annotate libpurple/certificate.c @ 32819:2c6510167895 default tip

propagate from branch 'im.pidgin.pidgin.2.x.y' (head 3315c5dfbd0ad16511bdcf865e5b07c02d07df24) to branch 'im.pidgin.pidgin' (head cbd1eda6bcbf0565ae7766396bb8f6f419cb6a9a)
author Elliott Sales de Andrade <qulogic@pidgin.im>
date Sat, 02 Jun 2012 02:30:49 +0000
parents 32642aa8dbe5
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
17910
668a294f9a72 - Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff changeset
1 /**
19075
a0138be8d725 - Typo fix
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19067
diff changeset
2 * @file certificate.c Public-Key Certificate API
17910
668a294f9a72 - Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff changeset
3 * @ingroup core
668a294f9a72 - Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff changeset
4 */
668a294f9a72 - Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff changeset
5
668a294f9a72 - Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff changeset
6 /*
668a294f9a72 - Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff changeset
7 *
668a294f9a72 - Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff changeset
8 * purple
668a294f9a72 - Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff changeset
9 *
668a294f9a72 - Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff changeset
10 * Purple is the legal property of its developers, whose names are too numerous
668a294f9a72 - Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff changeset
11 * to list here. Please refer to the COPYRIGHT file distributed with this
668a294f9a72 - Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff changeset
12 * source distribution.
668a294f9a72 - Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff changeset
13 *
668a294f9a72 - Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff changeset
14 * This program is free software; you can redistribute it and/or modify
668a294f9a72 - Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff changeset
15 * it under the terms of the GNU General Public License as published by
668a294f9a72 - Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff changeset
16 * the Free Software Foundation; either version 2 of the License, or
668a294f9a72 - Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff changeset
17 * (at your option) any later version.
668a294f9a72 - Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff changeset
18 *
668a294f9a72 - Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff changeset
19 * This program is distributed in the hope that it will be useful,
668a294f9a72 - Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff changeset
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
668a294f9a72 - Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff changeset
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
668a294f9a72 - Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff changeset
22 * GNU General Public License for more details.
668a294f9a72 - Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff changeset
23 *
668a294f9a72 - Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff changeset
24 * You should have received a copy of the GNU General Public License
668a294f9a72 - Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff changeset
25 * along with this program; if not, write to the Free Software
19681
44b4e8bd759b The FSF changed its address a while ago; our files were out of date.
John Bailey <rekkanoryo@rekkanoryo.org>
parents: 19649
diff changeset
26 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA
17910
668a294f9a72 - Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff changeset
27 */
668a294f9a72 - Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff changeset
28
19504
d5ecaf5bce93 Fix the win32 build for the cert SoC branch merge.
Daniel Atallah <daniel.atallah@gmail.com>
parents: 19497
diff changeset
29 #include "internal.h"
17910
668a294f9a72 - Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff changeset
30 #include "certificate.h"
19517
7bea9c9fd2a5 (Un)Register the pools with DBus to avoid a runtime fit.
Sadrul Habib Chowdhury <imadil@gmail.com>
parents: 19515
diff changeset
31 #include "dbus-maybe.h"
18192
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
32 #include "debug.h"
18953
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
33 #include "request.h"
19044
602295db8e6b - Register the certificate-stored and certificate-deleted signals
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19034
diff changeset
34 #include "signals.h"
18953
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
35 #include "util.h"
17910
668a294f9a72 - Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff changeset
36
668a294f9a72 - Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff changeset
37 /** List holding pointers to all registered certificate schemes */
18192
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
38 static GList *cert_schemes = NULL;
18941
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
39 /** List of registered Verifiers */
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
40 static GList *cert_verifiers = NULL;
18971
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
41 /** List of registered Pools */
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
42 static GList *cert_pools = NULL;
18941
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
43
28051
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
44 /*
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
45 * TODO: Merge this with PurpleCertificateVerificationStatus for 3.0.0 */
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
46 typedef enum {
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
47 PURPLE_CERTIFICATE_UNKNOWN_ERROR = -1,
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
48
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
49 /* Not an error */
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
50 PURPLE_CERTIFICATE_NO_PROBLEMS = 0,
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
51
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
52 /* Non-fatal */
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
53 PURPLE_CERTIFICATE_NON_FATALS_MASK = 0x0000FFFF,
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
54
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
55 /* The certificate is self-signed. */
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
56 PURPLE_CERTIFICATE_SELF_SIGNED = 0x01,
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
57
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
58 /* The CA is not in libpurple's pool of certificates. */
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
59 PURPLE_CERTIFICATE_CA_UNKNOWN = 0x02,
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
60
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
61 /* The current time is before the certificate's specified
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
62 * activation time.
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
63 */
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
64 PURPLE_CERTIFICATE_NOT_ACTIVATED = 0x04,
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
65
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
66 /* The current time is after the certificate's specified expiration time */
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
67 PURPLE_CERTIFICATE_EXPIRED = 0x08,
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
68
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
69 /* The certificate's subject name doesn't match the expected */
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
70 PURPLE_CERTIFICATE_NAME_MISMATCH = 0x10,
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
71
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
72 /* No CA pool was found. This shouldn't happen... */
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
73 PURPLE_CERTIFICATE_NO_CA_POOL = 0x20,
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
74
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
75 /* Fatal */
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
76 PURPLE_CERTIFICATE_FATALS_MASK = 0xFFFF0000,
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
77
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
78 /* The signature chain could not be validated. Due to limitations in the
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
79 * the current API, this also indicates one of the CA certificates in the
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
80 * chain is expired (or not yet activated). FIXME 3.0.0 */
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
81 PURPLE_CERTIFICATE_INVALID_CHAIN = 0x10000,
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
82
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
83 /* The signature has been revoked. */
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
84 PURPLE_CERTIFICATE_REVOKED = 0x20000,
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
85
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
86 PURPLE_CERTIFICATE_LAST = 0x40000,
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
87 } PurpleCertificateInvalidityFlags;
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
88
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
89 static const gchar *
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
90 invalidity_reason_to_string(PurpleCertificateInvalidityFlags flag)
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
91 {
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
92 switch (flag) {
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
93 case PURPLE_CERTIFICATE_SELF_SIGNED:
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
94 return _("The certificate is self-signed and cannot be "
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
95 "automatically checked.");
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
96 break;
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
97 case PURPLE_CERTIFICATE_CA_UNKNOWN:
28356
8e6c1408e430 Some wordsmithing on this message from Y S Landro, Richard, William, and Kevin (on the translators m-l).
Paul Aurich <paul@darkrain42.org>
parents: 28245
diff changeset
98 return _("The certificate is not trusted because no certificate "
8e6c1408e430 Some wordsmithing on this message from Y S Landro, Richard, William, and Kevin (on the translators m-l).
Paul Aurich <paul@darkrain42.org>
parents: 28245
diff changeset
99 "that can verify it is currently trusted.");
28051
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
100 break;
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
101 case PURPLE_CERTIFICATE_NOT_ACTIVATED:
30219
ebc34634e592 certificate: Add helpful text to the 'not yet active' message.
Paul Aurich <paul@darkrain42.org>
parents: 29699
diff changeset
102 return _("The certificate is not valid yet. Check that your "
ebc34634e592 certificate: Add helpful text to the 'not yet active' message.
Paul Aurich <paul@darkrain42.org>
parents: 29699
diff changeset
103 "computer's date and time are accurate.");
28051
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
104 break;
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
105 case PURPLE_CERTIFICATE_EXPIRED:
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
106 return _("The certificate has expired and should not be "
30573
22a713532200 cert: Tell users to check their computer's date/time for expired certs, too
Paul Aurich <paul@darkrain42.org>
parents: 30219
diff changeset
107 "considered valid. Check that your computer's date "
22a713532200 cert: Tell users to check their computer's date/time for expired certs, too
Paul Aurich <paul@darkrain42.org>
parents: 30219
diff changeset
108 "and time are accurate.");
28051
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
109 break;
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
110 case PURPLE_CERTIFICATE_NAME_MISMATCH:
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
111 /* Translators: "domain" refers to a DNS domain (e.g. talk.google.com) */
28056
694c8aa30300 String change feedback from Stu.
Paul Aurich <paul@darkrain42.org>
parents: 28051
diff changeset
112 return _("The certificate presented is not issued to this domain.");
28051
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
113 break;
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
114 case PURPLE_CERTIFICATE_NO_CA_POOL:
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
115 return _("You have no database of root certificates, so "
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
116 "this certificate cannot be validated.");
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
117 break;
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
118 case PURPLE_CERTIFICATE_INVALID_CHAIN:
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
119 return _("The certificate chain presented is invalid.");
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
120 break;
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
121 case PURPLE_CERTIFICATE_REVOKED:
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
122 return _("The certificate has been revoked.");
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
123 break;
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
124 case PURPLE_CERTIFICATE_UNKNOWN_ERROR:
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
125 default:
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
126 return _("An unknown certificate error occurred.");
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
127 break;
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
128 }
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
129 }
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
130
18941
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
131 void
18942
02102eccc4be - purple_certificate_verify now takes a Verifier argument, creates its
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18941
diff changeset
132 purple_certificate_verify (PurpleCertificateVerifier *verifier,
02102eccc4be - purple_certificate_verify now takes a Verifier argument, creates its
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18941
diff changeset
133 const gchar *subject_name, GList *cert_chain,
18941
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
134 PurpleCertificateVerifiedCallback cb,
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
135 gpointer cb_data)
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
136 {
18942
02102eccc4be - purple_certificate_verify now takes a Verifier argument, creates its
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18941
diff changeset
137 PurpleCertificateVerificationRequest *vrq;
18941
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
138 PurpleCertificateScheme *scheme;
25924
584063555949 Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents: 25894
diff changeset
139
18942
02102eccc4be - purple_certificate_verify now takes a Verifier argument, creates its
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18941
diff changeset
140 g_return_if_fail(subject_name != NULL);
18941
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
141 /* If you don't have a cert to check, why are you requesting that it
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
142 be verified? */
18942
02102eccc4be - purple_certificate_verify now takes a Verifier argument, creates its
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18941
diff changeset
143 g_return_if_fail(cert_chain != NULL);
02102eccc4be - purple_certificate_verify now takes a Verifier argument, creates its
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18941
diff changeset
144 g_return_if_fail(cb != NULL);
18941
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
145
18942
02102eccc4be - purple_certificate_verify now takes a Verifier argument, creates its
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18941
diff changeset
146 /* Look up the CertificateScheme */
02102eccc4be - purple_certificate_verify now takes a Verifier argument, creates its
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18941
diff changeset
147 scheme = purple_certificate_find_scheme(verifier->scheme_name);
02102eccc4be - purple_certificate_verify now takes a Verifier argument, creates its
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18941
diff changeset
148 g_return_if_fail(scheme);
18941
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
149
18943
c519ff185569 - purple_certificate_verify attempts to check that the cert chain is of
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18942
diff changeset
150 /* Check that at least the first cert in the chain matches the
c519ff185569 - purple_certificate_verify attempts to check that the cert chain is of
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18942
diff changeset
151 Verifier scheme */
18960
6831c126bcf3 - Fixed an inverted assertion
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18957
diff changeset
152 g_return_if_fail(scheme ==
18943
c519ff185569 - purple_certificate_verify attempts to check that the cert chain is of
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18942
diff changeset
153 ((PurpleCertificate *) (cert_chain->data))->scheme);
c519ff185569 - purple_certificate_verify attempts to check that the cert chain is of
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18942
diff changeset
154
18941
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
155 /* Construct and fill in the request fields */
18949
8902f0d7e40f - Use g_new0 instead of g_new
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18947
diff changeset
156 vrq = g_new0(PurpleCertificateVerificationRequest, 1);
18942
02102eccc4be - purple_certificate_verify now takes a Verifier argument, creates its
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18941
diff changeset
157 vrq->verifier = verifier;
02102eccc4be - purple_certificate_verify now takes a Verifier argument, creates its
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18941
diff changeset
158 vrq->scheme = scheme;
02102eccc4be - purple_certificate_verify now takes a Verifier argument, creates its
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18941
diff changeset
159 vrq->subject_name = g_strdup(subject_name);
19021
fcca10d0ac7d - purple_certificate_verify no longer takes possession of the
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19020
diff changeset
160 vrq->cert_chain = purple_certificate_copy_list(cert_chain);
18941
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
161 vrq->cb = cb;
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
162 vrq->cb_data = cb_data;
18942
02102eccc4be - purple_certificate_verify now takes a Verifier argument, creates its
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18941
diff changeset
163
02102eccc4be - purple_certificate_verify now takes a Verifier argument, creates its
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18941
diff changeset
164 /* Initiate verification */
02102eccc4be - purple_certificate_verify now takes a Verifier argument, creates its
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18941
diff changeset
165 (verifier->start_verification)(vrq);
18941
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
166 }
18192
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
167
18946
617447a71ab7 - Add certificate_destroy and certificate_destroy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18943
diff changeset
168 void
19088
f5802217844d - Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19086
diff changeset
169 purple_certificate_verify_complete(PurpleCertificateVerificationRequest *vrq,
f5802217844d - Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19086
diff changeset
170 PurpleCertificateVerificationStatus st)
f5802217844d - Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19086
diff changeset
171 {
f5802217844d - Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19086
diff changeset
172 PurpleCertificateVerifier *vr;
f5802217844d - Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19086
diff changeset
173
f5802217844d - Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19086
diff changeset
174 g_return_if_fail(vrq);
f5802217844d - Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19086
diff changeset
175
20747
17e605dd2de1 - Debugging babble in purple_verify_complete to tell final verification
William Ehlhardt <williamehlhardt@gmail.com>
parents: 20746
diff changeset
176 if (st == PURPLE_CERTIFICATE_VALID) {
17e605dd2de1 - Debugging babble in purple_verify_complete to tell final verification
William Ehlhardt <williamehlhardt@gmail.com>
parents: 20746
diff changeset
177 purple_debug_info("certificate",
17e605dd2de1 - Debugging babble in purple_verify_complete to tell final verification
William Ehlhardt <williamehlhardt@gmail.com>
parents: 20746
diff changeset
178 "Successfully verified certificate for %s\n",
17e605dd2de1 - Debugging babble in purple_verify_complete to tell final verification
William Ehlhardt <williamehlhardt@gmail.com>
parents: 20746
diff changeset
179 vrq->subject_name);
17e605dd2de1 - Debugging babble in purple_verify_complete to tell final verification
William Ehlhardt <williamehlhardt@gmail.com>
parents: 20746
diff changeset
180 } else {
27231
627d23bfdb05 Increase the logging level of some debugging messages that seemed to be a
mauro.brasil@tqi.com.br
parents: 25941
diff changeset
181 purple_debug_error("certificate",
20747
17e605dd2de1 - Debugging babble in purple_verify_complete to tell final verification
William Ehlhardt <williamehlhardt@gmail.com>
parents: 20746
diff changeset
182 "Failed to verify certificate for %s\n",
17e605dd2de1 - Debugging babble in purple_verify_complete to tell final verification
William Ehlhardt <williamehlhardt@gmail.com>
parents: 20746
diff changeset
183 vrq->subject_name);
17e605dd2de1 - Debugging babble in purple_verify_complete to tell final verification
William Ehlhardt <williamehlhardt@gmail.com>
parents: 20746
diff changeset
184 }
25924
584063555949 Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents: 25894
diff changeset
185
19088
f5802217844d - Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19086
diff changeset
186 /* Pass the results on to the request's callback */
f5802217844d - Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19086
diff changeset
187 (vrq->cb)(st, vrq->cb_data);
f5802217844d - Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19086
diff changeset
188
f5802217844d - Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19086
diff changeset
189 /* And now to eliminate the request */
f5802217844d - Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19086
diff changeset
190 /* Fetch the Verifier responsible... */
f5802217844d - Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19086
diff changeset
191 vr = vrq->verifier;
f5802217844d - Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19086
diff changeset
192 /* ...and order it to KILL */
f5802217844d - Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19086
diff changeset
193 (vr->destroy_request)(vrq);
f5802217844d - Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19086
diff changeset
194
f5802217844d - Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19086
diff changeset
195 /* Now the internals have been cleaned up, so clean up the libpurple-
f5802217844d - Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19086
diff changeset
196 created elements */
f5802217844d - Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19086
diff changeset
197 g_free(vrq->subject_name);
f5802217844d - Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19086
diff changeset
198 purple_certificate_destroy_list(vrq->cert_chain);
f5802217844d - Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19086
diff changeset
199
f5802217844d - Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19086
diff changeset
200 /* A structure born
f5802217844d - Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19086
diff changeset
201 * to much ado
f5802217844d - Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19086
diff changeset
202 * and with so much within.
f5802217844d - Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19086
diff changeset
203 * It reaches now
f5802217844d - Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19086
diff changeset
204 * its quiet end. */
f5802217844d - Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19086
diff changeset
205 g_free(vrq);
f5802217844d - Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19086
diff changeset
206 }
f5802217844d - Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19086
diff changeset
207
f5802217844d - Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19086
diff changeset
208
19018
d6f902265076 - Add purple_certificate_copy and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19014
diff changeset
209 PurpleCertificate *
d6f902265076 - Add purple_certificate_copy and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19014
diff changeset
210 purple_certificate_copy(PurpleCertificate *crt)
d6f902265076 - Add purple_certificate_copy and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19014
diff changeset
211 {
d6f902265076 - Add purple_certificate_copy and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19014
diff changeset
212 g_return_val_if_fail(crt, NULL);
d6f902265076 - Add purple_certificate_copy and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19014
diff changeset
213 g_return_val_if_fail(crt->scheme, NULL);
d6f902265076 - Add purple_certificate_copy and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19014
diff changeset
214 g_return_val_if_fail(crt->scheme->copy_certificate, NULL);
d6f902265076 - Add purple_certificate_copy and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19014
diff changeset
215
d6f902265076 - Add purple_certificate_copy and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19014
diff changeset
216 return (crt->scheme->copy_certificate)(crt);
d6f902265076 - Add purple_certificate_copy and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19014
diff changeset
217 }
18947
3c6bf77bf7c4 - Add purple_certificate_verify_destroy and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18946
diff changeset
218
19020
d69355001a6e - Add purple_certificate_copy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19018
diff changeset
219 GList *
d69355001a6e - Add purple_certificate_copy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19018
diff changeset
220 purple_certificate_copy_list(GList *crt_list)
d69355001a6e - Add purple_certificate_copy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19018
diff changeset
221 {
24270
e265e7066598 Fix a printf("%s", NULL). Fixes #7289.
Daniel Atallah <daniel.atallah@gmail.com>
parents: 23987
diff changeset
222 GList *new_l, *l;
19020
d69355001a6e - Add purple_certificate_copy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19018
diff changeset
223
d69355001a6e - Add purple_certificate_copy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19018
diff changeset
224 /* First, make a shallow copy of the list */
24270
e265e7066598 Fix a printf("%s", NULL). Fixes #7289.
Daniel Atallah <daniel.atallah@gmail.com>
parents: 23987
diff changeset
225 new_l = g_list_copy(crt_list);
19020
d69355001a6e - Add purple_certificate_copy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19018
diff changeset
226
d69355001a6e - Add purple_certificate_copy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19018
diff changeset
227 /* Now go through and actually duplicate each certificate */
24270
e265e7066598 Fix a printf("%s", NULL). Fixes #7289.
Daniel Atallah <daniel.atallah@gmail.com>
parents: 23987
diff changeset
228 for (l = new_l; l; l = l->next) {
19020
d69355001a6e - Add purple_certificate_copy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19018
diff changeset
229 l->data = purple_certificate_copy(l->data);
d69355001a6e - Add purple_certificate_copy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19018
diff changeset
230 }
d69355001a6e - Add purple_certificate_copy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19018
diff changeset
231
24270
e265e7066598 Fix a printf("%s", NULL). Fixes #7289.
Daniel Atallah <daniel.atallah@gmail.com>
parents: 23987
diff changeset
232 return new_l;
19020
d69355001a6e - Add purple_certificate_copy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19018
diff changeset
233 }
d69355001a6e - Add purple_certificate_copy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19018
diff changeset
234
18947
3c6bf77bf7c4 - Add purple_certificate_verify_destroy and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18946
diff changeset
235 void
18946
617447a71ab7 - Add certificate_destroy and certificate_destroy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18943
diff changeset
236 purple_certificate_destroy (PurpleCertificate *crt)
617447a71ab7 - Add certificate_destroy and certificate_destroy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18943
diff changeset
237 {
617447a71ab7 - Add certificate_destroy and certificate_destroy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18943
diff changeset
238 PurpleCertificateScheme *scheme;
25924
584063555949 Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents: 25894
diff changeset
239
18946
617447a71ab7 - Add certificate_destroy and certificate_destroy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18943
diff changeset
240 if (NULL == crt) return;
617447a71ab7 - Add certificate_destroy and certificate_destroy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18943
diff changeset
241
617447a71ab7 - Add certificate_destroy and certificate_destroy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18943
diff changeset
242 scheme = crt->scheme;
617447a71ab7 - Add certificate_destroy and certificate_destroy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18943
diff changeset
243
617447a71ab7 - Add certificate_destroy and certificate_destroy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18943
diff changeset
244 (scheme->destroy_certificate)(crt);
617447a71ab7 - Add certificate_destroy and certificate_destroy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18943
diff changeset
245 }
617447a71ab7 - Add certificate_destroy and certificate_destroy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18943
diff changeset
246
617447a71ab7 - Add certificate_destroy and certificate_destroy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18943
diff changeset
247 void
617447a71ab7 - Add certificate_destroy and certificate_destroy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18943
diff changeset
248 purple_certificate_destroy_list (GList * crt_list)
617447a71ab7 - Add certificate_destroy and certificate_destroy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18943
diff changeset
249 {
617447a71ab7 - Add certificate_destroy and certificate_destroy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18943
diff changeset
250 PurpleCertificate *crt;
617447a71ab7 - Add certificate_destroy and certificate_destroy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18943
diff changeset
251 GList *l;
617447a71ab7 - Add certificate_destroy and certificate_destroy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18943
diff changeset
252
617447a71ab7 - Add certificate_destroy and certificate_destroy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18943
diff changeset
253 for (l=crt_list; l; l = l->next) {
617447a71ab7 - Add certificate_destroy and certificate_destroy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18943
diff changeset
254 crt = (PurpleCertificate *) l->data;
617447a71ab7 - Add certificate_destroy and certificate_destroy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18943
diff changeset
255 purple_certificate_destroy(crt);
617447a71ab7 - Add certificate_destroy and certificate_destroy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18943
diff changeset
256 }
617447a71ab7 - Add certificate_destroy and certificate_destroy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18943
diff changeset
257
617447a71ab7 - Add certificate_destroy and certificate_destroy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18943
diff changeset
258 g_list_free(crt_list);
617447a71ab7 - Add certificate_destroy and certificate_destroy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18943
diff changeset
259 }
18953
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
260
19076
daa68185a018 - Add purple_certificate_signed_by
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19075
diff changeset
261 gboolean
daa68185a018 - Add purple_certificate_signed_by
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19075
diff changeset
262 purple_certificate_signed_by(PurpleCertificate *crt, PurpleCertificate *issuer)
daa68185a018 - Add purple_certificate_signed_by
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19075
diff changeset
263 {
daa68185a018 - Add purple_certificate_signed_by
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19075
diff changeset
264 PurpleCertificateScheme *scheme;
daa68185a018 - Add purple_certificate_signed_by
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19075
diff changeset
265
daa68185a018 - Add purple_certificate_signed_by
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19075
diff changeset
266 g_return_val_if_fail(crt, FALSE);
daa68185a018 - Add purple_certificate_signed_by
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19075
diff changeset
267 g_return_val_if_fail(issuer, FALSE);
daa68185a018 - Add purple_certificate_signed_by
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19075
diff changeset
268
daa68185a018 - Add purple_certificate_signed_by
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19075
diff changeset
269 scheme = crt->scheme;
daa68185a018 - Add purple_certificate_signed_by
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19075
diff changeset
270 g_return_val_if_fail(scheme, FALSE);
daa68185a018 - Add purple_certificate_signed_by
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19075
diff changeset
271 /* We can't compare two certs of unrelated schemes, obviously */
daa68185a018 - Add purple_certificate_signed_by
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19075
diff changeset
272 g_return_val_if_fail(issuer->scheme == scheme, FALSE);
daa68185a018 - Add purple_certificate_signed_by
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19075
diff changeset
273
daa68185a018 - Add purple_certificate_signed_by
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19075
diff changeset
274 return (scheme->signed_by)(crt, issuer);
daa68185a018 - Add purple_certificate_signed_by
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19075
diff changeset
275 }
daa68185a018 - Add purple_certificate_signed_by
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19075
diff changeset
276
19077
8275c3cbc9da - Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19076
diff changeset
277 gboolean
32212
1bcedeb32bb4 Remove the old deprecated purple_certificate_check_signature_chain.
andrew.victor@mxit.com
parents: 31851
diff changeset
278 purple_certificate_check_signature_chain(GList *chain,
27671
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458.
Paul Aurich <paul@darkrain42.org>
parents: 27669
diff changeset
279 PurpleCertificate **failing)
19077
8275c3cbc9da - Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19076
diff changeset
280 {
8275c3cbc9da - Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19076
diff changeset
281 GList *cur;
8275c3cbc9da - Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19076
diff changeset
282 PurpleCertificate *crt, *issuer;
19081
bdd8911d5031 - Add debugging babble to check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19080
diff changeset
283 gchar *uid;
27664
151ec92db74c Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents: 27567
diff changeset
284 time_t now, activation, expiration;
151ec92db74c Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents: 27567
diff changeset
285 gboolean ret;
19077
8275c3cbc9da - Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19076
diff changeset
286
8275c3cbc9da - Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19076
diff changeset
287 g_return_val_if_fail(chain, FALSE);
19081
bdd8911d5031 - Add debugging babble to check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19080
diff changeset
288
27671
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458.
Paul Aurich <paul@darkrain42.org>
parents: 27669
diff changeset
289 if (failing)
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458.
Paul Aurich <paul@darkrain42.org>
parents: 27669
diff changeset
290 *failing = NULL;
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458.
Paul Aurich <paul@darkrain42.org>
parents: 27669
diff changeset
291
19081
bdd8911d5031 - Add debugging babble to check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19080
diff changeset
292 uid = purple_certificate_get_unique_id((PurpleCertificate *) chain->data);
bdd8911d5031 - Add debugging babble to check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19080
diff changeset
293 purple_debug_info("certificate",
bdd8911d5031 - Add debugging babble to check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19080
diff changeset
294 "Checking signature chain for uid=%s\n",
bdd8911d5031 - Add debugging babble to check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19080
diff changeset
295 uid);
bdd8911d5031 - Add debugging babble to check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19080
diff changeset
296 g_free(uid);
25924
584063555949 Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents: 25894
diff changeset
297
19077
8275c3cbc9da - Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19076
diff changeset
298 /* If this is a single-certificate chain, say that it is valid */
8275c3cbc9da - Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19076
diff changeset
299 if (chain->next == NULL) {
19081
bdd8911d5031 - Add debugging babble to check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19080
diff changeset
300 purple_debug_info("certificate",
bdd8911d5031 - Add debugging babble to check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19080
diff changeset
301 "...Singleton. We'll say it's valid.\n");
19077
8275c3cbc9da - Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19076
diff changeset
302 return TRUE;
8275c3cbc9da - Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19076
diff changeset
303 }
8275c3cbc9da - Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19076
diff changeset
304
27664
151ec92db74c Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents: 27567
diff changeset
305 now = time(NULL);
151ec92db74c Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents: 27567
diff changeset
306
19077
8275c3cbc9da - Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19076
diff changeset
307 /* Load crt with the first certificate */
8275c3cbc9da - Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19076
diff changeset
308 crt = (PurpleCertificate *)(chain->data);
8275c3cbc9da - Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19076
diff changeset
309 /* And start with the second certificate in the chain */
8275c3cbc9da - Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19076
diff changeset
310 for ( cur = chain->next; cur; cur = cur->next ) {
25924
584063555949 Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents: 25894
diff changeset
311
19077
8275c3cbc9da - Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19076
diff changeset
312 issuer = (PurpleCertificate *)(cur->data);
25924
584063555949 Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents: 25894
diff changeset
313
27664
151ec92db74c Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents: 27567
diff changeset
314 uid = purple_certificate_get_unique_id(issuer);
151ec92db74c Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents: 27567
diff changeset
315
151ec92db74c Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents: 27567
diff changeset
316 ret = purple_certificate_get_times(issuer, &activation, &expiration);
31086
a8cc50c2279f Remove trailing whitespace
Richard Laager <rlaager@wiktel.com>
parents: 30960
diff changeset
317 if (!ret || now < activation || now > expiration) {
27664
151ec92db74c Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents: 27567
diff changeset
318 if (!ret)
151ec92db74c Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents: 27567
diff changeset
319 purple_debug_error("certificate",
151ec92db74c Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents: 27567
diff changeset
320 "...Failed to get validity times for certificate %s\n"
151ec92db74c Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents: 27567
diff changeset
321 "Chain is INVALID\n", uid);
151ec92db74c Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents: 27567
diff changeset
322 else if (now > expiration)
151ec92db74c Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents: 27567
diff changeset
323 purple_debug_error("certificate",
151ec92db74c Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents: 27567
diff changeset
324 "...Issuer %s expired at %s\nChain is INVALID\n",
151ec92db74c Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents: 27567
diff changeset
325 uid, ctime(&expiration));
151ec92db74c Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents: 27567
diff changeset
326 else
151ec92db74c Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents: 27567
diff changeset
327 purple_debug_error("certificate",
151ec92db74c Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents: 27567
diff changeset
328 "...Not-yet-activated issuer %s will be valid at %s\n"
151ec92db74c Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents: 27567
diff changeset
329 "Chain is INVALID\n", uid, ctime(&activation));
151ec92db74c Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents: 27567
diff changeset
330
27671
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458.
Paul Aurich <paul@darkrain42.org>
parents: 27669
diff changeset
331 if (failing)
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458.
Paul Aurich <paul@darkrain42.org>
parents: 27669
diff changeset
332 *failing = crt;
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458.
Paul Aurich <paul@darkrain42.org>
parents: 27669
diff changeset
333
27664
151ec92db74c Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents: 27567
diff changeset
334 g_free(uid);
151ec92db74c Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents: 27567
diff changeset
335 return FALSE;
151ec92db74c Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents: 27567
diff changeset
336 }
151ec92db74c Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents: 27567
diff changeset
337
19077
8275c3cbc9da - Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19076
diff changeset
338 /* Check the signature for this link */
8275c3cbc9da - Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19076
diff changeset
339 if (! purple_certificate_signed_by(crt, issuer) ) {
27231
627d23bfdb05 Increase the logging level of some debugging messages that seemed to be a
mauro.brasil@tqi.com.br
parents: 25941
diff changeset
340 purple_debug_error("certificate",
19081
bdd8911d5031 - Add debugging babble to check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19080
diff changeset
341 "...Bad or missing signature by %s\nChain is INVALID\n",
bdd8911d5031 - Add debugging babble to check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19080
diff changeset
342 uid);
bdd8911d5031 - Add debugging babble to check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19080
diff changeset
343 g_free(uid);
25924
584063555949 Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents: 25894
diff changeset
344
27671
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458.
Paul Aurich <paul@darkrain42.org>
parents: 27669
diff changeset
345 if (failing)
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458.
Paul Aurich <paul@darkrain42.org>
parents: 27669
diff changeset
346 *failing = crt;
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458.
Paul Aurich <paul@darkrain42.org>
parents: 27669
diff changeset
347
19077
8275c3cbc9da - Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19076
diff changeset
348 return FALSE;
8275c3cbc9da - Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19076
diff changeset
349 }
8275c3cbc9da - Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19076
diff changeset
350
19081
bdd8911d5031 - Add debugging babble to check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19080
diff changeset
351 purple_debug_info("certificate",
bdd8911d5031 - Add debugging babble to check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19080
diff changeset
352 "...Good signature by %s\n",
bdd8911d5031 - Add debugging babble to check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19080
diff changeset
353 uid);
bdd8911d5031 - Add debugging babble to check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19080
diff changeset
354 g_free(uid);
25924
584063555949 Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents: 25894
diff changeset
355
19077
8275c3cbc9da - Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19076
diff changeset
356 /* The issuer is now the next crt whose signature is to be
8275c3cbc9da - Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19076
diff changeset
357 checked */
8275c3cbc9da - Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19076
diff changeset
358 crt = issuer;
8275c3cbc9da - Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19076
diff changeset
359 }
8275c3cbc9da - Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19076
diff changeset
360
8275c3cbc9da - Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19076
diff changeset
361 /* If control reaches this point, the chain is valid */
19081
bdd8911d5031 - Add debugging babble to check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19080
diff changeset
362 purple_debug_info("certificate", "Chain is VALID\n");
19077
8275c3cbc9da - Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19076
diff changeset
363 return TRUE;
8275c3cbc9da - Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19076
diff changeset
364 }
8275c3cbc9da - Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19076
diff changeset
365
18988
4189fc3befba - Add purple_certificate_import
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18987
diff changeset
366 PurpleCertificate *
18989
43d1ee6a3ed5 - Fixed naming issues in previous revision
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18988
diff changeset
367 purple_certificate_import(PurpleCertificateScheme *scheme, const gchar *filename)
18988
4189fc3befba - Add purple_certificate_import
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18987
diff changeset
368 {
4189fc3befba - Add purple_certificate_import
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18987
diff changeset
369 g_return_val_if_fail(scheme, NULL);
4189fc3befba - Add purple_certificate_import
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18987
diff changeset
370 g_return_val_if_fail(scheme->import_certificate, NULL);
4189fc3befba - Add purple_certificate_import
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18987
diff changeset
371 g_return_val_if_fail(filename, NULL);
4189fc3befba - Add purple_certificate_import
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18987
diff changeset
372
4189fc3befba - Add purple_certificate_import
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18987
diff changeset
373 return (scheme->import_certificate)(filename);
4189fc3befba - Add purple_certificate_import
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18987
diff changeset
374 }
4189fc3befba - Add purple_certificate_import
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18987
diff changeset
375
29647
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents: 29062
diff changeset
376 GSList *
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents: 29062
diff changeset
377 purple_certificates_import(PurpleCertificateScheme *scheme, const gchar *filename)
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents: 29062
diff changeset
378 {
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents: 29062
diff changeset
379 g_return_val_if_fail(scheme, NULL);
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents: 29062
diff changeset
380 g_return_val_if_fail(scheme->import_certificates, NULL);
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents: 29062
diff changeset
381 g_return_val_if_fail(filename, NULL);
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents: 29062
diff changeset
382
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents: 29062
diff changeset
383 return (scheme->import_certificates)(filename);
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents: 29062
diff changeset
384 }
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents: 29062
diff changeset
385
18977
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18976
diff changeset
386 gboolean
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18976
diff changeset
387 purple_certificate_export(const gchar *filename, PurpleCertificate *crt)
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18976
diff changeset
388 {
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18976
diff changeset
389 PurpleCertificateScheme *scheme;
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18976
diff changeset
390
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18976
diff changeset
391 g_return_val_if_fail(filename, FALSE);
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18976
diff changeset
392 g_return_val_if_fail(crt, FALSE);
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18976
diff changeset
393 g_return_val_if_fail(crt->scheme, FALSE);
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18976
diff changeset
394
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18976
diff changeset
395 scheme = crt->scheme;
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18976
diff changeset
396 g_return_val_if_fail(scheme->export_certificate, FALSE);
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18976
diff changeset
397
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18976
diff changeset
398 return (scheme->export_certificate)(filename, crt);
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18976
diff changeset
399 }
31bdbb82de7e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18976
diff changeset
400
27669
4c5f35f2b1ff A better solution for verifying certificate chains with NSS 3.12.3.
Paul Aurich <paul@darkrain42.org>
parents: 27664
diff changeset
401 static gboolean
4c5f35f2b1ff A better solution for verifying certificate chains with NSS 3.12.3.
Paul Aurich <paul@darkrain42.org>
parents: 27664
diff changeset
402 byte_arrays_equal(const GByteArray *array1, const GByteArray *array2)
4c5f35f2b1ff A better solution for verifying certificate chains with NSS 3.12.3.
Paul Aurich <paul@darkrain42.org>
parents: 27664
diff changeset
403 {
4c5f35f2b1ff A better solution for verifying certificate chains with NSS 3.12.3.
Paul Aurich <paul@darkrain42.org>
parents: 27664
diff changeset
404 g_return_val_if_fail(array1 != NULL, FALSE);
4c5f35f2b1ff A better solution for verifying certificate chains with NSS 3.12.3.
Paul Aurich <paul@darkrain42.org>
parents: 27664
diff changeset
405 g_return_val_if_fail(array2 != NULL, FALSE);
4c5f35f2b1ff A better solution for verifying certificate chains with NSS 3.12.3.
Paul Aurich <paul@darkrain42.org>
parents: 27664
diff changeset
406
4c5f35f2b1ff A better solution for verifying certificate chains with NSS 3.12.3.
Paul Aurich <paul@darkrain42.org>
parents: 27664
diff changeset
407 return (array1->len == array2->len) &&
4c5f35f2b1ff A better solution for verifying certificate chains with NSS 3.12.3.
Paul Aurich <paul@darkrain42.org>
parents: 27664
diff changeset
408 (0 == memcmp(array1->data, array2->data, array1->len));
4c5f35f2b1ff A better solution for verifying certificate chains with NSS 3.12.3.
Paul Aurich <paul@darkrain42.org>
parents: 27664
diff changeset
409 }
31086
a8cc50c2279f Remove trailing whitespace
Richard Laager <rlaager@wiktel.com>
parents: 30960
diff changeset
410
18953
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
411 GByteArray *
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
412 purple_certificate_get_fingerprint_sha1(PurpleCertificate *crt)
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
413 {
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
414 PurpleCertificateScheme *scheme;
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
415 GByteArray *fpr;
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
416
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
417 g_return_val_if_fail(crt, NULL);
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
418 g_return_val_if_fail(crt->scheme, NULL);
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
419
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
420 scheme = crt->scheme;
25924
584063555949 Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents: 25894
diff changeset
421
18953
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
422 g_return_val_if_fail(scheme->get_fingerprint_sha1, NULL);
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
423
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
424 fpr = (scheme->get_fingerprint_sha1)(crt);
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
425
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
426 return fpr;
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
427 }
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
428
18962
fcd05c39803e - Add purple_certificate_get_subject_name and associated libpurple
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18960
diff changeset
429 gchar *
19080
3bdede51c007 - Expose get_unique_id and get_issuer_unique_id through libpurple functions
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19078
diff changeset
430 purple_certificate_get_unique_id(PurpleCertificate *crt)
3bdede51c007 - Expose get_unique_id and get_issuer_unique_id through libpurple functions
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19078
diff changeset
431 {
3bdede51c007 - Expose get_unique_id and get_issuer_unique_id through libpurple functions
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19078
diff changeset
432 g_return_val_if_fail(crt, NULL);
3bdede51c007 - Expose get_unique_id and get_issuer_unique_id through libpurple functions
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19078
diff changeset
433 g_return_val_if_fail(crt->scheme, NULL);
3bdede51c007 - Expose get_unique_id and get_issuer_unique_id through libpurple functions
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19078
diff changeset
434 g_return_val_if_fail(crt->scheme->get_unique_id, NULL);
3bdede51c007 - Expose get_unique_id and get_issuer_unique_id through libpurple functions
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19078
diff changeset
435
3bdede51c007 - Expose get_unique_id and get_issuer_unique_id through libpurple functions
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19078
diff changeset
436 return (crt->scheme->get_unique_id)(crt);
3bdede51c007 - Expose get_unique_id and get_issuer_unique_id through libpurple functions
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19078
diff changeset
437 }
3bdede51c007 - Expose get_unique_id and get_issuer_unique_id through libpurple functions
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19078
diff changeset
438
3bdede51c007 - Expose get_unique_id and get_issuer_unique_id through libpurple functions
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19078
diff changeset
439 gchar *
3bdede51c007 - Expose get_unique_id and get_issuer_unique_id through libpurple functions
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19078
diff changeset
440 purple_certificate_get_issuer_unique_id(PurpleCertificate *crt)
3bdede51c007 - Expose get_unique_id and get_issuer_unique_id through libpurple functions
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19078
diff changeset
441 {
3bdede51c007 - Expose get_unique_id and get_issuer_unique_id through libpurple functions
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19078
diff changeset
442 g_return_val_if_fail(crt, NULL);
3bdede51c007 - Expose get_unique_id and get_issuer_unique_id through libpurple functions
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19078
diff changeset
443 g_return_val_if_fail(crt->scheme, NULL);
3bdede51c007 - Expose get_unique_id and get_issuer_unique_id through libpurple functions
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19078
diff changeset
444 g_return_val_if_fail(crt->scheme->get_issuer_unique_id, NULL);
3bdede51c007 - Expose get_unique_id and get_issuer_unique_id through libpurple functions
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19078
diff changeset
445
3bdede51c007 - Expose get_unique_id and get_issuer_unique_id through libpurple functions
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19078
diff changeset
446 return (crt->scheme->get_issuer_unique_id)(crt);
3bdede51c007 - Expose get_unique_id and get_issuer_unique_id through libpurple functions
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19078
diff changeset
447 }
3bdede51c007 - Expose get_unique_id and get_issuer_unique_id through libpurple functions
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19078
diff changeset
448
3bdede51c007 - Expose get_unique_id and get_issuer_unique_id through libpurple functions
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19078
diff changeset
449 gchar *
18962
fcd05c39803e - Add purple_certificate_get_subject_name and associated libpurple
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18960
diff changeset
450 purple_certificate_get_subject_name(PurpleCertificate *crt)
fcd05c39803e - Add purple_certificate_get_subject_name and associated libpurple
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18960
diff changeset
451 {
fcd05c39803e - Add purple_certificate_get_subject_name and associated libpurple
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18960
diff changeset
452 PurpleCertificateScheme *scheme;
fcd05c39803e - Add purple_certificate_get_subject_name and associated libpurple
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18960
diff changeset
453 gchar *subject_name;
fcd05c39803e - Add purple_certificate_get_subject_name and associated libpurple
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18960
diff changeset
454
fcd05c39803e - Add purple_certificate_get_subject_name and associated libpurple
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18960
diff changeset
455 g_return_val_if_fail(crt, NULL);
fcd05c39803e - Add purple_certificate_get_subject_name and associated libpurple
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18960
diff changeset
456 g_return_val_if_fail(crt->scheme, NULL);
fcd05c39803e - Add purple_certificate_get_subject_name and associated libpurple
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18960
diff changeset
457
fcd05c39803e - Add purple_certificate_get_subject_name and associated libpurple
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18960
diff changeset
458 scheme = crt->scheme;
fcd05c39803e - Add purple_certificate_get_subject_name and associated libpurple
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18960
diff changeset
459
fcd05c39803e - Add purple_certificate_get_subject_name and associated libpurple
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18960
diff changeset
460 g_return_val_if_fail(scheme->get_subject_name, NULL);
fcd05c39803e - Add purple_certificate_get_subject_name and associated libpurple
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18960
diff changeset
461
fcd05c39803e - Add purple_certificate_get_subject_name and associated libpurple
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18960
diff changeset
462 subject_name = (scheme->get_subject_name)(crt);
fcd05c39803e - Add purple_certificate_get_subject_name and associated libpurple
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18960
diff changeset
463
fcd05c39803e - Add purple_certificate_get_subject_name and associated libpurple
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18960
diff changeset
464 return subject_name;
fcd05c39803e - Add purple_certificate_get_subject_name and associated libpurple
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18960
diff changeset
465 }
fcd05c39803e - Add purple_certificate_get_subject_name and associated libpurple
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18960
diff changeset
466
19008
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19001
diff changeset
467 gboolean
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19001
diff changeset
468 purple_certificate_check_subject_name(PurpleCertificate *crt, const gchar *name)
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19001
diff changeset
469 {
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19001
diff changeset
470 PurpleCertificateScheme *scheme;
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19001
diff changeset
471
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19001
diff changeset
472 g_return_val_if_fail(crt, FALSE);
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19001
diff changeset
473 g_return_val_if_fail(crt->scheme, FALSE);
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19001
diff changeset
474 g_return_val_if_fail(name, FALSE);
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19001
diff changeset
475
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19001
diff changeset
476 scheme = crt->scheme;
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19001
diff changeset
477
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19001
diff changeset
478 g_return_val_if_fail(scheme->check_subject_name, FALSE);
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19001
diff changeset
479
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19001
diff changeset
480 return (scheme->check_subject_name)(crt, name);
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19001
diff changeset
481 }
7fd9bd55f8d0 - Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19001
diff changeset
482
19012
b1090cbfc286 - Add expiration/activation functions for Certificates
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19010
diff changeset
483 gboolean
b1090cbfc286 - Add expiration/activation functions for Certificates
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19010
diff changeset
484 purple_certificate_get_times(PurpleCertificate *crt, time_t *activation, time_t *expiration)
b1090cbfc286 - Add expiration/activation functions for Certificates
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19010
diff changeset
485 {
b1090cbfc286 - Add expiration/activation functions for Certificates
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19010
diff changeset
486 PurpleCertificateScheme *scheme;
b1090cbfc286 - Add expiration/activation functions for Certificates
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19010
diff changeset
487
b1090cbfc286 - Add expiration/activation functions for Certificates
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19010
diff changeset
488 g_return_val_if_fail(crt, FALSE);
b1090cbfc286 - Add expiration/activation functions for Certificates
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19010
diff changeset
489
b1090cbfc286 - Add expiration/activation functions for Certificates
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19010
diff changeset
490 scheme = crt->scheme;
25924
584063555949 Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents: 25894
diff changeset
491
19012
b1090cbfc286 - Add expiration/activation functions for Certificates
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19010
diff changeset
492 g_return_val_if_fail(scheme, FALSE);
b1090cbfc286 - Add expiration/activation functions for Certificates
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19010
diff changeset
493
b1090cbfc286 - Add expiration/activation functions for Certificates
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19010
diff changeset
494 /* If both provided references are NULL, what are you doing calling
b1090cbfc286 - Add expiration/activation functions for Certificates
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19010
diff changeset
495 this? */
b1090cbfc286 - Add expiration/activation functions for Certificates
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19010
diff changeset
496 g_return_val_if_fail( (activation != NULL) || (expiration != NULL), FALSE);
b1090cbfc286 - Add expiration/activation functions for Certificates
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19010
diff changeset
497
19067
6c0aad79c4c5 - Change the internal structure of activation/expiration times to match
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19063
diff changeset
498 /* Throw the request on down to the certscheme */
6c0aad79c4c5 - Change the internal structure of activation/expiration times to match
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19063
diff changeset
499 return (scheme->get_times)(crt, activation, expiration);
19012
b1090cbfc286 - Add expiration/activation functions for Certificates
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19010
diff changeset
500 }
b1090cbfc286 - Add expiration/activation functions for Certificates
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19010
diff changeset
501
32414
7ceb5ca4b323 Add a function for retrieving the raw DER representation of a
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32212
diff changeset
502 GByteArray *
7ceb5ca4b323 Add a function for retrieving the raw DER representation of a
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32212
diff changeset
503 purple_certificate_get_der_data(PurpleCertificate *crt)
7ceb5ca4b323 Add a function for retrieving the raw DER representation of a
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32212
diff changeset
504 {
7ceb5ca4b323 Add a function for retrieving the raw DER representation of a
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32212
diff changeset
505 PurpleCertificateScheme *scheme;
7ceb5ca4b323 Add a function for retrieving the raw DER representation of a
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32212
diff changeset
506 GByteArray *data;
7ceb5ca4b323 Add a function for retrieving the raw DER representation of a
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32212
diff changeset
507
7ceb5ca4b323 Add a function for retrieving the raw DER representation of a
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32212
diff changeset
508 g_return_val_if_fail(crt, NULL);
7ceb5ca4b323 Add a function for retrieving the raw DER representation of a
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32212
diff changeset
509 g_return_val_if_fail(crt->scheme, NULL);
7ceb5ca4b323 Add a function for retrieving the raw DER representation of a
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32212
diff changeset
510
7ceb5ca4b323 Add a function for retrieving the raw DER representation of a
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32212
diff changeset
511 scheme = crt->scheme;
7ceb5ca4b323 Add a function for retrieving the raw DER representation of a
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32212
diff changeset
512
7ceb5ca4b323 Add a function for retrieving the raw DER representation of a
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32212
diff changeset
513 g_return_val_if_fail(scheme->get_der_data, NULL);
7ceb5ca4b323 Add a function for retrieving the raw DER representation of a
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32212
diff changeset
514
7ceb5ca4b323 Add a function for retrieving the raw DER representation of a
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32212
diff changeset
515 data = (scheme->get_der_data)(crt);
7ceb5ca4b323 Add a function for retrieving the raw DER representation of a
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32212
diff changeset
516
7ceb5ca4b323 Add a function for retrieving the raw DER representation of a
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32212
diff changeset
517 return data;
7ceb5ca4b323 Add a function for retrieving the raw DER representation of a
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32212
diff changeset
518 }
7ceb5ca4b323 Add a function for retrieving the raw DER representation of a
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32212
diff changeset
519
18984
2b4150624cf2 - Add purple_certificate_pool_mkpath helper function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18982
diff changeset
520 gchar *
32552
298080cecdc5 Add a function for converting a PurpleCertificate to a string
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32414
diff changeset
521 purple_certificate_get_display_string(PurpleCertificate *crt)
298080cecdc5 Add a function for converting a PurpleCertificate to a string
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32414
diff changeset
522 {
298080cecdc5 Add a function for converting a PurpleCertificate to a string
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32414
diff changeset
523 PurpleCertificateScheme *scheme;
298080cecdc5 Add a function for converting a PurpleCertificate to a string
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32414
diff changeset
524 gchar *str;
298080cecdc5 Add a function for converting a PurpleCertificate to a string
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32414
diff changeset
525
298080cecdc5 Add a function for converting a PurpleCertificate to a string
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32414
diff changeset
526 g_return_val_if_fail(crt, NULL);
298080cecdc5 Add a function for converting a PurpleCertificate to a string
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32414
diff changeset
527 g_return_val_if_fail(crt->scheme, NULL);
298080cecdc5 Add a function for converting a PurpleCertificate to a string
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32414
diff changeset
528
298080cecdc5 Add a function for converting a PurpleCertificate to a string
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32414
diff changeset
529 scheme = crt->scheme;
298080cecdc5 Add a function for converting a PurpleCertificate to a string
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32414
diff changeset
530
298080cecdc5 Add a function for converting a PurpleCertificate to a string
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32414
diff changeset
531 g_return_val_if_fail(scheme->get_display_string, NULL);
298080cecdc5 Add a function for converting a PurpleCertificate to a string
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32414
diff changeset
532
298080cecdc5 Add a function for converting a PurpleCertificate to a string
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32414
diff changeset
533 str = (scheme->get_display_string)(crt);
298080cecdc5 Add a function for converting a PurpleCertificate to a string
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32414
diff changeset
534
298080cecdc5 Add a function for converting a PurpleCertificate to a string
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32414
diff changeset
535 return str;
298080cecdc5 Add a function for converting a PurpleCertificate to a string
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32414
diff changeset
536 }
298080cecdc5 Add a function for converting a PurpleCertificate to a string
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32414
diff changeset
537
298080cecdc5 Add a function for converting a PurpleCertificate to a string
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32414
diff changeset
538 gchar *
18984
2b4150624cf2 - Add purple_certificate_pool_mkpath helper function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18982
diff changeset
539 purple_certificate_pool_mkpath(PurpleCertificatePool *pool, const gchar *id)
2b4150624cf2 - Add purple_certificate_pool_mkpath helper function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18982
diff changeset
540 {
19010
0d4b84820390 - Fix overzealous escaping cause by ancestor revision
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19009
diff changeset
541 gchar *path;
0d4b84820390 - Fix overzealous escaping cause by ancestor revision
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19009
diff changeset
542 gchar *esc_scheme_name, *esc_name, *esc_id;
25924
584063555949 Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents: 25894
diff changeset
543
18984
2b4150624cf2 - Add purple_certificate_pool_mkpath helper function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18982
diff changeset
544 g_return_val_if_fail(pool, NULL);
2b4150624cf2 - Add purple_certificate_pool_mkpath helper function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18982
diff changeset
545 g_return_val_if_fail(pool->scheme_name, NULL);
2b4150624cf2 - Add purple_certificate_pool_mkpath helper function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18982
diff changeset
546 g_return_val_if_fail(pool->name, NULL);
2b4150624cf2 - Add purple_certificate_pool_mkpath helper function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18982
diff changeset
547
19010
0d4b84820390 - Fix overzealous escaping cause by ancestor revision
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19009
diff changeset
548 /* Escape all the elements for filesystem-friendliness */
19033
6b4e874e47c1 - Handle NULLs given to certificate_pool_mkpath without causing errors
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19027
diff changeset
549 esc_scheme_name = pool ? g_strdup(purple_escape_filename(pool->scheme_name)) : NULL;
6b4e874e47c1 - Handle NULLs given to certificate_pool_mkpath without causing errors
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19027
diff changeset
550 esc_name = pool ? g_strdup(purple_escape_filename(pool->name)) : NULL;
6b4e874e47c1 - Handle NULLs given to certificate_pool_mkpath without causing errors
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19027
diff changeset
551 esc_id = id ? g_strdup(purple_escape_filename(id)) : NULL;
25924
584063555949 Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents: 25894
diff changeset
552
18984
2b4150624cf2 - Add purple_certificate_pool_mkpath helper function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18982
diff changeset
553 path = g_build_filename(purple_user_dir(),
18986
dfd9f883b774 - Correct the certstore folder paths
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18985
diff changeset
554 "certificates", /* TODO: constantize this? */
19010
0d4b84820390 - Fix overzealous escaping cause by ancestor revision
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19009
diff changeset
555 esc_scheme_name,
0d4b84820390 - Fix overzealous escaping cause by ancestor revision
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19009
diff changeset
556 esc_name,
0d4b84820390 - Fix overzealous escaping cause by ancestor revision
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19009
diff changeset
557 esc_id,
18984
2b4150624cf2 - Add purple_certificate_pool_mkpath helper function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18982
diff changeset
558 NULL);
19009
b64aa0222a7a - pool_mkpath now runs purple_escape_filename on its return value
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19008
diff changeset
559
19010
0d4b84820390 - Fix overzealous escaping cause by ancestor revision
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19009
diff changeset
560 g_free(esc_scheme_name);
0d4b84820390 - Fix overzealous escaping cause by ancestor revision
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19009
diff changeset
561 g_free(esc_name);
0d4b84820390 - Fix overzealous escaping cause by ancestor revision
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19009
diff changeset
562 g_free(esc_id);
0d4b84820390 - Fix overzealous escaping cause by ancestor revision
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19009
diff changeset
563 return path;
18984
2b4150624cf2 - Add purple_certificate_pool_mkpath helper function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18982
diff changeset
564 }
2b4150624cf2 - Add purple_certificate_pool_mkpath helper function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18982
diff changeset
565
18995
47b06daea9d1 - Add pool retrieve, contains, and store functions to certificate API
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18993
diff changeset
566 gboolean
19034
8b627694bf4a - Add purple_certificate_pool_usable to check whether a pool's
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19033
diff changeset
567 purple_certificate_pool_usable(PurpleCertificatePool *pool)
8b627694bf4a - Add purple_certificate_pool_usable to check whether a pool's
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19033
diff changeset
568 {
8b627694bf4a - Add purple_certificate_pool_usable to check whether a pool's
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19033
diff changeset
569 g_return_val_if_fail(pool, FALSE);
8b627694bf4a - Add purple_certificate_pool_usable to check whether a pool's
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19033
diff changeset
570 g_return_val_if_fail(pool->scheme_name, FALSE);
8b627694bf4a - Add purple_certificate_pool_usable to check whether a pool's
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19033
diff changeset
571
8b627694bf4a - Add purple_certificate_pool_usable to check whether a pool's
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19033
diff changeset
572 /* Check that the pool's scheme is loaded */
8b627694bf4a - Add purple_certificate_pool_usable to check whether a pool's
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19033
diff changeset
573 if (purple_certificate_find_scheme(pool->scheme_name) == NULL) {
8b627694bf4a - Add purple_certificate_pool_usable to check whether a pool's
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19033
diff changeset
574 return FALSE;
8b627694bf4a - Add purple_certificate_pool_usable to check whether a pool's
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19033
diff changeset
575 }
25924
584063555949 Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents: 25894
diff changeset
576
19034
8b627694bf4a - Add purple_certificate_pool_usable to check whether a pool's
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19033
diff changeset
577 return TRUE;
8b627694bf4a - Add purple_certificate_pool_usable to check whether a pool's
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19033
diff changeset
578 }
8b627694bf4a - Add purple_certificate_pool_usable to check whether a pool's
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19033
diff changeset
579
19060
c79b54f03f9d - Add purple_certificate_pool_get_scheme helper function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19050
diff changeset
580 PurpleCertificateScheme *
c79b54f03f9d - Add purple_certificate_pool_get_scheme helper function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19050
diff changeset
581 purple_certificate_pool_get_scheme(PurpleCertificatePool *pool)
c79b54f03f9d - Add purple_certificate_pool_get_scheme helper function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19050
diff changeset
582 {
c79b54f03f9d - Add purple_certificate_pool_get_scheme helper function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19050
diff changeset
583 g_return_val_if_fail(pool, NULL);
c79b54f03f9d - Add purple_certificate_pool_get_scheme helper function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19050
diff changeset
584 g_return_val_if_fail(pool->scheme_name, NULL);
c79b54f03f9d - Add purple_certificate_pool_get_scheme helper function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19050
diff changeset
585
c79b54f03f9d - Add purple_certificate_pool_get_scheme helper function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19050
diff changeset
586 return purple_certificate_find_scheme(pool->scheme_name);
c79b54f03f9d - Add purple_certificate_pool_get_scheme helper function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19050
diff changeset
587 }
c79b54f03f9d - Add purple_certificate_pool_get_scheme helper function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19050
diff changeset
588
19034
8b627694bf4a - Add purple_certificate_pool_usable to check whether a pool's
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19033
diff changeset
589 gboolean
18995
47b06daea9d1 - Add pool retrieve, contains, and store functions to certificate API
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18993
diff changeset
590 purple_certificate_pool_contains(PurpleCertificatePool *pool, const gchar *id)
47b06daea9d1 - Add pool retrieve, contains, and store functions to certificate API
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18993
diff changeset
591 {
47b06daea9d1 - Add pool retrieve, contains, and store functions to certificate API
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18993
diff changeset
592 g_return_val_if_fail(pool, FALSE);
47b06daea9d1 - Add pool retrieve, contains, and store functions to certificate API
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18993
diff changeset
593 g_return_val_if_fail(id, FALSE);
47b06daea9d1 - Add pool retrieve, contains, and store functions to certificate API
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18993
diff changeset
594 g_return_val_if_fail(pool->cert_in_pool, FALSE);
47b06daea9d1 - Add pool retrieve, contains, and store functions to certificate API
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18993
diff changeset
595
47b06daea9d1 - Add pool retrieve, contains, and store functions to certificate API
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18993
diff changeset
596 return (pool->cert_in_pool)(id);
47b06daea9d1 - Add pool retrieve, contains, and store functions to certificate API
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18993
diff changeset
597 }
47b06daea9d1 - Add pool retrieve, contains, and store functions to certificate API
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18993
diff changeset
598
47b06daea9d1 - Add pool retrieve, contains, and store functions to certificate API
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18993
diff changeset
599 PurpleCertificate *
47b06daea9d1 - Add pool retrieve, contains, and store functions to certificate API
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18993
diff changeset
600 purple_certificate_pool_retrieve(PurpleCertificatePool *pool, const gchar *id)
47b06daea9d1 - Add pool retrieve, contains, and store functions to certificate API
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18993
diff changeset
601 {
47b06daea9d1 - Add pool retrieve, contains, and store functions to certificate API
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18993
diff changeset
602 g_return_val_if_fail(pool, NULL);
47b06daea9d1 - Add pool retrieve, contains, and store functions to certificate API
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18993
diff changeset
603 g_return_val_if_fail(id, NULL);
47b06daea9d1 - Add pool retrieve, contains, and store functions to certificate API
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18993
diff changeset
604 g_return_val_if_fail(pool->get_cert, NULL);
47b06daea9d1 - Add pool retrieve, contains, and store functions to certificate API
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18993
diff changeset
605
47b06daea9d1 - Add pool retrieve, contains, and store functions to certificate API
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18993
diff changeset
606 return (pool->get_cert)(id);
47b06daea9d1 - Add pool retrieve, contains, and store functions to certificate API
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18993
diff changeset
607 }
47b06daea9d1 - Add pool retrieve, contains, and store functions to certificate API
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18993
diff changeset
608
47b06daea9d1 - Add pool retrieve, contains, and store functions to certificate API
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18993
diff changeset
609 gboolean
47b06daea9d1 - Add pool retrieve, contains, and store functions to certificate API
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18993
diff changeset
610 purple_certificate_pool_store(PurpleCertificatePool *pool, const gchar *id, PurpleCertificate *crt)
47b06daea9d1 - Add pool retrieve, contains, and store functions to certificate API
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18993
diff changeset
611 {
19046
8599a27ad69c - Emit certificate-stored signal in purple_certificate_pool_store
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19044
diff changeset
612 gboolean ret = FALSE;
25924
584063555949 Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents: 25894
diff changeset
613
18995
47b06daea9d1 - Add pool retrieve, contains, and store functions to certificate API
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18993
diff changeset
614 g_return_val_if_fail(pool, FALSE);
47b06daea9d1 - Add pool retrieve, contains, and store functions to certificate API
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18993
diff changeset
615 g_return_val_if_fail(id, FALSE);
47b06daea9d1 - Add pool retrieve, contains, and store functions to certificate API
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18993
diff changeset
616 g_return_val_if_fail(pool->put_cert, FALSE);
47b06daea9d1 - Add pool retrieve, contains, and store functions to certificate API
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18993
diff changeset
617
18996
24fc5ca67afc - Do some weak checking to ensure that you don't attempt to store a
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18995
diff changeset
618 /* Whether crt->scheme matches find_scheme(pool->scheme_name) is not
24fc5ca67afc - Do some weak checking to ensure that you don't attempt to store a
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18995
diff changeset
619 relevant... I think... */
24fc5ca67afc - Do some weak checking to ensure that you don't attempt to store a
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18995
diff changeset
620 g_return_val_if_fail(
24fc5ca67afc - Do some weak checking to ensure that you don't attempt to store a
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18995
diff changeset
621 g_ascii_strcasecmp(pool->scheme_name, crt->scheme->name) == 0,
24fc5ca67afc - Do some weak checking to ensure that you don't attempt to store a
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18995
diff changeset
622 FALSE);
18995
47b06daea9d1 - Add pool retrieve, contains, and store functions to certificate API
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18993
diff changeset
623
19046
8599a27ad69c - Emit certificate-stored signal in purple_certificate_pool_store
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19044
diff changeset
624 ret = (pool->put_cert)(id, crt);
8599a27ad69c - Emit certificate-stored signal in purple_certificate_pool_store
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19044
diff changeset
625
19050
c563b8f84aa0 - Only emit certificate-stored and certificate-deleted if the operation
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19049
diff changeset
626 /* Signal that the certificate was stored if success*/
c563b8f84aa0 - Only emit certificate-stored and certificate-deleted if the operation
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19049
diff changeset
627 if (ret) {
c563b8f84aa0 - Only emit certificate-stored and certificate-deleted if the operation
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19049
diff changeset
628 purple_signal_emit(pool, "certificate-stored",
c563b8f84aa0 - Only emit certificate-stored and certificate-deleted if the operation
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19049
diff changeset
629 pool, id);
c563b8f84aa0 - Only emit certificate-stored and certificate-deleted if the operation
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19049
diff changeset
630 }
19046
8599a27ad69c - Emit certificate-stored signal in purple_certificate_pool_store
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19044
diff changeset
631
8599a27ad69c - Emit certificate-stored signal in purple_certificate_pool_store
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19044
diff changeset
632 return ret;
25924
584063555949 Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents: 25894
diff changeset
633 }
18984
2b4150624cf2 - Add purple_certificate_pool_mkpath helper function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18982
diff changeset
634
19049
8cbc110456ac - Add purple_certificate_pool_delete
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19048
diff changeset
635 gboolean
8cbc110456ac - Add purple_certificate_pool_delete
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19048
diff changeset
636 purple_certificate_pool_delete(PurpleCertificatePool *pool, const gchar *id)
8cbc110456ac - Add purple_certificate_pool_delete
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19048
diff changeset
637 {
8cbc110456ac - Add purple_certificate_pool_delete
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19048
diff changeset
638 gboolean ret = FALSE;
25924
584063555949 Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents: 25894
diff changeset
639
19049
8cbc110456ac - Add purple_certificate_pool_delete
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19048
diff changeset
640 g_return_val_if_fail(pool, FALSE);
8cbc110456ac - Add purple_certificate_pool_delete
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19048
diff changeset
641 g_return_val_if_fail(id, FALSE);
8cbc110456ac - Add purple_certificate_pool_delete
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19048
diff changeset
642 g_return_val_if_fail(pool->delete_cert, FALSE);
8cbc110456ac - Add purple_certificate_pool_delete
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19048
diff changeset
643
8cbc110456ac - Add purple_certificate_pool_delete
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19048
diff changeset
644 ret = (pool->delete_cert)(id);
8cbc110456ac - Add purple_certificate_pool_delete
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19048
diff changeset
645
19050
c563b8f84aa0 - Only emit certificate-stored and certificate-deleted if the operation
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19049
diff changeset
646 /* Signal that the certificate was deleted if success */
c563b8f84aa0 - Only emit certificate-stored and certificate-deleted if the operation
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19049
diff changeset
647 if (ret) {
c563b8f84aa0 - Only emit certificate-stored and certificate-deleted if the operation
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19049
diff changeset
648 purple_signal_emit(pool, "certificate-deleted",
c563b8f84aa0 - Only emit certificate-stored and certificate-deleted if the operation
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19049
diff changeset
649 pool, id);
c563b8f84aa0 - Only emit certificate-stored and certificate-deleted if the operation
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19049
diff changeset
650 }
19049
8cbc110456ac - Add purple_certificate_pool_delete
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19048
diff changeset
651
8cbc110456ac - Add purple_certificate_pool_delete
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19048
diff changeset
652 return ret;
8cbc110456ac - Add purple_certificate_pool_delete
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19048
diff changeset
653 }
8cbc110456ac - Add purple_certificate_pool_delete
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19048
diff changeset
654
19026
b3acaf46d9ad - Add pool_get_idlist / pool_destroy_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19024
diff changeset
655 GList *
b3acaf46d9ad - Add pool_get_idlist / pool_destroy_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19024
diff changeset
656 purple_certificate_pool_get_idlist(PurpleCertificatePool *pool)
b3acaf46d9ad - Add pool_get_idlist / pool_destroy_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19024
diff changeset
657 {
b3acaf46d9ad - Add pool_get_idlist / pool_destroy_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19024
diff changeset
658 g_return_val_if_fail(pool, NULL);
b3acaf46d9ad - Add pool_get_idlist / pool_destroy_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19024
diff changeset
659 g_return_val_if_fail(pool->get_idlist, NULL);
b3acaf46d9ad - Add pool_get_idlist / pool_destroy_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19024
diff changeset
660
b3acaf46d9ad - Add pool_get_idlist / pool_destroy_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19024
diff changeset
661 return (pool->get_idlist)();
b3acaf46d9ad - Add pool_get_idlist / pool_destroy_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19024
diff changeset
662 }
b3acaf46d9ad - Add pool_get_idlist / pool_destroy_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19024
diff changeset
663
b3acaf46d9ad - Add pool_get_idlist / pool_destroy_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19024
diff changeset
664 void
b3acaf46d9ad - Add pool_get_idlist / pool_destroy_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19024
diff changeset
665 purple_certificate_pool_destroy_idlist(GList *idlist)
b3acaf46d9ad - Add pool_get_idlist / pool_destroy_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19024
diff changeset
666 {
b3acaf46d9ad - Add pool_get_idlist / pool_destroy_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19024
diff changeset
667 GList *l;
25924
584063555949 Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents: 25894
diff changeset
668
19026
b3acaf46d9ad - Add pool_get_idlist / pool_destroy_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19024
diff changeset
669 /* Iterate through and free them strings */
b3acaf46d9ad - Add pool_get_idlist / pool_destroy_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19024
diff changeset
670 for ( l = idlist; l; l = l->next ) {
b3acaf46d9ad - Add pool_get_idlist / pool_destroy_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19024
diff changeset
671 g_free(l->data);
b3acaf46d9ad - Add pool_get_idlist / pool_destroy_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19024
diff changeset
672 }
b3acaf46d9ad - Add pool_get_idlist / pool_destroy_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19024
diff changeset
673
b3acaf46d9ad - Add pool_get_idlist / pool_destroy_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19024
diff changeset
674 g_list_free(idlist);
b3acaf46d9ad - Add pool_get_idlist / pool_destroy_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19024
diff changeset
675 }
b3acaf46d9ad - Add pool_get_idlist / pool_destroy_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19024
diff changeset
676
b3acaf46d9ad - Add pool_get_idlist / pool_destroy_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19024
diff changeset
677
18953
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
678 /****************************************************************************/
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
679 /* Builtin Verifiers, Pools, etc. */
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
680 /****************************************************************************/
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
681
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
682 static void
32556
b1f9e5e9c03f Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32552
diff changeset
683 x509_singleuse_verify_accept_cb(PurpleCertificateVerificationRequest *vrq)
18953
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
684 {
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
685 g_return_if_fail(vrq);
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
686
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
687 purple_debug_info("certificate/x509_singleuse",
32556
b1f9e5e9c03f Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32552
diff changeset
688 "VRQ on cert from %s accepted\n",
b1f9e5e9c03f Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32552
diff changeset
689 vrq->subject_name);
b1f9e5e9c03f Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32552
diff changeset
690
b1f9e5e9c03f Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32552
diff changeset
691 purple_certificate_verify_complete(vrq, PURPLE_CERTIFICATE_VALID);
b1f9e5e9c03f Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32552
diff changeset
692 }
18953
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
693
32556
b1f9e5e9c03f Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32552
diff changeset
694 static void
b1f9e5e9c03f Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32552
diff changeset
695 x509_singleuse_verify_reject_cb(PurpleCertificateVerificationRequest *vrq)
b1f9e5e9c03f Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32552
diff changeset
696 {
b1f9e5e9c03f Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32552
diff changeset
697 g_return_if_fail(vrq);
18953
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
698
32556
b1f9e5e9c03f Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32552
diff changeset
699 purple_debug_info("certificate/x509_singleuse",
b1f9e5e9c03f Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32552
diff changeset
700 "VRQ on cert from %s rejected\n",
b1f9e5e9c03f Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32552
diff changeset
701 vrq->subject_name);
b1f9e5e9c03f Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32552
diff changeset
702
b1f9e5e9c03f Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32552
diff changeset
703 purple_certificate_verify_complete(vrq, PURPLE_CERTIFICATE_INVALID);
18953
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
704 }
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
705
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
706 static void
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
707 x509_singleuse_start_verify (PurpleCertificateVerificationRequest *vrq)
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
708 {
18964
7b03727b10b4 - x509_singleuse uses the subject_name field...somewhat
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18962
diff changeset
709 gchar *cn;
7b03727b10b4 - x509_singleuse uses the subject_name field...somewhat
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18962
diff changeset
710 const gchar *cn_match;
18953
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
711 gchar *primary, *secondary;
32556
b1f9e5e9c03f Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32552
diff changeset
712 PurpleCertificate *crt = (PurpleCertificate *)vrq->cert_chain->data;
18953
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
713
18964
7b03727b10b4 - x509_singleuse uses the subject_name field...somewhat
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18962
diff changeset
714 cn = purple_certificate_get_subject_name(crt);
7b03727b10b4 - x509_singleuse uses the subject_name field...somewhat
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18962
diff changeset
715
19496
004c3e257bd0 - Even more TODO whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19495
diff changeset
716 if (purple_certificate_check_subject_name(crt, vrq->subject_name)) {
32556
b1f9e5e9c03f Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32552
diff changeset
717 cn_match = _("(MATCH)");
18964
7b03727b10b4 - x509_singleuse uses the subject_name field...somewhat
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18962
diff changeset
718 } else {
7b03727b10b4 - x509_singleuse uses the subject_name field...somewhat
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18962
diff changeset
719 cn_match = _("(DOES NOT MATCH)");
7b03727b10b4 - x509_singleuse uses the subject_name field...somewhat
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18962
diff changeset
720 }
25924
584063555949 Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents: 25894
diff changeset
721
18953
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
722 primary = g_strdup_printf(_("%s has presented the following certificate for just-this-once use:"), vrq->subject_name);
32556
b1f9e5e9c03f Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32552
diff changeset
723 secondary = g_strdup_printf(_("Common name: %s %s"), cn, cn_match);
25924
584063555949 Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents: 25894
diff changeset
724
18953
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
725 /* Make a semi-pretty display */
32556
b1f9e5e9c03f Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32552
diff changeset
726 purple_request_certificate(
18953
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
727 vrq->cb_data, /* TODO: Find what the handle ought to be */
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
728 _("Single-use Certificate Verification"),
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
729 primary,
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
730 secondary,
32556
b1f9e5e9c03f Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32552
diff changeset
731 crt,
b1f9e5e9c03f Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32552
diff changeset
732 _("Accept"), G_CALLBACK(x509_singleuse_verify_accept_cb),
b1f9e5e9c03f Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32552
diff changeset
733 _("Reject"), G_CALLBACK(x509_singleuse_verify_reject_cb),
b1f9e5e9c03f Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32552
diff changeset
734 vrq);
25924
584063555949 Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents: 25894
diff changeset
735
29699
8474495b9dfc A couple more leak fixes.
Sadrul Habib Chowdhury <imadil@gmail.com>
parents: 29647
diff changeset
736 g_free(cn);
18953
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
737 g_free(primary);
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
738 g_free(secondary);
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
739 }
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
740
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
741 static void
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
742 x509_singleuse_destroy_request (PurpleCertificateVerificationRequest *vrq)
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
743 {
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
744 /* I don't do anything! */
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
745 }
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
746
22593
54e5371a6d5d Make x509_singleuse static
Stu Tomlinson <stu@nosnilmot.com>
parents: 22486
diff changeset
747 static PurpleCertificateVerifier x509_singleuse = {
18953
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
748 "x509", /* Scheme name */
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
749 "singleuse", /* Verifier name */
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
750 x509_singleuse_start_verify, /* start_verification function */
19649
450f4a3c4c0f - Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19564
diff changeset
751 x509_singleuse_destroy_request, /* Request cleanup operation */
450f4a3c4c0f - Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19564
diff changeset
752
450f4a3c4c0f - Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19564
diff changeset
753 NULL,
450f4a3c4c0f - Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19564
diff changeset
754 NULL,
450f4a3c4c0f - Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19564
diff changeset
755 NULL,
450f4a3c4c0f - Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19564
diff changeset
756 NULL
18953
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
757 };
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
758
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
759
18975
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18973
diff changeset
760
19093
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
761 /***** X.509 Certificate Authority pool, keyed by Distinguished Name *****/
19094
dd9f69ebaae8 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19093
diff changeset
762 /* This is implemented in what may be the most inefficient and bugprone way
dd9f69ebaae8 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19093
diff changeset
763 possible; however, future optimizations should not be difficult. */
dd9f69ebaae8 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19093
diff changeset
764
19093
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
765 static PurpleCertificatePool x509_ca;
18975
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18973
diff changeset
766
19094
dd9f69ebaae8 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19093
diff changeset
767 /** Holds a key-value pair for quickish certificate lookup */
dd9f69ebaae8 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19093
diff changeset
768 typedef struct {
dd9f69ebaae8 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19093
diff changeset
769 gchar *dn;
dd9f69ebaae8 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19093
diff changeset
770 PurpleCertificate *crt;
dd9f69ebaae8 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19093
diff changeset
771 } x509_ca_element;
dd9f69ebaae8 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19093
diff changeset
772
19207
8926e15873ca - Add a helper function to destroy x509_ca_elements, and use it where
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19206
diff changeset
773 static void
8926e15873ca - Add a helper function to destroy x509_ca_elements, and use it where
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19206
diff changeset
774 x509_ca_element_free(x509_ca_element *el)
8926e15873ca - Add a helper function to destroy x509_ca_elements, and use it where
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19206
diff changeset
775 {
8926e15873ca - Add a helper function to destroy x509_ca_elements, and use it where
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19206
diff changeset
776 if (NULL == el) return;
8926e15873ca - Add a helper function to destroy x509_ca_elements, and use it where
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19206
diff changeset
777
8926e15873ca - Add a helper function to destroy x509_ca_elements, and use it where
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19206
diff changeset
778 g_free(el->dn);
8926e15873ca - Add a helper function to destroy x509_ca_elements, and use it where
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19206
diff changeset
779 purple_certificate_destroy(el->crt);
8926e15873ca - Add a helper function to destroy x509_ca_elements, and use it where
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19206
diff changeset
780 g_free(el);
8926e15873ca - Add a helper function to destroy x509_ca_elements, and use it where
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19206
diff changeset
781 }
8926e15873ca - Add a helper function to destroy x509_ca_elements, and use it where
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19206
diff changeset
782
19094
dd9f69ebaae8 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19093
diff changeset
783 /** System directory to probe for CA certificates */
19271
c28e1afe691b In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19211
diff changeset
784 /* This is set in the lazy_init function */
21647
a57adf1de9cb Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents: 21561
diff changeset
785 static GList *x509_ca_paths = NULL;
19094
dd9f69ebaae8 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19093
diff changeset
786
dd9f69ebaae8 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19093
diff changeset
787 /** A list of loaded CAs, populated from the above path whenever the lazy_init
dd9f69ebaae8 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19093
diff changeset
788 happens. Contains pointers to x509_ca_elements */
dd9f69ebaae8 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19093
diff changeset
789 static GList *x509_ca_certs = NULL;
dd9f69ebaae8 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19093
diff changeset
790
dd9f69ebaae8 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19093
diff changeset
791 /** Used for lazy initialization purposes. */
dd9f69ebaae8 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19093
diff changeset
792 static gboolean x509_ca_initialized = FALSE;
dd9f69ebaae8 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19093
diff changeset
793
19201
73d8dd2169c4 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19096
diff changeset
794 /** Adds a certificate to the in-memory cache, doing nothing else */
73d8dd2169c4 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19096
diff changeset
795 static gboolean
73d8dd2169c4 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19096
diff changeset
796 x509_ca_quiet_put_cert(PurpleCertificate *crt)
73d8dd2169c4 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19096
diff changeset
797 {
73d8dd2169c4 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19096
diff changeset
798 x509_ca_element *el;
73d8dd2169c4 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19096
diff changeset
799
73d8dd2169c4 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19096
diff changeset
800 /* lazy_init calls this function, so calling lazy_init here is a
73d8dd2169c4 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19096
diff changeset
801 Bad Thing */
25924
584063555949 Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents: 25894
diff changeset
802
19201
73d8dd2169c4 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19096
diff changeset
803 g_return_val_if_fail(crt, FALSE);
73d8dd2169c4 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19096
diff changeset
804 g_return_val_if_fail(crt->scheme, FALSE);
73d8dd2169c4 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19096
diff changeset
805 /* Make sure that this is some kind of X.509 certificate */
73d8dd2169c4 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19096
diff changeset
806 /* TODO: Perhaps just check crt->scheme->name instead? */
73d8dd2169c4 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19096
diff changeset
807 g_return_val_if_fail(crt->scheme == purple_certificate_find_scheme(x509_ca.scheme_name), FALSE);
25924
584063555949 Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents: 25894
diff changeset
808
19201
73d8dd2169c4 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19096
diff changeset
809 el = g_new0(x509_ca_element, 1);
73d8dd2169c4 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19096
diff changeset
810 el->dn = purple_certificate_get_unique_id(crt);
73d8dd2169c4 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19096
diff changeset
811 el->crt = purple_certificate_copy(crt);
73d8dd2169c4 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19096
diff changeset
812 x509_ca_certs = g_list_prepend(x509_ca_certs, el);
73d8dd2169c4 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19096
diff changeset
813
73d8dd2169c4 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19096
diff changeset
814 return TRUE;
73d8dd2169c4 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19096
diff changeset
815 }
73d8dd2169c4 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19096
diff changeset
816
19271
c28e1afe691b In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19211
diff changeset
817 /* Since the libpurple CertificatePools get registered before plugins are
c28e1afe691b In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19211
diff changeset
818 loaded, an X.509 Scheme is generally not available when x509_ca_init is
c28e1afe691b In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19211
diff changeset
819 called, but x509_ca requires X.509 operations in order to properly load.
c28e1afe691b In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19211
diff changeset
820
c28e1afe691b In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19211
diff changeset
821 To solve this, I present the lazy_init function. It attempts to finish
c28e1afe691b In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19211
diff changeset
822 initialization of the Pool, but it usually fails when it is called from
c28e1afe691b In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19211
diff changeset
823 x509_ca_init. However, this is OK; initialization is then simply deferred
c28e1afe691b In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19211
diff changeset
824 until someone tries to use functions from the pool. */
19094
dd9f69ebaae8 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19093
diff changeset
825 static gboolean
dd9f69ebaae8 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19093
diff changeset
826 x509_ca_lazy_init(void)
dd9f69ebaae8 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19093
diff changeset
827 {
19095
cd70e75f9a83 - x509_ca_lazy_init is more implemented
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19094
diff changeset
828 PurpleCertificateScheme *x509;
19201
73d8dd2169c4 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19096
diff changeset
829 GDir *certdir;
73d8dd2169c4 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19096
diff changeset
830 const gchar *entry;
29647
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents: 29062
diff changeset
831 GPatternSpec *pempat, *crtpat;
21647
a57adf1de9cb Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents: 21561
diff changeset
832 GList *iter = NULL;
29647
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents: 29062
diff changeset
833 GSList *crts = NULL;
25924
584063555949 Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents: 25894
diff changeset
834
19094
dd9f69ebaae8 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19093
diff changeset
835 if (x509_ca_initialized) return TRUE;
dd9f69ebaae8 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19093
diff changeset
836
19095
cd70e75f9a83 - x509_ca_lazy_init is more implemented
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19094
diff changeset
837 /* Check that X.509 is registered */
cd70e75f9a83 - x509_ca_lazy_init is more implemented
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19094
diff changeset
838 x509 = purple_certificate_find_scheme(x509_ca.scheme_name);
cd70e75f9a83 - x509_ca_lazy_init is more implemented
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19094
diff changeset
839 if ( !x509 ) {
27231
627d23bfdb05 Increase the logging level of some debugging messages that seemed to be a
mauro.brasil@tqi.com.br
parents: 25941
diff changeset
840 purple_debug_warning("certificate/x509/ca",
19095
cd70e75f9a83 - x509_ca_lazy_init is more implemented
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19094
diff changeset
841 "Lazy init failed because an X.509 Scheme "
cd70e75f9a83 - x509_ca_lazy_init is more implemented
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19094
diff changeset
842 "is not yet registered. Maybe it will be "
cd70e75f9a83 - x509_ca_lazy_init is more implemented
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19094
diff changeset
843 "better later.\n");
cd70e75f9a83 - x509_ca_lazy_init is more implemented
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19094
diff changeset
844 return FALSE;
cd70e75f9a83 - x509_ca_lazy_init is more implemented
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19094
diff changeset
845 }
cd70e75f9a83 - x509_ca_lazy_init is more implemented
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19094
diff changeset
846
19201
73d8dd2169c4 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19096
diff changeset
847 /* Use a glob to only read .pem files */
73d8dd2169c4 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19096
diff changeset
848 pempat = g_pattern_spec_new("*.pem");
29647
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents: 29062
diff changeset
849 crtpat = g_pattern_spec_new("*.crt");
19201
73d8dd2169c4 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19096
diff changeset
850
21647
a57adf1de9cb Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents: 21561
diff changeset
851 /* Populate the certificates pool from the search path(s) */
a57adf1de9cb Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents: 21561
diff changeset
852 for (iter = x509_ca_paths; iter; iter = iter->next) {
a57adf1de9cb Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents: 21561
diff changeset
853 certdir = g_dir_open(iter->data, 0, NULL);
a57adf1de9cb Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents: 21561
diff changeset
854 if (!certdir) {
22486
3225c99785b8 Fix a bunch of compiler warnings caused by my addition of G_GNUC_PRINTF()
Mark Doliner <mark@kingant.net>
parents: 22143
diff changeset
855 purple_debug_error("certificate/x509/ca", "Couldn't open location '%s'\n", (const char *)iter->data);
19201
73d8dd2169c4 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19096
diff changeset
856 continue;
73d8dd2169c4 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19096
diff changeset
857 }
19095
cd70e75f9a83 - x509_ca_lazy_init is more implemented
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19094
diff changeset
858
21647
a57adf1de9cb Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents: 21561
diff changeset
859 while ( (entry = g_dir_read_name(certdir)) ) {
a57adf1de9cb Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents: 21561
diff changeset
860 gchar *fullpath;
a57adf1de9cb Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents: 21561
diff changeset
861 PurpleCertificate *crt;
a57adf1de9cb Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents: 21561
diff changeset
862
29647
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents: 29062
diff changeset
863 if (!g_pattern_match_string(pempat, entry) && !g_pattern_match_string(crtpat, entry)) {
21647
a57adf1de9cb Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents: 21561
diff changeset
864 continue;
a57adf1de9cb Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents: 21561
diff changeset
865 }
a57adf1de9cb Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents: 21561
diff changeset
866
a57adf1de9cb Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents: 21561
diff changeset
867 fullpath = g_build_filename(iter->data, entry, NULL);
a57adf1de9cb Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents: 21561
diff changeset
868
a57adf1de9cb Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents: 21561
diff changeset
869 /* TODO: Respond to a failure in the following? */
29647
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents: 29062
diff changeset
870 crts = purple_certificates_import(x509, fullpath);
19201
73d8dd2169c4 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19096
diff changeset
871
29647
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents: 29062
diff changeset
872 while (crts && crts->data) {
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents: 29062
diff changeset
873 crt = crts->data;
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents: 29062
diff changeset
874 if (x509_ca_quiet_put_cert(crt)) {
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents: 29062
diff changeset
875 gchar *name;
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents: 29062
diff changeset
876 name = purple_certificate_get_subject_name(crt);
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents: 29062
diff changeset
877 purple_debug_info("certificate/x509/ca",
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents: 29062
diff changeset
878 "Loaded %s from %s\n",
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents: 29062
diff changeset
879 name ? name : "(unknown)", fullpath);
29699
8474495b9dfc A couple more leak fixes.
Sadrul Habib Chowdhury <imadil@gmail.com>
parents: 29647
diff changeset
880 g_free(name);
29647
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents: 29062
diff changeset
881 } else {
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents: 29062
diff changeset
882 purple_debug_error("certificate/x509/ca",
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents: 29062
diff changeset
883 "Failed to load certificate from %s\n",
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents: 29062
diff changeset
884 fullpath);
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents: 29062
diff changeset
885 }
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents: 29062
diff changeset
886 purple_certificate_destroy(crt);
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents: 29062
diff changeset
887 crts = g_slist_delete_link(crts, crts);
21647
a57adf1de9cb Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents: 21561
diff changeset
888 }
a57adf1de9cb Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents: 21561
diff changeset
889
a57adf1de9cb Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents: 21561
diff changeset
890 g_free(fullpath);
19201
73d8dd2169c4 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19096
diff changeset
891 }
21647
a57adf1de9cb Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents: 21561
diff changeset
892 g_dir_close(certdir);
19201
73d8dd2169c4 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19096
diff changeset
893 }
73d8dd2169c4 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19096
diff changeset
894
73d8dd2169c4 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19096
diff changeset
895 g_pattern_spec_free(pempat);
29647
c35fd54ec64b Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents: 29062
diff changeset
896 g_pattern_spec_free(crtpat);
21647
a57adf1de9cb Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents: 21561
diff changeset
897
19095
cd70e75f9a83 - x509_ca_lazy_init is more implemented
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19094
diff changeset
898 purple_debug_info("certificate/x509/ca",
cd70e75f9a83 - x509_ca_lazy_init is more implemented
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19094
diff changeset
899 "Lazy init completed.\n");
19094
dd9f69ebaae8 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19093
diff changeset
900 x509_ca_initialized = TRUE;
dd9f69ebaae8 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19093
diff changeset
901 return TRUE;
dd9f69ebaae8 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19093
diff changeset
902 }
dd9f69ebaae8 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19093
diff changeset
903
19093
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
904 static gboolean
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
905 x509_ca_init(void)
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
906 {
21647
a57adf1de9cb Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents: 21561
diff changeset
907 /* Attempt to point at the appropriate system path */
a57adf1de9cb Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents: 21561
diff changeset
908 if (NULL == x509_ca_paths) {
a57adf1de9cb Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents: 21561
diff changeset
909 #ifdef _WIN32
a57adf1de9cb Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents: 21561
diff changeset
910 x509_ca_paths = g_list_append(NULL, g_build_filename(DATADIR,
a57adf1de9cb Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents: 21561
diff changeset
911 "ca-certs", NULL));
a57adf1de9cb Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents: 21561
diff changeset
912 #else
23330
390384053186 Add a configure option, --with-ssl-certificates to allow packagers to
Richard Laager <rlaager@wiktel.com>
parents: 23036
diff changeset
913 # ifdef SSL_CERTIFICATES_DIR
23685
e72e03fb5ef1 Fix a crash on exit when using --with-system-ssl-certs
Mark Doliner <mark@kingant.net>
parents: 23330
diff changeset
914 x509_ca_paths = g_list_append(NULL, g_strdup(SSL_CERTIFICATES_DIR));
23330
390384053186 Add a configure option, --with-ssl-certificates to allow packagers to
Richard Laager <rlaager@wiktel.com>
parents: 23036
diff changeset
915 # endif
24732
d9e3434d6416 uncondtionally install some certificates and use them, References #6680.
Ka-Hing Cheung <khc@hxbc.us>
parents: 24270
diff changeset
916 x509_ca_paths = g_list_append(x509_ca_paths,
d9e3434d6416 uncondtionally install some certificates and use them, References #6680.
Ka-Hing Cheung <khc@hxbc.us>
parents: 24270
diff changeset
917 g_build_filename(DATADIR, "purple", "ca-certs", NULL));
21647
a57adf1de9cb Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents: 21561
diff changeset
918 #endif
a57adf1de9cb Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents: 21561
diff changeset
919 }
a57adf1de9cb Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents: 21561
diff changeset
920
19094
dd9f69ebaae8 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19093
diff changeset
921 /* Attempt to initialize now, but if it doesn't work, that's OK;
dd9f69ebaae8 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19093
diff changeset
922 it will get done later */
dd9f69ebaae8 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19093
diff changeset
923 if ( ! x509_ca_lazy_init()) {
dd9f69ebaae8 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19093
diff changeset
924 purple_debug_info("certificate/x509/ca",
19095
cd70e75f9a83 - x509_ca_lazy_init is more implemented
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19094
diff changeset
925 "Init failed, probably because a "
19094
dd9f69ebaae8 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19093
diff changeset
926 "dependency is not yet registered. "
dd9f69ebaae8 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19093
diff changeset
927 "It has been deferred to later.\n");
dd9f69ebaae8 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19093
diff changeset
928 }
21647
a57adf1de9cb Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents: 21561
diff changeset
929
19093
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
930 return TRUE;
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
931 }
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
932
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
933 static void
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
934 x509_ca_uninit(void)
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
935 {
19202
c0949e081f43 - Write the uninit function for x509_ca
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19201
diff changeset
936 GList *l;
c0949e081f43 - Write the uninit function for x509_ca
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19201
diff changeset
937
c0949e081f43 - Write the uninit function for x509_ca
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19201
diff changeset
938 for (l = x509_ca_certs; l; l = l->next) {
c0949e081f43 - Write the uninit function for x509_ca
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19201
diff changeset
939 x509_ca_element *el = l->data;
19207
8926e15873ca - Add a helper function to destroy x509_ca_elements, and use it where
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19206
diff changeset
940 x509_ca_element_free(el);
19202
c0949e081f43 - Write the uninit function for x509_ca
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19201
diff changeset
941 }
c0949e081f43 - Write the uninit function for x509_ca
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19201
diff changeset
942 g_list_free(x509_ca_certs);
c0949e081f43 - Write the uninit function for x509_ca
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19201
diff changeset
943 x509_ca_certs = NULL;
c0949e081f43 - Write the uninit function for x509_ca
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19201
diff changeset
944 x509_ca_initialized = FALSE;
21647
a57adf1de9cb Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents: 21561
diff changeset
945 g_list_foreach(x509_ca_paths, (GFunc)g_free, NULL);
a57adf1de9cb Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents: 21561
diff changeset
946 g_list_free(x509_ca_paths);
a57adf1de9cb Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents: 21561
diff changeset
947 x509_ca_paths = NULL;
19093
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
948 }
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
949
19203
6034b8db9dc1 - Add a function to search the x509_ca internal structures for an id
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19202
diff changeset
950 /** Look up a ca_element by dn */
6034b8db9dc1 - Add a function to search the x509_ca internal structures for an id
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19202
diff changeset
951 static x509_ca_element *
19205
fff2bc09ec1a Cosmetics
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19204
diff changeset
952 x509_ca_locate_cert(GList *lst, const gchar *dn)
19203
6034b8db9dc1 - Add a function to search the x509_ca internal structures for an id
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19202
diff changeset
953 {
6034b8db9dc1 - Add a function to search the x509_ca internal structures for an id
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19202
diff changeset
954 GList *cur;
6034b8db9dc1 - Add a function to search the x509_ca internal structures for an id
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19202
diff changeset
955
6034b8db9dc1 - Add a function to search the x509_ca internal structures for an id
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19202
diff changeset
956 for (cur = lst; cur; cur = cur->next) {
6034b8db9dc1 - Add a function to search the x509_ca internal structures for an id
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19202
diff changeset
957 x509_ca_element *el = cur->data;
25894
a6e3cb32cdd2 Patch from Paul Aurich to add purple_strequal to help readability and simplicity of code. Ie, don't need to negate the value of strcmp, since this does a strcmp and does the negation for us
Paul Aurich <paul@darkrain42.org>
parents: 24840
diff changeset
958 if (purple_strequal(dn, el->dn)) {
19203
6034b8db9dc1 - Add a function to search the x509_ca internal structures for an id
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19202
diff changeset
959 return el;
6034b8db9dc1 - Add a function to search the x509_ca internal structures for an id
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19202
diff changeset
960 }
6034b8db9dc1 - Add a function to search the x509_ca internal structures for an id
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19202
diff changeset
961 }
6034b8db9dc1 - Add a function to search the x509_ca internal structures for an id
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19202
diff changeset
962 return NULL;
6034b8db9dc1 - Add a function to search the x509_ca internal structures for an id
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19202
diff changeset
963 }
6034b8db9dc1 - Add a function to search the x509_ca internal structures for an id
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19202
diff changeset
964
30960
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
965 static GSList *
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
966 x509_ca_locate_certs(GList *lst, const gchar *dn)
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
967 {
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
968 GList *cur;
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
969 GSList *crts = NULL;
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
970
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
971 for (cur = lst; cur; cur = cur->next) {
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
972 x509_ca_element *el = cur->data;
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
973 if (purple_strequal(dn, el->dn)) {
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
974 crts = g_slist_prepend(crts, el);
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
975 }
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
976 }
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
977 return crts;
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
978 }
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
979
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
980
19093
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
981 static gboolean
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
982 x509_ca_cert_in_pool(const gchar *id)
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
983 {
19094
dd9f69ebaae8 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19093
diff changeset
984 g_return_val_if_fail(x509_ca_lazy_init(), FALSE);
19093
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
985 g_return_val_if_fail(id, FALSE);
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
986
19205
fff2bc09ec1a Cosmetics
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19204
diff changeset
987 if (x509_ca_locate_cert(x509_ca_certs, id) != NULL) {
19204
2847b6c84d6c - Implement x509_ca cert_in_pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19203
diff changeset
988 return TRUE;
2847b6c84d6c - Implement x509_ca cert_in_pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19203
diff changeset
989 } else {
2847b6c84d6c - Implement x509_ca cert_in_pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19203
diff changeset
990 return FALSE;
2847b6c84d6c - Implement x509_ca cert_in_pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19203
diff changeset
991 }
2847b6c84d6c - Implement x509_ca cert_in_pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19203
diff changeset
992
2847b6c84d6c - Implement x509_ca cert_in_pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19203
diff changeset
993 return FALSE;
19093
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
994 }
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
995
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
996 static PurpleCertificate *
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
997 x509_ca_get_cert(const gchar *id)
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
998 {
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
999 PurpleCertificate *crt = NULL;
19206
919395a01483 - Implement x509_ca_get_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19205
diff changeset
1000 x509_ca_element *el;
19094
dd9f69ebaae8 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19093
diff changeset
1001
dd9f69ebaae8 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19093
diff changeset
1002 g_return_val_if_fail(x509_ca_lazy_init(), NULL);
19093
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
1003 g_return_val_if_fail(id, NULL);
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
1004
19206
919395a01483 - Implement x509_ca_get_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19205
diff changeset
1005 /* Search the memory-cached pool */
919395a01483 - Implement x509_ca_get_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19205
diff changeset
1006 el = x509_ca_locate_cert(x509_ca_certs, id);
919395a01483 - Implement x509_ca_get_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19205
diff changeset
1007
919395a01483 - Implement x509_ca_get_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19205
diff changeset
1008 if (el != NULL) {
919395a01483 - Implement x509_ca_get_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19205
diff changeset
1009 /* Make a copy of the memcached one for the function caller
919395a01483 - Implement x509_ca_get_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19205
diff changeset
1010 to play with */
919395a01483 - Implement x509_ca_get_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19205
diff changeset
1011 crt = purple_certificate_copy(el->crt);
919395a01483 - Implement x509_ca_get_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19205
diff changeset
1012 } else {
919395a01483 - Implement x509_ca_get_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19205
diff changeset
1013 crt = NULL;
19093
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
1014 }
25924
584063555949 Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents: 25894
diff changeset
1015
19093
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
1016 return crt;
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
1017 }
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
1018
30960
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
1019 static GSList *
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
1020 x509_ca_get_certs(const gchar *id)
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
1021 {
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
1022 GSList *crts = NULL, *els = NULL;
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
1023
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
1024 g_return_val_if_fail(x509_ca_lazy_init(), NULL);
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
1025 g_return_val_if_fail(id, NULL);
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
1026
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
1027 /* Search the memory-cached pool */
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
1028 els = x509_ca_locate_certs(x509_ca_certs, id);
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
1029
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
1030 if (els != NULL) {
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
1031 GSList *cur;
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
1032 /* Make a copy of the memcached ones for the function caller
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
1033 to play with */
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
1034 for (cur = els; cur; cur = cur->next) {
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
1035 x509_ca_element *el = cur->data;
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
1036 crts = g_slist_prepend(crts, purple_certificate_copy(el->crt));
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
1037 }
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
1038 g_slist_free(els);
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
1039 }
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
1040
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
1041 return crts;
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
1042 }
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
1043
19093
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
1044 static gboolean
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
1045 x509_ca_put_cert(const gchar *id, PurpleCertificate *crt)
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
1046 {
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
1047 gboolean ret = FALSE;
25924
584063555949 Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents: 25894
diff changeset
1048
19094
dd9f69ebaae8 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19093
diff changeset
1049 g_return_val_if_fail(x509_ca_lazy_init(), FALSE);
19093
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
1050
19096
81163e153778 - Add a hacked-up method of adding certs to the CA pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19095
diff changeset
1051 /* TODO: This is a quick way of doing this. At some point the change
81163e153778 - Add a hacked-up method of adding certs to the CA pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19095
diff changeset
1052 ought to be flushed to disk somehow. */
19201
73d8dd2169c4 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19096
diff changeset
1053 ret = x509_ca_quiet_put_cert(crt);
19096
81163e153778 - Add a hacked-up method of adding certs to the CA pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19095
diff changeset
1054
19093
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
1055 return ret;
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
1056 }
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
1057
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
1058 static gboolean
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
1059 x509_ca_delete_cert(const gchar *id)
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
1060 {
19208
7b81934f4c85 - Implement x509_ca_delete_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19207
diff changeset
1061 x509_ca_element *el;
25924
584063555949 Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents: 25894
diff changeset
1062
19094
dd9f69ebaae8 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19093
diff changeset
1063 g_return_val_if_fail(x509_ca_lazy_init(), FALSE);
19093
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
1064 g_return_val_if_fail(id, FALSE);
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
1065
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
1066 /* Is the id even in the pool? */
19208
7b81934f4c85 - Implement x509_ca_delete_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19207
diff changeset
1067 el = x509_ca_locate_cert(x509_ca_certs, id);
7b81934f4c85 - Implement x509_ca_delete_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19207
diff changeset
1068 if ( el == NULL ) {
19094
dd9f69ebaae8 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19093
diff changeset
1069 purple_debug_warning("certificate/x509/ca",
19093
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
1070 "Id %s wasn't in the pool\n",
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
1071 id);
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
1072 return FALSE;
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
1073 }
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
1074
19208
7b81934f4c85 - Implement x509_ca_delete_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19207
diff changeset
1075 /* Unlink it from the memory cache and destroy it */
7b81934f4c85 - Implement x509_ca_delete_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19207
diff changeset
1076 x509_ca_certs = g_list_remove(x509_ca_certs, el);
7b81934f4c85 - Implement x509_ca_delete_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19207
diff changeset
1077 x509_ca_element_free(el);
25924
584063555949 Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents: 25894
diff changeset
1078
19208
7b81934f4c85 - Implement x509_ca_delete_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19207
diff changeset
1079 return TRUE;
19093
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
1080 }
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
1081
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
1082 static GList *
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
1083 x509_ca_get_idlist(void)
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
1084 {
19209
a6ab0ea47d0f - Implement x509_ca_get_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19208
diff changeset
1085 GList *l, *idlist;
25924
584063555949 Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents: 25894
diff changeset
1086
19094
dd9f69ebaae8 In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19093
diff changeset
1087 g_return_val_if_fail(x509_ca_lazy_init(), NULL);
19209
a6ab0ea47d0f - Implement x509_ca_get_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19208
diff changeset
1088
a6ab0ea47d0f - Implement x509_ca_get_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19208
diff changeset
1089 idlist = NULL;
a6ab0ea47d0f - Implement x509_ca_get_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19208
diff changeset
1090 for (l = x509_ca_certs; l; l = l->next) {
a6ab0ea47d0f - Implement x509_ca_get_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19208
diff changeset
1091 x509_ca_element *el = l->data;
a6ab0ea47d0f - Implement x509_ca_get_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19208
diff changeset
1092 idlist = g_list_prepend(idlist, g_strdup(el->dn));
a6ab0ea47d0f - Implement x509_ca_get_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19208
diff changeset
1093 }
25924
584063555949 Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents: 25894
diff changeset
1094
19209
a6ab0ea47d0f - Implement x509_ca_get_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19208
diff changeset
1095 return idlist;
19093
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
1096 }
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
1097
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
1098
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
1099 static PurpleCertificatePool x509_ca = {
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
1100 "x509", /* Scheme name */
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
1101 "ca", /* Pool name */
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
1102 N_("Certificate Authorities"),/* User-friendly name */
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
1103 NULL, /* Internal data */
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
1104 x509_ca_init, /* init */
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
1105 x509_ca_uninit, /* uninit */
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
1106 x509_ca_cert_in_pool, /* Certificate exists? */
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
1107 x509_ca_get_cert, /* Cert retriever */
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
1108 x509_ca_put_cert, /* Cert writer */
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
1109 x509_ca_delete_cert, /* Cert remover */
19649
450f4a3c4c0f - Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19564
diff changeset
1110 x509_ca_get_idlist, /* idlist retriever */
450f4a3c4c0f - Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19564
diff changeset
1111
450f4a3c4c0f - Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19564
diff changeset
1112 NULL,
450f4a3c4c0f - Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19564
diff changeset
1113 NULL,
450f4a3c4c0f - Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19564
diff changeset
1114 NULL,
450f4a3c4c0f - Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19564
diff changeset
1115 NULL
450f4a3c4c0f - Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19564
diff changeset
1116
19093
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
1117 };
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
1118
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
1119
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
1120
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
1121 /***** Cache of certificates given by TLS/SSL peers *****/
18975
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18973
diff changeset
1122 static PurpleCertificatePool x509_tls_peers;
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18973
diff changeset
1123
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18973
diff changeset
1124 static gboolean
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18973
diff changeset
1125 x509_tls_peers_init(void)
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18973
diff changeset
1126 {
18985
806c610ac5a0 - Add init for x509_tls_peers pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18984
diff changeset
1127 gchar *poolpath;
806c610ac5a0 - Add init for x509_tls_peers pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18984
diff changeset
1128 int ret;
25924
584063555949 Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents: 25894
diff changeset
1129
18985
806c610ac5a0 - Add init for x509_tls_peers pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18984
diff changeset
1130 /* Set up key cache here if it isn't already done */
806c610ac5a0 - Add init for x509_tls_peers pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18984
diff changeset
1131 poolpath = purple_certificate_pool_mkpath(&x509_tls_peers, NULL);
806c610ac5a0 - Add init for x509_tls_peers pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18984
diff changeset
1132 ret = purple_build_dir(poolpath, 0700); /* Make it this user only */
18975
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18973
diff changeset
1133
27536
18a96fe78870 Don't fail an assertion and don't return FALSE if we can't create
Mark Doliner <mark@kingant.net>
parents: 27231
diff changeset
1134 if (ret != 0)
18a96fe78870 Don't fail an assertion and don't return FALSE if we can't create
Mark Doliner <mark@kingant.net>
parents: 27231
diff changeset
1135 purple_debug_info("certificate/tls_peers",
18a96fe78870 Don't fail an assertion and don't return FALSE if we can't create
Mark Doliner <mark@kingant.net>
parents: 27231
diff changeset
1136 "Could not create %s. Certificates will not be cached.\n",
18a96fe78870 Don't fail an assertion and don't return FALSE if we can't create
Mark Doliner <mark@kingant.net>
parents: 27231
diff changeset
1137 poolpath);
18a96fe78870 Don't fail an assertion and don't return FALSE if we can't create
Mark Doliner <mark@kingant.net>
parents: 27231
diff changeset
1138
18985
806c610ac5a0 - Add init for x509_tls_peers pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18984
diff changeset
1139 g_free(poolpath);
806c610ac5a0 - Add init for x509_tls_peers pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18984
diff changeset
1140
18975
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18973
diff changeset
1141 return TRUE;
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18973
diff changeset
1142 }
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18973
diff changeset
1143
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18973
diff changeset
1144 static gboolean
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18973
diff changeset
1145 x509_tls_peers_cert_in_pool(const gchar *id)
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18973
diff changeset
1146 {
18987
a763dd083b79 - Finished tls_peers cert_in_pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18986
diff changeset
1147 gchar *keypath;
a763dd083b79 - Finished tls_peers cert_in_pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18986
diff changeset
1148 gboolean ret = FALSE;
25924
584063555949 Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents: 25894
diff changeset
1149
18975
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18973
diff changeset
1150 g_return_val_if_fail(id, FALSE);
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18973
diff changeset
1151
18987
a763dd083b79 - Finished tls_peers cert_in_pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18986
diff changeset
1152 keypath = purple_certificate_pool_mkpath(&x509_tls_peers, id);
a763dd083b79 - Finished tls_peers cert_in_pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18986
diff changeset
1153
a763dd083b79 - Finished tls_peers cert_in_pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18986
diff changeset
1154 ret = g_file_test(keypath, G_FILE_TEST_IS_REGULAR);
25924
584063555949 Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents: 25894
diff changeset
1155
18987
a763dd083b79 - Finished tls_peers cert_in_pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18986
diff changeset
1156 g_free(keypath);
a763dd083b79 - Finished tls_peers cert_in_pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18986
diff changeset
1157 return ret;
18975
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18973
diff changeset
1158 }
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18973
diff changeset
1159
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18973
diff changeset
1160 static PurpleCertificate *
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18973
diff changeset
1161 x509_tls_peers_get_cert(const gchar *id)
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18973
diff changeset
1162 {
18987
a763dd083b79 - Finished tls_peers cert_in_pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18986
diff changeset
1163 PurpleCertificateScheme *x509;
a763dd083b79 - Finished tls_peers cert_in_pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18986
diff changeset
1164 PurpleCertificate *crt;
a763dd083b79 - Finished tls_peers cert_in_pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18986
diff changeset
1165 gchar *keypath;
25924
584063555949 Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents: 25894
diff changeset
1166
18975
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18973
diff changeset
1167 g_return_val_if_fail(id, NULL);
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18973
diff changeset
1168
18987
a763dd083b79 - Finished tls_peers cert_in_pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18986
diff changeset
1169 /* Is it in the pool? */
a763dd083b79 - Finished tls_peers cert_in_pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18986
diff changeset
1170 if ( !x509_tls_peers_cert_in_pool(id) ) {
a763dd083b79 - Finished tls_peers cert_in_pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18986
diff changeset
1171 return NULL;
a763dd083b79 - Finished tls_peers cert_in_pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18986
diff changeset
1172 }
25924
584063555949 Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents: 25894
diff changeset
1173
18987
a763dd083b79 - Finished tls_peers cert_in_pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18986
diff changeset
1174 /* Look up the X.509 scheme */
a763dd083b79 - Finished tls_peers cert_in_pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18986
diff changeset
1175 x509 = purple_certificate_find_scheme("x509");
a763dd083b79 - Finished tls_peers cert_in_pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18986
diff changeset
1176 g_return_val_if_fail(x509, NULL);
a763dd083b79 - Finished tls_peers cert_in_pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18986
diff changeset
1177
a763dd083b79 - Finished tls_peers cert_in_pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18986
diff changeset
1178 /* Okay, now find and load that key */
a763dd083b79 - Finished tls_peers cert_in_pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18986
diff changeset
1179 keypath = purple_certificate_pool_mkpath(&x509_tls_peers, id);
18990
3f2944bdb404 - Finish tls_peers get_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18989
diff changeset
1180 crt = purple_certificate_import(x509, keypath);
18987
a763dd083b79 - Finished tls_peers cert_in_pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18986
diff changeset
1181
18990
3f2944bdb404 - Finish tls_peers get_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18989
diff changeset
1182 g_free(keypath);
18987
a763dd083b79 - Finished tls_peers cert_in_pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18986
diff changeset
1183
18990
3f2944bdb404 - Finish tls_peers get_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18989
diff changeset
1184 return crt;
18975
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18973
diff changeset
1185 }
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18973
diff changeset
1186
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18973
diff changeset
1187 static gboolean
18982
8948cd6bb8bc - CertificatePool put_cert now accepts an id argument
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18977
diff changeset
1188 x509_tls_peers_put_cert(const gchar *id, PurpleCertificate *crt)
18975
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18973
diff changeset
1189 {
18991
7a144f2229c6 - Add tls_peers put_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18990
diff changeset
1190 gboolean ret = FALSE;
7a144f2229c6 - Add tls_peers put_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18990
diff changeset
1191 gchar *keypath;
18975
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18973
diff changeset
1192
18991
7a144f2229c6 - Add tls_peers put_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18990
diff changeset
1193 g_return_val_if_fail(crt, FALSE);
7a144f2229c6 - Add tls_peers put_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18990
diff changeset
1194 g_return_val_if_fail(crt->scheme, FALSE);
7a144f2229c6 - Add tls_peers put_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18990
diff changeset
1195 /* Make sure that this is some kind of X.509 certificate */
18992
605e69fa7108 - Comment change
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18991
diff changeset
1196 /* TODO: Perhaps just check crt->scheme->name instead? */
18991
7a144f2229c6 - Add tls_peers put_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18990
diff changeset
1197 g_return_val_if_fail(crt->scheme == purple_certificate_find_scheme(x509_tls_peers.scheme_name), FALSE);
7a144f2229c6 - Add tls_peers put_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18990
diff changeset
1198
7a144f2229c6 - Add tls_peers put_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18990
diff changeset
1199 /* Work out the filename and export */
7a144f2229c6 - Add tls_peers put_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18990
diff changeset
1200 keypath = purple_certificate_pool_mkpath(&x509_tls_peers, id);
7a144f2229c6 - Add tls_peers put_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18990
diff changeset
1201 ret = purple_certificate_export(keypath, crt);
25924
584063555949 Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents: 25894
diff changeset
1202
18991
7a144f2229c6 - Add tls_peers put_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18990
diff changeset
1203 g_free(keypath);
7a144f2229c6 - Add tls_peers put_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18990
diff changeset
1204 return ret;
18975
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18973
diff changeset
1205 }
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18973
diff changeset
1206
19047
3af5d9ed9ad3 - Write remove_cert function for tls_peers Pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19046
diff changeset
1207 static gboolean
19048
fd0b4b2f6cf0 - remove_cert => delete_cert, because naming conventions are our
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19047
diff changeset
1208 x509_tls_peers_delete_cert(const gchar *id)
19047
3af5d9ed9ad3 - Write remove_cert function for tls_peers Pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19046
diff changeset
1209 {
3af5d9ed9ad3 - Write remove_cert function for tls_peers Pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19046
diff changeset
1210 gboolean ret = FALSE;
3af5d9ed9ad3 - Write remove_cert function for tls_peers Pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19046
diff changeset
1211 gchar *keypath;
3af5d9ed9ad3 - Write remove_cert function for tls_peers Pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19046
diff changeset
1212
3af5d9ed9ad3 - Write remove_cert function for tls_peers Pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19046
diff changeset
1213 g_return_val_if_fail(id, FALSE);
3af5d9ed9ad3 - Write remove_cert function for tls_peers Pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19046
diff changeset
1214
3af5d9ed9ad3 - Write remove_cert function for tls_peers Pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19046
diff changeset
1215 /* Is the id even in the pool? */
3af5d9ed9ad3 - Write remove_cert function for tls_peers Pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19046
diff changeset
1216 if (!x509_tls_peers_cert_in_pool(id)) {
3af5d9ed9ad3 - Write remove_cert function for tls_peers Pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19046
diff changeset
1217 purple_debug_warning("certificate/tls_peers",
3af5d9ed9ad3 - Write remove_cert function for tls_peers Pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19046
diff changeset
1218 "Id %s wasn't in the pool\n",
3af5d9ed9ad3 - Write remove_cert function for tls_peers Pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19046
diff changeset
1219 id);
3af5d9ed9ad3 - Write remove_cert function for tls_peers Pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19046
diff changeset
1220 return FALSE;
3af5d9ed9ad3 - Write remove_cert function for tls_peers Pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19046
diff changeset
1221 }
3af5d9ed9ad3 - Write remove_cert function for tls_peers Pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19046
diff changeset
1222
3af5d9ed9ad3 - Write remove_cert function for tls_peers Pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19046
diff changeset
1223 /* OK, so work out the keypath and delete the thing */
25924
584063555949 Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents: 25894
diff changeset
1224 keypath = purple_certificate_pool_mkpath(&x509_tls_peers, id);
19047
3af5d9ed9ad3 - Write remove_cert function for tls_peers Pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19046
diff changeset
1225 if ( unlink(keypath) != 0 ) {
3af5d9ed9ad3 - Write remove_cert function for tls_peers Pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19046
diff changeset
1226 purple_debug_error("certificate/tls_peers",
3af5d9ed9ad3 - Write remove_cert function for tls_peers Pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19046
diff changeset
1227 "Unlink of %s failed!\n",
3af5d9ed9ad3 - Write remove_cert function for tls_peers Pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19046
diff changeset
1228 keypath);
3af5d9ed9ad3 - Write remove_cert function for tls_peers Pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19046
diff changeset
1229 ret = FALSE;
3af5d9ed9ad3 - Write remove_cert function for tls_peers Pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19046
diff changeset
1230 } else {
3af5d9ed9ad3 - Write remove_cert function for tls_peers Pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19046
diff changeset
1231 ret = TRUE;
3af5d9ed9ad3 - Write remove_cert function for tls_peers Pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19046
diff changeset
1232 }
3af5d9ed9ad3 - Write remove_cert function for tls_peers Pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19046
diff changeset
1233
3af5d9ed9ad3 - Write remove_cert function for tls_peers Pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19046
diff changeset
1234 g_free(keypath);
3af5d9ed9ad3 - Write remove_cert function for tls_peers Pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19046
diff changeset
1235 return ret;
3af5d9ed9ad3 - Write remove_cert function for tls_peers Pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19046
diff changeset
1236 }
3af5d9ed9ad3 - Write remove_cert function for tls_peers Pool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19046
diff changeset
1237
19027
15d9031e03b2 - Add get_idlist support to tls_peers CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19026
diff changeset
1238 static GList *
15d9031e03b2 - Add get_idlist support to tls_peers CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19026
diff changeset
1239 x509_tls_peers_get_idlist(void)
15d9031e03b2 - Add get_idlist support to tls_peers CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19026
diff changeset
1240 {
15d9031e03b2 - Add get_idlist support to tls_peers CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19026
diff changeset
1241 GList *idlist = NULL;
15d9031e03b2 - Add get_idlist support to tls_peers CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19026
diff changeset
1242 GDir *dir;
15d9031e03b2 - Add get_idlist support to tls_peers CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19026
diff changeset
1243 const gchar *entry;
15d9031e03b2 - Add get_idlist support to tls_peers CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19026
diff changeset
1244 gchar *poolpath;
15d9031e03b2 - Add get_idlist support to tls_peers CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19026
diff changeset
1245
15d9031e03b2 - Add get_idlist support to tls_peers CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19026
diff changeset
1246 /* Get a handle on the pool directory */
15d9031e03b2 - Add get_idlist support to tls_peers CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19026
diff changeset
1247 poolpath = purple_certificate_pool_mkpath(&x509_tls_peers, NULL);
15d9031e03b2 - Add get_idlist support to tls_peers CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19026
diff changeset
1248 dir = g_dir_open(poolpath,
15d9031e03b2 - Add get_idlist support to tls_peers CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19026
diff changeset
1249 0, /* No flags */
15d9031e03b2 - Add get_idlist support to tls_peers CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19026
diff changeset
1250 NULL); /* Not interested in what the error is */
15d9031e03b2 - Add get_idlist support to tls_peers CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19026
diff changeset
1251 g_free(poolpath);
15d9031e03b2 - Add get_idlist support to tls_peers CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19026
diff changeset
1252
15d9031e03b2 - Add get_idlist support to tls_peers CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19026
diff changeset
1253 g_return_val_if_fail(dir, NULL);
15d9031e03b2 - Add get_idlist support to tls_peers CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19026
diff changeset
1254
15d9031e03b2 - Add get_idlist support to tls_peers CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19026
diff changeset
1255 /* Traverse the directory listing and create an idlist */
15d9031e03b2 - Add get_idlist support to tls_peers CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19026
diff changeset
1256 while ( (entry = g_dir_read_name(dir)) != NULL ) {
19078
3987f76c0e4b - tls_peers pool unescapes filenames in its directory, as it should
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19077
diff changeset
1257 /* Unescape the filename */
3987f76c0e4b - tls_peers pool unescapes filenames in its directory, as it should
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19077
diff changeset
1258 const char *unescaped = purple_unescape_filename(entry);
25924
584063555949 Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents: 25894
diff changeset
1259
19027
15d9031e03b2 - Add get_idlist support to tls_peers CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19026
diff changeset
1260 /* Copy the entry name into our list (GLib owns the original
15d9031e03b2 - Add get_idlist support to tls_peers CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19026
diff changeset
1261 string) */
19078
3987f76c0e4b - tls_peers pool unescapes filenames in its directory, as it should
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19077
diff changeset
1262 idlist = g_list_prepend(idlist, g_strdup(unescaped));
19027
15d9031e03b2 - Add get_idlist support to tls_peers CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19026
diff changeset
1263 }
15d9031e03b2 - Add get_idlist support to tls_peers CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19026
diff changeset
1264
15d9031e03b2 - Add get_idlist support to tls_peers CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19026
diff changeset
1265 /* Release the directory */
15d9031e03b2 - Add get_idlist support to tls_peers CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19026
diff changeset
1266 g_dir_close(dir);
25924
584063555949 Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents: 25894
diff changeset
1267
19027
15d9031e03b2 - Add get_idlist support to tls_peers CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19026
diff changeset
1268 return idlist;
15d9031e03b2 - Add get_idlist support to tls_peers CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19026
diff changeset
1269 }
15d9031e03b2 - Add get_idlist support to tls_peers CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19026
diff changeset
1270
18975
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18973
diff changeset
1271 static PurpleCertificatePool x509_tls_peers = {
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18973
diff changeset
1272 "x509", /* Scheme name */
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18973
diff changeset
1273 "tls_peers", /* Pool name */
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18973
diff changeset
1274 N_("SSL Peers Cache"), /* User-friendly name */
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18973
diff changeset
1275 NULL, /* Internal data */
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18973
diff changeset
1276 x509_tls_peers_init, /* init */
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18973
diff changeset
1277 NULL, /* uninit not required */
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18973
diff changeset
1278 x509_tls_peers_cert_in_pool, /* Certificate exists? */
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18973
diff changeset
1279 x509_tls_peers_get_cert, /* Cert retriever */
19026
b3acaf46d9ad - Add pool_get_idlist / pool_destroy_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19024
diff changeset
1280 x509_tls_peers_put_cert, /* Cert writer */
19049
8cbc110456ac - Add purple_certificate_pool_delete
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19048
diff changeset
1281 x509_tls_peers_delete_cert, /* Cert remover */
19649
450f4a3c4c0f - Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19564
diff changeset
1282 x509_tls_peers_get_idlist, /* idlist retriever */
450f4a3c4c0f - Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19564
diff changeset
1283
450f4a3c4c0f - Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19564
diff changeset
1284 NULL,
450f4a3c4c0f - Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19564
diff changeset
1285 NULL,
450f4a3c4c0f - Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19564
diff changeset
1286 NULL,
450f4a3c4c0f - Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19564
diff changeset
1287 NULL
18975
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18973
diff changeset
1288 };
18993
33fb4930ad2b - Add x509_tls_cached skeleton
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18992
diff changeset
1289
33fb4930ad2b - Add x509_tls_cached skeleton
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18992
diff changeset
1290
19093
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
1291 /***** A Verifier that uses the tls_peers cache and the CA pool to validate certificates *****/
18993
33fb4930ad2b - Add x509_tls_cached skeleton
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18992
diff changeset
1292 static PurpleCertificateVerifier x509_tls_cached;
33fb4930ad2b - Add x509_tls_cached skeleton
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18992
diff changeset
1293
19330
b65a23799dc2 In tls_cached:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19329
diff changeset
1294
32556
b1f9e5e9c03f Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32552
diff changeset
1295 static void
b1f9e5e9c03f Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32552
diff changeset
1296 x509_tls_cached_user_auth_accept_cb(PurpleCertificateVerificationRequest *vrq)
19330
b65a23799dc2 In tls_cached:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19329
diff changeset
1297 {
32556
b1f9e5e9c03f Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32552
diff changeset
1298 PurpleCertificatePool *tls_peers;
b1f9e5e9c03f Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32552
diff changeset
1299 gchar *cache_id;
19330
b65a23799dc2 In tls_cached:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19329
diff changeset
1300
32556
b1f9e5e9c03f Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32552
diff changeset
1301 g_return_if_fail(vrq);
b1f9e5e9c03f Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32552
diff changeset
1302
b1f9e5e9c03f Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32552
diff changeset
1303 tls_peers = purple_certificate_find_pool("x509", "tls_peers");
19330
b65a23799dc2 In tls_cached:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19329
diff changeset
1304
32556
b1f9e5e9c03f Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32552
diff changeset
1305 cache_id = vrq->subject_name;
b1f9e5e9c03f Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32552
diff changeset
1306 purple_debug_info("certificate/x509/tls_cached",
b1f9e5e9c03f Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32552
diff changeset
1307 "User ACCEPTED cert\nCaching first in chain for future use as %s...\n",
b1f9e5e9c03f Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32552
diff changeset
1308 cache_id);
19330
b65a23799dc2 In tls_cached:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19329
diff changeset
1309
32556
b1f9e5e9c03f Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32552
diff changeset
1310 purple_certificate_pool_store(tls_peers, cache_id, vrq->cert_chain->data);
b1f9e5e9c03f Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32552
diff changeset
1311
b1f9e5e9c03f Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32552
diff changeset
1312 purple_certificate_verify_complete(vrq, PURPLE_CERTIFICATE_VALID);
19330
b65a23799dc2 In tls_cached:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19329
diff changeset
1313 }
b65a23799dc2 In tls_cached:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19329
diff changeset
1314
b65a23799dc2 In tls_cached:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19329
diff changeset
1315 static void
32556
b1f9e5e9c03f Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32552
diff changeset
1316 x509_tls_cached_user_auth_reject_cb(PurpleCertificateVerificationRequest *vrq)
19330
b65a23799dc2 In tls_cached:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19329
diff changeset
1317 {
32556
b1f9e5e9c03f Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32552
diff changeset
1318 g_return_if_fail(vrq);
19001
b207701cb5a3 - Wrote the logic for the "previously unknown host" condition in
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19000
diff changeset
1319
32556
b1f9e5e9c03f Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32552
diff changeset
1320 purple_debug_warning("certificate/x509/tls_cached", "User REJECTED cert\n");
19091
489889091b14 - Remove all usage of purple_certificate_verify_destroy, as it is
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19090
diff changeset
1321
32556
b1f9e5e9c03f Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32552
diff changeset
1322 purple_certificate_verify_complete(vrq, PURPLE_CERTIFICATE_INVALID);
19515
b62683f4120d There's some disagreement over the response-id sent to the callbacks to
Sadrul Habib Chowdhury <imadil@gmail.com>
parents: 19504
diff changeset
1323 }
b62683f4120d There's some disagreement over the response-id sent to the callbacks to
Sadrul Habib Chowdhury <imadil@gmail.com>
parents: 19504
diff changeset
1324
19330
b65a23799dc2 In tls_cached:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19329
diff changeset
1325 /** Validates a certificate by asking the user
b65a23799dc2 In tls_cached:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19329
diff changeset
1326 * @param reason String to explain why the user needs to accept/refuse the
b65a23799dc2 In tls_cached:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19329
diff changeset
1327 * certificate.
b65a23799dc2 In tls_cached:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19329
diff changeset
1328 * @todo Needs a handle argument
b65a23799dc2 In tls_cached:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19329
diff changeset
1329 */
19001
b207701cb5a3 - Wrote the logic for the "previously unknown host" condition in
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19000
diff changeset
1330 static void
19330
b65a23799dc2 In tls_cached:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19329
diff changeset
1331 x509_tls_cached_user_auth(PurpleCertificateVerificationRequest *vrq,
b65a23799dc2 In tls_cached:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19329
diff changeset
1332 const gchar *reason)
19000
986413850713 - More skeletonizing for tls_cached logic.
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18999
diff changeset
1333 {
19330
b65a23799dc2 In tls_cached:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19329
diff changeset
1334 gchar *primary;
19001
b207701cb5a3 - Wrote the logic for the "previously unknown host" condition in
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19000
diff changeset
1335
19330
b65a23799dc2 In tls_cached:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19329
diff changeset
1336 primary = g_strdup_printf(_("Accept certificate for %s?"),
b65a23799dc2 In tls_cached:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19329
diff changeset
1337 vrq->subject_name);
25924
584063555949 Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents: 25894
diff changeset
1338
32556
b1f9e5e9c03f Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32552
diff changeset
1339 purple_request_certificate(
19001
b207701cb5a3 - Wrote the logic for the "previously unknown host" condition in
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19000
diff changeset
1340 vrq->cb_data, /* TODO: Find what the handle ought to be */
b207701cb5a3 - Wrote the logic for the "previously unknown host" condition in
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19000
diff changeset
1341 _("SSL Certificate Verification"),
b207701cb5a3 - Wrote the logic for the "previously unknown host" condition in
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19000
diff changeset
1342 primary,
19330
b65a23799dc2 In tls_cached:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19329
diff changeset
1343 reason,
32556
b1f9e5e9c03f Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32552
diff changeset
1344 vrq->cert_chain->data,
b1f9e5e9c03f Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32552
diff changeset
1345 _("Accept"), G_CALLBACK(x509_tls_cached_user_auth_accept_cb),
b1f9e5e9c03f Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32552
diff changeset
1346 _("Reject"), G_CALLBACK(x509_tls_cached_user_auth_reject_cb),
b1f9e5e9c03f Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 32552
diff changeset
1347 vrq);
25924
584063555949 Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents: 25894
diff changeset
1348
19001
b207701cb5a3 - Wrote the logic for the "previously unknown host" condition in
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19000
diff changeset
1349 g_free(primary);
19000
986413850713 - More skeletonizing for tls_cached logic.
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18999
diff changeset
1350 }
986413850713 - More skeletonizing for tls_cached logic.
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18999
diff changeset
1351
986413850713 - More skeletonizing for tls_cached logic.
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18999
diff changeset
1352 static void
28051
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1353 x509_tls_cached_unknown_peer(PurpleCertificateVerificationRequest *vrq,
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1354 PurpleCertificateInvalidityFlags flags);
21929
cedbb3860134 If a peer certificate does not match our cached cert, do not auto reject it!
Stu Tomlinson <stu@nosnilmot.com>
parents: 21927
diff changeset
1355
cedbb3860134 If a peer certificate does not match our cached cert, do not auto reject it!
Stu Tomlinson <stu@nosnilmot.com>
parents: 21927
diff changeset
1356 static void
28051
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1357 x509_tls_cached_complete(PurpleCertificateVerificationRequest *vrq,
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1358 PurpleCertificateInvalidityFlags flags)
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1359 {
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1360 PurpleCertificatePool *tls_peers;
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1361 PurpleCertificate *peer_crt = vrq->cert_chain->data;
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1362
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1363 if (flags & PURPLE_CERTIFICATE_FATALS_MASK) {
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1364 /* TODO: Also print any other warnings? */
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1365 const gchar *error;
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1366 gchar *tmp, *secondary;
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1367
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1368 if (flags & PURPLE_CERTIFICATE_INVALID_CHAIN)
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1369 error = invalidity_reason_to_string(PURPLE_CERTIFICATE_INVALID_CHAIN);
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1370 else if (flags & PURPLE_CERTIFICATE_REVOKED)
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1371 error = invalidity_reason_to_string(PURPLE_CERTIFICATE_REVOKED);
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1372 else
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1373 error = invalidity_reason_to_string(PURPLE_CERTIFICATE_UNKNOWN_ERROR);
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1374
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1375 tmp = g_strdup_printf(_("The certificate for %s could not be validated."),
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1376 vrq->subject_name);
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1377 secondary = g_strconcat(tmp, " ", error, NULL);
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1378 g_free(tmp);
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1379
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1380 purple_notify_error(NULL, /* TODO: Probably wrong. */
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1381 _("SSL Certificate Error"),
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1382 _("Unable to validate certificate"),
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1383 secondary);
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1384 g_free(secondary);
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1385
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1386 purple_certificate_verify_complete(vrq, PURPLE_CERTIFICATE_INVALID);
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1387 return;
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1388 } else if (flags & PURPLE_CERTIFICATE_NON_FATALS_MASK) {
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1389 /* Non-fatal error. Prompt the user. */
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1390 gchar *tmp;
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1391 GString *errors;
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1392 guint32 i = 1;
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1393
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1394 tmp = g_strdup_printf(_("The certificate for %s could not be validated."),
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1395 vrq->subject_name);
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1396 errors = g_string_new(tmp);
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1397 g_free(tmp);
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1398
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1399 errors = g_string_append_c(errors, '\n');
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1400
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1401 /* Special case a name mismatch because we want to display the two names... */
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1402 if (flags & PURPLE_CERTIFICATE_NAME_MISMATCH) {
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1403 gchar *sn = purple_certificate_get_subject_name(peer_crt);
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1404
28392
64fbf431d952 Print that specific message only when there is a CN; otherwise fall back
Paul Aurich <paul@darkrain42.org>
parents: 28391
diff changeset
1405 if (sn) {
64fbf431d952 Print that specific message only when there is a CN; otherwise fall back
Paul Aurich <paul@darkrain42.org>
parents: 28391
diff changeset
1406 g_string_append_printf(errors, _("The certificate claims to be "
64fbf431d952 Print that specific message only when there is a CN; otherwise fall back
Paul Aurich <paul@darkrain42.org>
parents: 28391
diff changeset
1407 "from \"%s\" instead. This could mean that you are "
64fbf431d952 Print that specific message only when there is a CN; otherwise fall back
Paul Aurich <paul@darkrain42.org>
parents: 28391
diff changeset
1408 "not connecting to the service you believe you are."),
64fbf431d952 Print that specific message only when there is a CN; otherwise fall back
Paul Aurich <paul@darkrain42.org>
parents: 28391
diff changeset
1409 sn);
64fbf431d952 Print that specific message only when there is a CN; otherwise fall back
Paul Aurich <paul@darkrain42.org>
parents: 28391
diff changeset
1410 g_free(sn);
28051
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1411
28392
64fbf431d952 Print that specific message only when there is a CN; otherwise fall back
Paul Aurich <paul@darkrain42.org>
parents: 28391
diff changeset
1412 flags &= ~PURPLE_CERTIFICATE_NAME_MISMATCH;
64fbf431d952 Print that specific message only when there is a CN; otherwise fall back
Paul Aurich <paul@darkrain42.org>
parents: 28391
diff changeset
1413 }
28051
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1414 }
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1415
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1416 while (i != PURPLE_CERTIFICATE_LAST) {
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1417 if (flags & i) {
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1418 errors = g_string_append_c(errors, '\n');
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1419 g_string_append(errors, invalidity_reason_to_string(i));
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1420 }
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1421
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1422 i <<= 1;
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1423 }
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1424
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1425 x509_tls_cached_user_auth(vrq, errors->str);
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1426 g_string_free(errors, TRUE);
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1427 return;
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1428 }
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1429
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1430 /* If we reach this point, the certificate is good. */
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1431
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1432 /* Look up the local cache and store it there for future use */
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1433 tls_peers = purple_certificate_find_pool(x509_tls_cached.scheme_name,
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1434 "tls_peers");
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1435 if (tls_peers) {
28804
57ee55097ec8 certs: Cache certs once again (at the end of the verification process).
Paul Aurich <paul@darkrain42.org>
parents: 28647
diff changeset
1436 if (!purple_certificate_pool_store(tls_peers,vrq->subject_name,
57ee55097ec8 certs: Cache certs once again (at the end of the verification process).
Paul Aurich <paul@darkrain42.org>
parents: 28647
diff changeset
1437 peer_crt)) {
28051
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1438 purple_debug_error("certificate/x509/tls_cached",
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1439 "FAILED to cache peer certificate\n");
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1440 }
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1441 } else {
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1442 purple_debug_error("certificate/x509/tls_cached",
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1443 "Unable to locate tls_peers certificate cache.\n");
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1444 }
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1445
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1446 purple_certificate_verify_complete(vrq, PURPLE_CERTIFICATE_VALID);
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1447 }
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1448
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1449 static void
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1450 x509_tls_cached_cert_in_cache(PurpleCertificateVerificationRequest *vrq,
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1451 PurpleCertificateInvalidityFlags flags)
19086
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19085
diff changeset
1452 {
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19085
diff changeset
1453 /* TODO: Looking this up by name over and over is expensive.
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19085
diff changeset
1454 Fix, please! */
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19085
diff changeset
1455 PurpleCertificatePool *tls_peers =
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19085
diff changeset
1456 purple_certificate_find_pool(x509_tls_cached.scheme_name,
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19085
diff changeset
1457 "tls_peers");
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19085
diff changeset
1458
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19085
diff changeset
1459 /* The peer's certificate should be the first in the list */
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19085
diff changeset
1460 PurpleCertificate *peer_crt =
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19085
diff changeset
1461 (PurpleCertificate *) vrq->cert_chain->data;
25924
584063555949 Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents: 25894
diff changeset
1462
19086
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19085
diff changeset
1463 PurpleCertificate *cached_crt;
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19085
diff changeset
1464 GByteArray *peer_fpr, *cached_fpr;
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19085
diff changeset
1465
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19085
diff changeset
1466 /* Load up the cached certificate */
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19085
diff changeset
1467 cached_crt = purple_certificate_pool_retrieve(
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19085
diff changeset
1468 tls_peers, vrq->subject_name);
19553
f36d0d2bf6f2 - Remove g_assert()s. Fixes #2859
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19534
diff changeset
1469 if ( !cached_crt ) {
27567
199cf148cdf8 Continue verification when we can't find a *cached* peer. Fixes #9664.
Paul Aurich <paul@darkrain42.org>
parents: 27536
diff changeset
1470 purple_debug_warning("certificate/x509/tls_cached",
19553
f36d0d2bf6f2 - Remove g_assert()s. Fixes #2859
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19534
diff changeset
1471 "Lookup failed on cached certificate!\n"
27567
199cf148cdf8 Continue verification when we can't find a *cached* peer. Fixes #9664.
Paul Aurich <paul@darkrain42.org>
parents: 27536
diff changeset
1472 "Falling back to full verification.\n");
199cf148cdf8 Continue verification when we can't find a *cached* peer. Fixes #9664.
Paul Aurich <paul@darkrain42.org>
parents: 27536
diff changeset
1473 /* vrq now becomes the problem of unknown_peer */
28051
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1474 x509_tls_cached_unknown_peer(vrq, flags);
24840
7608cf033a88 Prevent a NULL ptr deref when unexpected stuff happens in the cert cache. Fixes #7776,#7769
Daniel Atallah <daniel.atallah@gmail.com>
parents: 24732
diff changeset
1475 return;
19553
f36d0d2bf6f2 - Remove g_assert()s. Fixes #2859
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19534
diff changeset
1476 }
19086
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19085
diff changeset
1477
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19085
diff changeset
1478 /* Now get SHA1 sums for both and compare them */
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19085
diff changeset
1479 /* TODO: This is not an elegant way to compare certs */
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19085
diff changeset
1480 peer_fpr = purple_certificate_get_fingerprint_sha1(peer_crt);
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19085
diff changeset
1481 cached_fpr = purple_certificate_get_fingerprint_sha1(cached_crt);
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19085
diff changeset
1482 if (!memcmp(peer_fpr->data, cached_fpr->data, peer_fpr->len)) {
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19085
diff changeset
1483 purple_debug_info("certificate/x509/tls_cached",
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19085
diff changeset
1484 "Peer cert matched cached\n");
28051
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1485 x509_tls_cached_complete(vrq, flags);
19086
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19085
diff changeset
1486 } else {
27231
627d23bfdb05 Increase the logging level of some debugging messages that seemed to be a
mauro.brasil@tqi.com.br
parents: 25941
diff changeset
1487 purple_debug_error("certificate/x509/tls_cached",
19086
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19085
diff changeset
1488 "Peer cert did NOT match cached\n");
21929
cedbb3860134 If a peer certificate does not match our cached cert, do not auto reject it!
Stu Tomlinson <stu@nosnilmot.com>
parents: 21927
diff changeset
1489 /* vrq now becomes the problem of the user */
28051
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1490 x509_tls_cached_unknown_peer(vrq, flags);
19086
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19085
diff changeset
1491 }
25924
584063555949 Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents: 25894
diff changeset
1492
19086
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19085
diff changeset
1493 purple_certificate_destroy(cached_crt);
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19085
diff changeset
1494 g_byte_array_free(peer_fpr, TRUE);
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19085
diff changeset
1495 g_byte_array_free(cached_fpr, TRUE);
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19085
diff changeset
1496 }
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19085
diff changeset
1497
27734
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1498 /*
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1499 * This is called from two points in x509_tls_cached_unknown_peer below
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1500 * once we've verified the signature chain is valid. Now we need to verify
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1501 * the subject name of the certificate.
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1502 */
19085
1bd9557f866e In tls_cached Verifier:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19084
diff changeset
1503 static void
27763
f834ffa7490b cert: Validate subject name before prompting due to no CA pool.
Paul Aurich <paul@darkrain42.org>
parents: 27734
diff changeset
1504 x509_tls_cached_check_subject_name(PurpleCertificateVerificationRequest *vrq,
28051
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1505 PurpleCertificateInvalidityFlags flags)
19085
1bd9557f866e In tls_cached Verifier:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19084
diff changeset
1506 {
27671
99baf778e0b9 Fix GnuTLS validation of the CACert Chain. Closes #4458.
Paul Aurich <paul@darkrain42.org>
parents: 27669
diff changeset
1507 PurpleCertificate *peer_crt;
19089
c8962b52579e - Wrote a tls_cached unknown_peer function that does many fun things,
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19088
diff changeset
1508 GList *chain = vrq->cert_chain;
c8962b52579e - Wrote a tls_cached unknown_peer function that does many fun things,
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19088
diff changeset
1509
19090
5310b1294287 - Add HOSTNAME CHECKING to tls_cached unknown_peer mode, which is kind
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19089
diff changeset
1510 peer_crt = (PurpleCertificate *) chain->data;
5310b1294287 - Add HOSTNAME CHECKING to tls_cached unknown_peer mode, which is kind
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19089
diff changeset
1511
21927
a464f202e6c4 Add the StartCom Free SSL Certificate Authority certificate (as used by
Stu Tomlinson <stu@nosnilmot.com>
parents: 21887
diff changeset
1512 /* Last, check that the hostname matches */
a464f202e6c4 Add the StartCom Free SSL Certificate Authority certificate (as used by
Stu Tomlinson <stu@nosnilmot.com>
parents: 21887
diff changeset
1513 if ( ! purple_certificate_check_subject_name(peer_crt,
a464f202e6c4 Add the StartCom Free SSL Certificate Authority certificate (as used by
Stu Tomlinson <stu@nosnilmot.com>
parents: 21887
diff changeset
1514 vrq->subject_name) ) {
a464f202e6c4 Add the StartCom Free SSL Certificate Authority certificate (as used by
Stu Tomlinson <stu@nosnilmot.com>
parents: 21887
diff changeset
1515 gchar *sn = purple_certificate_get_subject_name(peer_crt);
25924
584063555949 Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents: 25894
diff changeset
1516
28051
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1517 flags |= PURPLE_CERTIFICATE_NAME_MISMATCH;
27231
627d23bfdb05 Increase the logging level of some debugging messages that seemed to be a
mauro.brasil@tqi.com.br
parents: 25941
diff changeset
1518 purple_debug_error("certificate/x509/tls_cached",
21927
a464f202e6c4 Add the StartCom Free SSL Certificate Authority certificate (as used by
Stu Tomlinson <stu@nosnilmot.com>
parents: 21887
diff changeset
1519 "Name mismatch: Certificate given for %s "
a464f202e6c4 Add the StartCom Free SSL Certificate Authority certificate (as used by
Stu Tomlinson <stu@nosnilmot.com>
parents: 21887
diff changeset
1520 "has a name of %s\n",
a464f202e6c4 Add the StartCom Free SSL Certificate Authority certificate (as used by
Stu Tomlinson <stu@nosnilmot.com>
parents: 21887
diff changeset
1521 vrq->subject_name, sn);
29699
8474495b9dfc A couple more leak fixes.
Sadrul Habib Chowdhury <imadil@gmail.com>
parents: 29647
diff changeset
1522 g_free(sn);
27763
f834ffa7490b cert: Validate subject name before prompting due to no CA pool.
Paul Aurich <paul@darkrain42.org>
parents: 27734
diff changeset
1523 }
f834ffa7490b cert: Validate subject name before prompting due to no CA pool.
Paul Aurich <paul@darkrain42.org>
parents: 27734
diff changeset
1524
28051
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1525 x509_tls_cached_complete(vrq, flags);
27734
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1526 }
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1527
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1528 /* For when we've never communicated with this party before */
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1529 /* TODO: Need ways to specify possibly multiple problems with a cert, or at
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1530 least reprioritize them.
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1531 */
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1532 static void
28051
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1533 x509_tls_cached_unknown_peer(PurpleCertificateVerificationRequest *vrq,
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1534 PurpleCertificateInvalidityFlags flags)
27734
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1535 {
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1536 PurpleCertificatePool *ca;
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1537 PurpleCertificate *peer_crt;
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1538 PurpleCertificate *ca_crt, *end_crt;
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1539 PurpleCertificate *failing_crt;
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1540 GList *chain = vrq->cert_chain;
30960
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
1541 GSList *ca_crts, *cur;
27734
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1542 GByteArray *last_fpr, *ca_fpr;
30960
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
1543 gboolean valid = FALSE;
31172
e89df17f5ae7 certificate: Better validation of chains which have an intermediate signed w/ MD5.
Paul Aurich <paul@darkrain42.org>
parents: 31171
diff changeset
1544 gchar *ca_id, *ca2_id;
27734
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1545
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1546 peer_crt = (PurpleCertificate *) chain->data;
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1547
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1548 /* TODO: Figure out a way to check for a bad signature, as opposed to
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1549 "not self-signed" */
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1550 if ( purple_certificate_signed_by(peer_crt, peer_crt) ) {
28051
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1551 flags |= PURPLE_CERTIFICATE_SELF_SIGNED;
27734
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1552
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1553 purple_debug_info("certificate/x509/tls_cached",
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1554 "Certificate for %s is self-signed.\n",
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1555 vrq->subject_name);
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1556
28051
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1557 x509_tls_cached_check_subject_name(vrq, flags);
27734
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1558 return;
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1559 } /* if (self signed) */
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1560
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1561 ca = purple_certificate_find_pool(x509_tls_cached.scheme_name, "ca");
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1562
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1563 /* Next, check that the certificate chain is valid */
32212
1bcedeb32bb4 Remove the old deprecated purple_certificate_check_signature_chain.
andrew.victor@mxit.com
parents: 31851
diff changeset
1564 if (!purple_certificate_check_signature_chain(chain,
27734
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1565 &failing_crt))
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1566 {
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1567 gboolean chain_validated = FALSE;
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1568 /*
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1569 * Check if the failing certificate is in the CA store. If it is, then
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1570 * consider this fully validated. This works around issues with some
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1571 * prominent intermediate CAs whose signature is md5WithRSAEncryption.
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1572 * I'm looking at CACert Class 3 here. See #4458 for details.
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1573 */
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1574 if (ca) {
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1575 gchar *uid = purple_certificate_get_unique_id(failing_crt);
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1576 PurpleCertificate *ca_crt = purple_certificate_pool_retrieve(ca, uid);
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1577 if (ca_crt != NULL) {
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1578 GByteArray *failing_fpr;
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1579 GByteArray *ca_fpr;
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1580 failing_fpr = purple_certificate_get_fingerprint_sha1(failing_crt);
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1581 ca_fpr = purple_certificate_get_fingerprint_sha1(ca_crt);
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1582 if (byte_arrays_equal(failing_fpr, ca_fpr)) {
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1583 purple_debug_info("certificate/x509/tls_cached",
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1584 "Full chain verification failed (probably a bad "
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1585 "signature algorithm), but found the last "
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1586 "certificate %s in the CA pool.\n", uid);
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1587 chain_validated = TRUE;
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1588 }
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1589
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1590 g_byte_array_free(failing_fpr, TRUE);
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1591 g_byte_array_free(ca_fpr, TRUE);
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1592 }
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1593
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1594 purple_certificate_destroy(ca_crt);
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1595 g_free(uid);
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1596 }
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1597
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1598 /*
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1599 * If we get here, either the cert matched the stuff right above
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1600 * or it didn't, in which case we give up and complain to the user.
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1601 */
28051
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1602 if (!chain_validated)
27734
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1603 /* TODO: Tell the user where the chain broke? */
28051
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1604 flags |= PURPLE_CERTIFICATE_INVALID_CHAIN;
27734
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1605
28051
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1606 x509_tls_cached_check_subject_name(vrq, flags);
27734
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1607 return;
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1608 } /* if (signature chain not good) */
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1609
31172
e89df17f5ae7 certificate: Better validation of chains which have an intermediate signed w/ MD5.
Paul Aurich <paul@darkrain42.org>
parents: 31171
diff changeset
1610 /* Next, attempt to verify the last certificate is signed by a trusted
e89df17f5ae7 certificate: Better validation of chains which have an intermediate signed w/ MD5.
Paul Aurich <paul@darkrain42.org>
parents: 31171
diff changeset
1611 * CA, or is a trusted CA (based on fingerprint).
e89df17f5ae7 certificate: Better validation of chains which have an intermediate signed w/ MD5.
Paul Aurich <paul@darkrain42.org>
parents: 31171
diff changeset
1612 */
27734
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1613 /* If, for whatever reason, there is no Certificate Authority pool
27763
f834ffa7490b cert: Validate subject name before prompting due to no CA pool.
Paul Aurich <paul@darkrain42.org>
parents: 27734
diff changeset
1614 loaded, we'll verify the subject name and then warn about thsi. */
27734
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1615 if ( !ca ) {
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1616 purple_debug_error("certificate/x509/tls_cached",
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1617 "No X.509 Certificate Authority pool "
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1618 "could be found!\n");
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1619
28051
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1620 flags |= PURPLE_CERTIFICATE_NO_CA_POOL;
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1621
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1622 x509_tls_cached_check_subject_name(vrq, flags);
27734
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1623 return;
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1624 }
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1625
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1626 end_crt = g_list_last(chain)->data;
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1627
31172
e89df17f5ae7 certificate: Better validation of chains which have an intermediate signed w/ MD5.
Paul Aurich <paul@darkrain42.org>
parents: 31171
diff changeset
1628 /* Attempt to look up the last certificate, and the last certificate's
e89df17f5ae7 certificate: Better validation of chains which have an intermediate signed w/ MD5.
Paul Aurich <paul@darkrain42.org>
parents: 31171
diff changeset
1629 * issuer.
e89df17f5ae7 certificate: Better validation of chains which have an intermediate signed w/ MD5.
Paul Aurich <paul@darkrain42.org>
parents: 31171
diff changeset
1630 */
e89df17f5ae7 certificate: Better validation of chains which have an intermediate signed w/ MD5.
Paul Aurich <paul@darkrain42.org>
parents: 31171
diff changeset
1631 ca_id = purple_certificate_get_issuer_unique_id(end_crt);
e89df17f5ae7 certificate: Better validation of chains which have an intermediate signed w/ MD5.
Paul Aurich <paul@darkrain42.org>
parents: 31171
diff changeset
1632 ca2_id = purple_certificate_get_unique_id(end_crt);
27734
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1633 purple_debug_info("certificate/x509/tls_cached",
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1634 "Checking for a CA with DN=%s\n",
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1635 ca_id);
31172
e89df17f5ae7 certificate: Better validation of chains which have an intermediate signed w/ MD5.
Paul Aurich <paul@darkrain42.org>
parents: 31171
diff changeset
1636 purple_debug_info("certificate/x509/tls_cached",
e89df17f5ae7 certificate: Better validation of chains which have an intermediate signed w/ MD5.
Paul Aurich <paul@darkrain42.org>
parents: 31171
diff changeset
1637 "Also checking for a CA with DN=%s\n",
e89df17f5ae7 certificate: Better validation of chains which have an intermediate signed w/ MD5.
Paul Aurich <paul@darkrain42.org>
parents: 31171
diff changeset
1638 ca2_id);
e89df17f5ae7 certificate: Better validation of chains which have an intermediate signed w/ MD5.
Paul Aurich <paul@darkrain42.org>
parents: 31171
diff changeset
1639 ca_crts = g_slist_concat(x509_ca_get_certs(ca_id), x509_ca_get_certs(ca2_id));
e89df17f5ae7 certificate: Better validation of chains which have an intermediate signed w/ MD5.
Paul Aurich <paul@darkrain42.org>
parents: 31171
diff changeset
1640 g_free(ca_id);
e89df17f5ae7 certificate: Better validation of chains which have an intermediate signed w/ MD5.
Paul Aurich <paul@darkrain42.org>
parents: 31171
diff changeset
1641 g_free(ca2_id);
30960
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
1642 if ( NULL == ca_crts ) {
28051
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1643 flags |= PURPLE_CERTIFICATE_CA_UNKNOWN;
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1644
27734
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1645 purple_debug_warning("certificate/x509/tls_cached",
31851
a3b1dcf433b5 Remove duplicate word "found" in this debug message
Mark Doliner <mark@kingant.net>
parents: 31172
diff changeset
1646 "No Certificate Authorities with either DN "
31172
e89df17f5ae7 certificate: Better validation of chains which have an intermediate signed w/ MD5.
Paul Aurich <paul@darkrain42.org>
parents: 31171
diff changeset
1647 "found. I'll prompt the user, I guess.\n");
28051
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1648
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1649 x509_tls_cached_check_subject_name(vrq, flags);
27734
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1650 return;
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1651 }
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1652
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1653 /*
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1654 * Check the fingerprints; if they match, then this certificate *is* one
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1655 * of the designated "trusted roots", and we don't need to verify the
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1656 * signature. This is good because some of the older roots are self-signed
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1657 * with bad hash algorithms that we don't want to allow in any other
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1658 * circumstances (one of Verisign's root CAs is self-signed with MD2).
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1659 *
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1660 * If the fingerprints don't match, we'll fall back to checking the
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1661 * signature.
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1662 */
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1663 last_fpr = purple_certificate_get_fingerprint_sha1(end_crt);
30960
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
1664 for (cur = ca_crts; cur; cur = cur->next) {
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
1665 ca_crt = cur->data;
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
1666 ca_fpr = purple_certificate_get_fingerprint_sha1(ca_crt);
27734
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1667
30960
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
1668 if ( byte_arrays_equal(last_fpr, ca_fpr) ||
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
1669 purple_certificate_signed_by(end_crt, ca_crt) )
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
1670 {
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
1671 /* TODO: If signed_by ever returns a reason, maybe mention
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
1672 that, too. */
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
1673 /* TODO: Also mention the CA involved. While I could do this
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
1674 now, a full DN is a little much with which to assault the
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
1675 user's poor, leaky eyes. */
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
1676 valid = TRUE;
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
1677 g_byte_array_free(ca_fpr, TRUE);
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
1678 break;
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
1679 }
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
1680
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
1681 g_byte_array_free(ca_fpr, TRUE);
28051
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1682 }
27734
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1683
30960
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
1684 if (valid == FALSE)
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
1685 flags |= PURPLE_CERTIFICATE_INVALID_CHAIN;
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
1686
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
1687 g_slist_foreach(ca_crts, (GFunc)purple_certificate_destroy, NULL);
27c56e6b5fa6 Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents: 30573
diff changeset
1688 g_slist_free(ca_crts);
27734
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1689 g_byte_array_free(last_fpr, TRUE);
d0654dea0575 certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents: 27671
diff changeset
1690
28051
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1691 x509_tls_cached_check_subject_name(vrq, flags);
19085
1bd9557f866e In tls_cached Verifier:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19084
diff changeset
1692 }
1bd9557f866e In tls_cached Verifier:
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19084
diff changeset
1693
19000
986413850713 - More skeletonizing for tls_cached logic.
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18999
diff changeset
1694 static void
18993
33fb4930ad2b - Add x509_tls_cached skeleton
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18992
diff changeset
1695 x509_tls_cached_start_verify(PurpleCertificateVerificationRequest *vrq)
33fb4930ad2b - Add x509_tls_cached skeleton
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18992
diff changeset
1696 {
18999
7fbd0a6ac8d6 - Made a logic skeleton for tls_cached verifier
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18996
diff changeset
1697 const gchar *tls_peers_name = "tls_peers"; /* Name of local cache */
7fbd0a6ac8d6 - Made a logic skeleton for tls_cached verifier
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18996
diff changeset
1698 PurpleCertificatePool *tls_peers;
27664
151ec92db74c Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents: 27567
diff changeset
1699 time_t now, activation, expiration;
28051
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1700 PurpleCertificateInvalidityFlags flags = PURPLE_CERTIFICATE_NO_PROBLEMS;
27664
151ec92db74c Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents: 27567
diff changeset
1701 gboolean ret;
18999
7fbd0a6ac8d6 - Made a logic skeleton for tls_cached verifier
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18996
diff changeset
1702
18993
33fb4930ad2b - Add x509_tls_cached skeleton
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18992
diff changeset
1703 g_return_if_fail(vrq);
18999
7fbd0a6ac8d6 - Made a logic skeleton for tls_cached verifier
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18996
diff changeset
1704
7fbd0a6ac8d6 - Made a logic skeleton for tls_cached verifier
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18996
diff changeset
1705 purple_debug_info("certificate/x509/tls_cached",
7fbd0a6ac8d6 - Made a logic skeleton for tls_cached verifier
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18996
diff changeset
1706 "Starting verify for %s\n",
7fbd0a6ac8d6 - Made a logic skeleton for tls_cached verifier
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18996
diff changeset
1707 vrq->subject_name);
25924
584063555949 Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents: 25894
diff changeset
1708
27664
151ec92db74c Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents: 27567
diff changeset
1709 /*
151ec92db74c Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents: 27567
diff changeset
1710 * Verify the first certificate (the main one) has been activated and
151ec92db74c Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents: 27567
diff changeset
1711 * isn't expired, i.e. activation < now < expiration.
151ec92db74c Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents: 27567
diff changeset
1712 */
151ec92db74c Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents: 27567
diff changeset
1713 now = time(NULL);
151ec92db74c Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents: 27567
diff changeset
1714 ret = purple_certificate_get_times(vrq->cert_chain->data, &activation,
151ec92db74c Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents: 27567
diff changeset
1715 &expiration);
28051
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1716 if (!ret) {
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1717 flags |= PURPLE_CERTIFICATE_EXPIRED | PURPLE_CERTIFICATE_NOT_ACTIVATED;
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1718 purple_debug_error("certificate/x509/tls_cached",
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1719 "Failed to get validity times for certificate %s\n",
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1720 vrq->subject_name);
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1721 } else if (now > expiration) {
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1722 flags |= PURPLE_CERTIFICATE_EXPIRED;
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1723 purple_debug_error("certificate/x509/tls_cached",
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1724 "Certificate %s expired at %s\n",
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1725 vrq->subject_name, ctime(&expiration));
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1726 } else if (now < activation) {
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1727 flags |= PURPLE_CERTIFICATE_NOT_ACTIVATED;
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1728 purple_debug_error("certificate/x509/tls_cached",
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1729 "Certificate %s is not yet valid, will be at %s\n",
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1730 vrq->subject_name, ctime(&activation));
27664
151ec92db74c Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents: 27567
diff changeset
1731 }
151ec92db74c Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents: 27567
diff changeset
1732
18999
7fbd0a6ac8d6 - Made a logic skeleton for tls_cached verifier
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18996
diff changeset
1733 tls_peers = purple_certificate_find_pool(x509_tls_cached.scheme_name,tls_peers_name);
7fbd0a6ac8d6 - Made a logic skeleton for tls_cached verifier
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18996
diff changeset
1734
7fbd0a6ac8d6 - Made a logic skeleton for tls_cached verifier
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18996
diff changeset
1735 if (!tls_peers) {
7fbd0a6ac8d6 - Made a logic skeleton for tls_cached verifier
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18996
diff changeset
1736 purple_debug_error("certificate/x509/tls_cached",
23987
11f98b1e605b remove misleading portion of the debug line
Ka-Hing Cheung <khc@hxbc.us>
parents: 23685
diff changeset
1737 "Couldn't find local peers cache %s\n",
18999
7fbd0a6ac8d6 - Made a logic skeleton for tls_cached verifier
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18996
diff changeset
1738 tls_peers_name);
19091
489889091b14 - Remove all usage of purple_certificate_verify_destroy, as it is
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19090
diff changeset
1739
20247
e6315ec87124 applied changes from 92e6c32278d711f0d5807c4d931b26162e4a720f
Richard Laager <rlaager@wiktel.com>
parents: 19688
diff changeset
1740 /* vrq now becomes the problem of unknown_peer */
28051
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1741 x509_tls_cached_unknown_peer(vrq, flags);
18999
7fbd0a6ac8d6 - Made a logic skeleton for tls_cached verifier
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18996
diff changeset
1742 return;
7fbd0a6ac8d6 - Made a logic skeleton for tls_cached verifier
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18996
diff changeset
1743 }
25924
584063555949 Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents: 25894
diff changeset
1744
18999
7fbd0a6ac8d6 - Made a logic skeleton for tls_cached verifier
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18996
diff changeset
1745 /* Check if the peer has a certificate cached already */
7fbd0a6ac8d6 - Made a logic skeleton for tls_cached verifier
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18996
diff changeset
1746 purple_debug_info("certificate/x509/tls_cached",
7fbd0a6ac8d6 - Made a logic skeleton for tls_cached verifier
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18996
diff changeset
1747 "Checking for cached cert...\n");
7fbd0a6ac8d6 - Made a logic skeleton for tls_cached verifier
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18996
diff changeset
1748 if (purple_certificate_pool_contains(tls_peers, vrq->subject_name)) {
7fbd0a6ac8d6 - Made a logic skeleton for tls_cached verifier
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18996
diff changeset
1749 purple_debug_info("certificate/x509/tls_cached",
7fbd0a6ac8d6 - Made a logic skeleton for tls_cached verifier
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18996
diff changeset
1750 "...Found cached cert\n");
19086
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19085
diff changeset
1751 /* vrq is now the responsibility of cert_in_cache */
28051
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1752 x509_tls_cached_cert_in_cache(vrq, flags);
19086
e256e0bf8ae1 - Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19085
diff changeset
1753 } else {
27231
627d23bfdb05 Increase the logging level of some debugging messages that seemed to be a
mauro.brasil@tqi.com.br
parents: 25941
diff changeset
1754 purple_debug_warning("certificate/x509/tls_cached",
18999
7fbd0a6ac8d6 - Made a logic skeleton for tls_cached verifier
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18996
diff changeset
1755 "...Not in cache\n");
19000
986413850713 - More skeletonizing for tls_cached logic.
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18999
diff changeset
1756 /* vrq now becomes the problem of unknown_peer */
28051
b341ae89f5ce certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents: 27982
diff changeset
1757 x509_tls_cached_unknown_peer(vrq, flags);
18999
7fbd0a6ac8d6 - Made a logic skeleton for tls_cached verifier
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18996
diff changeset
1758 }
18993
33fb4930ad2b - Add x509_tls_cached skeleton
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18992
diff changeset
1759 }
33fb4930ad2b - Add x509_tls_cached skeleton
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18992
diff changeset
1760
33fb4930ad2b - Add x509_tls_cached skeleton
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18992
diff changeset
1761 static void
33fb4930ad2b - Add x509_tls_cached skeleton
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18992
diff changeset
1762 x509_tls_cached_destroy_request(PurpleCertificateVerificationRequest *vrq)
33fb4930ad2b - Add x509_tls_cached skeleton
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18992
diff changeset
1763 {
33fb4930ad2b - Add x509_tls_cached skeleton
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18992
diff changeset
1764 g_return_if_fail(vrq);
33fb4930ad2b - Add x509_tls_cached skeleton
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18992
diff changeset
1765 }
33fb4930ad2b - Add x509_tls_cached skeleton
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18992
diff changeset
1766
33fb4930ad2b - Add x509_tls_cached skeleton
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18992
diff changeset
1767 static PurpleCertificateVerifier x509_tls_cached = {
33fb4930ad2b - Add x509_tls_cached skeleton
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18992
diff changeset
1768 "x509", /* Scheme name */
33fb4930ad2b - Add x509_tls_cached skeleton
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18992
diff changeset
1769 "tls_cached", /* Verifier name */
33fb4930ad2b - Add x509_tls_cached skeleton
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18992
diff changeset
1770 x509_tls_cached_start_verify, /* Verification begin */
19649
450f4a3c4c0f - Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19564
diff changeset
1771 x509_tls_cached_destroy_request,/* Request cleanup */
450f4a3c4c0f - Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19564
diff changeset
1772
450f4a3c4c0f - Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19564
diff changeset
1773 NULL,
450f4a3c4c0f - Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19564
diff changeset
1774 NULL,
450f4a3c4c0f - Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19564
diff changeset
1775 NULL,
450f4a3c4c0f - Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19564
diff changeset
1776 NULL
450f4a3c4c0f - Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19564
diff changeset
1777
18993
33fb4930ad2b - Add x509_tls_cached skeleton
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18992
diff changeset
1778 };
18975
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18973
diff changeset
1779
18950
f78a9efa9eaf - Add purple_certificate_register_builtins
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18949
diff changeset
1780 /****************************************************************************/
f78a9efa9eaf - Add purple_certificate_register_builtins
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18949
diff changeset
1781 /* Subsystem */
f78a9efa9eaf - Add purple_certificate_register_builtins
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18949
diff changeset
1782 /****************************************************************************/
f78a9efa9eaf - Add purple_certificate_register_builtins
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18949
diff changeset
1783 void
18957
9205841eed06 - Certificate system now has init and uninit like other systems
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18953
diff changeset
1784 purple_certificate_init(void)
18950
f78a9efa9eaf - Add purple_certificate_register_builtins
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18949
diff changeset
1785 {
18957
9205841eed06 - Certificate system now has init and uninit like other systems
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18953
diff changeset
1786 /* Register builtins */
18953
89b32569890c - Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18952
diff changeset
1787 purple_certificate_register_verifier(&x509_singleuse);
19093
f96b53df8d17 - Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19092
diff changeset
1788 purple_certificate_register_pool(&x509_ca);
18975
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18973
diff changeset
1789 purple_certificate_register_pool(&x509_tls_peers);
18993
33fb4930ad2b - Add x509_tls_cached skeleton
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18992
diff changeset
1790 purple_certificate_register_verifier(&x509_tls_cached);
18950
f78a9efa9eaf - Add purple_certificate_register_builtins
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18949
diff changeset
1791 }
18946
617447a71ab7 - Add certificate_destroy and certificate_destroy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18943
diff changeset
1792
18957
9205841eed06 - Certificate system now has init and uninit like other systems
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18953
diff changeset
1793 void
9205841eed06 - Certificate system now has init and uninit like other systems
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18953
diff changeset
1794 purple_certificate_uninit(void)
9205841eed06 - Certificate system now has init and uninit like other systems
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18953
diff changeset
1795 {
19024
264f00bc8f22 - Change certificate_uninit to unregister all Pools, Schemes, and
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19023
diff changeset
1796 /* Unregister all Verifiers */
25375
fc8fd4fef166 Fix a crash on exit with a patch from im.pidgin.next.minor.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 24840
diff changeset
1797 g_list_foreach(cert_verifiers, (GFunc)purple_certificate_unregister_verifier, NULL);
19024
264f00bc8f22 - Change certificate_uninit to unregister all Pools, Schemes, and
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19023
diff changeset
1798
264f00bc8f22 - Change certificate_uninit to unregister all Pools, Schemes, and
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19023
diff changeset
1799 /* Unregister all Pools */
25375
fc8fd4fef166 Fix a crash on exit with a patch from im.pidgin.next.minor.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents: 24840
diff changeset
1800 g_list_foreach(cert_pools, (GFunc)purple_certificate_unregister_pool, NULL);
18957
9205841eed06 - Certificate system now has init and uninit like other systems
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18953
diff changeset
1801 }
9205841eed06 - Certificate system now has init and uninit like other systems
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18953
diff changeset
1802
19022
1f07f96dc1ce - Add purple_certificate_get_handle
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19021
diff changeset
1803 gpointer
1f07f96dc1ce - Add purple_certificate_get_handle
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19021
diff changeset
1804 purple_certificate_get_handle(void)
1f07f96dc1ce - Add purple_certificate_get_handle
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19021
diff changeset
1805 {
1f07f96dc1ce - Add purple_certificate_get_handle
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19021
diff changeset
1806 static gint handle;
1f07f96dc1ce - Add purple_certificate_get_handle
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19021
diff changeset
1807 return &handle;
1f07f96dc1ce - Add purple_certificate_get_handle
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19021
diff changeset
1808 }
1f07f96dc1ce - Add purple_certificate_get_handle
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19021
diff changeset
1809
18192
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
1810 PurpleCertificateScheme *
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
1811 purple_certificate_find_scheme(const gchar *name)
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
1812 {
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
1813 PurpleCertificateScheme *scheme = NULL;
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
1814 GList *l;
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
1815
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
1816 g_return_val_if_fail(name, NULL);
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
1817
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
1818 /* Traverse the list of registered schemes and locate the
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
1819 one whose name matches */
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
1820 for(l = cert_schemes; l; l = l->next) {
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
1821 scheme = (PurpleCertificateScheme *)(l->data);
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
1822
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
1823 /* Name matches? that's our man */
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
1824 if(!g_ascii_strcasecmp(scheme->name, name))
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
1825 return scheme;
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
1826 }
17910
668a294f9a72 - Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff changeset
1827
18192
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
1828 purple_debug_warning("certificate",
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
1829 "CertificateScheme %s requested but not found.\n",
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
1830 name);
17910
668a294f9a72 - Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff changeset
1831
18192
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
1832 /* TODO: Signalling and such? */
25924
584063555949 Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents: 25894
diff changeset
1833
18192
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
1834 return NULL;
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
1835 }
17910
668a294f9a72 - Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff changeset
1836
19023
eb86ff3ba21a - Add get_pools, get_verifiers, and get_schemes
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19022
diff changeset
1837 GList *
eb86ff3ba21a - Add get_pools, get_verifiers, and get_schemes
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19022
diff changeset
1838 purple_certificate_get_schemes(void)
eb86ff3ba21a - Add get_pools, get_verifiers, and get_schemes
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19022
diff changeset
1839 {
eb86ff3ba21a - Add get_pools, get_verifiers, and get_schemes
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19022
diff changeset
1840 return cert_schemes;
eb86ff3ba21a - Add get_pools, get_verifiers, and get_schemes
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19022
diff changeset
1841 }
eb86ff3ba21a - Add get_pools, get_verifiers, and get_schemes
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19022
diff changeset
1842
18192
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
1843 gboolean
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
1844 purple_certificate_register_scheme(PurpleCertificateScheme *scheme)
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
1845 {
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
1846 g_return_val_if_fail(scheme != NULL, FALSE);
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
1847
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
1848 /* Make sure no scheme is registered with the same name */
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
1849 if (purple_certificate_find_scheme(scheme->name) != NULL) {
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
1850 return FALSE;
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
1851 }
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
1852
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
1853 /* Okay, we're golden. Register it. */
18972
486563a6bb5c - prepend > append
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18971
diff changeset
1854 cert_schemes = g_list_prepend(cert_schemes, scheme);
18192
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
1855
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
1856 /* TODO: Signalling and such? */
19063
2f51578e6602 - Add debugging babble for registers/unregisters
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19060
diff changeset
1857
2f51578e6602 - Add debugging babble for registers/unregisters
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19060
diff changeset
1858 purple_debug_info("certificate",
2f51578e6602 - Add debugging babble for registers/unregisters
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19060
diff changeset
1859 "CertificateScheme %s registered\n",
2f51578e6602 - Add debugging babble for registers/unregisters
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19060
diff changeset
1860 scheme->name);
25924
584063555949 Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents: 25894
diff changeset
1861
18192
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
1862 return TRUE;
dc7e7b8bdc8c - Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17913
diff changeset
1863 }
18926
8c4d52bc0319 - Add unregister_scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18192
diff changeset
1864
8c4d52bc0319 - Add unregister_scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18192
diff changeset
1865 gboolean
8c4d52bc0319 - Add unregister_scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18192
diff changeset
1866 purple_certificate_unregister_scheme(PurpleCertificateScheme *scheme)
8c4d52bc0319 - Add unregister_scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18192
diff changeset
1867 {
8c4d52bc0319 - Add unregister_scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18192
diff changeset
1868 if (NULL == scheme) {
8c4d52bc0319 - Add unregister_scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18192
diff changeset
1869 purple_debug_warning("certificate",
18973
28673b6fb8a2 - Fix some errors and return values
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18972
diff changeset
1870 "Attempting to unregister NULL scheme\n");
28673b6fb8a2 - Fix some errors and return values
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18972
diff changeset
1871 return FALSE;
18926
8c4d52bc0319 - Add unregister_scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18192
diff changeset
1872 }
8c4d52bc0319 - Add unregister_scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18192
diff changeset
1873
8c4d52bc0319 - Add unregister_scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18192
diff changeset
1874 /* TODO: signalling? */
8c4d52bc0319 - Add unregister_scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18192
diff changeset
1875
18941
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1876 /* TODO: unregister all CertificateVerifiers for this scheme?*/
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1877 /* TODO: unregister all CertificatePools for this scheme? */
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1878 /* Neither of the above should be necessary, though */
18926
8c4d52bc0319 - Add unregister_scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18192
diff changeset
1879 cert_schemes = g_list_remove(cert_schemes, scheme);
8c4d52bc0319 - Add unregister_scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18192
diff changeset
1880
19063
2f51578e6602 - Add debugging babble for registers/unregisters
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19060
diff changeset
1881 purple_debug_info("certificate",
2f51578e6602 - Add debugging babble for registers/unregisters
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19060
diff changeset
1882 "CertificateScheme %s unregistered\n",
2f51578e6602 - Add debugging babble for registers/unregisters
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19060
diff changeset
1883 scheme->name);
2f51578e6602 - Add debugging babble for registers/unregisters
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19060
diff changeset
1884
2f51578e6602 - Add debugging babble for registers/unregisters
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19060
diff changeset
1885
18926
8c4d52bc0319 - Add unregister_scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18192
diff changeset
1886 return TRUE;
8c4d52bc0319 - Add unregister_scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18192
diff changeset
1887 }
18941
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1888
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1889 PurpleCertificateVerifier *
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1890 purple_certificate_find_verifier(const gchar *scheme_name, const gchar *ver_name)
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1891 {
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1892 PurpleCertificateVerifier *vr = NULL;
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1893 GList *l;
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1894
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1895 g_return_val_if_fail(scheme_name, NULL);
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1896 g_return_val_if_fail(ver_name, NULL);
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1897
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1898 /* Traverse the list of registered verifiers and locate the
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1899 one whose name matches */
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1900 for(l = cert_verifiers; l; l = l->next) {
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1901 vr = (PurpleCertificateVerifier *)(l->data);
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1902
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1903 /* Scheme and name match? */
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1904 if(!g_ascii_strcasecmp(vr->scheme_name, scheme_name) &&
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1905 !g_ascii_strcasecmp(vr->name, ver_name))
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1906 return vr;
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1907 }
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1908
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1909 purple_debug_warning("certificate",
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1910 "CertificateVerifier %s, %s requested but not found.\n",
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1911 scheme_name, ver_name);
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1912
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1913 /* TODO: Signalling and such? */
25924
584063555949 Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents: 25894
diff changeset
1914
18941
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1915 return NULL;
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1916 }
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1917
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1918
19023
eb86ff3ba21a - Add get_pools, get_verifiers, and get_schemes
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19022
diff changeset
1919 GList *
eb86ff3ba21a - Add get_pools, get_verifiers, and get_schemes
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19022
diff changeset
1920 purple_certificate_get_verifiers(void)
eb86ff3ba21a - Add get_pools, get_verifiers, and get_schemes
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19022
diff changeset
1921 {
eb86ff3ba21a - Add get_pools, get_verifiers, and get_schemes
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19022
diff changeset
1922 return cert_verifiers;
eb86ff3ba21a - Add get_pools, get_verifiers, and get_schemes
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19022
diff changeset
1923 }
eb86ff3ba21a - Add get_pools, get_verifiers, and get_schemes
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19022
diff changeset
1924
18941
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1925 gboolean
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1926 purple_certificate_register_verifier(PurpleCertificateVerifier *vr)
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1927 {
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1928 g_return_val_if_fail(vr != NULL, FALSE);
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1929
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1930 /* Make sure no verifier is registered with the same scheme/name */
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1931 if (purple_certificate_find_verifier(vr->scheme_name, vr->name) != NULL) {
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1932 return FALSE;
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1933 }
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1934
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1935 /* Okay, we're golden. Register it. */
18972
486563a6bb5c - prepend > append
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18971
diff changeset
1936 cert_verifiers = g_list_prepend(cert_verifiers, vr);
18941
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1937
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1938 /* TODO: Signalling and such? */
19063
2f51578e6602 - Add debugging babble for registers/unregisters
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19060
diff changeset
1939
2f51578e6602 - Add debugging babble for registers/unregisters
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19060
diff changeset
1940 purple_debug_info("certificate",
2f51578e6602 - Add debugging babble for registers/unregisters
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19060
diff changeset
1941 "CertificateVerifier %s registered\n",
2f51578e6602 - Add debugging babble for registers/unregisters
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19060
diff changeset
1942 vr->name);
18941
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1943 return TRUE;
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1944 }
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1945
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1946 gboolean
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1947 purple_certificate_unregister_verifier(PurpleCertificateVerifier *vr)
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1948 {
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1949 if (NULL == vr) {
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1950 purple_debug_warning("certificate",
18973
28673b6fb8a2 - Fix some errors and return values
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18972
diff changeset
1951 "Attempting to unregister NULL verifier\n");
28673b6fb8a2 - Fix some errors and return values
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18972
diff changeset
1952 return FALSE;
18941
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1953 }
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1954
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1955 /* TODO: signalling? */
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1956
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1957 cert_verifiers = g_list_remove(cert_verifiers, vr);
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1958
19063
2f51578e6602 - Add debugging babble for registers/unregisters
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19060
diff changeset
1959
2f51578e6602 - Add debugging babble for registers/unregisters
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19060
diff changeset
1960 purple_debug_info("certificate",
2f51578e6602 - Add debugging babble for registers/unregisters
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19060
diff changeset
1961 "CertificateVerifier %s unregistered\n",
2f51578e6602 - Add debugging babble for registers/unregisters
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19060
diff changeset
1962 vr->name);
2f51578e6602 - Add debugging babble for registers/unregisters
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19060
diff changeset
1963
18941
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1964 return TRUE;
425f494bd1ec - CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18926
diff changeset
1965 }
18971
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
1966
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
1967 PurpleCertificatePool *
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
1968 purple_certificate_find_pool(const gchar *scheme_name, const gchar *pool_name)
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
1969 {
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
1970 PurpleCertificatePool *pool = NULL;
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
1971 GList *l;
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
1972
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
1973 g_return_val_if_fail(scheme_name, NULL);
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
1974 g_return_val_if_fail(pool_name, NULL);
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
1975
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
1976 /* Traverse the list of registered pools and locate the
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
1977 one whose name matches */
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
1978 for(l = cert_pools; l; l = l->next) {
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
1979 pool = (PurpleCertificatePool *)(l->data);
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
1980
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
1981 /* Scheme and name match? */
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
1982 if(!g_ascii_strcasecmp(pool->scheme_name, scheme_name) &&
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
1983 !g_ascii_strcasecmp(pool->name, pool_name))
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
1984 return pool;
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
1985 }
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
1986
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
1987 purple_debug_warning("certificate",
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
1988 "CertificatePool %s, %s requested but not found.\n",
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
1989 scheme_name, pool_name);
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
1990
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
1991 /* TODO: Signalling and such? */
25924
584063555949 Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents: 25894
diff changeset
1992
18971
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
1993 return NULL;
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
1994
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
1995 }
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
1996
19023
eb86ff3ba21a - Add get_pools, get_verifiers, and get_schemes
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19022
diff changeset
1997 GList *
eb86ff3ba21a - Add get_pools, get_verifiers, and get_schemes
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19022
diff changeset
1998 purple_certificate_get_pools(void)
eb86ff3ba21a - Add get_pools, get_verifiers, and get_schemes
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19022
diff changeset
1999 {
eb86ff3ba21a - Add get_pools, get_verifiers, and get_schemes
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19022
diff changeset
2000 return cert_pools;
eb86ff3ba21a - Add get_pools, get_verifiers, and get_schemes
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19022
diff changeset
2001 }
18971
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
2002
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
2003 gboolean
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
2004 purple_certificate_register_pool(PurpleCertificatePool *pool)
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
2005 {
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
2006 g_return_val_if_fail(pool, FALSE);
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
2007 g_return_val_if_fail(pool->scheme_name, FALSE);
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
2008 g_return_val_if_fail(pool->name, FALSE);
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
2009 g_return_val_if_fail(pool->fullname, FALSE);
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
2010
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
2011 /* Make sure no pools are registered under this name */
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
2012 if (purple_certificate_find_pool(pool->scheme_name, pool->name)) {
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
2013 return FALSE;
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
2014 }
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
2015
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
2016 /* Initialize the pool if needed */
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
2017 if (pool->init) {
21655
10a2ac84349d Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents: 21561
diff changeset
2018 gboolean success;
10a2ac84349d Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents: 21561
diff changeset
2019
18975
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18973
diff changeset
2020 success = pool->init();
21655
10a2ac84349d Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents: 21561
diff changeset
2021 if (!success)
10a2ac84349d Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents: 21561
diff changeset
2022 return FALSE;
18971
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
2023 }
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
2024
21655
10a2ac84349d Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents: 21561
diff changeset
2025 /* Register the Pool */
10a2ac84349d Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents: 21561
diff changeset
2026 cert_pools = g_list_prepend(cert_pools, pool);
10a2ac84349d Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents: 21561
diff changeset
2027
10a2ac84349d Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents: 21561
diff changeset
2028 /* TODO: Emit a signal that the pool got registered */
19044
602295db8e6b - Register the certificate-stored and certificate-deleted signals
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19034
diff changeset
2029
21655
10a2ac84349d Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents: 21561
diff changeset
2030 PURPLE_DBUS_REGISTER_POINTER(pool, PurpleCertificatePool);
10a2ac84349d Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents: 21561
diff changeset
2031 purple_signal_register(pool, /* Signals emitted from pool */
10a2ac84349d Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents: 21561
diff changeset
2032 "certificate-stored",
10a2ac84349d Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents: 21561
diff changeset
2033 purple_marshal_VOID__POINTER_POINTER,
10a2ac84349d Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents: 21561
diff changeset
2034 NULL, /* No callback return value */
10a2ac84349d Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents: 21561
diff changeset
2035 2, /* Two non-data arguments */
10a2ac84349d Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents: 21561
diff changeset
2036 purple_value_new(PURPLE_TYPE_SUBTYPE,
10a2ac84349d Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents: 21561
diff changeset
2037 PURPLE_SUBTYPE_CERTIFICATEPOOL),
10a2ac84349d Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents: 21561
diff changeset
2038 purple_value_new(PURPLE_TYPE_STRING));
19044
602295db8e6b - Register the certificate-stored and certificate-deleted signals
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19034
diff changeset
2039
21655
10a2ac84349d Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents: 21561
diff changeset
2040 purple_signal_register(pool, /* Signals emitted from pool */
10a2ac84349d Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents: 21561
diff changeset
2041 "certificate-deleted",
10a2ac84349d Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents: 21561
diff changeset
2042 purple_marshal_VOID__POINTER_POINTER,
10a2ac84349d Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents: 21561
diff changeset
2043 NULL, /* No callback return value */
10a2ac84349d Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents: 21561
diff changeset
2044 2, /* Two non-data arguments */
10a2ac84349d Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents: 21561
diff changeset
2045 purple_value_new(PURPLE_TYPE_SUBTYPE,
10a2ac84349d Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents: 21561
diff changeset
2046 PURPLE_SUBTYPE_CERTIFICATEPOOL),
10a2ac84349d Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents: 21561
diff changeset
2047 purple_value_new(PURPLE_TYPE_STRING));
19063
2f51578e6602 - Add debugging babble for registers/unregisters
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19060
diff changeset
2048
21655
10a2ac84349d Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents: 21561
diff changeset
2049 purple_debug_info("certificate",
10a2ac84349d Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents: 21561
diff changeset
2050 "CertificatePool %s registered\n",
10a2ac84349d Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents: 21561
diff changeset
2051 pool->name);
10a2ac84349d Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents: 21561
diff changeset
2052
10a2ac84349d Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents: 21561
diff changeset
2053 return TRUE;
18971
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
2054 }
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
2055
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
2056 gboolean
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
2057 purple_certificate_unregister_pool(PurpleCertificatePool *pool)
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
2058 {
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
2059 if (NULL == pool) {
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
2060 purple_debug_warning("certificate",
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
2061 "Attempting to unregister NULL pool\n");
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
2062 return FALSE;
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
2063 }
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
2064
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
2065 /* Check that the pool is registered */
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
2066 if (!g_list_find(cert_pools, pool)) {
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
2067 purple_debug_warning("certificate",
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
2068 "Pool to unregister isn't registered!\n");
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
2069
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
2070 return FALSE;
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
2071 }
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
2072
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
2073 /* Uninit the pool if needed */
19517
7bea9c9fd2a5 (Un)Register the pools with DBus to avoid a runtime fit.
Sadrul Habib Chowdhury <imadil@gmail.com>
parents: 19515
diff changeset
2074 PURPLE_DBUS_UNREGISTER_POINTER(pool);
18971
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
2075 if (pool->uninit) {
18975
172b8d1dc2be - CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18973
diff changeset
2076 pool->uninit();
18971
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
2077 }
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
2078
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
2079 cert_pools = g_list_remove(cert_pools, pool);
25924
584063555949 Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents: 25894
diff changeset
2080
18971
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
2081 /* TODO: Signalling? */
19044
602295db8e6b - Register the certificate-stored and certificate-deleted signals
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19034
diff changeset
2082 purple_signal_unregister(pool, "certificate-stored");
602295db8e6b - Register the certificate-stored and certificate-deleted signals
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19034
diff changeset
2083 purple_signal_unregister(pool, "certificate-deleted");
25924
584063555949 Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents: 25894
diff changeset
2084
19063
2f51578e6602 - Add debugging babble for registers/unregisters
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19060
diff changeset
2085 purple_debug_info("certificate",
2f51578e6602 - Add debugging babble for registers/unregisters
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19060
diff changeset
2086 "CertificatePool %s unregistered\n",
2f51578e6602 - Add debugging babble for registers/unregisters
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19060
diff changeset
2087 pool->name);
18971
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
2088 return TRUE;
898e2bd70f23 - Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18964
diff changeset
2089 }
19329
e93db0c87b26 - Add purple_certificate_display_x509
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19271
diff changeset
2090
e93db0c87b26 - Add purple_certificate_display_x509
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19271
diff changeset
2091 /****************************************************************************/
e93db0c87b26 - Add purple_certificate_display_x509
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19271
diff changeset
2092 /* Scheme-specific functions */
e93db0c87b26 - Add purple_certificate_display_x509
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19271
diff changeset
2093 /****************************************************************************/
e93db0c87b26 - Add purple_certificate_display_x509
William Ehlhardt <williamehlhardt@gmail.com>
parents: 19271
diff changeset
2094
21647
a57adf1de9cb Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents: 21561
diff changeset
2095 void purple_certificate_add_ca_search_path(const char *path)
a57adf1de9cb Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents: 21561
diff changeset
2096 {
a57adf1de9cb Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents: 21561
diff changeset
2097 if (g_list_find_custom(x509_ca_paths, path, (GCompareFunc)strcmp))
a57adf1de9cb Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents: 21561
diff changeset
2098 return;
a57adf1de9cb Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents: 21561
diff changeset
2099 x509_ca_paths = g_list_append(x509_ca_paths, g_strdup(path));
a57adf1de9cb Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents: 21561
diff changeset
2100 }
a57adf1de9cb Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents: 21561
diff changeset
2101