt_get_dn (cert, tbuf, &tsz);
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17252
diff changeset
211 purple_debug_info("gnutls",
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17252
diff changeset
212 "Cert DN: %s\n",
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17252
diff changeset
213 tbuf);
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17252
diff changeset
214 tsz=sizeof(tbuf);
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17252
diff changeset
215 gnutls_x509_crt_get_issuer_dn (cert, tbuf, &tsz);
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17252
diff changeset
216 purple_debug_info("gnutls",
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17252
diff changeset
217 "Cert Issuer DN: %s\n",
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17252
diff changeset
218 tbuf);
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17252
diff changeset
219
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17252
diff changeset
220 g_free(fpr_asc); fpr_asc = NULL;
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17252
diff changeset
221 gnutls_x509_crt_deinit(cert);
17781
3ce170204ef0 disapproval of revision '38e35430b0f7a8b7d764fca702732e7f1c652d02'
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17780
diff changeset
222 }
17766
fe571cfcf225 - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17252
diff changeset
223
17781
3ce170204ef0 disapproval of revision '38e35430b0f7a8b7d764fca702732e7f1c652d02'
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17780
diff changeset
224 }
18955
f393eddab077 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18938
diff changeset
225
f393eddab077 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18938
diff changeset
226 /* TODO: The following logic should really be in libpurple */
f393eddab077 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18938
diff changeset
227 /* If a Verifier was given, hand control over to it */
f393eddab077 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18938
diff changeset
228 if (gsc->verifier) {
f393eddab077 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18938
diff changeset
229 GList *peers;
f393eddab077 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18938
diff changeset
230 /* First, get the peer cert chain */
f393eddab077 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18938
diff changeset
231 peers = purple_ssl_get_peer_certificates(gsc);
f393eddab077 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18938
diff changeset
232
f393eddab077 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18938
diff changeset
233 /* Now kick off the verification process */
f393eddab077 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18938
diff changeset
234 purple_certificate_verify(gsc->verifier,
f393eddab077 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18938
diff changeset
235 gsc->host,
f393eddab077 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18938
diff changeset
236 peers,
f393eddab077 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18938
diff changeset
237 ssl_gnutls_verified_cb,
f393eddab077 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18938
diff changeset
238 gsc);
f393eddab077 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18938
diff changeset
239
f393eddab077 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18938
diff changeset
240 } else {
f393eddab077 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18938
diff changeset
241 /* Otherwise, just call the "connection complete"
f393eddab077 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18938
diff changeset
242 callback */
f393eddab077 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18938
diff changeset
243 gsc->connect_cb(gsc->connect_cb_data, gsc, cond);
f393eddab077 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18938
diff changeset
244 }
15373
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
245 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
246
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
247 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
248
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
249
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
250 static void
15822
32c366eeeb99 sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@gmail.com>
parents: 15784
diff changeset
251 ssl_gnutls_connect(PurpleSslConnection *gsc)
15373
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
252 {
15822
32c366eeeb99 sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@gmail.com>
parents: 15784
diff changeset
253 PurpleSslGnutlsData *gnutls_data;
15373
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
254 static const int cert_type_priority[2] = { GNUTLS_CRT_X509, 0 };
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
255
15822
32c366eeeb99 sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@gmail.com>
parents: 15784
diff changeset
256 gnutls_data = g_new0(PurpleSslGnutlsData, 1);
15373
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
257 gsc->private_data = gnutls_data;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
258
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
259 gnutls_init(&gnutls_data->session, GNUTLS_CLIENT);
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
260 gnutls_set_default_priority(gnutls_data->session);
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
261
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
262 gnutls_certificate_type_set_priority(gnutls_data->session,
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
263 cert_type_priority);
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
264
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
265 gnutls_credentials_set(gnutls_data->session, GNUTLS_CRD_CERTIFICATE,
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
266 xcred);
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
267
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
268 gnutls_transport_set_ptr(gnutls_data->session, GINT_TO_POINTER(gsc->fd));
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
269
15822
32c366eeeb99 sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@gmail.com>
parents: 15784
diff changeset
270 gnutls_data->handshake_handler = purple_input_add(gsc->fd,
32c366eeeb99 sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@gmail.com>
parents: 15784
diff changeset
271 PURPLE_INPUT_READ, ssl_gnutls_handshake_cb, gsc);
15373
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
272
17252
a2edef5eb1b1 - Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents: 16665
diff changeset
273 /* Orborde asks: Why are we configuring a callback, then
a2edef5eb1b1 - Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents: 16665
diff changeset
274 immediately calling it?
a2edef5eb1b1 - Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents: 16665
diff changeset
275
a2edef5eb1b1 - Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents: 16665
diff changeset
276 Answer: gnutls_handshake (up in handshake_cb) needs to be called
a2edef5eb1b1 - Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents: 16665
diff changeset
277 once in order to get the ball rolling on the SSL connection.
a2edef5eb1b1 - Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents: 16665
diff changeset
278 Once it has done so, only then will the server reply, triggering
a2edef5eb1b1 - Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents: 16665
diff changeset
279 the callback.
a2edef5eb1b1 - Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents: 16665
diff changeset
280
a2edef5eb1b1 - Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents: 16665
diff changeset
281 Since the logic driving gnutls_handshake is the same with the first
a2edef5eb1b1 - Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents: 16665
diff changeset
282 and subsequent calls, we'll just fire the callback immediately to
a2edef5eb1b1 - Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents: 16665
diff changeset
283 accomplish this.
a2edef5eb1b1 - Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents: 16665
diff changeset
284 */
15822
32c366eeeb99 sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@gmail.com>
parents: 15784
diff changeset
285 ssl_gnutls_handshake_cb(gsc, gsc->fd, PURPLE_INPUT_READ);
15373
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
286 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
287
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
288 static void
15822
32c366eeeb99 sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@gmail.com>
parents: 15784
diff changeset
289 ssl_gnutls_close(PurpleSslConnection *gsc)
15373
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
290 {
15822
32c366eeeb99 sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@gmail.com>
parents: 15784
diff changeset
291 PurpleSslGnutlsData *gnutls_data = PURPLE_SSL_GNUTLS_DATA(gsc);
15373
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
292
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
293 if(!gnutls_data)
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
294 return;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
295
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
296 if(gnutls_data->handshake_handler)
15822
32c366eeeb99 sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@gmail.com>
parents: 15784
diff changeset
297 purple_input_remove(gnutls_data->handshake_handler);
15373
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
298
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
299 gnutls_bye(gnutls_data->session, GNUTLS_SHUT_RDWR);
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
300
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
301 gnutls_deinit(gnutls_data->session);
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
302
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
303 g_free(gnutls_data);
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
304 gsc->private_data = NULL;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
305 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
306
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
307 static size_t
15822
32c366eeeb99 sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@gmail.com>
parents: 15784
diff changeset
308 ssl_gnutls_read(PurpleSslConnection *gsc, void *data, size_t len)
15373
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
309 {
15822
32c366eeeb99 sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@gmail.com>
parents: 15784
diff changeset
310 PurpleSslGnutlsData *gnutls_data = PURPLE_SSL_GNUTLS_DATA(gsc);
15373
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
311 ssize_t s;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
312
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
313 s = gnutls_record_recv(gnutls_data->session, data, len);
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
314
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
315 if(s == GNUTLS_E_AGAIN || s == GNUTLS_E_INTERRUPTED) {
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
316 s = -1;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
317 errno = EAGAIN;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
318 } else if(s < 0) {
15822
32c366eeeb99 sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@gmail.com>
parents: 15784
diff changeset
319 purple_debug_error("gnutls", "receive failed: %s\n",
15784
eed84b59c252 There were a few problems here
Mark Doliner <mark@kingant.net>
parents: 15373
diff changeset
320 gnutls_strerror(s));
eed84b59c252 There were a few problems here
Mark Doliner <mark@kingant.net>
parents: 15373
diff changeset
321 s = -1;
eed84b59c252 There were a few problems here
Mark Doliner <mark@kingant.net>
parents: 15373
diff changeset
322 /*
eed84b59c252 There were a few problems here
Mark Doliner <mark@kingant.net>
parents: 15373
diff changeset
323 * TODO: Set errno to something more appropriate. Or even
eed84b59c252 There were a few problems here
Mark Doliner <mark@kingant.net>
parents: 15373
diff changeset
324 * better: allow ssl plugins to keep track of their
eed84b59c252 There were a few problems here
Mark Doliner <mark@kingant.net>
parents: 15373
diff changeset
325 * own error message, then add a new ssl_ops function
eed84b59c252 There were a few problems here
Mark Doliner <mark@kingant.net>
parents: 15373
diff changeset
326 * that returns the error message.
eed84b59c252 There were a few problems here
Mark Doliner <mark@kingant.net>
parents: 15373
diff changeset
327 */
eed84b59c252 There were a few problems here
Mark Doliner <mark@kingant.net>
parents: 15373
diff changeset
328 errno = EIO;
15373
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
329 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
330
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
331 return s;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
332 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
333
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
334 static size_t
15822
32c366eeeb99 sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@gmail.com>
parents: 15784
diff changeset
335 ssl_gnutls_write(PurpleSslConnection *gsc, const void *data, size_t len)
15373
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
336 {
15822
32c366eeeb99 sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@gmail.com>
parents: 15784
diff changeset
337 PurpleSslGnutlsData *gnutls_data = PURPLE_SSL_GNUTLS_DATA(gsc);
15373
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
338 ssize_t s = 0;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
339
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
340 /* XXX: when will gnutls_data be NULL? */
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
341 if(gnutls_data)
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
342 s = gnutls_record_send(gnutls_data->session, data, len);
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
343
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
344 if(s == GNUTLS_E_AGAIN || s == GNUTLS_E_INTERRUPTED) {
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
345 s = -1;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
346 errno = EAGAIN;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
347 } else if(s < 0) {
15822
32c366eeeb99 sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@gmail.com>
parents: 15784
diff changeset
348 purple_debug_error("gnutls", "send failed: %s\n",
15784
eed84b59c252 There were a few problems here
Mark Doliner <mark@kingant.net>
parents: 15373
diff changeset
349 gnutls_strerror(s));
eed84b59c252 There were a few problems here
Mark Doliner <mark@kingant.net>
parents: 15373
diff changeset
350 s = -1;
eed84b59c252 There were a few problems here
Mark Doliner <mark@kingant.net>
parents: 15373
diff changeset
351 /*
eed84b59c252 There were a few problems here
Mark Doliner <mark@kingant.net>
parents: 15373
diff changeset
352 * TODO: Set errno to something more appropriate. Or even
eed84b59c252 There were a few problems here
Mark Doliner <mark@kingant.net>
parents: 15373
diff changeset
353 * better: allow ssl plugins to keep track of their
eed84b59c252 There were a few problems here
Mark Doliner <mark@kingant.net>
parents: 15373
diff changeset
354 * own error message, then add a new ssl_ops function
eed84b59c252 There were a few problems here
Mark Doliner <mark@kingant.net>
parents: 15373
diff changeset
355 * that returns the error message.
eed84b59c252 There were a few problems here
Mark Doliner <mark@kingant.net>
parents: 15373
diff changeset
356 */
eed84b59c252 There were a few problems here
Mark Doliner <mark@kingant.net>
parents: 15373
diff changeset
357 errno = EIO;
15373
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
358 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
359
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
360 return s;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
361 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
362
17914
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
363 /* Forward declarations are fun!
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
364 TODO: This is a stupid place for this */
18189
030a2209ae96 - Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18188
diff changeset
365 static PurpleCertificate *
18186
80c909c5bb7a - Add a mode switch to allow DER or PEM imports (necessary because SSL certs
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17914
diff changeset
366 x509_import_from_datum(const gnutls_datum_t dt, gnutls_x509_crt_fmt_t mode);
17914
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
367
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
368 static GList *
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
369 ssl_gnutls_get_peer_certificates(PurpleSslConnection * gsc)
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
370 {
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
371 PurpleSslGnutlsData *gnutls_data = PURPLE_SSL_GNUTLS_DATA(gsc);
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
372
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
373 /* List of Certificate instances to return */
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
374 GList * peer_certs = NULL;
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
375
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
376 /* List of raw certificates as given by GnuTLS */
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
377 const gnutls_datum_t *cert_list;
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
378 unsigned int cert_list_size = 0;
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
379
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
380 unsigned int i;
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
381
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
382 /* This should never, ever happen. */
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
383 g_return_val_if_fail( gnutls_certificate_type_get (gnutls_data->session) == GNUTLS_CRT_X509, NULL);
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
384
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
385 /* Get the certificate list from GnuTLS */
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
386 /* TODO: I am _pretty sure_ this doesn't block or do other exciting things */
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
387 cert_list = gnutls_certificate_get_peers(gnutls_data->session,
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
388 &cert_list_size);
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
389
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
390 /* Convert each certificate to a Certificate and append it to the list */
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
391 for (i = 0; i < cert_list_size; i++) {
18189
030a2209ae96 - Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18188
diff changeset
392 PurpleCertificate * newcrt = x509_import_from_datum(cert_list[i],
18186
80c909c5bb7a - Add a mode switch to allow DER or PEM imports (necessary because SSL certs
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17914
diff changeset
393 GNUTLS_X509_FMT_DER);
17914
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
394 /* Append is somewhat inefficient on linked lists, but is easy
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
395 to read. If someone complains, I'll change it.
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
396 TODO: Is anyone complaining? (Maybe elb?) */
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
397 peer_certs = g_list_append(peer_certs, newcrt);
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
398 }
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
399
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
400 /* cert_list shouldn't need free()-ing */
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
401 /* TODO: double-check this */
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
402
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
403 return peer_certs;
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
404 }
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
405
17913
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
406 /************************************************************************/
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
407 /* X.509 functionality */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
408 /************************************************************************/
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
409 const gchar * SCHEME_NAME = "x509";
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
410
18189
030a2209ae96 - Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18188
diff changeset
411 static PurpleCertificateScheme x509_gnutls;
17913
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
412
17914
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
413 /** Transforms a gnutls_datum_t containing an X.509 certificate into a Certificate instance under the x509_gnutls scheme
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
414 *
18186
80c909c5bb7a - Add a mode switch to allow DER or PEM imports (necessary because SSL certs
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17914
diff changeset
415 * @param dt Datum to transform
80c909c5bb7a - Add a mode switch to allow DER or PEM imports (necessary because SSL certs
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17914
diff changeset
416 * @param mode GnuTLS certificate format specifier (GNUTLS_X509_FMT_PEM for
80c909c5bb7a - Add a mode switch to allow DER or PEM imports (necessary because SSL certs
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17914
diff changeset
417 * reading from files, and GNUTLS_X509_FMT_DER for converting
80c909c5bb7a - Add a mode switch to allow DER or PEM imports (necessary because SSL certs
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17914
diff changeset
418 * "over the wire" certs for SSL)
17914
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
419 *
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
420 * @return A newly allocated Certificate structure of the x509_gnutls scheme
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
421 */
18189
030a2209ae96 - Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18188
diff changeset
422 static PurpleCertificate *
18186
80c909c5bb7a - Add a mode switch to allow DER or PEM imports (necessary because SSL certs
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17914
diff changeset
423 x509_import_from_datum(const gnutls_datum_t dt, gnutls_x509_crt_fmt_t mode)
17914
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
424 {
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
425 /* Internal certificate data structure */
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
426 gnutls_x509_crt_t *certdat;
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
427 /* New certificate to return */
18189
030a2209ae96 - Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18188
diff changeset
428 PurpleCertificate * crt;
17914
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
429
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
430 /* Allocate and prepare the internal certificate data */
18961
fa138dbacff5 - More g_new0 instead of g_new
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18955
diff changeset
431 certdat = g_new0(gnutls_x509_crt_t, 1);
17914
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
432 gnutls_x509_crt_init(certdat);
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
433
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
434 /* Perform the actual certificate parse */
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
435 /* Yes, certdat SHOULD be dereferenced */
18186
80c909c5bb7a - Add a mode switch to allow DER or PEM imports (necessary because SSL certs
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17914
diff changeset
436 gnutls_x509_crt_import(*certdat, &dt, mode);
17914
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
437
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
438 /* Allocate the certificate and load it with data */
18961
fa138dbacff5 - More g_new0 instead of g_new
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18955
diff changeset
439 crt = g_new0(PurpleCertificate, 1);
17914
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
440 crt->scheme = &x509_gnutls;
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
441 crt->data = certdat;
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
442
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
443 return crt;
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
444 }
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
445
17913
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
446 /** Imports a PEM-formatted X.509 certificate from the specified file.
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
447 * @param filename Filename to import from. Format is PEM
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
448 *
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
449 * @return A newly allocated Certificate structure of the x509_gnutls scheme
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
450 */
18189
030a2209ae96 - Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18188
diff changeset
451 static PurpleCertificate *
17913
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
452 x509_import_from_file(const gchar * filename)
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
453 {
18189
030a2209ae96 - Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18188
diff changeset
454 PurpleCertificate *crt; /* Certificate being constructed */
17913
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
455 gchar *buf; /* Used to load the raw file data */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
456 gsize buf_sz; /* Size of the above */
17914
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
457 gnutls_datum_t dt; /* Struct to pass down to GnuTLS */
17913
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
458
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
459 purple_debug_info("gnutls",
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
460 "Attempting to load X.509 certificate from %s\n",
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
461 filename);
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
462
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
463 /* Next, we'll simply yank the entire contents of the file
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
464 into memory */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
465 /* TODO: Should I worry about very large files here? */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
466 /* TODO: Error checking */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
467 g_file_get_contents(filename,
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
468 &buf,
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
469 &buf_sz,
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
470 NULL /* No error checking for now */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
471 );
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
472
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
473 /* Load the datum struct */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
474 dt.data = (unsigned char *) buf;
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
475 dt.size = buf_sz;
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
476
17914
2f119e2a1b33 - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
477 /* Perform the conversion */
18186
80c909c5bb7a - Add a mode switch to allow DER or PEM imports (necessary because SSL certs
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17914
diff changeset
478 crt = x509_import_from_datum(dt,
80c909c5bb7a - Add a mode switch to allow DER or PEM imports (necessary because SSL certs
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17914
diff changeset
479 GNUTLS_X509_FMT_PEM); // files should be in PEM format
17913
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
480
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
481 /* Cleanup */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
482 g_free(buf);
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
483
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
484 return crt;
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
485 }
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
486
18977
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18963
diff changeset
487 /**
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18963
diff changeset
488 * Exports a PEM-formatted X.509 certificate to the specified file.
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18963
diff changeset
489 * @param filename Filename to export to. Format will be PEM
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18963
diff changeset
490 * @param crt Certificate to export
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18963
diff changeset
491 *
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18963
diff changeset
492 * @return TRUE if success, otherwise FALSE
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18963
diff changeset
493 */
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18963
diff changeset
494 static gboolean
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18963
diff changeset
495 x509_export_certificate(const gchar *filename, PurpleCertificate *crt)
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18963
diff changeset
496 {
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18963
diff changeset
497 gnutls_x509_crt_t crt_dat; /* GnuTLS cert struct */
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18963
diff changeset
498 int ret;
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18963
diff changeset
499 gchar * out_buf; /* Data to output */
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18963
diff changeset
500 size_t out_size; /* Output size */
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18963
diff changeset
501 gboolean success = FALSE;
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18963
diff changeset
502
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18963
diff changeset
503 /* Paranoia paranoia paranoia! */
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18963
diff changeset
504 g_return_val_if_fail(filename, FALSE);
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18963
diff changeset
505 g_return_val_if_fail(crt, FALSE);
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18963
diff changeset
506 g_return_val_if_fail(crt->scheme == &x509_gnutls, FALSE);
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18963
diff changeset
507 g_return_val_if_fail(crt->data, FALSE);
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18963
diff changeset
508
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18963
diff changeset
509 crt_dat = *( (gnutls_x509_crt_t *) crt->data);
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18963
diff changeset
510
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18963
diff changeset
511 /* Obtain the output size required */
19004
d4065b26dcac - Fix intermittent crash due to uninitialized variable
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19003
diff changeset
512 out_size = 0;
18977
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18963
diff changeset
513 ret = gnutls_x509_crt_export(crt_dat, GNUTLS_X509_FMT_PEM,
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18963
diff changeset
514 NULL, /* Provide no buffer yet */
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18963
diff changeset
515 &out_size /* Put size here */
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18963
diff changeset
516 );
19002
daeca1b9ebdb - Fix an incorrect assertion in GnuTLS plugin
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18977
diff changeset
517 g_return_val_if_fail(ret == GNUTLS_E_SHORT_MEMORY_BUFFER, FALSE);
18977
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18963
diff changeset
518
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18963
diff changeset
519 /* Now allocate a buffer and *really* export it */
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18963
diff changeset
520 out_buf = g_new0(gchar, out_size);
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18963
diff changeset
521 ret = gnutls_x509_crt_export(crt_dat, GNUTLS_X509_FMT_PEM,
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18963
diff changeset
522 out_buf, /* Export to our new buffer */
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18963
diff changeset
523 &out_size /* Put size here */
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18963
diff changeset
524 );
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18963
diff changeset
525 if (ret != 0) {
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18963
diff changeset
526 purple_debug_error("gnutls/x509",
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18963
diff changeset
527 "Failed to export cert to buffer with code %d\n",
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18963
diff changeset
528 ret);
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18963
diff changeset
529 g_free(out_buf);
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18963
diff changeset
530 return FALSE;
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18963
diff changeset
531 }
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18963
diff changeset
532
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18963
diff changeset
533 /* Write it out to an actual file */
19003
0b1a75eb5627 - GnuTLS plugin no longer uses write_data_to_file from util. It has been
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19002
diff changeset
534 /* TODO: THIS IS A COMPATIBILITY VIOLATION
0b1a75eb5627 - GnuTLS plugin no longer uses write_data_to_file from util. It has been
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19002
diff changeset
535 Look into util.c write_data_to_file. */
0b1a75eb5627 - GnuTLS plugin no longer uses write_data_to_file from util. It has been
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19002
diff changeset
536 success = g_file_set_contents(filename,
0b1a75eb5627 - GnuTLS plugin no longer uses write_data_to_file from util. It has been
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19002
diff changeset
537 out_buf,
0b1a75eb5627 - GnuTLS plugin no longer uses write_data_to_file from util. It has been
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19002
diff changeset
538 out_size,
0b1a75eb5627 - GnuTLS plugin no longer uses write_data_to_file from util. It has been
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19002
diff changeset
539 NULL);
18977
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18963
diff changeset
540
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18963
diff changeset
541
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18963
diff changeset
542 g_free(out_buf);
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18963
diff changeset
543 g_return_val_if_fail(success, FALSE);
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18963
diff changeset
544 return success;
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18963
diff changeset
545 }
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18963
diff changeset
546
17913
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
547 /** Frees a Certificate
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
548 *
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
549 * Destroys a Certificate's internal data structures and frees the pointer
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
550 * given.
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
551 * @param crt Certificate instance to be destroyed. It WILL NOT be destroyed
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
552 * if it is not of the correct CertificateScheme. Can be NULL
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
553 *
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
554 */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
555 static void
18189
030a2209ae96 - Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18188
diff changeset
556 x509_destroy_certificate(PurpleCertificate * crt)
17913
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
557 {
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
558 /* TODO: Issue a warning here? */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
559 if (NULL == crt) return;
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
560
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
561 /* Check that the scheme is x509_gnutls */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
562 if ( crt->scheme != &x509_gnutls ) {
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
563 purple_debug_error("gnutls",
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
564 "destroy_certificate attempted on certificate of wrong scheme (scheme was %s, expected %s)\n",
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
565 crt->scheme->name,
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
566 SCHEME_NAME);
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
567 return;
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
568 }
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
569
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
570 /* TODO: Different error checking? */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
571 g_return_if_fail(crt->data != NULL);
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
572 g_return_if_fail(crt->scheme != NULL);
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
573
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
574 /* Destroy the GnuTLS-specific data */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
575 gnutls_x509_crt_deinit( *( (gnutls_x509_crt_t *) crt->data ) );
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
576 g_free(crt->data);
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
577
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
578 /* TODO: Reference counting here? */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
579
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
580 /* Kill the structure itself */
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
581 g_free(crt);
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
582 }
55a0b0a42000 - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17911
diff changeset
583
18191
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
584 /** Determines whether one certificate has been issued and signed by another
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
585 *
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
586 * @param crt Certificate to check the signature of
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
587 * @param issuer Issuer's certificate
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
588 *
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
589 * @return TRUE if crt was signed and issued by issuer, otherwise FALSE
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
590 * @TODO Modify this function to return a reason for invalidity?
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
591 */
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
592 static gboolean
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
593 x509_certificate_signed_by(PurpleCertificate * crt,
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
594 PurpleCertificate * issuer)
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
595 {
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
596 gnutls_x509_crt_t crt_dat;
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
597 gnutls_x509_crt_t issuer_dat;
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
598 unsigned int verify; /* used to store details from GnuTLS verifier */
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
599 int ret;
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
600
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
601 /* TODO: Change this error checking? */
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
602 g_return_val_if_fail(crt, FALSE);
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
603 g_return_val_if_fail(issuer, FALSE);
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
604
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
605 /* Verify that both certs are the correct scheme */
18963
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18961
diff changeset
606 g_return_val_if_fail(crt->scheme == &x509_gnutls, FALSE);
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18961
diff changeset
607 g_return_val_if_fail(issuer->scheme == &x509_gnutls, FALSE);
18191
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
608
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
609 /* TODO: check for more nullness? */
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
610
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
611 crt_dat = *((gnutls_x509_crt_t *) crt->data);
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
612 issuer_dat = *((gnutls_x509_crt_t *) issuer->data);
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
613
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
614 /* First, let's check that crt.issuer is actually issuer */
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
615 ret = gnutls_x509_crt_check_issuer(crt_dat, issuer_dat);
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
616 if (ret <= 0) {
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
617
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
618 if (ret < 0) {
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
619 purple_debug_error("gnutls/x509",
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
620 "GnuTLS error %d while checking certificate issuer match.",
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
621 ret);
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
622 }
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
623
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
624 /* The issuer is not correct, or there were errors */
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
625 return FALSE;
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
626 }
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
627
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
628 /* Now, check the signature */
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
629 /* The second argument is a ptr to an array of "trusted" issuer certs,
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
630 but we're only using one trusted one */
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
631 ret = gnutls_x509_crt_verify(crt_dat, &issuer_dat, 1, 0, &verify);
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
632
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
633 if (ret > 0) {
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
634 /* The certificate is good. */
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
635 return TRUE;
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
636 }
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
637 else if (ret < 0) {
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
638 purple_debug_error("gnutls/x509",
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
639 "Attempted certificate verification caused a GnuTLS error code %d. I will just say the signature is bad, but you should look into this.\n", ret);
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
640 return FALSE;
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
641 }
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
642 else {
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
643 /* Signature didn't check out, but at least
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
644 there were no errors*/
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
645 return FALSE;
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
646 } /* if (ret, etc.) */
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
647
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
648 /* Control does not reach this point */
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
649 }
a4336814bfd4 - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18189
diff changeset
650
18935
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18934
diff changeset
651 static GByteArray *
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18934
diff changeset
652 x509_sha1sum(PurpleCertificate *crt)
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18934
diff changeset
653 {
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18934
diff changeset
654 size_t hashlen = 20; /* SHA1 hashes are 20 bytes */
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18934
diff changeset
655 size_t tmpsz = hashlen; /* Throw-away variable for GnuTLS to stomp on*/
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18934
diff changeset
656 gnutls_x509_crt_t crt_dat;
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18934
diff changeset
657 GByteArray *hash; /**< Final hash container */
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18934
diff changeset
658 guchar hashbuf[hashlen]; /**< Temporary buffer to contain hash */
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18934
diff changeset
659
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18934
diff changeset
660 g_return_val_if_fail(crt, NULL);
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18934
diff changeset
661
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18934
diff changeset
662 crt_dat = *( (gnutls_x509_crt_t *) crt->data );
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18934
diff changeset
663
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18934
diff changeset
664 /* Extract the fingerprint */
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18934
diff changeset
665 /* TODO: Errorcheck? */
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18934
diff changeset
666 gnutls_x509_crt_get_fingerprint(crt_dat, GNUTLS_MAC_SHA,
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18934
diff changeset
667 hashbuf, &tmpsz);
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18934
diff changeset
668
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18934
diff changeset
669 /* This shouldn't happen */
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18934
diff changeset
670 g_return_val_if_fail(tmpsz == hashlen, NULL);
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18934
diff changeset
671
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18934
diff changeset
672 /* Okay, now create and fill hash array */
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18934
diff changeset
673 hash = g_byte_array_new();
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18934
diff changeset
674 g_byte_array_append(hash, hashbuf, hashlen);
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18934
diff changeset
675
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18934
diff changeset
676 return hash;
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18934
diff changeset
677 }
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18934
diff changeset
678
18963
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18961
diff changeset
679 static gchar *
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18961
diff changeset
680 x509_common_name (PurpleCertificate *crt)
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18961
diff changeset
681 {
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18961
diff changeset
682 gnutls_x509_crt_t cert_dat;
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18961
diff changeset
683 gchar *cn = NULL;
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18961
diff changeset
684 size_t cn_size;
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18961
diff changeset
685
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18961
diff changeset
686 g_return_val_if_fail(crt, NULL);
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18961
diff changeset
687 g_return_val_if_fail(crt->scheme == &x509_gnutls, NULL);
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18961
diff changeset
688
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18961
diff changeset
689 cert_dat = *( (gnutls_x509_crt_t *) crt->data );
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18961
diff changeset
690
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18961
diff changeset
691 /* TODO: Not return values? */
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18961
diff changeset
692
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18961
diff changeset
693 /* Figure out the length of the Common Name */
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18961
diff changeset
694 /* Claim that the buffer is size 0 so GnuTLS just tells us how much
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18961
diff changeset
695 space it needs */
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18961
diff changeset
696 cn_size = 0;
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18961
diff changeset
697 gnutls_x509_crt_get_dn_by_oid(cert_dat,
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18961
diff changeset
698 GNUTLS_OID_X520_COMMON_NAME,
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18961
diff changeset
699 0, /* First CN found, please */
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18961
diff changeset
700 0, /* Not in raw mode */
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18961
diff changeset
701 cn, &cn_size);
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18961
diff changeset
702
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18961
diff changeset
703 /* Now allocate and get the Common Name */
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18961
diff changeset
704 cn = g_new0(gchar, cn_size);
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18961
diff changeset
705 gnutls_x509_crt_get_dn_by_oid(cert_dat,
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18961
diff changeset
706 GNUTLS_OID_X520_COMMON_NAME,
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18961
diff changeset
707 0, /* First CN found, please */
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18961
diff changeset
708 0, /* Not in raw mode */
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18961
diff changeset
709 cn, &cn_size);
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18961
diff changeset
710
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18961
diff changeset
711 return cn;
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18961
diff changeset
712 }
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18961
diff changeset
713
19008
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19007
diff changeset
714 static gboolean
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19007
diff changeset
715 x509_check_name (PurpleCertificate *crt, const gchar *name)
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19007
diff changeset
716 {
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19007
diff changeset
717 gnutls_x509_crt_t crt_dat;
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19007
diff changeset
718
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19007
diff changeset
719 g_return_val_if_fail(crt, FALSE);
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19007
diff changeset
720 g_return_val_if_fail(crt->scheme == &x509_gnutls, FALSE);
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19007
diff changeset
721 g_return_val_if_fail(name, FALSE);
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19007
diff changeset
722
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19007
diff changeset
723 crt_dat = *( (gnutls_x509_crt_t *) crt->data );
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19007
diff changeset
724
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19007
diff changeset
725 if (gnutls_x509_crt_check_hostname(crt_dat, name)) {
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19007
diff changeset
726 return TRUE;
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19007
diff changeset
727 } else {
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19007
diff changeset
728 return FALSE;
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19007
diff changeset
729 }
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19007
diff changeset
730 }
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19007
diff changeset
731
18189
030a2209ae96 - Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18188
diff changeset
732 /* X.509 certificate operations provided by this plugin */
030a2209ae96 - Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18188
diff changeset
733 /* TODO: Flesh this out! */
030a2209ae96 - Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18188
diff changeset
734 static PurpleCertificateScheme x509_gnutls = {
030a2209ae96 - Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18188
diff changeset
735 "x509", /* Scheme name */
030a2209ae96 - Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18188
diff changeset
736 N_("X.509 Certificates"), /* User-visible scheme name */
030a2209ae96 - Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18188
diff changeset
737 x509_import_from_file, /* Certificate import function */
18977
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18963
diff changeset
738 x509_export_certificate, /* Certificate export function */
18934
04be1b885ef3 - Add more to the Certificate struct
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18930
diff changeset
739 x509_destroy_certificate, /* Destroy cert */
18935
cb9d2b9ad6bc - Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18934
diff changeset
740 x509_sha1sum, /* SHA1 fingerprint */
18934
04be1b885ef3 - Add more to the Certificate struct
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18930
diff changeset
741 NULL, /* Unique ID */
18963
146907cd3b07 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18961
diff changeset
742 NULL, /* Issuer Unique ID */
19006
dc60287ce426 - Add get_activation_time and get_expiration_time to CertificateScheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19004
diff changeset
743 x509_common_name, /* Subject name */
19008
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19007
diff changeset
744 x509_check_name, /* Check subject name */
19006
dc60287ce426 - Add get_activation_time and get_expiration_time to CertificateScheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19004
diff changeset
745 NULL, /* Activation time */
dc60287ce426 - Add get_activation_time and get_expiration_time to CertificateScheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19004
diff changeset
746 NULL /* Expiration time */
18189
030a2209ae96 - Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18188
diff changeset
747 };
030a2209ae96 - Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18188
diff changeset
748
15822
32c366eeeb99 sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@gmail.com>
parents: 15784
diff changeset
749 static PurpleSslOps ssl_ops =
15373
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
750 {
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
751 ssl_gnutls_init,
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
752 ssl_gnutls_uninit,
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
753 ssl_gnutls_connect,
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
754 ssl_gnutls_close,
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
755 ssl_gnutls_read,
16665
6531f1a2e1d7 Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents: 15822
diff changeset
756 ssl_gnutls_write,
18187
33690062e8b3 - Expose get_peer_certificates in the SslOps struct, and modify gnutls
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18186
diff changeset
757 ssl_gnutls_get_peer_certificates,
16665
6531f1a2e1d7 Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents: 15822
diff changeset
758
6531f1a2e1d7 Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents: 15822
diff changeset
759 /* padding */
6531f1a2e1d7 Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents: 15822
diff changeset
760 NULL,
6531f1a2e1d7 Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents: 15822
diff changeset
761 NULL,
6531f1a2e1d7 Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents: 15822
diff changeset
762 NULL
15373
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
763 };
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
764
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
765 #endif /* HAVE_GNUTLS */
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
766
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
767 static gboolean
15822
32c366eeeb99 sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@gmail.com>
parents: 15784
diff changeset
768 plugin_load(PurplePlugin *plugin)
15373
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
769 {
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
770 #ifdef HAVE_GNUTLS
18927
9abc911c65aa - GnuTLS plugin registers an x509 certscheme now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18191
diff changeset
771 /* Register that we're providing an X.509 CertScheme */
9abc911c65aa - GnuTLS plugin registers an x509 certscheme now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18191
diff changeset
772 /* @TODO : error checking */
9abc911c65aa - GnuTLS plugin registers an x509 certscheme now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18191
diff changeset
773 purple_certificate_register_scheme( &x509_gnutls );
9abc911c65aa - GnuTLS plugin registers an x509 certscheme now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18191
diff changeset
774
15822
32c366eeeb99 sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@gmail.com>
parents: 15784
diff changeset
775 if(!purple_ssl_get_ops()) {
32c366eeeb99 sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@gmail.com>
parents: 15784
diff changeset
776 purple_ssl_set_ops(&ssl_ops);
15373
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
777 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
778
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
779 /* Init GNUTLS now so others can use it even if sslconn never does */
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
780 ssl_gnutls_init_gnutls();
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
781
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
782 return TRUE;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
783 #else
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
784 return FALSE;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
785 #endif
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
786 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
787
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
788 static gboolean
15822
32c366eeeb99 sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@gmail.com>
parents: 15784
diff changeset
789 plugin_unload(PurplePlugin *plugin)
15373
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
790 {
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
791 #ifdef HAVE_GNUTLS
15822
32c366eeeb99 sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@gmail.com>
parents: 15784
diff changeset
792 if(purple_ssl_get_ops() == &ssl_ops) {
32c366eeeb99 sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@gmail.com>
parents: 15784
diff changeset
793 purple_ssl_set_ops(NULL);
15373
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
794 }
18927
9abc911c65aa - GnuTLS plugin registers an x509 certscheme now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18191
diff changeset
795
9abc911c65aa - GnuTLS plugin registers an x509 certscheme now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18191
diff changeset
796 purple_certificate_unregister_scheme( &x509_gnutls );
15373
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
797 #endif
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
798
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
799 return TRUE;
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
800 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
801
15822
32c366eeeb99 sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@gmail.com>
parents: 15784
diff changeset
802 static PurplePluginInfo info =
15373
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
803 {
15822
32c366eeeb99 sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@gmail.com>
parents: 15784
diff changeset
804 PURPLE_PLUGIN_MAGIC,
32c366eeeb99 sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@gmail.com>
parents: 15784
diff changeset
805 PURPLE_MAJOR_VERSION,
32c366eeeb99 sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@gmail.com>
parents: 15784
diff changeset
806 PURPLE_MINOR_VERSION,
32c366eeeb99 sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@gmail.com>
parents: 15784
diff changeset
807 PURPLE_PLUGIN_STANDARD, /**< type */
15373
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
808 NULL, /**< ui_requirement */
15822
32c366eeeb99 sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@gmail.com>
parents: 15784
diff changeset
809 PURPLE_PLUGIN_FLAG_INVISIBLE, /**< flags */
15373
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
810 NULL, /**< dependencies */
15822
32c366eeeb99 sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@gmail.com>
parents: 15784
diff changeset
811 PURPLE_PRIORITY_DEFAULT, /**< priority */
15373
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
812
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
813 SSL_GNUTLS_PLUGIN_ID, /**< id */
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
814 N_("GNUTLS"), /**< name */
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
815 VERSION, /**< version */
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
816 /** summary */
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
817 N_("Provides SSL support through GNUTLS."),
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
818 /** description */
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
819 N_("Provides SSL support through GNUTLS."),
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
820 "Christian Hammond <chipx86@gnupdate.org>",
15822
32c366eeeb99 sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@gmail.com>
parents: 15784
diff changeset
821 PURPLE_WEBSITE, /**< homepage */
15373
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
822
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
823 plugin_load, /**< load */
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
824 plugin_unload, /**< unload */
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
825 NULL, /**< destroy */
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
826
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
827 NULL, /**< ui_info */
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
828 NULL, /**< extra_info */
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
829 NULL, /**< prefs_info */
16665
6531f1a2e1d7 Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents: 15822
diff changeset
830 NULL, /**< actions */
6531f1a2e1d7 Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents: 15822
diff changeset
831
6531f1a2e1d7 Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents: 15822
diff changeset
832 /* padding */
6531f1a2e1d7 Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents: 15822
diff changeset
833 NULL,
6531f1a2e1d7 Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents: 15822
diff changeset
834 NULL,
6531f1a2e1d7 Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents: 15822
diff changeset
835 NULL,
6531f1a2e1d7 Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents: 15822
diff changeset
836 NULL
15373
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
837 };
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
838
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
839 static void
15822
32c366eeeb99 sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@gmail.com>
parents: 15784
diff changeset
840 init_plugin(PurplePlugin *plugin)
15373
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
841 {
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
842 }
5fe8042783c1 Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff changeset
843
15822
32c366eeeb99 sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@gmail.com>
parents: 15784
diff changeset
844 PURPLE_INIT_PLUGIN(ssl_gnutls, init_plugin, info)