Mercurial > pidgin
annotate libpurple/certificate.c @ 32819:2c6510167895 default tip
propagate from branch 'im.pidgin.pidgin.2.x.y' (head 3315c5dfbd0ad16511bdcf865e5b07c02d07df24)
to branch 'im.pidgin.pidgin' (head cbd1eda6bcbf0565ae7766396bb8f6f419cb6a9a)
author | Elliott Sales de Andrade <qulogic@pidgin.im> |
---|---|
date | Sat, 02 Jun 2012 02:30:49 +0000 |
parents | 32642aa8dbe5 |
children |
rev | line source |
---|---|
17910
668a294f9a72
- Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff
changeset
|
1 /** |
19075 | 2 * @file certificate.c Public-Key Certificate API |
17910
668a294f9a72
- Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff
changeset
|
3 * @ingroup core |
668a294f9a72
- Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff
changeset
|
4 */ |
668a294f9a72
- Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff
changeset
|
5 |
668a294f9a72
- Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff
changeset
|
6 /* |
668a294f9a72
- Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff
changeset
|
7 * |
668a294f9a72
- Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff
changeset
|
8 * purple |
668a294f9a72
- Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff
changeset
|
9 * |
668a294f9a72
- Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff
changeset
|
10 * Purple is the legal property of its developers, whose names are too numerous |
668a294f9a72
- Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff
changeset
|
11 * to list here. Please refer to the COPYRIGHT file distributed with this |
668a294f9a72
- Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff
changeset
|
12 * source distribution. |
668a294f9a72
- Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff
changeset
|
13 * |
668a294f9a72
- Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff
changeset
|
14 * This program is free software; you can redistribute it and/or modify |
668a294f9a72
- Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff
changeset
|
15 * it under the terms of the GNU General Public License as published by |
668a294f9a72
- Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff
changeset
|
16 * the Free Software Foundation; either version 2 of the License, or |
668a294f9a72
- Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff
changeset
|
17 * (at your option) any later version. |
668a294f9a72
- Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff
changeset
|
18 * |
668a294f9a72
- Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff
changeset
|
19 * This program is distributed in the hope that it will be useful, |
668a294f9a72
- Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff
changeset
|
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of |
668a294f9a72
- Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff
changeset
|
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
668a294f9a72
- Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff
changeset
|
22 * GNU General Public License for more details. |
668a294f9a72
- Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff
changeset
|
23 * |
668a294f9a72
- Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff
changeset
|
24 * You should have received a copy of the GNU General Public License |
668a294f9a72
- Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff
changeset
|
25 * along with this program; if not, write to the Free Software |
19681
44b4e8bd759b
The FSF changed its address a while ago; our files were out of date.
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
19649
diff
changeset
|
26 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA |
17910
668a294f9a72
- Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff
changeset
|
27 */ |
668a294f9a72
- Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff
changeset
|
28 |
19504
d5ecaf5bce93
Fix the win32 build for the cert SoC branch merge.
Daniel Atallah <daniel.atallah@gmail.com>
parents:
19497
diff
changeset
|
29 #include "internal.h" |
17910
668a294f9a72
- Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff
changeset
|
30 #include "certificate.h" |
19517
7bea9c9fd2a5
(Un)Register the pools with DBus to avoid a runtime fit.
Sadrul Habib Chowdhury <imadil@gmail.com>
parents:
19515
diff
changeset
|
31 #include "dbus-maybe.h" |
18192
dc7e7b8bdc8c
- Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
32 #include "debug.h" |
18953
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
33 #include "request.h" |
19044
602295db8e6b
- Register the certificate-stored and certificate-deleted signals
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19034
diff
changeset
|
34 #include "signals.h" |
18953
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
35 #include "util.h" |
17910
668a294f9a72
- Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff
changeset
|
36 |
668a294f9a72
- Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff
changeset
|
37 /** List holding pointers to all registered certificate schemes */ |
18192
dc7e7b8bdc8c
- Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
38 static GList *cert_schemes = NULL; |
18941
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
39 /** List of registered Verifiers */ |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
40 static GList *cert_verifiers = NULL; |
18971
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
41 /** List of registered Pools */ |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
42 static GList *cert_pools = NULL; |
18941
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
43 |
28051
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
44 /* |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
45 * TODO: Merge this with PurpleCertificateVerificationStatus for 3.0.0 */ |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
46 typedef enum { |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
47 PURPLE_CERTIFICATE_UNKNOWN_ERROR = -1, |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
48 |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
49 /* Not an error */ |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
50 PURPLE_CERTIFICATE_NO_PROBLEMS = 0, |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
51 |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
52 /* Non-fatal */ |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
53 PURPLE_CERTIFICATE_NON_FATALS_MASK = 0x0000FFFF, |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
54 |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
55 /* The certificate is self-signed. */ |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
56 PURPLE_CERTIFICATE_SELF_SIGNED = 0x01, |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
57 |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
58 /* The CA is not in libpurple's pool of certificates. */ |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
59 PURPLE_CERTIFICATE_CA_UNKNOWN = 0x02, |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
60 |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
61 /* The current time is before the certificate's specified |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
62 * activation time. |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
63 */ |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
64 PURPLE_CERTIFICATE_NOT_ACTIVATED = 0x04, |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
65 |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
66 /* The current time is after the certificate's specified expiration time */ |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
67 PURPLE_CERTIFICATE_EXPIRED = 0x08, |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
68 |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
69 /* The certificate's subject name doesn't match the expected */ |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
70 PURPLE_CERTIFICATE_NAME_MISMATCH = 0x10, |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
71 |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
72 /* No CA pool was found. This shouldn't happen... */ |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
73 PURPLE_CERTIFICATE_NO_CA_POOL = 0x20, |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
74 |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
75 /* Fatal */ |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
76 PURPLE_CERTIFICATE_FATALS_MASK = 0xFFFF0000, |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
77 |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
78 /* The signature chain could not be validated. Due to limitations in the |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
79 * the current API, this also indicates one of the CA certificates in the |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
80 * chain is expired (or not yet activated). FIXME 3.0.0 */ |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
81 PURPLE_CERTIFICATE_INVALID_CHAIN = 0x10000, |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
82 |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
83 /* The signature has been revoked. */ |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
84 PURPLE_CERTIFICATE_REVOKED = 0x20000, |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
85 |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
86 PURPLE_CERTIFICATE_LAST = 0x40000, |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
87 } PurpleCertificateInvalidityFlags; |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
88 |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
89 static const gchar * |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
90 invalidity_reason_to_string(PurpleCertificateInvalidityFlags flag) |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
91 { |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
92 switch (flag) { |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
93 case PURPLE_CERTIFICATE_SELF_SIGNED: |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
94 return _("The certificate is self-signed and cannot be " |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
95 "automatically checked."); |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
96 break; |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
97 case PURPLE_CERTIFICATE_CA_UNKNOWN: |
28356
8e6c1408e430
Some wordsmithing on this message from Y S Landro, Richard, William, and Kevin (on the translators m-l).
Paul Aurich <paul@darkrain42.org>
parents:
28245
diff
changeset
|
98 return _("The certificate is not trusted because no certificate " |
8e6c1408e430
Some wordsmithing on this message from Y S Landro, Richard, William, and Kevin (on the translators m-l).
Paul Aurich <paul@darkrain42.org>
parents:
28245
diff
changeset
|
99 "that can verify it is currently trusted."); |
28051
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
100 break; |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
101 case PURPLE_CERTIFICATE_NOT_ACTIVATED: |
30219
ebc34634e592
certificate: Add helpful text to the 'not yet active' message.
Paul Aurich <paul@darkrain42.org>
parents:
29699
diff
changeset
|
102 return _("The certificate is not valid yet. Check that your " |
ebc34634e592
certificate: Add helpful text to the 'not yet active' message.
Paul Aurich <paul@darkrain42.org>
parents:
29699
diff
changeset
|
103 "computer's date and time are accurate."); |
28051
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
104 break; |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
105 case PURPLE_CERTIFICATE_EXPIRED: |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
106 return _("The certificate has expired and should not be " |
30573
22a713532200
cert: Tell users to check their computer's date/time for expired certs, too
Paul Aurich <paul@darkrain42.org>
parents:
30219
diff
changeset
|
107 "considered valid. Check that your computer's date " |
22a713532200
cert: Tell users to check their computer's date/time for expired certs, too
Paul Aurich <paul@darkrain42.org>
parents:
30219
diff
changeset
|
108 "and time are accurate."); |
28051
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
109 break; |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
110 case PURPLE_CERTIFICATE_NAME_MISMATCH: |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
111 /* Translators: "domain" refers to a DNS domain (e.g. talk.google.com) */ |
28056
694c8aa30300
String change feedback from Stu.
Paul Aurich <paul@darkrain42.org>
parents:
28051
diff
changeset
|
112 return _("The certificate presented is not issued to this domain."); |
28051
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
113 break; |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
114 case PURPLE_CERTIFICATE_NO_CA_POOL: |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
115 return _("You have no database of root certificates, so " |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
116 "this certificate cannot be validated."); |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
117 break; |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
118 case PURPLE_CERTIFICATE_INVALID_CHAIN: |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
119 return _("The certificate chain presented is invalid."); |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
120 break; |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
121 case PURPLE_CERTIFICATE_REVOKED: |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
122 return _("The certificate has been revoked."); |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
123 break; |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
124 case PURPLE_CERTIFICATE_UNKNOWN_ERROR: |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
125 default: |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
126 return _("An unknown certificate error occurred."); |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
127 break; |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
128 } |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
129 } |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
130 |
18941
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
131 void |
18942
02102eccc4be
- purple_certificate_verify now takes a Verifier argument, creates its
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18941
diff
changeset
|
132 purple_certificate_verify (PurpleCertificateVerifier *verifier, |
02102eccc4be
- purple_certificate_verify now takes a Verifier argument, creates its
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18941
diff
changeset
|
133 const gchar *subject_name, GList *cert_chain, |
18941
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
134 PurpleCertificateVerifiedCallback cb, |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
135 gpointer cb_data) |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
136 { |
18942
02102eccc4be
- purple_certificate_verify now takes a Verifier argument, creates its
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18941
diff
changeset
|
137 PurpleCertificateVerificationRequest *vrq; |
18941
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
138 PurpleCertificateScheme *scheme; |
25924
584063555949
Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents:
25894
diff
changeset
|
139 |
18942
02102eccc4be
- purple_certificate_verify now takes a Verifier argument, creates its
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18941
diff
changeset
|
140 g_return_if_fail(subject_name != NULL); |
18941
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
141 /* If you don't have a cert to check, why are you requesting that it |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
142 be verified? */ |
18942
02102eccc4be
- purple_certificate_verify now takes a Verifier argument, creates its
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18941
diff
changeset
|
143 g_return_if_fail(cert_chain != NULL); |
02102eccc4be
- purple_certificate_verify now takes a Verifier argument, creates its
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18941
diff
changeset
|
144 g_return_if_fail(cb != NULL); |
18941
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
145 |
18942
02102eccc4be
- purple_certificate_verify now takes a Verifier argument, creates its
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18941
diff
changeset
|
146 /* Look up the CertificateScheme */ |
02102eccc4be
- purple_certificate_verify now takes a Verifier argument, creates its
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18941
diff
changeset
|
147 scheme = purple_certificate_find_scheme(verifier->scheme_name); |
02102eccc4be
- purple_certificate_verify now takes a Verifier argument, creates its
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18941
diff
changeset
|
148 g_return_if_fail(scheme); |
18941
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
149 |
18943
c519ff185569
- purple_certificate_verify attempts to check that the cert chain is of
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18942
diff
changeset
|
150 /* Check that at least the first cert in the chain matches the |
c519ff185569
- purple_certificate_verify attempts to check that the cert chain is of
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18942
diff
changeset
|
151 Verifier scheme */ |
18960
6831c126bcf3
- Fixed an inverted assertion
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18957
diff
changeset
|
152 g_return_if_fail(scheme == |
18943
c519ff185569
- purple_certificate_verify attempts to check that the cert chain is of
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18942
diff
changeset
|
153 ((PurpleCertificate *) (cert_chain->data))->scheme); |
c519ff185569
- purple_certificate_verify attempts to check that the cert chain is of
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18942
diff
changeset
|
154 |
18941
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
155 /* Construct and fill in the request fields */ |
18949
8902f0d7e40f
- Use g_new0 instead of g_new
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18947
diff
changeset
|
156 vrq = g_new0(PurpleCertificateVerificationRequest, 1); |
18942
02102eccc4be
- purple_certificate_verify now takes a Verifier argument, creates its
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18941
diff
changeset
|
157 vrq->verifier = verifier; |
02102eccc4be
- purple_certificate_verify now takes a Verifier argument, creates its
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18941
diff
changeset
|
158 vrq->scheme = scheme; |
02102eccc4be
- purple_certificate_verify now takes a Verifier argument, creates its
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18941
diff
changeset
|
159 vrq->subject_name = g_strdup(subject_name); |
19021
fcca10d0ac7d
- purple_certificate_verify no longer takes possession of the
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19020
diff
changeset
|
160 vrq->cert_chain = purple_certificate_copy_list(cert_chain); |
18941
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
161 vrq->cb = cb; |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
162 vrq->cb_data = cb_data; |
18942
02102eccc4be
- purple_certificate_verify now takes a Verifier argument, creates its
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18941
diff
changeset
|
163 |
02102eccc4be
- purple_certificate_verify now takes a Verifier argument, creates its
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18941
diff
changeset
|
164 /* Initiate verification */ |
02102eccc4be
- purple_certificate_verify now takes a Verifier argument, creates its
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18941
diff
changeset
|
165 (verifier->start_verification)(vrq); |
18941
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
166 } |
18192
dc7e7b8bdc8c
- Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
167 |
18946
617447a71ab7
- Add certificate_destroy and certificate_destroy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18943
diff
changeset
|
168 void |
19088
f5802217844d
- Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19086
diff
changeset
|
169 purple_certificate_verify_complete(PurpleCertificateVerificationRequest *vrq, |
f5802217844d
- Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19086
diff
changeset
|
170 PurpleCertificateVerificationStatus st) |
f5802217844d
- Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19086
diff
changeset
|
171 { |
f5802217844d
- Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19086
diff
changeset
|
172 PurpleCertificateVerifier *vr; |
f5802217844d
- Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19086
diff
changeset
|
173 |
f5802217844d
- Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19086
diff
changeset
|
174 g_return_if_fail(vrq); |
f5802217844d
- Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19086
diff
changeset
|
175 |
20747
17e605dd2de1
- Debugging babble in purple_verify_complete to tell final verification
William Ehlhardt <williamehlhardt@gmail.com>
parents:
20746
diff
changeset
|
176 if (st == PURPLE_CERTIFICATE_VALID) { |
17e605dd2de1
- Debugging babble in purple_verify_complete to tell final verification
William Ehlhardt <williamehlhardt@gmail.com>
parents:
20746
diff
changeset
|
177 purple_debug_info("certificate", |
17e605dd2de1
- Debugging babble in purple_verify_complete to tell final verification
William Ehlhardt <williamehlhardt@gmail.com>
parents:
20746
diff
changeset
|
178 "Successfully verified certificate for %s\n", |
17e605dd2de1
- Debugging babble in purple_verify_complete to tell final verification
William Ehlhardt <williamehlhardt@gmail.com>
parents:
20746
diff
changeset
|
179 vrq->subject_name); |
17e605dd2de1
- Debugging babble in purple_verify_complete to tell final verification
William Ehlhardt <williamehlhardt@gmail.com>
parents:
20746
diff
changeset
|
180 } else { |
27231
627d23bfdb05
Increase the logging level of some debugging messages that seemed to be a
mauro.brasil@tqi.com.br
parents:
25941
diff
changeset
|
181 purple_debug_error("certificate", |
20747
17e605dd2de1
- Debugging babble in purple_verify_complete to tell final verification
William Ehlhardt <williamehlhardt@gmail.com>
parents:
20746
diff
changeset
|
182 "Failed to verify certificate for %s\n", |
17e605dd2de1
- Debugging babble in purple_verify_complete to tell final verification
William Ehlhardt <williamehlhardt@gmail.com>
parents:
20746
diff
changeset
|
183 vrq->subject_name); |
17e605dd2de1
- Debugging babble in purple_verify_complete to tell final verification
William Ehlhardt <williamehlhardt@gmail.com>
parents:
20746
diff
changeset
|
184 } |
25924
584063555949
Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents:
25894
diff
changeset
|
185 |
19088
f5802217844d
- Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19086
diff
changeset
|
186 /* Pass the results on to the request's callback */ |
f5802217844d
- Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19086
diff
changeset
|
187 (vrq->cb)(st, vrq->cb_data); |
f5802217844d
- Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19086
diff
changeset
|
188 |
f5802217844d
- Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19086
diff
changeset
|
189 /* And now to eliminate the request */ |
f5802217844d
- Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19086
diff
changeset
|
190 /* Fetch the Verifier responsible... */ |
f5802217844d
- Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19086
diff
changeset
|
191 vr = vrq->verifier; |
f5802217844d
- Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19086
diff
changeset
|
192 /* ...and order it to KILL */ |
f5802217844d
- Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19086
diff
changeset
|
193 (vr->destroy_request)(vrq); |
f5802217844d
- Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19086
diff
changeset
|
194 |
f5802217844d
- Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19086
diff
changeset
|
195 /* Now the internals have been cleaned up, so clean up the libpurple- |
f5802217844d
- Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19086
diff
changeset
|
196 created elements */ |
f5802217844d
- Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19086
diff
changeset
|
197 g_free(vrq->subject_name); |
f5802217844d
- Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19086
diff
changeset
|
198 purple_certificate_destroy_list(vrq->cert_chain); |
f5802217844d
- Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19086
diff
changeset
|
199 |
f5802217844d
- Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19086
diff
changeset
|
200 /* A structure born |
f5802217844d
- Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19086
diff
changeset
|
201 * to much ado |
f5802217844d
- Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19086
diff
changeset
|
202 * and with so much within. |
f5802217844d
- Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19086
diff
changeset
|
203 * It reaches now |
f5802217844d
- Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19086
diff
changeset
|
204 * its quiet end. */ |
f5802217844d
- Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19086
diff
changeset
|
205 g_free(vrq); |
f5802217844d
- Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19086
diff
changeset
|
206 } |
f5802217844d
- Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19086
diff
changeset
|
207 |
f5802217844d
- Add verify_complete, which should deprecate verify_destroy
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19086
diff
changeset
|
208 |
19018
d6f902265076
- Add purple_certificate_copy and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19014
diff
changeset
|
209 PurpleCertificate * |
d6f902265076
- Add purple_certificate_copy and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19014
diff
changeset
|
210 purple_certificate_copy(PurpleCertificate *crt) |
d6f902265076
- Add purple_certificate_copy and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19014
diff
changeset
|
211 { |
d6f902265076
- Add purple_certificate_copy and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19014
diff
changeset
|
212 g_return_val_if_fail(crt, NULL); |
d6f902265076
- Add purple_certificate_copy and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19014
diff
changeset
|
213 g_return_val_if_fail(crt->scheme, NULL); |
d6f902265076
- Add purple_certificate_copy and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19014
diff
changeset
|
214 g_return_val_if_fail(crt->scheme->copy_certificate, NULL); |
d6f902265076
- Add purple_certificate_copy and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19014
diff
changeset
|
215 |
d6f902265076
- Add purple_certificate_copy and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19014
diff
changeset
|
216 return (crt->scheme->copy_certificate)(crt); |
d6f902265076
- Add purple_certificate_copy and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19014
diff
changeset
|
217 } |
18947
3c6bf77bf7c4
- Add purple_certificate_verify_destroy and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18946
diff
changeset
|
218 |
19020
d69355001a6e
- Add purple_certificate_copy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19018
diff
changeset
|
219 GList * |
d69355001a6e
- Add purple_certificate_copy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19018
diff
changeset
|
220 purple_certificate_copy_list(GList *crt_list) |
d69355001a6e
- Add purple_certificate_copy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19018
diff
changeset
|
221 { |
24270
e265e7066598
Fix a printf("%s", NULL). Fixes #7289.
Daniel Atallah <daniel.atallah@gmail.com>
parents:
23987
diff
changeset
|
222 GList *new_l, *l; |
19020
d69355001a6e
- Add purple_certificate_copy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19018
diff
changeset
|
223 |
d69355001a6e
- Add purple_certificate_copy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19018
diff
changeset
|
224 /* First, make a shallow copy of the list */ |
24270
e265e7066598
Fix a printf("%s", NULL). Fixes #7289.
Daniel Atallah <daniel.atallah@gmail.com>
parents:
23987
diff
changeset
|
225 new_l = g_list_copy(crt_list); |
19020
d69355001a6e
- Add purple_certificate_copy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19018
diff
changeset
|
226 |
d69355001a6e
- Add purple_certificate_copy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19018
diff
changeset
|
227 /* Now go through and actually duplicate each certificate */ |
24270
e265e7066598
Fix a printf("%s", NULL). Fixes #7289.
Daniel Atallah <daniel.atallah@gmail.com>
parents:
23987
diff
changeset
|
228 for (l = new_l; l; l = l->next) { |
19020
d69355001a6e
- Add purple_certificate_copy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19018
diff
changeset
|
229 l->data = purple_certificate_copy(l->data); |
d69355001a6e
- Add purple_certificate_copy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19018
diff
changeset
|
230 } |
d69355001a6e
- Add purple_certificate_copy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19018
diff
changeset
|
231 |
24270
e265e7066598
Fix a printf("%s", NULL). Fixes #7289.
Daniel Atallah <daniel.atallah@gmail.com>
parents:
23987
diff
changeset
|
232 return new_l; |
19020
d69355001a6e
- Add purple_certificate_copy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19018
diff
changeset
|
233 } |
d69355001a6e
- Add purple_certificate_copy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19018
diff
changeset
|
234 |
18947
3c6bf77bf7c4
- Add purple_certificate_verify_destroy and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18946
diff
changeset
|
235 void |
18946
617447a71ab7
- Add certificate_destroy and certificate_destroy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18943
diff
changeset
|
236 purple_certificate_destroy (PurpleCertificate *crt) |
617447a71ab7
- Add certificate_destroy and certificate_destroy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18943
diff
changeset
|
237 { |
617447a71ab7
- Add certificate_destroy and certificate_destroy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18943
diff
changeset
|
238 PurpleCertificateScheme *scheme; |
25924
584063555949
Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents:
25894
diff
changeset
|
239 |
18946
617447a71ab7
- Add certificate_destroy and certificate_destroy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18943
diff
changeset
|
240 if (NULL == crt) return; |
617447a71ab7
- Add certificate_destroy and certificate_destroy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18943
diff
changeset
|
241 |
617447a71ab7
- Add certificate_destroy and certificate_destroy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18943
diff
changeset
|
242 scheme = crt->scheme; |
617447a71ab7
- Add certificate_destroy and certificate_destroy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18943
diff
changeset
|
243 |
617447a71ab7
- Add certificate_destroy and certificate_destroy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18943
diff
changeset
|
244 (scheme->destroy_certificate)(crt); |
617447a71ab7
- Add certificate_destroy and certificate_destroy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18943
diff
changeset
|
245 } |
617447a71ab7
- Add certificate_destroy and certificate_destroy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18943
diff
changeset
|
246 |
617447a71ab7
- Add certificate_destroy and certificate_destroy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18943
diff
changeset
|
247 void |
617447a71ab7
- Add certificate_destroy and certificate_destroy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18943
diff
changeset
|
248 purple_certificate_destroy_list (GList * crt_list) |
617447a71ab7
- Add certificate_destroy and certificate_destroy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18943
diff
changeset
|
249 { |
617447a71ab7
- Add certificate_destroy and certificate_destroy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18943
diff
changeset
|
250 PurpleCertificate *crt; |
617447a71ab7
- Add certificate_destroy and certificate_destroy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18943
diff
changeset
|
251 GList *l; |
617447a71ab7
- Add certificate_destroy and certificate_destroy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18943
diff
changeset
|
252 |
617447a71ab7
- Add certificate_destroy and certificate_destroy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18943
diff
changeset
|
253 for (l=crt_list; l; l = l->next) { |
617447a71ab7
- Add certificate_destroy and certificate_destroy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18943
diff
changeset
|
254 crt = (PurpleCertificate *) l->data; |
617447a71ab7
- Add certificate_destroy and certificate_destroy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18943
diff
changeset
|
255 purple_certificate_destroy(crt); |
617447a71ab7
- Add certificate_destroy and certificate_destroy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18943
diff
changeset
|
256 } |
617447a71ab7
- Add certificate_destroy and certificate_destroy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18943
diff
changeset
|
257 |
617447a71ab7
- Add certificate_destroy and certificate_destroy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18943
diff
changeset
|
258 g_list_free(crt_list); |
617447a71ab7
- Add certificate_destroy and certificate_destroy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18943
diff
changeset
|
259 } |
18953
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
260 |
19076
daa68185a018
- Add purple_certificate_signed_by
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19075
diff
changeset
|
261 gboolean |
daa68185a018
- Add purple_certificate_signed_by
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19075
diff
changeset
|
262 purple_certificate_signed_by(PurpleCertificate *crt, PurpleCertificate *issuer) |
daa68185a018
- Add purple_certificate_signed_by
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19075
diff
changeset
|
263 { |
daa68185a018
- Add purple_certificate_signed_by
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19075
diff
changeset
|
264 PurpleCertificateScheme *scheme; |
daa68185a018
- Add purple_certificate_signed_by
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19075
diff
changeset
|
265 |
daa68185a018
- Add purple_certificate_signed_by
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19075
diff
changeset
|
266 g_return_val_if_fail(crt, FALSE); |
daa68185a018
- Add purple_certificate_signed_by
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19075
diff
changeset
|
267 g_return_val_if_fail(issuer, FALSE); |
daa68185a018
- Add purple_certificate_signed_by
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19075
diff
changeset
|
268 |
daa68185a018
- Add purple_certificate_signed_by
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19075
diff
changeset
|
269 scheme = crt->scheme; |
daa68185a018
- Add purple_certificate_signed_by
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19075
diff
changeset
|
270 g_return_val_if_fail(scheme, FALSE); |
daa68185a018
- Add purple_certificate_signed_by
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19075
diff
changeset
|
271 /* We can't compare two certs of unrelated schemes, obviously */ |
daa68185a018
- Add purple_certificate_signed_by
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19075
diff
changeset
|
272 g_return_val_if_fail(issuer->scheme == scheme, FALSE); |
daa68185a018
- Add purple_certificate_signed_by
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19075
diff
changeset
|
273 |
daa68185a018
- Add purple_certificate_signed_by
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19075
diff
changeset
|
274 return (scheme->signed_by)(crt, issuer); |
daa68185a018
- Add purple_certificate_signed_by
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19075
diff
changeset
|
275 } |
daa68185a018
- Add purple_certificate_signed_by
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19075
diff
changeset
|
276 |
19077
8275c3cbc9da
- Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
277 gboolean |
32212
1bcedeb32bb4
Remove the old deprecated purple_certificate_check_signature_chain.
andrew.victor@mxit.com
parents:
31851
diff
changeset
|
278 purple_certificate_check_signature_chain(GList *chain, |
27671
99baf778e0b9
Fix GnuTLS validation of the CACert Chain. Closes #4458.
Paul Aurich <paul@darkrain42.org>
parents:
27669
diff
changeset
|
279 PurpleCertificate **failing) |
19077
8275c3cbc9da
- Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
280 { |
8275c3cbc9da
- Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
281 GList *cur; |
8275c3cbc9da
- Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
282 PurpleCertificate *crt, *issuer; |
19081
bdd8911d5031
- Add debugging babble to check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19080
diff
changeset
|
283 gchar *uid; |
27664
151ec92db74c
Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents:
27567
diff
changeset
|
284 time_t now, activation, expiration; |
151ec92db74c
Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents:
27567
diff
changeset
|
285 gboolean ret; |
19077
8275c3cbc9da
- Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
286 |
8275c3cbc9da
- Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
287 g_return_val_if_fail(chain, FALSE); |
19081
bdd8911d5031
- Add debugging babble to check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19080
diff
changeset
|
288 |
27671
99baf778e0b9
Fix GnuTLS validation of the CACert Chain. Closes #4458.
Paul Aurich <paul@darkrain42.org>
parents:
27669
diff
changeset
|
289 if (failing) |
99baf778e0b9
Fix GnuTLS validation of the CACert Chain. Closes #4458.
Paul Aurich <paul@darkrain42.org>
parents:
27669
diff
changeset
|
290 *failing = NULL; |
99baf778e0b9
Fix GnuTLS validation of the CACert Chain. Closes #4458.
Paul Aurich <paul@darkrain42.org>
parents:
27669
diff
changeset
|
291 |
19081
bdd8911d5031
- Add debugging babble to check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19080
diff
changeset
|
292 uid = purple_certificate_get_unique_id((PurpleCertificate *) chain->data); |
bdd8911d5031
- Add debugging babble to check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19080
diff
changeset
|
293 purple_debug_info("certificate", |
bdd8911d5031
- Add debugging babble to check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19080
diff
changeset
|
294 "Checking signature chain for uid=%s\n", |
bdd8911d5031
- Add debugging babble to check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19080
diff
changeset
|
295 uid); |
bdd8911d5031
- Add debugging babble to check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19080
diff
changeset
|
296 g_free(uid); |
25924
584063555949
Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents:
25894
diff
changeset
|
297 |
19077
8275c3cbc9da
- Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
298 /* If this is a single-certificate chain, say that it is valid */ |
8275c3cbc9da
- Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
299 if (chain->next == NULL) { |
19081
bdd8911d5031
- Add debugging babble to check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19080
diff
changeset
|
300 purple_debug_info("certificate", |
bdd8911d5031
- Add debugging babble to check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19080
diff
changeset
|
301 "...Singleton. We'll say it's valid.\n"); |
19077
8275c3cbc9da
- Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
302 return TRUE; |
8275c3cbc9da
- Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
303 } |
8275c3cbc9da
- Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
304 |
27664
151ec92db74c
Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents:
27567
diff
changeset
|
305 now = time(NULL); |
151ec92db74c
Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents:
27567
diff
changeset
|
306 |
19077
8275c3cbc9da
- Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
307 /* Load crt with the first certificate */ |
8275c3cbc9da
- Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
308 crt = (PurpleCertificate *)(chain->data); |
8275c3cbc9da
- Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
309 /* And start with the second certificate in the chain */ |
8275c3cbc9da
- Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
310 for ( cur = chain->next; cur; cur = cur->next ) { |
25924
584063555949
Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents:
25894
diff
changeset
|
311 |
19077
8275c3cbc9da
- Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
312 issuer = (PurpleCertificate *)(cur->data); |
25924
584063555949
Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents:
25894
diff
changeset
|
313 |
27664
151ec92db74c
Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents:
27567
diff
changeset
|
314 uid = purple_certificate_get_unique_id(issuer); |
151ec92db74c
Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents:
27567
diff
changeset
|
315 |
151ec92db74c
Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents:
27567
diff
changeset
|
316 ret = purple_certificate_get_times(issuer, &activation, &expiration); |
31086
a8cc50c2279f
Remove trailing whitespace
Richard Laager <rlaager@wiktel.com>
parents:
30960
diff
changeset
|
317 if (!ret || now < activation || now > expiration) { |
27664
151ec92db74c
Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents:
27567
diff
changeset
|
318 if (!ret) |
151ec92db74c
Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents:
27567
diff
changeset
|
319 purple_debug_error("certificate", |
151ec92db74c
Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents:
27567
diff
changeset
|
320 "...Failed to get validity times for certificate %s\n" |
151ec92db74c
Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents:
27567
diff
changeset
|
321 "Chain is INVALID\n", uid); |
151ec92db74c
Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents:
27567
diff
changeset
|
322 else if (now > expiration) |
151ec92db74c
Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents:
27567
diff
changeset
|
323 purple_debug_error("certificate", |
151ec92db74c
Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents:
27567
diff
changeset
|
324 "...Issuer %s expired at %s\nChain is INVALID\n", |
151ec92db74c
Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents:
27567
diff
changeset
|
325 uid, ctime(&expiration)); |
151ec92db74c
Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents:
27567
diff
changeset
|
326 else |
151ec92db74c
Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents:
27567
diff
changeset
|
327 purple_debug_error("certificate", |
151ec92db74c
Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents:
27567
diff
changeset
|
328 "...Not-yet-activated issuer %s will be valid at %s\n" |
151ec92db74c
Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents:
27567
diff
changeset
|
329 "Chain is INVALID\n", uid, ctime(&activation)); |
151ec92db74c
Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents:
27567
diff
changeset
|
330 |
27671
99baf778e0b9
Fix GnuTLS validation of the CACert Chain. Closes #4458.
Paul Aurich <paul@darkrain42.org>
parents:
27669
diff
changeset
|
331 if (failing) |
99baf778e0b9
Fix GnuTLS validation of the CACert Chain. Closes #4458.
Paul Aurich <paul@darkrain42.org>
parents:
27669
diff
changeset
|
332 *failing = crt; |
99baf778e0b9
Fix GnuTLS validation of the CACert Chain. Closes #4458.
Paul Aurich <paul@darkrain42.org>
parents:
27669
diff
changeset
|
333 |
27664
151ec92db74c
Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents:
27567
diff
changeset
|
334 g_free(uid); |
151ec92db74c
Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents:
27567
diff
changeset
|
335 return FALSE; |
151ec92db74c
Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents:
27567
diff
changeset
|
336 } |
151ec92db74c
Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents:
27567
diff
changeset
|
337 |
19077
8275c3cbc9da
- Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
338 /* Check the signature for this link */ |
8275c3cbc9da
- Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
339 if (! purple_certificate_signed_by(crt, issuer) ) { |
27231
627d23bfdb05
Increase the logging level of some debugging messages that seemed to be a
mauro.brasil@tqi.com.br
parents:
25941
diff
changeset
|
340 purple_debug_error("certificate", |
19081
bdd8911d5031
- Add debugging babble to check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19080
diff
changeset
|
341 "...Bad or missing signature by %s\nChain is INVALID\n", |
bdd8911d5031
- Add debugging babble to check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19080
diff
changeset
|
342 uid); |
bdd8911d5031
- Add debugging babble to check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19080
diff
changeset
|
343 g_free(uid); |
25924
584063555949
Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents:
25894
diff
changeset
|
344 |
27671
99baf778e0b9
Fix GnuTLS validation of the CACert Chain. Closes #4458.
Paul Aurich <paul@darkrain42.org>
parents:
27669
diff
changeset
|
345 if (failing) |
99baf778e0b9
Fix GnuTLS validation of the CACert Chain. Closes #4458.
Paul Aurich <paul@darkrain42.org>
parents:
27669
diff
changeset
|
346 *failing = crt; |
99baf778e0b9
Fix GnuTLS validation of the CACert Chain. Closes #4458.
Paul Aurich <paul@darkrain42.org>
parents:
27669
diff
changeset
|
347 |
19077
8275c3cbc9da
- Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
348 return FALSE; |
8275c3cbc9da
- Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
349 } |
8275c3cbc9da
- Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
350 |
19081
bdd8911d5031
- Add debugging babble to check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19080
diff
changeset
|
351 purple_debug_info("certificate", |
bdd8911d5031
- Add debugging babble to check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19080
diff
changeset
|
352 "...Good signature by %s\n", |
bdd8911d5031
- Add debugging babble to check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19080
diff
changeset
|
353 uid); |
bdd8911d5031
- Add debugging babble to check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19080
diff
changeset
|
354 g_free(uid); |
25924
584063555949
Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents:
25894
diff
changeset
|
355 |
19077
8275c3cbc9da
- Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
356 /* The issuer is now the next crt whose signature is to be |
8275c3cbc9da
- Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
357 checked */ |
8275c3cbc9da
- Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
358 crt = issuer; |
8275c3cbc9da
- Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
359 } |
8275c3cbc9da
- Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
360 |
8275c3cbc9da
- Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
361 /* If control reaches this point, the chain is valid */ |
19081
bdd8911d5031
- Add debugging babble to check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19080
diff
changeset
|
362 purple_debug_info("certificate", "Chain is VALID\n"); |
19077
8275c3cbc9da
- Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
363 return TRUE; |
8275c3cbc9da
- Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
364 } |
8275c3cbc9da
- Add purple_certificate_check_signature_chain
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19076
diff
changeset
|
365 |
18988
4189fc3befba
- Add purple_certificate_import
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18987
diff
changeset
|
366 PurpleCertificate * |
18989
43d1ee6a3ed5
- Fixed naming issues in previous revision
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18988
diff
changeset
|
367 purple_certificate_import(PurpleCertificateScheme *scheme, const gchar *filename) |
18988
4189fc3befba
- Add purple_certificate_import
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18987
diff
changeset
|
368 { |
4189fc3befba
- Add purple_certificate_import
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18987
diff
changeset
|
369 g_return_val_if_fail(scheme, NULL); |
4189fc3befba
- Add purple_certificate_import
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18987
diff
changeset
|
370 g_return_val_if_fail(scheme->import_certificate, NULL); |
4189fc3befba
- Add purple_certificate_import
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18987
diff
changeset
|
371 g_return_val_if_fail(filename, NULL); |
4189fc3befba
- Add purple_certificate_import
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18987
diff
changeset
|
372 |
4189fc3befba
- Add purple_certificate_import
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18987
diff
changeset
|
373 return (scheme->import_certificate)(filename); |
4189fc3befba
- Add purple_certificate_import
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18987
diff
changeset
|
374 } |
4189fc3befba
- Add purple_certificate_import
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18987
diff
changeset
|
375 |
29647
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
29062
diff
changeset
|
376 GSList * |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
29062
diff
changeset
|
377 purple_certificates_import(PurpleCertificateScheme *scheme, const gchar *filename) |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
29062
diff
changeset
|
378 { |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
29062
diff
changeset
|
379 g_return_val_if_fail(scheme, NULL); |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
29062
diff
changeset
|
380 g_return_val_if_fail(scheme->import_certificates, NULL); |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
29062
diff
changeset
|
381 g_return_val_if_fail(filename, NULL); |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
29062
diff
changeset
|
382 |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
29062
diff
changeset
|
383 return (scheme->import_certificates)(filename); |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
29062
diff
changeset
|
384 } |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
29062
diff
changeset
|
385 |
18977
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18976
diff
changeset
|
386 gboolean |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18976
diff
changeset
|
387 purple_certificate_export(const gchar *filename, PurpleCertificate *crt) |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18976
diff
changeset
|
388 { |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18976
diff
changeset
|
389 PurpleCertificateScheme *scheme; |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18976
diff
changeset
|
390 |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18976
diff
changeset
|
391 g_return_val_if_fail(filename, FALSE); |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18976
diff
changeset
|
392 g_return_val_if_fail(crt, FALSE); |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18976
diff
changeset
|
393 g_return_val_if_fail(crt->scheme, FALSE); |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18976
diff
changeset
|
394 |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18976
diff
changeset
|
395 scheme = crt->scheme; |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18976
diff
changeset
|
396 g_return_val_if_fail(scheme->export_certificate, FALSE); |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18976
diff
changeset
|
397 |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18976
diff
changeset
|
398 return (scheme->export_certificate)(filename, crt); |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18976
diff
changeset
|
399 } |
31bdbb82de7e
- Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18976
diff
changeset
|
400 |
27669
4c5f35f2b1ff
A better solution for verifying certificate chains with NSS 3.12.3.
Paul Aurich <paul@darkrain42.org>
parents:
27664
diff
changeset
|
401 static gboolean |
4c5f35f2b1ff
A better solution for verifying certificate chains with NSS 3.12.3.
Paul Aurich <paul@darkrain42.org>
parents:
27664
diff
changeset
|
402 byte_arrays_equal(const GByteArray *array1, const GByteArray *array2) |
4c5f35f2b1ff
A better solution for verifying certificate chains with NSS 3.12.3.
Paul Aurich <paul@darkrain42.org>
parents:
27664
diff
changeset
|
403 { |
4c5f35f2b1ff
A better solution for verifying certificate chains with NSS 3.12.3.
Paul Aurich <paul@darkrain42.org>
parents:
27664
diff
changeset
|
404 g_return_val_if_fail(array1 != NULL, FALSE); |
4c5f35f2b1ff
A better solution for verifying certificate chains with NSS 3.12.3.
Paul Aurich <paul@darkrain42.org>
parents:
27664
diff
changeset
|
405 g_return_val_if_fail(array2 != NULL, FALSE); |
4c5f35f2b1ff
A better solution for verifying certificate chains with NSS 3.12.3.
Paul Aurich <paul@darkrain42.org>
parents:
27664
diff
changeset
|
406 |
4c5f35f2b1ff
A better solution for verifying certificate chains with NSS 3.12.3.
Paul Aurich <paul@darkrain42.org>
parents:
27664
diff
changeset
|
407 return (array1->len == array2->len) && |
4c5f35f2b1ff
A better solution for verifying certificate chains with NSS 3.12.3.
Paul Aurich <paul@darkrain42.org>
parents:
27664
diff
changeset
|
408 (0 == memcmp(array1->data, array2->data, array1->len)); |
4c5f35f2b1ff
A better solution for verifying certificate chains with NSS 3.12.3.
Paul Aurich <paul@darkrain42.org>
parents:
27664
diff
changeset
|
409 } |
31086
a8cc50c2279f
Remove trailing whitespace
Richard Laager <rlaager@wiktel.com>
parents:
30960
diff
changeset
|
410 |
18953
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
411 GByteArray * |
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
412 purple_certificate_get_fingerprint_sha1(PurpleCertificate *crt) |
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
413 { |
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
414 PurpleCertificateScheme *scheme; |
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
415 GByteArray *fpr; |
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
416 |
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
417 g_return_val_if_fail(crt, NULL); |
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
418 g_return_val_if_fail(crt->scheme, NULL); |
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
419 |
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
420 scheme = crt->scheme; |
25924
584063555949
Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents:
25894
diff
changeset
|
421 |
18953
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
422 g_return_val_if_fail(scheme->get_fingerprint_sha1, NULL); |
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
423 |
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
424 fpr = (scheme->get_fingerprint_sha1)(crt); |
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
425 |
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
426 return fpr; |
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
427 } |
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
428 |
18962
fcd05c39803e
- Add purple_certificate_get_subject_name and associated libpurple
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18960
diff
changeset
|
429 gchar * |
19080
3bdede51c007
- Expose get_unique_id and get_issuer_unique_id through libpurple functions
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19078
diff
changeset
|
430 purple_certificate_get_unique_id(PurpleCertificate *crt) |
3bdede51c007
- Expose get_unique_id and get_issuer_unique_id through libpurple functions
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19078
diff
changeset
|
431 { |
3bdede51c007
- Expose get_unique_id and get_issuer_unique_id through libpurple functions
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19078
diff
changeset
|
432 g_return_val_if_fail(crt, NULL); |
3bdede51c007
- Expose get_unique_id and get_issuer_unique_id through libpurple functions
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19078
diff
changeset
|
433 g_return_val_if_fail(crt->scheme, NULL); |
3bdede51c007
- Expose get_unique_id and get_issuer_unique_id through libpurple functions
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19078
diff
changeset
|
434 g_return_val_if_fail(crt->scheme->get_unique_id, NULL); |
3bdede51c007
- Expose get_unique_id and get_issuer_unique_id through libpurple functions
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19078
diff
changeset
|
435 |
3bdede51c007
- Expose get_unique_id and get_issuer_unique_id through libpurple functions
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19078
diff
changeset
|
436 return (crt->scheme->get_unique_id)(crt); |
3bdede51c007
- Expose get_unique_id and get_issuer_unique_id through libpurple functions
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19078
diff
changeset
|
437 } |
3bdede51c007
- Expose get_unique_id and get_issuer_unique_id through libpurple functions
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19078
diff
changeset
|
438 |
3bdede51c007
- Expose get_unique_id and get_issuer_unique_id through libpurple functions
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19078
diff
changeset
|
439 gchar * |
3bdede51c007
- Expose get_unique_id and get_issuer_unique_id through libpurple functions
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19078
diff
changeset
|
440 purple_certificate_get_issuer_unique_id(PurpleCertificate *crt) |
3bdede51c007
- Expose get_unique_id and get_issuer_unique_id through libpurple functions
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19078
diff
changeset
|
441 { |
3bdede51c007
- Expose get_unique_id and get_issuer_unique_id through libpurple functions
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19078
diff
changeset
|
442 g_return_val_if_fail(crt, NULL); |
3bdede51c007
- Expose get_unique_id and get_issuer_unique_id through libpurple functions
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19078
diff
changeset
|
443 g_return_val_if_fail(crt->scheme, NULL); |
3bdede51c007
- Expose get_unique_id and get_issuer_unique_id through libpurple functions
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19078
diff
changeset
|
444 g_return_val_if_fail(crt->scheme->get_issuer_unique_id, NULL); |
3bdede51c007
- Expose get_unique_id and get_issuer_unique_id through libpurple functions
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19078
diff
changeset
|
445 |
3bdede51c007
- Expose get_unique_id and get_issuer_unique_id through libpurple functions
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19078
diff
changeset
|
446 return (crt->scheme->get_issuer_unique_id)(crt); |
3bdede51c007
- Expose get_unique_id and get_issuer_unique_id through libpurple functions
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19078
diff
changeset
|
447 } |
3bdede51c007
- Expose get_unique_id and get_issuer_unique_id through libpurple functions
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19078
diff
changeset
|
448 |
3bdede51c007
- Expose get_unique_id and get_issuer_unique_id through libpurple functions
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19078
diff
changeset
|
449 gchar * |
18962
fcd05c39803e
- Add purple_certificate_get_subject_name and associated libpurple
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18960
diff
changeset
|
450 purple_certificate_get_subject_name(PurpleCertificate *crt) |
fcd05c39803e
- Add purple_certificate_get_subject_name and associated libpurple
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18960
diff
changeset
|
451 { |
fcd05c39803e
- Add purple_certificate_get_subject_name and associated libpurple
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18960
diff
changeset
|
452 PurpleCertificateScheme *scheme; |
fcd05c39803e
- Add purple_certificate_get_subject_name and associated libpurple
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18960
diff
changeset
|
453 gchar *subject_name; |
fcd05c39803e
- Add purple_certificate_get_subject_name and associated libpurple
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18960
diff
changeset
|
454 |
fcd05c39803e
- Add purple_certificate_get_subject_name and associated libpurple
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18960
diff
changeset
|
455 g_return_val_if_fail(crt, NULL); |
fcd05c39803e
- Add purple_certificate_get_subject_name and associated libpurple
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18960
diff
changeset
|
456 g_return_val_if_fail(crt->scheme, NULL); |
fcd05c39803e
- Add purple_certificate_get_subject_name and associated libpurple
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18960
diff
changeset
|
457 |
fcd05c39803e
- Add purple_certificate_get_subject_name and associated libpurple
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18960
diff
changeset
|
458 scheme = crt->scheme; |
fcd05c39803e
- Add purple_certificate_get_subject_name and associated libpurple
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18960
diff
changeset
|
459 |
fcd05c39803e
- Add purple_certificate_get_subject_name and associated libpurple
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18960
diff
changeset
|
460 g_return_val_if_fail(scheme->get_subject_name, NULL); |
fcd05c39803e
- Add purple_certificate_get_subject_name and associated libpurple
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18960
diff
changeset
|
461 |
fcd05c39803e
- Add purple_certificate_get_subject_name and associated libpurple
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18960
diff
changeset
|
462 subject_name = (scheme->get_subject_name)(crt); |
fcd05c39803e
- Add purple_certificate_get_subject_name and associated libpurple
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18960
diff
changeset
|
463 |
fcd05c39803e
- Add purple_certificate_get_subject_name and associated libpurple
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18960
diff
changeset
|
464 return subject_name; |
fcd05c39803e
- Add purple_certificate_get_subject_name and associated libpurple
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18960
diff
changeset
|
465 } |
fcd05c39803e
- Add purple_certificate_get_subject_name and associated libpurple
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18960
diff
changeset
|
466 |
19008
7fd9bd55f8d0
- Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19001
diff
changeset
|
467 gboolean |
7fd9bd55f8d0
- Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19001
diff
changeset
|
468 purple_certificate_check_subject_name(PurpleCertificate *crt, const gchar *name) |
7fd9bd55f8d0
- Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19001
diff
changeset
|
469 { |
7fd9bd55f8d0
- Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19001
diff
changeset
|
470 PurpleCertificateScheme *scheme; |
7fd9bd55f8d0
- Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19001
diff
changeset
|
471 |
7fd9bd55f8d0
- Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19001
diff
changeset
|
472 g_return_val_if_fail(crt, FALSE); |
7fd9bd55f8d0
- Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19001
diff
changeset
|
473 g_return_val_if_fail(crt->scheme, FALSE); |
7fd9bd55f8d0
- Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19001
diff
changeset
|
474 g_return_val_if_fail(name, FALSE); |
7fd9bd55f8d0
- Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19001
diff
changeset
|
475 |
7fd9bd55f8d0
- Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19001
diff
changeset
|
476 scheme = crt->scheme; |
7fd9bd55f8d0
- Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19001
diff
changeset
|
477 |
7fd9bd55f8d0
- Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19001
diff
changeset
|
478 g_return_val_if_fail(scheme->check_subject_name, FALSE); |
7fd9bd55f8d0
- Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19001
diff
changeset
|
479 |
7fd9bd55f8d0
- Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19001
diff
changeset
|
480 return (scheme->check_subject_name)(crt, name); |
7fd9bd55f8d0
- Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19001
diff
changeset
|
481 } |
7fd9bd55f8d0
- Add certificate_check_subject_name and associated machinery
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19001
diff
changeset
|
482 |
19012
b1090cbfc286
- Add expiration/activation functions for Certificates
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19010
diff
changeset
|
483 gboolean |
b1090cbfc286
- Add expiration/activation functions for Certificates
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19010
diff
changeset
|
484 purple_certificate_get_times(PurpleCertificate *crt, time_t *activation, time_t *expiration) |
b1090cbfc286
- Add expiration/activation functions for Certificates
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19010
diff
changeset
|
485 { |
b1090cbfc286
- Add expiration/activation functions for Certificates
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19010
diff
changeset
|
486 PurpleCertificateScheme *scheme; |
b1090cbfc286
- Add expiration/activation functions for Certificates
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19010
diff
changeset
|
487 |
b1090cbfc286
- Add expiration/activation functions for Certificates
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19010
diff
changeset
|
488 g_return_val_if_fail(crt, FALSE); |
b1090cbfc286
- Add expiration/activation functions for Certificates
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19010
diff
changeset
|
489 |
b1090cbfc286
- Add expiration/activation functions for Certificates
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19010
diff
changeset
|
490 scheme = crt->scheme; |
25924
584063555949
Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents:
25894
diff
changeset
|
491 |
19012
b1090cbfc286
- Add expiration/activation functions for Certificates
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19010
diff
changeset
|
492 g_return_val_if_fail(scheme, FALSE); |
b1090cbfc286
- Add expiration/activation functions for Certificates
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19010
diff
changeset
|
493 |
b1090cbfc286
- Add expiration/activation functions for Certificates
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19010
diff
changeset
|
494 /* If both provided references are NULL, what are you doing calling |
b1090cbfc286
- Add expiration/activation functions for Certificates
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19010
diff
changeset
|
495 this? */ |
b1090cbfc286
- Add expiration/activation functions for Certificates
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19010
diff
changeset
|
496 g_return_val_if_fail( (activation != NULL) || (expiration != NULL), FALSE); |
b1090cbfc286
- Add expiration/activation functions for Certificates
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19010
diff
changeset
|
497 |
19067
6c0aad79c4c5
- Change the internal structure of activation/expiration times to match
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19063
diff
changeset
|
498 /* Throw the request on down to the certscheme */ |
6c0aad79c4c5
- Change the internal structure of activation/expiration times to match
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19063
diff
changeset
|
499 return (scheme->get_times)(crt, activation, expiration); |
19012
b1090cbfc286
- Add expiration/activation functions for Certificates
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19010
diff
changeset
|
500 } |
b1090cbfc286
- Add expiration/activation functions for Certificates
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19010
diff
changeset
|
501 |
32414
7ceb5ca4b323
Add a function for retrieving the raw DER representation of a
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32212
diff
changeset
|
502 GByteArray * |
7ceb5ca4b323
Add a function for retrieving the raw DER representation of a
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32212
diff
changeset
|
503 purple_certificate_get_der_data(PurpleCertificate *crt) |
7ceb5ca4b323
Add a function for retrieving the raw DER representation of a
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32212
diff
changeset
|
504 { |
7ceb5ca4b323
Add a function for retrieving the raw DER representation of a
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32212
diff
changeset
|
505 PurpleCertificateScheme *scheme; |
7ceb5ca4b323
Add a function for retrieving the raw DER representation of a
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32212
diff
changeset
|
506 GByteArray *data; |
7ceb5ca4b323
Add a function for retrieving the raw DER representation of a
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32212
diff
changeset
|
507 |
7ceb5ca4b323
Add a function for retrieving the raw DER representation of a
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32212
diff
changeset
|
508 g_return_val_if_fail(crt, NULL); |
7ceb5ca4b323
Add a function for retrieving the raw DER representation of a
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32212
diff
changeset
|
509 g_return_val_if_fail(crt->scheme, NULL); |
7ceb5ca4b323
Add a function for retrieving the raw DER representation of a
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32212
diff
changeset
|
510 |
7ceb5ca4b323
Add a function for retrieving the raw DER representation of a
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32212
diff
changeset
|
511 scheme = crt->scheme; |
7ceb5ca4b323
Add a function for retrieving the raw DER representation of a
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32212
diff
changeset
|
512 |
7ceb5ca4b323
Add a function for retrieving the raw DER representation of a
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32212
diff
changeset
|
513 g_return_val_if_fail(scheme->get_der_data, NULL); |
7ceb5ca4b323
Add a function for retrieving the raw DER representation of a
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32212
diff
changeset
|
514 |
7ceb5ca4b323
Add a function for retrieving the raw DER representation of a
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32212
diff
changeset
|
515 data = (scheme->get_der_data)(crt); |
7ceb5ca4b323
Add a function for retrieving the raw DER representation of a
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32212
diff
changeset
|
516 |
7ceb5ca4b323
Add a function for retrieving the raw DER representation of a
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32212
diff
changeset
|
517 return data; |
7ceb5ca4b323
Add a function for retrieving the raw DER representation of a
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32212
diff
changeset
|
518 } |
7ceb5ca4b323
Add a function for retrieving the raw DER representation of a
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32212
diff
changeset
|
519 |
18984
2b4150624cf2
- Add purple_certificate_pool_mkpath helper function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18982
diff
changeset
|
520 gchar * |
32552
298080cecdc5
Add a function for converting a PurpleCertificate to a string
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32414
diff
changeset
|
521 purple_certificate_get_display_string(PurpleCertificate *crt) |
298080cecdc5
Add a function for converting a PurpleCertificate to a string
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32414
diff
changeset
|
522 { |
298080cecdc5
Add a function for converting a PurpleCertificate to a string
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32414
diff
changeset
|
523 PurpleCertificateScheme *scheme; |
298080cecdc5
Add a function for converting a PurpleCertificate to a string
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32414
diff
changeset
|
524 gchar *str; |
298080cecdc5
Add a function for converting a PurpleCertificate to a string
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32414
diff
changeset
|
525 |
298080cecdc5
Add a function for converting a PurpleCertificate to a string
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32414
diff
changeset
|
526 g_return_val_if_fail(crt, NULL); |
298080cecdc5
Add a function for converting a PurpleCertificate to a string
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32414
diff
changeset
|
527 g_return_val_if_fail(crt->scheme, NULL); |
298080cecdc5
Add a function for converting a PurpleCertificate to a string
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32414
diff
changeset
|
528 |
298080cecdc5
Add a function for converting a PurpleCertificate to a string
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32414
diff
changeset
|
529 scheme = crt->scheme; |
298080cecdc5
Add a function for converting a PurpleCertificate to a string
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32414
diff
changeset
|
530 |
298080cecdc5
Add a function for converting a PurpleCertificate to a string
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32414
diff
changeset
|
531 g_return_val_if_fail(scheme->get_display_string, NULL); |
298080cecdc5
Add a function for converting a PurpleCertificate to a string
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32414
diff
changeset
|
532 |
298080cecdc5
Add a function for converting a PurpleCertificate to a string
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32414
diff
changeset
|
533 str = (scheme->get_display_string)(crt); |
298080cecdc5
Add a function for converting a PurpleCertificate to a string
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32414
diff
changeset
|
534 |
298080cecdc5
Add a function for converting a PurpleCertificate to a string
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32414
diff
changeset
|
535 return str; |
298080cecdc5
Add a function for converting a PurpleCertificate to a string
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32414
diff
changeset
|
536 } |
298080cecdc5
Add a function for converting a PurpleCertificate to a string
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32414
diff
changeset
|
537 |
298080cecdc5
Add a function for converting a PurpleCertificate to a string
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32414
diff
changeset
|
538 gchar * |
18984
2b4150624cf2
- Add purple_certificate_pool_mkpath helper function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18982
diff
changeset
|
539 purple_certificate_pool_mkpath(PurpleCertificatePool *pool, const gchar *id) |
2b4150624cf2
- Add purple_certificate_pool_mkpath helper function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18982
diff
changeset
|
540 { |
19010
0d4b84820390
- Fix overzealous escaping cause by ancestor revision
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19009
diff
changeset
|
541 gchar *path; |
0d4b84820390
- Fix overzealous escaping cause by ancestor revision
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19009
diff
changeset
|
542 gchar *esc_scheme_name, *esc_name, *esc_id; |
25924
584063555949
Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents:
25894
diff
changeset
|
543 |
18984
2b4150624cf2
- Add purple_certificate_pool_mkpath helper function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18982
diff
changeset
|
544 g_return_val_if_fail(pool, NULL); |
2b4150624cf2
- Add purple_certificate_pool_mkpath helper function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18982
diff
changeset
|
545 g_return_val_if_fail(pool->scheme_name, NULL); |
2b4150624cf2
- Add purple_certificate_pool_mkpath helper function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18982
diff
changeset
|
546 g_return_val_if_fail(pool->name, NULL); |
2b4150624cf2
- Add purple_certificate_pool_mkpath helper function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18982
diff
changeset
|
547 |
19010
0d4b84820390
- Fix overzealous escaping cause by ancestor revision
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19009
diff
changeset
|
548 /* Escape all the elements for filesystem-friendliness */ |
19033
6b4e874e47c1
- Handle NULLs given to certificate_pool_mkpath without causing errors
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19027
diff
changeset
|
549 esc_scheme_name = pool ? g_strdup(purple_escape_filename(pool->scheme_name)) : NULL; |
6b4e874e47c1
- Handle NULLs given to certificate_pool_mkpath without causing errors
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19027
diff
changeset
|
550 esc_name = pool ? g_strdup(purple_escape_filename(pool->name)) : NULL; |
6b4e874e47c1
- Handle NULLs given to certificate_pool_mkpath without causing errors
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19027
diff
changeset
|
551 esc_id = id ? g_strdup(purple_escape_filename(id)) : NULL; |
25924
584063555949
Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents:
25894
diff
changeset
|
552 |
18984
2b4150624cf2
- Add purple_certificate_pool_mkpath helper function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18982
diff
changeset
|
553 path = g_build_filename(purple_user_dir(), |
18986
dfd9f883b774
- Correct the certstore folder paths
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18985
diff
changeset
|
554 "certificates", /* TODO: constantize this? */ |
19010
0d4b84820390
- Fix overzealous escaping cause by ancestor revision
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19009
diff
changeset
|
555 esc_scheme_name, |
0d4b84820390
- Fix overzealous escaping cause by ancestor revision
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19009
diff
changeset
|
556 esc_name, |
0d4b84820390
- Fix overzealous escaping cause by ancestor revision
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19009
diff
changeset
|
557 esc_id, |
18984
2b4150624cf2
- Add purple_certificate_pool_mkpath helper function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18982
diff
changeset
|
558 NULL); |
19009
b64aa0222a7a
- pool_mkpath now runs purple_escape_filename on its return value
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19008
diff
changeset
|
559 |
19010
0d4b84820390
- Fix overzealous escaping cause by ancestor revision
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19009
diff
changeset
|
560 g_free(esc_scheme_name); |
0d4b84820390
- Fix overzealous escaping cause by ancestor revision
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19009
diff
changeset
|
561 g_free(esc_name); |
0d4b84820390
- Fix overzealous escaping cause by ancestor revision
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19009
diff
changeset
|
562 g_free(esc_id); |
0d4b84820390
- Fix overzealous escaping cause by ancestor revision
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19009
diff
changeset
|
563 return path; |
18984
2b4150624cf2
- Add purple_certificate_pool_mkpath helper function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18982
diff
changeset
|
564 } |
2b4150624cf2
- Add purple_certificate_pool_mkpath helper function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18982
diff
changeset
|
565 |
18995
47b06daea9d1
- Add pool retrieve, contains, and store functions to certificate API
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18993
diff
changeset
|
566 gboolean |
19034
8b627694bf4a
- Add purple_certificate_pool_usable to check whether a pool's
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19033
diff
changeset
|
567 purple_certificate_pool_usable(PurpleCertificatePool *pool) |
8b627694bf4a
- Add purple_certificate_pool_usable to check whether a pool's
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19033
diff
changeset
|
568 { |
8b627694bf4a
- Add purple_certificate_pool_usable to check whether a pool's
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19033
diff
changeset
|
569 g_return_val_if_fail(pool, FALSE); |
8b627694bf4a
- Add purple_certificate_pool_usable to check whether a pool's
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19033
diff
changeset
|
570 g_return_val_if_fail(pool->scheme_name, FALSE); |
8b627694bf4a
- Add purple_certificate_pool_usable to check whether a pool's
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19033
diff
changeset
|
571 |
8b627694bf4a
- Add purple_certificate_pool_usable to check whether a pool's
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19033
diff
changeset
|
572 /* Check that the pool's scheme is loaded */ |
8b627694bf4a
- Add purple_certificate_pool_usable to check whether a pool's
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19033
diff
changeset
|
573 if (purple_certificate_find_scheme(pool->scheme_name) == NULL) { |
8b627694bf4a
- Add purple_certificate_pool_usable to check whether a pool's
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19033
diff
changeset
|
574 return FALSE; |
8b627694bf4a
- Add purple_certificate_pool_usable to check whether a pool's
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19033
diff
changeset
|
575 } |
25924
584063555949
Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents:
25894
diff
changeset
|
576 |
19034
8b627694bf4a
- Add purple_certificate_pool_usable to check whether a pool's
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19033
diff
changeset
|
577 return TRUE; |
8b627694bf4a
- Add purple_certificate_pool_usable to check whether a pool's
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19033
diff
changeset
|
578 } |
8b627694bf4a
- Add purple_certificate_pool_usable to check whether a pool's
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19033
diff
changeset
|
579 |
19060
c79b54f03f9d
- Add purple_certificate_pool_get_scheme helper function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19050
diff
changeset
|
580 PurpleCertificateScheme * |
c79b54f03f9d
- Add purple_certificate_pool_get_scheme helper function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19050
diff
changeset
|
581 purple_certificate_pool_get_scheme(PurpleCertificatePool *pool) |
c79b54f03f9d
- Add purple_certificate_pool_get_scheme helper function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19050
diff
changeset
|
582 { |
c79b54f03f9d
- Add purple_certificate_pool_get_scheme helper function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19050
diff
changeset
|
583 g_return_val_if_fail(pool, NULL); |
c79b54f03f9d
- Add purple_certificate_pool_get_scheme helper function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19050
diff
changeset
|
584 g_return_val_if_fail(pool->scheme_name, NULL); |
c79b54f03f9d
- Add purple_certificate_pool_get_scheme helper function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19050
diff
changeset
|
585 |
c79b54f03f9d
- Add purple_certificate_pool_get_scheme helper function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19050
diff
changeset
|
586 return purple_certificate_find_scheme(pool->scheme_name); |
c79b54f03f9d
- Add purple_certificate_pool_get_scheme helper function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19050
diff
changeset
|
587 } |
c79b54f03f9d
- Add purple_certificate_pool_get_scheme helper function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19050
diff
changeset
|
588 |
19034
8b627694bf4a
- Add purple_certificate_pool_usable to check whether a pool's
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19033
diff
changeset
|
589 gboolean |
18995
47b06daea9d1
- Add pool retrieve, contains, and store functions to certificate API
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18993
diff
changeset
|
590 purple_certificate_pool_contains(PurpleCertificatePool *pool, const gchar *id) |
47b06daea9d1
- Add pool retrieve, contains, and store functions to certificate API
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18993
diff
changeset
|
591 { |
47b06daea9d1
- Add pool retrieve, contains, and store functions to certificate API
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18993
diff
changeset
|
592 g_return_val_if_fail(pool, FALSE); |
47b06daea9d1
- Add pool retrieve, contains, and store functions to certificate API
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18993
diff
changeset
|
593 g_return_val_if_fail(id, FALSE); |
47b06daea9d1
- Add pool retrieve, contains, and store functions to certificate API
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18993
diff
changeset
|
594 g_return_val_if_fail(pool->cert_in_pool, FALSE); |
47b06daea9d1
- Add pool retrieve, contains, and store functions to certificate API
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18993
diff
changeset
|
595 |
47b06daea9d1
- Add pool retrieve, contains, and store functions to certificate API
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18993
diff
changeset
|
596 return (pool->cert_in_pool)(id); |
47b06daea9d1
- Add pool retrieve, contains, and store functions to certificate API
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18993
diff
changeset
|
597 } |
47b06daea9d1
- Add pool retrieve, contains, and store functions to certificate API
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18993
diff
changeset
|
598 |
47b06daea9d1
- Add pool retrieve, contains, and store functions to certificate API
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18993
diff
changeset
|
599 PurpleCertificate * |
47b06daea9d1
- Add pool retrieve, contains, and store functions to certificate API
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18993
diff
changeset
|
600 purple_certificate_pool_retrieve(PurpleCertificatePool *pool, const gchar *id) |
47b06daea9d1
- Add pool retrieve, contains, and store functions to certificate API
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18993
diff
changeset
|
601 { |
47b06daea9d1
- Add pool retrieve, contains, and store functions to certificate API
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18993
diff
changeset
|
602 g_return_val_if_fail(pool, NULL); |
47b06daea9d1
- Add pool retrieve, contains, and store functions to certificate API
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18993
diff
changeset
|
603 g_return_val_if_fail(id, NULL); |
47b06daea9d1
- Add pool retrieve, contains, and store functions to certificate API
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18993
diff
changeset
|
604 g_return_val_if_fail(pool->get_cert, NULL); |
47b06daea9d1
- Add pool retrieve, contains, and store functions to certificate API
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18993
diff
changeset
|
605 |
47b06daea9d1
- Add pool retrieve, contains, and store functions to certificate API
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18993
diff
changeset
|
606 return (pool->get_cert)(id); |
47b06daea9d1
- Add pool retrieve, contains, and store functions to certificate API
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18993
diff
changeset
|
607 } |
47b06daea9d1
- Add pool retrieve, contains, and store functions to certificate API
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18993
diff
changeset
|
608 |
47b06daea9d1
- Add pool retrieve, contains, and store functions to certificate API
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18993
diff
changeset
|
609 gboolean |
47b06daea9d1
- Add pool retrieve, contains, and store functions to certificate API
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18993
diff
changeset
|
610 purple_certificate_pool_store(PurpleCertificatePool *pool, const gchar *id, PurpleCertificate *crt) |
47b06daea9d1
- Add pool retrieve, contains, and store functions to certificate API
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18993
diff
changeset
|
611 { |
19046
8599a27ad69c
- Emit certificate-stored signal in purple_certificate_pool_store
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19044
diff
changeset
|
612 gboolean ret = FALSE; |
25924
584063555949
Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents:
25894
diff
changeset
|
613 |
18995
47b06daea9d1
- Add pool retrieve, contains, and store functions to certificate API
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18993
diff
changeset
|
614 g_return_val_if_fail(pool, FALSE); |
47b06daea9d1
- Add pool retrieve, contains, and store functions to certificate API
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18993
diff
changeset
|
615 g_return_val_if_fail(id, FALSE); |
47b06daea9d1
- Add pool retrieve, contains, and store functions to certificate API
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18993
diff
changeset
|
616 g_return_val_if_fail(pool->put_cert, FALSE); |
47b06daea9d1
- Add pool retrieve, contains, and store functions to certificate API
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18993
diff
changeset
|
617 |
18996
24fc5ca67afc
- Do some weak checking to ensure that you don't attempt to store a
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18995
diff
changeset
|
618 /* Whether crt->scheme matches find_scheme(pool->scheme_name) is not |
24fc5ca67afc
- Do some weak checking to ensure that you don't attempt to store a
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18995
diff
changeset
|
619 relevant... I think... */ |
24fc5ca67afc
- Do some weak checking to ensure that you don't attempt to store a
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18995
diff
changeset
|
620 g_return_val_if_fail( |
24fc5ca67afc
- Do some weak checking to ensure that you don't attempt to store a
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18995
diff
changeset
|
621 g_ascii_strcasecmp(pool->scheme_name, crt->scheme->name) == 0, |
24fc5ca67afc
- Do some weak checking to ensure that you don't attempt to store a
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18995
diff
changeset
|
622 FALSE); |
18995
47b06daea9d1
- Add pool retrieve, contains, and store functions to certificate API
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18993
diff
changeset
|
623 |
19046
8599a27ad69c
- Emit certificate-stored signal in purple_certificate_pool_store
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19044
diff
changeset
|
624 ret = (pool->put_cert)(id, crt); |
8599a27ad69c
- Emit certificate-stored signal in purple_certificate_pool_store
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19044
diff
changeset
|
625 |
19050
c563b8f84aa0
- Only emit certificate-stored and certificate-deleted if the operation
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19049
diff
changeset
|
626 /* Signal that the certificate was stored if success*/ |
c563b8f84aa0
- Only emit certificate-stored and certificate-deleted if the operation
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19049
diff
changeset
|
627 if (ret) { |
c563b8f84aa0
- Only emit certificate-stored and certificate-deleted if the operation
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19049
diff
changeset
|
628 purple_signal_emit(pool, "certificate-stored", |
c563b8f84aa0
- Only emit certificate-stored and certificate-deleted if the operation
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19049
diff
changeset
|
629 pool, id); |
c563b8f84aa0
- Only emit certificate-stored and certificate-deleted if the operation
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19049
diff
changeset
|
630 } |
19046
8599a27ad69c
- Emit certificate-stored signal in purple_certificate_pool_store
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19044
diff
changeset
|
631 |
8599a27ad69c
- Emit certificate-stored signal in purple_certificate_pool_store
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19044
diff
changeset
|
632 return ret; |
25924
584063555949
Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents:
25894
diff
changeset
|
633 } |
18984
2b4150624cf2
- Add purple_certificate_pool_mkpath helper function
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18982
diff
changeset
|
634 |
19049
8cbc110456ac
- Add purple_certificate_pool_delete
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19048
diff
changeset
|
635 gboolean |
8cbc110456ac
- Add purple_certificate_pool_delete
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19048
diff
changeset
|
636 purple_certificate_pool_delete(PurpleCertificatePool *pool, const gchar *id) |
8cbc110456ac
- Add purple_certificate_pool_delete
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19048
diff
changeset
|
637 { |
8cbc110456ac
- Add purple_certificate_pool_delete
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19048
diff
changeset
|
638 gboolean ret = FALSE; |
25924
584063555949
Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents:
25894
diff
changeset
|
639 |
19049
8cbc110456ac
- Add purple_certificate_pool_delete
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19048
diff
changeset
|
640 g_return_val_if_fail(pool, FALSE); |
8cbc110456ac
- Add purple_certificate_pool_delete
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19048
diff
changeset
|
641 g_return_val_if_fail(id, FALSE); |
8cbc110456ac
- Add purple_certificate_pool_delete
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19048
diff
changeset
|
642 g_return_val_if_fail(pool->delete_cert, FALSE); |
8cbc110456ac
- Add purple_certificate_pool_delete
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19048
diff
changeset
|
643 |
8cbc110456ac
- Add purple_certificate_pool_delete
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19048
diff
changeset
|
644 ret = (pool->delete_cert)(id); |
8cbc110456ac
- Add purple_certificate_pool_delete
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19048
diff
changeset
|
645 |
19050
c563b8f84aa0
- Only emit certificate-stored and certificate-deleted if the operation
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19049
diff
changeset
|
646 /* Signal that the certificate was deleted if success */ |
c563b8f84aa0
- Only emit certificate-stored and certificate-deleted if the operation
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19049
diff
changeset
|
647 if (ret) { |
c563b8f84aa0
- Only emit certificate-stored and certificate-deleted if the operation
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19049
diff
changeset
|
648 purple_signal_emit(pool, "certificate-deleted", |
c563b8f84aa0
- Only emit certificate-stored and certificate-deleted if the operation
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19049
diff
changeset
|
649 pool, id); |
c563b8f84aa0
- Only emit certificate-stored and certificate-deleted if the operation
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19049
diff
changeset
|
650 } |
19049
8cbc110456ac
- Add purple_certificate_pool_delete
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19048
diff
changeset
|
651 |
8cbc110456ac
- Add purple_certificate_pool_delete
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19048
diff
changeset
|
652 return ret; |
8cbc110456ac
- Add purple_certificate_pool_delete
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19048
diff
changeset
|
653 } |
8cbc110456ac
- Add purple_certificate_pool_delete
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19048
diff
changeset
|
654 |
19026
b3acaf46d9ad
- Add pool_get_idlist / pool_destroy_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19024
diff
changeset
|
655 GList * |
b3acaf46d9ad
- Add pool_get_idlist / pool_destroy_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19024
diff
changeset
|
656 purple_certificate_pool_get_idlist(PurpleCertificatePool *pool) |
b3acaf46d9ad
- Add pool_get_idlist / pool_destroy_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19024
diff
changeset
|
657 { |
b3acaf46d9ad
- Add pool_get_idlist / pool_destroy_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19024
diff
changeset
|
658 g_return_val_if_fail(pool, NULL); |
b3acaf46d9ad
- Add pool_get_idlist / pool_destroy_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19024
diff
changeset
|
659 g_return_val_if_fail(pool->get_idlist, NULL); |
b3acaf46d9ad
- Add pool_get_idlist / pool_destroy_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19024
diff
changeset
|
660 |
b3acaf46d9ad
- Add pool_get_idlist / pool_destroy_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19024
diff
changeset
|
661 return (pool->get_idlist)(); |
b3acaf46d9ad
- Add pool_get_idlist / pool_destroy_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19024
diff
changeset
|
662 } |
b3acaf46d9ad
- Add pool_get_idlist / pool_destroy_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19024
diff
changeset
|
663 |
b3acaf46d9ad
- Add pool_get_idlist / pool_destroy_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19024
diff
changeset
|
664 void |
b3acaf46d9ad
- Add pool_get_idlist / pool_destroy_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19024
diff
changeset
|
665 purple_certificate_pool_destroy_idlist(GList *idlist) |
b3acaf46d9ad
- Add pool_get_idlist / pool_destroy_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19024
diff
changeset
|
666 { |
b3acaf46d9ad
- Add pool_get_idlist / pool_destroy_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19024
diff
changeset
|
667 GList *l; |
25924
584063555949
Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents:
25894
diff
changeset
|
668 |
19026
b3acaf46d9ad
- Add pool_get_idlist / pool_destroy_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19024
diff
changeset
|
669 /* Iterate through and free them strings */ |
b3acaf46d9ad
- Add pool_get_idlist / pool_destroy_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19024
diff
changeset
|
670 for ( l = idlist; l; l = l->next ) { |
b3acaf46d9ad
- Add pool_get_idlist / pool_destroy_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19024
diff
changeset
|
671 g_free(l->data); |
b3acaf46d9ad
- Add pool_get_idlist / pool_destroy_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19024
diff
changeset
|
672 } |
b3acaf46d9ad
- Add pool_get_idlist / pool_destroy_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19024
diff
changeset
|
673 |
b3acaf46d9ad
- Add pool_get_idlist / pool_destroy_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19024
diff
changeset
|
674 g_list_free(idlist); |
b3acaf46d9ad
- Add pool_get_idlist / pool_destroy_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19024
diff
changeset
|
675 } |
b3acaf46d9ad
- Add pool_get_idlist / pool_destroy_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19024
diff
changeset
|
676 |
b3acaf46d9ad
- Add pool_get_idlist / pool_destroy_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19024
diff
changeset
|
677 |
18953
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
678 /****************************************************************************/ |
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
679 /* Builtin Verifiers, Pools, etc. */ |
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
680 /****************************************************************************/ |
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
681 |
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
682 static void |
32556
b1f9e5e9c03f
Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32552
diff
changeset
|
683 x509_singleuse_verify_accept_cb(PurpleCertificateVerificationRequest *vrq) |
18953
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
684 { |
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
685 g_return_if_fail(vrq); |
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
686 |
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
687 purple_debug_info("certificate/x509_singleuse", |
32556
b1f9e5e9c03f
Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32552
diff
changeset
|
688 "VRQ on cert from %s accepted\n", |
b1f9e5e9c03f
Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32552
diff
changeset
|
689 vrq->subject_name); |
b1f9e5e9c03f
Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32552
diff
changeset
|
690 |
b1f9e5e9c03f
Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32552
diff
changeset
|
691 purple_certificate_verify_complete(vrq, PURPLE_CERTIFICATE_VALID); |
b1f9e5e9c03f
Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32552
diff
changeset
|
692 } |
18953
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
693 |
32556
b1f9e5e9c03f
Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32552
diff
changeset
|
694 static void |
b1f9e5e9c03f
Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32552
diff
changeset
|
695 x509_singleuse_verify_reject_cb(PurpleCertificateVerificationRequest *vrq) |
b1f9e5e9c03f
Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32552
diff
changeset
|
696 { |
b1f9e5e9c03f
Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32552
diff
changeset
|
697 g_return_if_fail(vrq); |
18953
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
698 |
32556
b1f9e5e9c03f
Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32552
diff
changeset
|
699 purple_debug_info("certificate/x509_singleuse", |
b1f9e5e9c03f
Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32552
diff
changeset
|
700 "VRQ on cert from %s rejected\n", |
b1f9e5e9c03f
Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32552
diff
changeset
|
701 vrq->subject_name); |
b1f9e5e9c03f
Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32552
diff
changeset
|
702 |
b1f9e5e9c03f
Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32552
diff
changeset
|
703 purple_certificate_verify_complete(vrq, PURPLE_CERTIFICATE_INVALID); |
18953
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
704 } |
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
705 |
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
706 static void |
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
707 x509_singleuse_start_verify (PurpleCertificateVerificationRequest *vrq) |
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
708 { |
18964
7b03727b10b4
- x509_singleuse uses the subject_name field...somewhat
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18962
diff
changeset
|
709 gchar *cn; |
7b03727b10b4
- x509_singleuse uses the subject_name field...somewhat
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18962
diff
changeset
|
710 const gchar *cn_match; |
18953
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
711 gchar *primary, *secondary; |
32556
b1f9e5e9c03f
Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32552
diff
changeset
|
712 PurpleCertificate *crt = (PurpleCertificate *)vrq->cert_chain->data; |
18953
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
713 |
18964
7b03727b10b4
- x509_singleuse uses the subject_name field...somewhat
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18962
diff
changeset
|
714 cn = purple_certificate_get_subject_name(crt); |
7b03727b10b4
- x509_singleuse uses the subject_name field...somewhat
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18962
diff
changeset
|
715 |
19496
004c3e257bd0
- Even more TODO whacking
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19495
diff
changeset
|
716 if (purple_certificate_check_subject_name(crt, vrq->subject_name)) { |
32556
b1f9e5e9c03f
Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32552
diff
changeset
|
717 cn_match = _("(MATCH)"); |
18964
7b03727b10b4
- x509_singleuse uses the subject_name field...somewhat
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18962
diff
changeset
|
718 } else { |
7b03727b10b4
- x509_singleuse uses the subject_name field...somewhat
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18962
diff
changeset
|
719 cn_match = _("(DOES NOT MATCH)"); |
7b03727b10b4
- x509_singleuse uses the subject_name field...somewhat
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18962
diff
changeset
|
720 } |
25924
584063555949
Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents:
25894
diff
changeset
|
721 |
18953
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
722 primary = g_strdup_printf(_("%s has presented the following certificate for just-this-once use:"), vrq->subject_name); |
32556
b1f9e5e9c03f
Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32552
diff
changeset
|
723 secondary = g_strdup_printf(_("Common name: %s %s"), cn, cn_match); |
25924
584063555949
Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents:
25894
diff
changeset
|
724 |
18953
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
725 /* Make a semi-pretty display */ |
32556
b1f9e5e9c03f
Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32552
diff
changeset
|
726 purple_request_certificate( |
18953
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
727 vrq->cb_data, /* TODO: Find what the handle ought to be */ |
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
728 _("Single-use Certificate Verification"), |
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
729 primary, |
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
730 secondary, |
32556
b1f9e5e9c03f
Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32552
diff
changeset
|
731 crt, |
b1f9e5e9c03f
Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32552
diff
changeset
|
732 _("Accept"), G_CALLBACK(x509_singleuse_verify_accept_cb), |
b1f9e5e9c03f
Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32552
diff
changeset
|
733 _("Reject"), G_CALLBACK(x509_singleuse_verify_reject_cb), |
b1f9e5e9c03f
Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32552
diff
changeset
|
734 vrq); |
25924
584063555949
Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents:
25894
diff
changeset
|
735 |
29699
8474495b9dfc
A couple more leak fixes.
Sadrul Habib Chowdhury <imadil@gmail.com>
parents:
29647
diff
changeset
|
736 g_free(cn); |
18953
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
737 g_free(primary); |
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
738 g_free(secondary); |
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
739 } |
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
740 |
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
741 static void |
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
742 x509_singleuse_destroy_request (PurpleCertificateVerificationRequest *vrq) |
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
743 { |
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
744 /* I don't do anything! */ |
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
745 } |
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
746 |
22593
54e5371a6d5d
Make x509_singleuse static
Stu Tomlinson <stu@nosnilmot.com>
parents:
22486
diff
changeset
|
747 static PurpleCertificateVerifier x509_singleuse = { |
18953
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
748 "x509", /* Scheme name */ |
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
749 "singleuse", /* Verifier name */ |
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
750 x509_singleuse_start_verify, /* start_verification function */ |
19649
450f4a3c4c0f
- Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19564
diff
changeset
|
751 x509_singleuse_destroy_request, /* Request cleanup operation */ |
450f4a3c4c0f
- Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19564
diff
changeset
|
752 |
450f4a3c4c0f
- Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19564
diff
changeset
|
753 NULL, |
450f4a3c4c0f
- Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19564
diff
changeset
|
754 NULL, |
450f4a3c4c0f
- Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19564
diff
changeset
|
755 NULL, |
450f4a3c4c0f
- Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19564
diff
changeset
|
756 NULL |
18953
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
757 }; |
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
758 |
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
759 |
18975
172b8d1dc2be
- CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18973
diff
changeset
|
760 |
19093
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
761 /***** X.509 Certificate Authority pool, keyed by Distinguished Name *****/ |
19094
dd9f69ebaae8
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19093
diff
changeset
|
762 /* This is implemented in what may be the most inefficient and bugprone way |
dd9f69ebaae8
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19093
diff
changeset
|
763 possible; however, future optimizations should not be difficult. */ |
dd9f69ebaae8
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19093
diff
changeset
|
764 |
19093
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
765 static PurpleCertificatePool x509_ca; |
18975
172b8d1dc2be
- CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18973
diff
changeset
|
766 |
19094
dd9f69ebaae8
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19093
diff
changeset
|
767 /** Holds a key-value pair for quickish certificate lookup */ |
dd9f69ebaae8
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19093
diff
changeset
|
768 typedef struct { |
dd9f69ebaae8
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19093
diff
changeset
|
769 gchar *dn; |
dd9f69ebaae8
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19093
diff
changeset
|
770 PurpleCertificate *crt; |
dd9f69ebaae8
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19093
diff
changeset
|
771 } x509_ca_element; |
dd9f69ebaae8
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19093
diff
changeset
|
772 |
19207
8926e15873ca
- Add a helper function to destroy x509_ca_elements, and use it where
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19206
diff
changeset
|
773 static void |
8926e15873ca
- Add a helper function to destroy x509_ca_elements, and use it where
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19206
diff
changeset
|
774 x509_ca_element_free(x509_ca_element *el) |
8926e15873ca
- Add a helper function to destroy x509_ca_elements, and use it where
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19206
diff
changeset
|
775 { |
8926e15873ca
- Add a helper function to destroy x509_ca_elements, and use it where
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19206
diff
changeset
|
776 if (NULL == el) return; |
8926e15873ca
- Add a helper function to destroy x509_ca_elements, and use it where
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19206
diff
changeset
|
777 |
8926e15873ca
- Add a helper function to destroy x509_ca_elements, and use it where
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19206
diff
changeset
|
778 g_free(el->dn); |
8926e15873ca
- Add a helper function to destroy x509_ca_elements, and use it where
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19206
diff
changeset
|
779 purple_certificate_destroy(el->crt); |
8926e15873ca
- Add a helper function to destroy x509_ca_elements, and use it where
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19206
diff
changeset
|
780 g_free(el); |
8926e15873ca
- Add a helper function to destroy x509_ca_elements, and use it where
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19206
diff
changeset
|
781 } |
8926e15873ca
- Add a helper function to destroy x509_ca_elements, and use it where
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19206
diff
changeset
|
782 |
19094
dd9f69ebaae8
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19093
diff
changeset
|
783 /** System directory to probe for CA certificates */ |
19271
c28e1afe691b
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19211
diff
changeset
|
784 /* This is set in the lazy_init function */ |
21647
a57adf1de9cb
Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents:
21561
diff
changeset
|
785 static GList *x509_ca_paths = NULL; |
19094
dd9f69ebaae8
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19093
diff
changeset
|
786 |
dd9f69ebaae8
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19093
diff
changeset
|
787 /** A list of loaded CAs, populated from the above path whenever the lazy_init |
dd9f69ebaae8
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19093
diff
changeset
|
788 happens. Contains pointers to x509_ca_elements */ |
dd9f69ebaae8
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19093
diff
changeset
|
789 static GList *x509_ca_certs = NULL; |
dd9f69ebaae8
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19093
diff
changeset
|
790 |
dd9f69ebaae8
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19093
diff
changeset
|
791 /** Used for lazy initialization purposes. */ |
dd9f69ebaae8
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19093
diff
changeset
|
792 static gboolean x509_ca_initialized = FALSE; |
dd9f69ebaae8
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19093
diff
changeset
|
793 |
19201
73d8dd2169c4
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19096
diff
changeset
|
794 /** Adds a certificate to the in-memory cache, doing nothing else */ |
73d8dd2169c4
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19096
diff
changeset
|
795 static gboolean |
73d8dd2169c4
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19096
diff
changeset
|
796 x509_ca_quiet_put_cert(PurpleCertificate *crt) |
73d8dd2169c4
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19096
diff
changeset
|
797 { |
73d8dd2169c4
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19096
diff
changeset
|
798 x509_ca_element *el; |
73d8dd2169c4
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19096
diff
changeset
|
799 |
73d8dd2169c4
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19096
diff
changeset
|
800 /* lazy_init calls this function, so calling lazy_init here is a |
73d8dd2169c4
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19096
diff
changeset
|
801 Bad Thing */ |
25924
584063555949
Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents:
25894
diff
changeset
|
802 |
19201
73d8dd2169c4
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19096
diff
changeset
|
803 g_return_val_if_fail(crt, FALSE); |
73d8dd2169c4
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19096
diff
changeset
|
804 g_return_val_if_fail(crt->scheme, FALSE); |
73d8dd2169c4
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19096
diff
changeset
|
805 /* Make sure that this is some kind of X.509 certificate */ |
73d8dd2169c4
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19096
diff
changeset
|
806 /* TODO: Perhaps just check crt->scheme->name instead? */ |
73d8dd2169c4
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19096
diff
changeset
|
807 g_return_val_if_fail(crt->scheme == purple_certificate_find_scheme(x509_ca.scheme_name), FALSE); |
25924
584063555949
Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents:
25894
diff
changeset
|
808 |
19201
73d8dd2169c4
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19096
diff
changeset
|
809 el = g_new0(x509_ca_element, 1); |
73d8dd2169c4
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19096
diff
changeset
|
810 el->dn = purple_certificate_get_unique_id(crt); |
73d8dd2169c4
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19096
diff
changeset
|
811 el->crt = purple_certificate_copy(crt); |
73d8dd2169c4
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19096
diff
changeset
|
812 x509_ca_certs = g_list_prepend(x509_ca_certs, el); |
73d8dd2169c4
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19096
diff
changeset
|
813 |
73d8dd2169c4
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19096
diff
changeset
|
814 return TRUE; |
73d8dd2169c4
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19096
diff
changeset
|
815 } |
73d8dd2169c4
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19096
diff
changeset
|
816 |
19271
c28e1afe691b
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19211
diff
changeset
|
817 /* Since the libpurple CertificatePools get registered before plugins are |
c28e1afe691b
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19211
diff
changeset
|
818 loaded, an X.509 Scheme is generally not available when x509_ca_init is |
c28e1afe691b
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19211
diff
changeset
|
819 called, but x509_ca requires X.509 operations in order to properly load. |
c28e1afe691b
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19211
diff
changeset
|
820 |
c28e1afe691b
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19211
diff
changeset
|
821 To solve this, I present the lazy_init function. It attempts to finish |
c28e1afe691b
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19211
diff
changeset
|
822 initialization of the Pool, but it usually fails when it is called from |
c28e1afe691b
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19211
diff
changeset
|
823 x509_ca_init. However, this is OK; initialization is then simply deferred |
c28e1afe691b
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19211
diff
changeset
|
824 until someone tries to use functions from the pool. */ |
19094
dd9f69ebaae8
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19093
diff
changeset
|
825 static gboolean |
dd9f69ebaae8
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19093
diff
changeset
|
826 x509_ca_lazy_init(void) |
dd9f69ebaae8
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19093
diff
changeset
|
827 { |
19095
cd70e75f9a83
- x509_ca_lazy_init is more implemented
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19094
diff
changeset
|
828 PurpleCertificateScheme *x509; |
19201
73d8dd2169c4
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19096
diff
changeset
|
829 GDir *certdir; |
73d8dd2169c4
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19096
diff
changeset
|
830 const gchar *entry; |
29647
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
29062
diff
changeset
|
831 GPatternSpec *pempat, *crtpat; |
21647
a57adf1de9cb
Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents:
21561
diff
changeset
|
832 GList *iter = NULL; |
29647
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
29062
diff
changeset
|
833 GSList *crts = NULL; |
25924
584063555949
Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents:
25894
diff
changeset
|
834 |
19094
dd9f69ebaae8
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19093
diff
changeset
|
835 if (x509_ca_initialized) return TRUE; |
dd9f69ebaae8
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19093
diff
changeset
|
836 |
19095
cd70e75f9a83
- x509_ca_lazy_init is more implemented
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19094
diff
changeset
|
837 /* Check that X.509 is registered */ |
cd70e75f9a83
- x509_ca_lazy_init is more implemented
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19094
diff
changeset
|
838 x509 = purple_certificate_find_scheme(x509_ca.scheme_name); |
cd70e75f9a83
- x509_ca_lazy_init is more implemented
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19094
diff
changeset
|
839 if ( !x509 ) { |
27231
627d23bfdb05
Increase the logging level of some debugging messages that seemed to be a
mauro.brasil@tqi.com.br
parents:
25941
diff
changeset
|
840 purple_debug_warning("certificate/x509/ca", |
19095
cd70e75f9a83
- x509_ca_lazy_init is more implemented
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19094
diff
changeset
|
841 "Lazy init failed because an X.509 Scheme " |
cd70e75f9a83
- x509_ca_lazy_init is more implemented
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19094
diff
changeset
|
842 "is not yet registered. Maybe it will be " |
cd70e75f9a83
- x509_ca_lazy_init is more implemented
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19094
diff
changeset
|
843 "better later.\n"); |
cd70e75f9a83
- x509_ca_lazy_init is more implemented
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19094
diff
changeset
|
844 return FALSE; |
cd70e75f9a83
- x509_ca_lazy_init is more implemented
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19094
diff
changeset
|
845 } |
cd70e75f9a83
- x509_ca_lazy_init is more implemented
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19094
diff
changeset
|
846 |
19201
73d8dd2169c4
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19096
diff
changeset
|
847 /* Use a glob to only read .pem files */ |
73d8dd2169c4
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19096
diff
changeset
|
848 pempat = g_pattern_spec_new("*.pem"); |
29647
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
29062
diff
changeset
|
849 crtpat = g_pattern_spec_new("*.crt"); |
19201
73d8dd2169c4
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19096
diff
changeset
|
850 |
21647
a57adf1de9cb
Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents:
21561
diff
changeset
|
851 /* Populate the certificates pool from the search path(s) */ |
a57adf1de9cb
Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents:
21561
diff
changeset
|
852 for (iter = x509_ca_paths; iter; iter = iter->next) { |
a57adf1de9cb
Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents:
21561
diff
changeset
|
853 certdir = g_dir_open(iter->data, 0, NULL); |
a57adf1de9cb
Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents:
21561
diff
changeset
|
854 if (!certdir) { |
22486
3225c99785b8
Fix a bunch of compiler warnings caused by my addition of G_GNUC_PRINTF()
Mark Doliner <mark@kingant.net>
parents:
22143
diff
changeset
|
855 purple_debug_error("certificate/x509/ca", "Couldn't open location '%s'\n", (const char *)iter->data); |
19201
73d8dd2169c4
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19096
diff
changeset
|
856 continue; |
73d8dd2169c4
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19096
diff
changeset
|
857 } |
19095
cd70e75f9a83
- x509_ca_lazy_init is more implemented
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19094
diff
changeset
|
858 |
21647
a57adf1de9cb
Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents:
21561
diff
changeset
|
859 while ( (entry = g_dir_read_name(certdir)) ) { |
a57adf1de9cb
Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents:
21561
diff
changeset
|
860 gchar *fullpath; |
a57adf1de9cb
Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents:
21561
diff
changeset
|
861 PurpleCertificate *crt; |
a57adf1de9cb
Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents:
21561
diff
changeset
|
862 |
29647
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
29062
diff
changeset
|
863 if (!g_pattern_match_string(pempat, entry) && !g_pattern_match_string(crtpat, entry)) { |
21647
a57adf1de9cb
Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents:
21561
diff
changeset
|
864 continue; |
a57adf1de9cb
Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents:
21561
diff
changeset
|
865 } |
a57adf1de9cb
Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents:
21561
diff
changeset
|
866 |
a57adf1de9cb
Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents:
21561
diff
changeset
|
867 fullpath = g_build_filename(iter->data, entry, NULL); |
a57adf1de9cb
Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents:
21561
diff
changeset
|
868 |
a57adf1de9cb
Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents:
21561
diff
changeset
|
869 /* TODO: Respond to a failure in the following? */ |
29647
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
29062
diff
changeset
|
870 crts = purple_certificates_import(x509, fullpath); |
19201
73d8dd2169c4
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19096
diff
changeset
|
871 |
29647
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
29062
diff
changeset
|
872 while (crts && crts->data) { |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
29062
diff
changeset
|
873 crt = crts->data; |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
29062
diff
changeset
|
874 if (x509_ca_quiet_put_cert(crt)) { |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
29062
diff
changeset
|
875 gchar *name; |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
29062
diff
changeset
|
876 name = purple_certificate_get_subject_name(crt); |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
29062
diff
changeset
|
877 purple_debug_info("certificate/x509/ca", |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
29062
diff
changeset
|
878 "Loaded %s from %s\n", |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
29062
diff
changeset
|
879 name ? name : "(unknown)", fullpath); |
29699
8474495b9dfc
A couple more leak fixes.
Sadrul Habib Chowdhury <imadil@gmail.com>
parents:
29647
diff
changeset
|
880 g_free(name); |
29647
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
29062
diff
changeset
|
881 } else { |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
29062
diff
changeset
|
882 purple_debug_error("certificate/x509/ca", |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
29062
diff
changeset
|
883 "Failed to load certificate from %s\n", |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
29062
diff
changeset
|
884 fullpath); |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
29062
diff
changeset
|
885 } |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
29062
diff
changeset
|
886 purple_certificate_destroy(crt); |
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
29062
diff
changeset
|
887 crts = g_slist_delete_link(crts, crts); |
21647
a57adf1de9cb
Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents:
21561
diff
changeset
|
888 } |
a57adf1de9cb
Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents:
21561
diff
changeset
|
889 |
a57adf1de9cb
Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents:
21561
diff
changeset
|
890 g_free(fullpath); |
19201
73d8dd2169c4
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19096
diff
changeset
|
891 } |
21647
a57adf1de9cb
Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents:
21561
diff
changeset
|
892 g_dir_close(certdir); |
19201
73d8dd2169c4
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19096
diff
changeset
|
893 } |
73d8dd2169c4
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19096
diff
changeset
|
894 |
73d8dd2169c4
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19096
diff
changeset
|
895 g_pattern_spec_free(pempat); |
29647
c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
Stu Tomlinson <stu@nosnilmot.com>
parents:
29062
diff
changeset
|
896 g_pattern_spec_free(crtpat); |
21647
a57adf1de9cb
Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents:
21561
diff
changeset
|
897 |
19095
cd70e75f9a83
- x509_ca_lazy_init is more implemented
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19094
diff
changeset
|
898 purple_debug_info("certificate/x509/ca", |
cd70e75f9a83
- x509_ca_lazy_init is more implemented
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19094
diff
changeset
|
899 "Lazy init completed.\n"); |
19094
dd9f69ebaae8
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19093
diff
changeset
|
900 x509_ca_initialized = TRUE; |
dd9f69ebaae8
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19093
diff
changeset
|
901 return TRUE; |
dd9f69ebaae8
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19093
diff
changeset
|
902 } |
dd9f69ebaae8
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19093
diff
changeset
|
903 |
19093
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
904 static gboolean |
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
905 x509_ca_init(void) |
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
906 { |
21647
a57adf1de9cb
Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents:
21561
diff
changeset
|
907 /* Attempt to point at the appropriate system path */ |
a57adf1de9cb
Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents:
21561
diff
changeset
|
908 if (NULL == x509_ca_paths) { |
a57adf1de9cb
Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents:
21561
diff
changeset
|
909 #ifdef _WIN32 |
a57adf1de9cb
Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents:
21561
diff
changeset
|
910 x509_ca_paths = g_list_append(NULL, g_build_filename(DATADIR, |
a57adf1de9cb
Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents:
21561
diff
changeset
|
911 "ca-certs", NULL)); |
a57adf1de9cb
Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents:
21561
diff
changeset
|
912 #else |
23330
390384053186
Add a configure option, --with-ssl-certificates to allow packagers to
Richard Laager <rlaager@wiktel.com>
parents:
23036
diff
changeset
|
913 # ifdef SSL_CERTIFICATES_DIR |
23685
e72e03fb5ef1
Fix a crash on exit when using --with-system-ssl-certs
Mark Doliner <mark@kingant.net>
parents:
23330
diff
changeset
|
914 x509_ca_paths = g_list_append(NULL, g_strdup(SSL_CERTIFICATES_DIR)); |
23330
390384053186
Add a configure option, --with-ssl-certificates to allow packagers to
Richard Laager <rlaager@wiktel.com>
parents:
23036
diff
changeset
|
915 # endif |
24732
d9e3434d6416
uncondtionally install some certificates and use them, References #6680.
Ka-Hing Cheung <khc@hxbc.us>
parents:
24270
diff
changeset
|
916 x509_ca_paths = g_list_append(x509_ca_paths, |
d9e3434d6416
uncondtionally install some certificates and use them, References #6680.
Ka-Hing Cheung <khc@hxbc.us>
parents:
24270
diff
changeset
|
917 g_build_filename(DATADIR, "purple", "ca-certs", NULL)); |
21647
a57adf1de9cb
Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents:
21561
diff
changeset
|
918 #endif |
a57adf1de9cb
Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents:
21561
diff
changeset
|
919 } |
a57adf1de9cb
Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents:
21561
diff
changeset
|
920 |
19094
dd9f69ebaae8
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19093
diff
changeset
|
921 /* Attempt to initialize now, but if it doesn't work, that's OK; |
dd9f69ebaae8
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19093
diff
changeset
|
922 it will get done later */ |
dd9f69ebaae8
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19093
diff
changeset
|
923 if ( ! x509_ca_lazy_init()) { |
dd9f69ebaae8
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19093
diff
changeset
|
924 purple_debug_info("certificate/x509/ca", |
19095
cd70e75f9a83
- x509_ca_lazy_init is more implemented
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19094
diff
changeset
|
925 "Init failed, probably because a " |
19094
dd9f69ebaae8
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19093
diff
changeset
|
926 "dependency is not yet registered. " |
dd9f69ebaae8
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19093
diff
changeset
|
927 "It has been deferred to later.\n"); |
dd9f69ebaae8
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19093
diff
changeset
|
928 } |
21647
a57adf1de9cb
Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents:
21561
diff
changeset
|
929 |
19093
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
930 return TRUE; |
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
931 } |
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
932 |
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
933 static void |
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
934 x509_ca_uninit(void) |
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
935 { |
19202
c0949e081f43
- Write the uninit function for x509_ca
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19201
diff
changeset
|
936 GList *l; |
c0949e081f43
- Write the uninit function for x509_ca
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19201
diff
changeset
|
937 |
c0949e081f43
- Write the uninit function for x509_ca
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19201
diff
changeset
|
938 for (l = x509_ca_certs; l; l = l->next) { |
c0949e081f43
- Write the uninit function for x509_ca
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19201
diff
changeset
|
939 x509_ca_element *el = l->data; |
19207
8926e15873ca
- Add a helper function to destroy x509_ca_elements, and use it where
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19206
diff
changeset
|
940 x509_ca_element_free(el); |
19202
c0949e081f43
- Write the uninit function for x509_ca
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19201
diff
changeset
|
941 } |
c0949e081f43
- Write the uninit function for x509_ca
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19201
diff
changeset
|
942 g_list_free(x509_ca_certs); |
c0949e081f43
- Write the uninit function for x509_ca
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19201
diff
changeset
|
943 x509_ca_certs = NULL; |
c0949e081f43
- Write the uninit function for x509_ca
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19201
diff
changeset
|
944 x509_ca_initialized = FALSE; |
21647
a57adf1de9cb
Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents:
21561
diff
changeset
|
945 g_list_foreach(x509_ca_paths, (GFunc)g_free, NULL); |
a57adf1de9cb
Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents:
21561
diff
changeset
|
946 g_list_free(x509_ca_paths); |
a57adf1de9cb
Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents:
21561
diff
changeset
|
947 x509_ca_paths = NULL; |
19093
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
948 } |
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
949 |
19203
6034b8db9dc1
- Add a function to search the x509_ca internal structures for an id
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19202
diff
changeset
|
950 /** Look up a ca_element by dn */ |
6034b8db9dc1
- Add a function to search the x509_ca internal structures for an id
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19202
diff
changeset
|
951 static x509_ca_element * |
19205 | 952 x509_ca_locate_cert(GList *lst, const gchar *dn) |
19203
6034b8db9dc1
- Add a function to search the x509_ca internal structures for an id
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19202
diff
changeset
|
953 { |
6034b8db9dc1
- Add a function to search the x509_ca internal structures for an id
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19202
diff
changeset
|
954 GList *cur; |
6034b8db9dc1
- Add a function to search the x509_ca internal structures for an id
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19202
diff
changeset
|
955 |
6034b8db9dc1
- Add a function to search the x509_ca internal structures for an id
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19202
diff
changeset
|
956 for (cur = lst; cur; cur = cur->next) { |
6034b8db9dc1
- Add a function to search the x509_ca internal structures for an id
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19202
diff
changeset
|
957 x509_ca_element *el = cur->data; |
25894
a6e3cb32cdd2
Patch from Paul Aurich to add purple_strequal to help readability and simplicity of code. Ie, don't need to negate the value of strcmp, since this does a strcmp and does the negation for us
Paul Aurich <paul@darkrain42.org>
parents:
24840
diff
changeset
|
958 if (purple_strequal(dn, el->dn)) { |
19203
6034b8db9dc1
- Add a function to search the x509_ca internal structures for an id
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19202
diff
changeset
|
959 return el; |
6034b8db9dc1
- Add a function to search the x509_ca internal structures for an id
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19202
diff
changeset
|
960 } |
6034b8db9dc1
- Add a function to search the x509_ca internal structures for an id
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19202
diff
changeset
|
961 } |
6034b8db9dc1
- Add a function to search the x509_ca internal structures for an id
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19202
diff
changeset
|
962 return NULL; |
6034b8db9dc1
- Add a function to search the x509_ca internal structures for an id
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19202
diff
changeset
|
963 } |
6034b8db9dc1
- Add a function to search the x509_ca internal structures for an id
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19202
diff
changeset
|
964 |
30960
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
965 static GSList * |
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
966 x509_ca_locate_certs(GList *lst, const gchar *dn) |
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
967 { |
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
968 GList *cur; |
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
969 GSList *crts = NULL; |
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
970 |
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
971 for (cur = lst; cur; cur = cur->next) { |
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
972 x509_ca_element *el = cur->data; |
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
973 if (purple_strequal(dn, el->dn)) { |
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
974 crts = g_slist_prepend(crts, el); |
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
975 } |
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
976 } |
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
977 return crts; |
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
978 } |
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
979 |
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
980 |
19093
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
981 static gboolean |
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
982 x509_ca_cert_in_pool(const gchar *id) |
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
983 { |
19094
dd9f69ebaae8
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19093
diff
changeset
|
984 g_return_val_if_fail(x509_ca_lazy_init(), FALSE); |
19093
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
985 g_return_val_if_fail(id, FALSE); |
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
986 |
19205 | 987 if (x509_ca_locate_cert(x509_ca_certs, id) != NULL) { |
19204
2847b6c84d6c
- Implement x509_ca cert_in_pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19203
diff
changeset
|
988 return TRUE; |
2847b6c84d6c
- Implement x509_ca cert_in_pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19203
diff
changeset
|
989 } else { |
2847b6c84d6c
- Implement x509_ca cert_in_pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19203
diff
changeset
|
990 return FALSE; |
2847b6c84d6c
- Implement x509_ca cert_in_pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19203
diff
changeset
|
991 } |
2847b6c84d6c
- Implement x509_ca cert_in_pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19203
diff
changeset
|
992 |
2847b6c84d6c
- Implement x509_ca cert_in_pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19203
diff
changeset
|
993 return FALSE; |
19093
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
994 } |
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
995 |
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
996 static PurpleCertificate * |
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
997 x509_ca_get_cert(const gchar *id) |
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
998 { |
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
999 PurpleCertificate *crt = NULL; |
19206
919395a01483
- Implement x509_ca_get_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19205
diff
changeset
|
1000 x509_ca_element *el; |
19094
dd9f69ebaae8
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19093
diff
changeset
|
1001 |
dd9f69ebaae8
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19093
diff
changeset
|
1002 g_return_val_if_fail(x509_ca_lazy_init(), NULL); |
19093
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
1003 g_return_val_if_fail(id, NULL); |
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
1004 |
19206
919395a01483
- Implement x509_ca_get_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19205
diff
changeset
|
1005 /* Search the memory-cached pool */ |
919395a01483
- Implement x509_ca_get_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19205
diff
changeset
|
1006 el = x509_ca_locate_cert(x509_ca_certs, id); |
919395a01483
- Implement x509_ca_get_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19205
diff
changeset
|
1007 |
919395a01483
- Implement x509_ca_get_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19205
diff
changeset
|
1008 if (el != NULL) { |
919395a01483
- Implement x509_ca_get_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19205
diff
changeset
|
1009 /* Make a copy of the memcached one for the function caller |
919395a01483
- Implement x509_ca_get_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19205
diff
changeset
|
1010 to play with */ |
919395a01483
- Implement x509_ca_get_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19205
diff
changeset
|
1011 crt = purple_certificate_copy(el->crt); |
919395a01483
- Implement x509_ca_get_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19205
diff
changeset
|
1012 } else { |
919395a01483
- Implement x509_ca_get_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19205
diff
changeset
|
1013 crt = NULL; |
19093
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
1014 } |
25924
584063555949
Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents:
25894
diff
changeset
|
1015 |
19093
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
1016 return crt; |
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
1017 } |
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
1018 |
30960
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
1019 static GSList * |
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
1020 x509_ca_get_certs(const gchar *id) |
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
1021 { |
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
1022 GSList *crts = NULL, *els = NULL; |
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
1023 |
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
1024 g_return_val_if_fail(x509_ca_lazy_init(), NULL); |
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
1025 g_return_val_if_fail(id, NULL); |
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
1026 |
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
1027 /* Search the memory-cached pool */ |
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
1028 els = x509_ca_locate_certs(x509_ca_certs, id); |
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
1029 |
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
1030 if (els != NULL) { |
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
1031 GSList *cur; |
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
1032 /* Make a copy of the memcached ones for the function caller |
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
1033 to play with */ |
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
1034 for (cur = els; cur; cur = cur->next) { |
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
1035 x509_ca_element *el = cur->data; |
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
1036 crts = g_slist_prepend(crts, purple_certificate_copy(el->crt)); |
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
1037 } |
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
1038 g_slist_free(els); |
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
1039 } |
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
1040 |
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
1041 return crts; |
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
1042 } |
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
1043 |
19093
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
1044 static gboolean |
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
1045 x509_ca_put_cert(const gchar *id, PurpleCertificate *crt) |
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
1046 { |
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
1047 gboolean ret = FALSE; |
25924
584063555949
Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents:
25894
diff
changeset
|
1048 |
19094
dd9f69ebaae8
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19093
diff
changeset
|
1049 g_return_val_if_fail(x509_ca_lazy_init(), FALSE); |
19093
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
1050 |
19096
81163e153778
- Add a hacked-up method of adding certs to the CA pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19095
diff
changeset
|
1051 /* TODO: This is a quick way of doing this. At some point the change |
81163e153778
- Add a hacked-up method of adding certs to the CA pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19095
diff
changeset
|
1052 ought to be flushed to disk somehow. */ |
19201
73d8dd2169c4
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19096
diff
changeset
|
1053 ret = x509_ca_quiet_put_cert(crt); |
19096
81163e153778
- Add a hacked-up method of adding certs to the CA pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19095
diff
changeset
|
1054 |
19093
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
1055 return ret; |
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
1056 } |
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
1057 |
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
1058 static gboolean |
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
1059 x509_ca_delete_cert(const gchar *id) |
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
1060 { |
19208
7b81934f4c85
- Implement x509_ca_delete_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19207
diff
changeset
|
1061 x509_ca_element *el; |
25924
584063555949
Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents:
25894
diff
changeset
|
1062 |
19094
dd9f69ebaae8
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19093
diff
changeset
|
1063 g_return_val_if_fail(x509_ca_lazy_init(), FALSE); |
19093
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
1064 g_return_val_if_fail(id, FALSE); |
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
1065 |
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
1066 /* Is the id even in the pool? */ |
19208
7b81934f4c85
- Implement x509_ca_delete_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19207
diff
changeset
|
1067 el = x509_ca_locate_cert(x509_ca_certs, id); |
7b81934f4c85
- Implement x509_ca_delete_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19207
diff
changeset
|
1068 if ( el == NULL ) { |
19094
dd9f69ebaae8
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19093
diff
changeset
|
1069 purple_debug_warning("certificate/x509/ca", |
19093
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
1070 "Id %s wasn't in the pool\n", |
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
1071 id); |
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
1072 return FALSE; |
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
1073 } |
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
1074 |
19208
7b81934f4c85
- Implement x509_ca_delete_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19207
diff
changeset
|
1075 /* Unlink it from the memory cache and destroy it */ |
7b81934f4c85
- Implement x509_ca_delete_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19207
diff
changeset
|
1076 x509_ca_certs = g_list_remove(x509_ca_certs, el); |
7b81934f4c85
- Implement x509_ca_delete_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19207
diff
changeset
|
1077 x509_ca_element_free(el); |
25924
584063555949
Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents:
25894
diff
changeset
|
1078 |
19208
7b81934f4c85
- Implement x509_ca_delete_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19207
diff
changeset
|
1079 return TRUE; |
19093
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
1080 } |
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
1081 |
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
1082 static GList * |
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
1083 x509_ca_get_idlist(void) |
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
1084 { |
19209
a6ab0ea47d0f
- Implement x509_ca_get_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19208
diff
changeset
|
1085 GList *l, *idlist; |
25924
584063555949
Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents:
25894
diff
changeset
|
1086 |
19094
dd9f69ebaae8
In x509_ca pool:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19093
diff
changeset
|
1087 g_return_val_if_fail(x509_ca_lazy_init(), NULL); |
19209
a6ab0ea47d0f
- Implement x509_ca_get_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19208
diff
changeset
|
1088 |
a6ab0ea47d0f
- Implement x509_ca_get_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19208
diff
changeset
|
1089 idlist = NULL; |
a6ab0ea47d0f
- Implement x509_ca_get_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19208
diff
changeset
|
1090 for (l = x509_ca_certs; l; l = l->next) { |
a6ab0ea47d0f
- Implement x509_ca_get_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19208
diff
changeset
|
1091 x509_ca_element *el = l->data; |
a6ab0ea47d0f
- Implement x509_ca_get_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19208
diff
changeset
|
1092 idlist = g_list_prepend(idlist, g_strdup(el->dn)); |
a6ab0ea47d0f
- Implement x509_ca_get_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19208
diff
changeset
|
1093 } |
25924
584063555949
Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents:
25894
diff
changeset
|
1094 |
19209
a6ab0ea47d0f
- Implement x509_ca_get_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19208
diff
changeset
|
1095 return idlist; |
19093
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
1096 } |
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
1097 |
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
1098 |
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
1099 static PurpleCertificatePool x509_ca = { |
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
1100 "x509", /* Scheme name */ |
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
1101 "ca", /* Pool name */ |
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
1102 N_("Certificate Authorities"),/* User-friendly name */ |
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
1103 NULL, /* Internal data */ |
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
1104 x509_ca_init, /* init */ |
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
1105 x509_ca_uninit, /* uninit */ |
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
1106 x509_ca_cert_in_pool, /* Certificate exists? */ |
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
1107 x509_ca_get_cert, /* Cert retriever */ |
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
1108 x509_ca_put_cert, /* Cert writer */ |
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
1109 x509_ca_delete_cert, /* Cert remover */ |
19649
450f4a3c4c0f
- Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19564
diff
changeset
|
1110 x509_ca_get_idlist, /* idlist retriever */ |
450f4a3c4c0f
- Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19564
diff
changeset
|
1111 |
450f4a3c4c0f
- Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19564
diff
changeset
|
1112 NULL, |
450f4a3c4c0f
- Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19564
diff
changeset
|
1113 NULL, |
450f4a3c4c0f
- Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19564
diff
changeset
|
1114 NULL, |
450f4a3c4c0f
- Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19564
diff
changeset
|
1115 NULL |
450f4a3c4c0f
- Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19564
diff
changeset
|
1116 |
19093
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
1117 }; |
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
1118 |
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
1119 |
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
1120 |
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
1121 /***** Cache of certificates given by TLS/SSL peers *****/ |
18975
172b8d1dc2be
- CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18973
diff
changeset
|
1122 static PurpleCertificatePool x509_tls_peers; |
172b8d1dc2be
- CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18973
diff
changeset
|
1123 |
172b8d1dc2be
- CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18973
diff
changeset
|
1124 static gboolean |
172b8d1dc2be
- CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18973
diff
changeset
|
1125 x509_tls_peers_init(void) |
172b8d1dc2be
- CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18973
diff
changeset
|
1126 { |
18985
806c610ac5a0
- Add init for x509_tls_peers pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18984
diff
changeset
|
1127 gchar *poolpath; |
806c610ac5a0
- Add init for x509_tls_peers pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18984
diff
changeset
|
1128 int ret; |
25924
584063555949
Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents:
25894
diff
changeset
|
1129 |
18985
806c610ac5a0
- Add init for x509_tls_peers pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18984
diff
changeset
|
1130 /* Set up key cache here if it isn't already done */ |
806c610ac5a0
- Add init for x509_tls_peers pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18984
diff
changeset
|
1131 poolpath = purple_certificate_pool_mkpath(&x509_tls_peers, NULL); |
806c610ac5a0
- Add init for x509_tls_peers pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18984
diff
changeset
|
1132 ret = purple_build_dir(poolpath, 0700); /* Make it this user only */ |
18975
172b8d1dc2be
- CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18973
diff
changeset
|
1133 |
27536
18a96fe78870
Don't fail an assertion and don't return FALSE if we can't create
Mark Doliner <mark@kingant.net>
parents:
27231
diff
changeset
|
1134 if (ret != 0) |
18a96fe78870
Don't fail an assertion and don't return FALSE if we can't create
Mark Doliner <mark@kingant.net>
parents:
27231
diff
changeset
|
1135 purple_debug_info("certificate/tls_peers", |
18a96fe78870
Don't fail an assertion and don't return FALSE if we can't create
Mark Doliner <mark@kingant.net>
parents:
27231
diff
changeset
|
1136 "Could not create %s. Certificates will not be cached.\n", |
18a96fe78870
Don't fail an assertion and don't return FALSE if we can't create
Mark Doliner <mark@kingant.net>
parents:
27231
diff
changeset
|
1137 poolpath); |
18a96fe78870
Don't fail an assertion and don't return FALSE if we can't create
Mark Doliner <mark@kingant.net>
parents:
27231
diff
changeset
|
1138 |
18985
806c610ac5a0
- Add init for x509_tls_peers pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18984
diff
changeset
|
1139 g_free(poolpath); |
806c610ac5a0
- Add init for x509_tls_peers pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18984
diff
changeset
|
1140 |
18975
172b8d1dc2be
- CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18973
diff
changeset
|
1141 return TRUE; |
172b8d1dc2be
- CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18973
diff
changeset
|
1142 } |
172b8d1dc2be
- CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18973
diff
changeset
|
1143 |
172b8d1dc2be
- CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18973
diff
changeset
|
1144 static gboolean |
172b8d1dc2be
- CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18973
diff
changeset
|
1145 x509_tls_peers_cert_in_pool(const gchar *id) |
172b8d1dc2be
- CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18973
diff
changeset
|
1146 { |
18987
a763dd083b79
- Finished tls_peers cert_in_pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18986
diff
changeset
|
1147 gchar *keypath; |
a763dd083b79
- Finished tls_peers cert_in_pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18986
diff
changeset
|
1148 gboolean ret = FALSE; |
25924
584063555949
Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents:
25894
diff
changeset
|
1149 |
18975
172b8d1dc2be
- CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18973
diff
changeset
|
1150 g_return_val_if_fail(id, FALSE); |
172b8d1dc2be
- CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18973
diff
changeset
|
1151 |
18987
a763dd083b79
- Finished tls_peers cert_in_pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18986
diff
changeset
|
1152 keypath = purple_certificate_pool_mkpath(&x509_tls_peers, id); |
a763dd083b79
- Finished tls_peers cert_in_pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18986
diff
changeset
|
1153 |
a763dd083b79
- Finished tls_peers cert_in_pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18986
diff
changeset
|
1154 ret = g_file_test(keypath, G_FILE_TEST_IS_REGULAR); |
25924
584063555949
Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents:
25894
diff
changeset
|
1155 |
18987
a763dd083b79
- Finished tls_peers cert_in_pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18986
diff
changeset
|
1156 g_free(keypath); |
a763dd083b79
- Finished tls_peers cert_in_pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18986
diff
changeset
|
1157 return ret; |
18975
172b8d1dc2be
- CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18973
diff
changeset
|
1158 } |
172b8d1dc2be
- CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18973
diff
changeset
|
1159 |
172b8d1dc2be
- CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18973
diff
changeset
|
1160 static PurpleCertificate * |
172b8d1dc2be
- CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18973
diff
changeset
|
1161 x509_tls_peers_get_cert(const gchar *id) |
172b8d1dc2be
- CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18973
diff
changeset
|
1162 { |
18987
a763dd083b79
- Finished tls_peers cert_in_pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18986
diff
changeset
|
1163 PurpleCertificateScheme *x509; |
a763dd083b79
- Finished tls_peers cert_in_pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18986
diff
changeset
|
1164 PurpleCertificate *crt; |
a763dd083b79
- Finished tls_peers cert_in_pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18986
diff
changeset
|
1165 gchar *keypath; |
25924
584063555949
Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents:
25894
diff
changeset
|
1166 |
18975
172b8d1dc2be
- CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18973
diff
changeset
|
1167 g_return_val_if_fail(id, NULL); |
172b8d1dc2be
- CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18973
diff
changeset
|
1168 |
18987
a763dd083b79
- Finished tls_peers cert_in_pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18986
diff
changeset
|
1169 /* Is it in the pool? */ |
a763dd083b79
- Finished tls_peers cert_in_pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18986
diff
changeset
|
1170 if ( !x509_tls_peers_cert_in_pool(id) ) { |
a763dd083b79
- Finished tls_peers cert_in_pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18986
diff
changeset
|
1171 return NULL; |
a763dd083b79
- Finished tls_peers cert_in_pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18986
diff
changeset
|
1172 } |
25924
584063555949
Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents:
25894
diff
changeset
|
1173 |
18987
a763dd083b79
- Finished tls_peers cert_in_pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18986
diff
changeset
|
1174 /* Look up the X.509 scheme */ |
a763dd083b79
- Finished tls_peers cert_in_pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18986
diff
changeset
|
1175 x509 = purple_certificate_find_scheme("x509"); |
a763dd083b79
- Finished tls_peers cert_in_pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18986
diff
changeset
|
1176 g_return_val_if_fail(x509, NULL); |
a763dd083b79
- Finished tls_peers cert_in_pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18986
diff
changeset
|
1177 |
a763dd083b79
- Finished tls_peers cert_in_pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18986
diff
changeset
|
1178 /* Okay, now find and load that key */ |
a763dd083b79
- Finished tls_peers cert_in_pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18986
diff
changeset
|
1179 keypath = purple_certificate_pool_mkpath(&x509_tls_peers, id); |
18990
3f2944bdb404
- Finish tls_peers get_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18989
diff
changeset
|
1180 crt = purple_certificate_import(x509, keypath); |
18987
a763dd083b79
- Finished tls_peers cert_in_pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18986
diff
changeset
|
1181 |
18990
3f2944bdb404
- Finish tls_peers get_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18989
diff
changeset
|
1182 g_free(keypath); |
18987
a763dd083b79
- Finished tls_peers cert_in_pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18986
diff
changeset
|
1183 |
18990
3f2944bdb404
- Finish tls_peers get_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18989
diff
changeset
|
1184 return crt; |
18975
172b8d1dc2be
- CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18973
diff
changeset
|
1185 } |
172b8d1dc2be
- CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18973
diff
changeset
|
1186 |
172b8d1dc2be
- CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18973
diff
changeset
|
1187 static gboolean |
18982
8948cd6bb8bc
- CertificatePool put_cert now accepts an id argument
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18977
diff
changeset
|
1188 x509_tls_peers_put_cert(const gchar *id, PurpleCertificate *crt) |
18975
172b8d1dc2be
- CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18973
diff
changeset
|
1189 { |
18991
7a144f2229c6
- Add tls_peers put_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18990
diff
changeset
|
1190 gboolean ret = FALSE; |
7a144f2229c6
- Add tls_peers put_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18990
diff
changeset
|
1191 gchar *keypath; |
18975
172b8d1dc2be
- CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18973
diff
changeset
|
1192 |
18991
7a144f2229c6
- Add tls_peers put_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18990
diff
changeset
|
1193 g_return_val_if_fail(crt, FALSE); |
7a144f2229c6
- Add tls_peers put_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18990
diff
changeset
|
1194 g_return_val_if_fail(crt->scheme, FALSE); |
7a144f2229c6
- Add tls_peers put_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18990
diff
changeset
|
1195 /* Make sure that this is some kind of X.509 certificate */ |
18992
605e69fa7108
- Comment change
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18991
diff
changeset
|
1196 /* TODO: Perhaps just check crt->scheme->name instead? */ |
18991
7a144f2229c6
- Add tls_peers put_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18990
diff
changeset
|
1197 g_return_val_if_fail(crt->scheme == purple_certificate_find_scheme(x509_tls_peers.scheme_name), FALSE); |
7a144f2229c6
- Add tls_peers put_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18990
diff
changeset
|
1198 |
7a144f2229c6
- Add tls_peers put_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18990
diff
changeset
|
1199 /* Work out the filename and export */ |
7a144f2229c6
- Add tls_peers put_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18990
diff
changeset
|
1200 keypath = purple_certificate_pool_mkpath(&x509_tls_peers, id); |
7a144f2229c6
- Add tls_peers put_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18990
diff
changeset
|
1201 ret = purple_certificate_export(keypath, crt); |
25924
584063555949
Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents:
25894
diff
changeset
|
1202 |
18991
7a144f2229c6
- Add tls_peers put_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18990
diff
changeset
|
1203 g_free(keypath); |
7a144f2229c6
- Add tls_peers put_cert
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18990
diff
changeset
|
1204 return ret; |
18975
172b8d1dc2be
- CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18973
diff
changeset
|
1205 } |
172b8d1dc2be
- CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18973
diff
changeset
|
1206 |
19047
3af5d9ed9ad3
- Write remove_cert function for tls_peers Pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19046
diff
changeset
|
1207 static gboolean |
19048
fd0b4b2f6cf0
- remove_cert => delete_cert, because naming conventions are our
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19047
diff
changeset
|
1208 x509_tls_peers_delete_cert(const gchar *id) |
19047
3af5d9ed9ad3
- Write remove_cert function for tls_peers Pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19046
diff
changeset
|
1209 { |
3af5d9ed9ad3
- Write remove_cert function for tls_peers Pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19046
diff
changeset
|
1210 gboolean ret = FALSE; |
3af5d9ed9ad3
- Write remove_cert function for tls_peers Pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19046
diff
changeset
|
1211 gchar *keypath; |
3af5d9ed9ad3
- Write remove_cert function for tls_peers Pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19046
diff
changeset
|
1212 |
3af5d9ed9ad3
- Write remove_cert function for tls_peers Pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19046
diff
changeset
|
1213 g_return_val_if_fail(id, FALSE); |
3af5d9ed9ad3
- Write remove_cert function for tls_peers Pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19046
diff
changeset
|
1214 |
3af5d9ed9ad3
- Write remove_cert function for tls_peers Pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19046
diff
changeset
|
1215 /* Is the id even in the pool? */ |
3af5d9ed9ad3
- Write remove_cert function for tls_peers Pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19046
diff
changeset
|
1216 if (!x509_tls_peers_cert_in_pool(id)) { |
3af5d9ed9ad3
- Write remove_cert function for tls_peers Pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19046
diff
changeset
|
1217 purple_debug_warning("certificate/tls_peers", |
3af5d9ed9ad3
- Write remove_cert function for tls_peers Pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19046
diff
changeset
|
1218 "Id %s wasn't in the pool\n", |
3af5d9ed9ad3
- Write remove_cert function for tls_peers Pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19046
diff
changeset
|
1219 id); |
3af5d9ed9ad3
- Write remove_cert function for tls_peers Pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19046
diff
changeset
|
1220 return FALSE; |
3af5d9ed9ad3
- Write remove_cert function for tls_peers Pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19046
diff
changeset
|
1221 } |
3af5d9ed9ad3
- Write remove_cert function for tls_peers Pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19046
diff
changeset
|
1222 |
3af5d9ed9ad3
- Write remove_cert function for tls_peers Pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19046
diff
changeset
|
1223 /* OK, so work out the keypath and delete the thing */ |
25924
584063555949
Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents:
25894
diff
changeset
|
1224 keypath = purple_certificate_pool_mkpath(&x509_tls_peers, id); |
19047
3af5d9ed9ad3
- Write remove_cert function for tls_peers Pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19046
diff
changeset
|
1225 if ( unlink(keypath) != 0 ) { |
3af5d9ed9ad3
- Write remove_cert function for tls_peers Pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19046
diff
changeset
|
1226 purple_debug_error("certificate/tls_peers", |
3af5d9ed9ad3
- Write remove_cert function for tls_peers Pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19046
diff
changeset
|
1227 "Unlink of %s failed!\n", |
3af5d9ed9ad3
- Write remove_cert function for tls_peers Pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19046
diff
changeset
|
1228 keypath); |
3af5d9ed9ad3
- Write remove_cert function for tls_peers Pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19046
diff
changeset
|
1229 ret = FALSE; |
3af5d9ed9ad3
- Write remove_cert function for tls_peers Pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19046
diff
changeset
|
1230 } else { |
3af5d9ed9ad3
- Write remove_cert function for tls_peers Pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19046
diff
changeset
|
1231 ret = TRUE; |
3af5d9ed9ad3
- Write remove_cert function for tls_peers Pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19046
diff
changeset
|
1232 } |
3af5d9ed9ad3
- Write remove_cert function for tls_peers Pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19046
diff
changeset
|
1233 |
3af5d9ed9ad3
- Write remove_cert function for tls_peers Pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19046
diff
changeset
|
1234 g_free(keypath); |
3af5d9ed9ad3
- Write remove_cert function for tls_peers Pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19046
diff
changeset
|
1235 return ret; |
3af5d9ed9ad3
- Write remove_cert function for tls_peers Pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19046
diff
changeset
|
1236 } |
3af5d9ed9ad3
- Write remove_cert function for tls_peers Pool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19046
diff
changeset
|
1237 |
19027
15d9031e03b2
- Add get_idlist support to tls_peers CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19026
diff
changeset
|
1238 static GList * |
15d9031e03b2
- Add get_idlist support to tls_peers CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19026
diff
changeset
|
1239 x509_tls_peers_get_idlist(void) |
15d9031e03b2
- Add get_idlist support to tls_peers CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19026
diff
changeset
|
1240 { |
15d9031e03b2
- Add get_idlist support to tls_peers CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19026
diff
changeset
|
1241 GList *idlist = NULL; |
15d9031e03b2
- Add get_idlist support to tls_peers CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19026
diff
changeset
|
1242 GDir *dir; |
15d9031e03b2
- Add get_idlist support to tls_peers CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19026
diff
changeset
|
1243 const gchar *entry; |
15d9031e03b2
- Add get_idlist support to tls_peers CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19026
diff
changeset
|
1244 gchar *poolpath; |
15d9031e03b2
- Add get_idlist support to tls_peers CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19026
diff
changeset
|
1245 |
15d9031e03b2
- Add get_idlist support to tls_peers CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19026
diff
changeset
|
1246 /* Get a handle on the pool directory */ |
15d9031e03b2
- Add get_idlist support to tls_peers CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19026
diff
changeset
|
1247 poolpath = purple_certificate_pool_mkpath(&x509_tls_peers, NULL); |
15d9031e03b2
- Add get_idlist support to tls_peers CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19026
diff
changeset
|
1248 dir = g_dir_open(poolpath, |
15d9031e03b2
- Add get_idlist support to tls_peers CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19026
diff
changeset
|
1249 0, /* No flags */ |
15d9031e03b2
- Add get_idlist support to tls_peers CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19026
diff
changeset
|
1250 NULL); /* Not interested in what the error is */ |
15d9031e03b2
- Add get_idlist support to tls_peers CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19026
diff
changeset
|
1251 g_free(poolpath); |
15d9031e03b2
- Add get_idlist support to tls_peers CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19026
diff
changeset
|
1252 |
15d9031e03b2
- Add get_idlist support to tls_peers CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19026
diff
changeset
|
1253 g_return_val_if_fail(dir, NULL); |
15d9031e03b2
- Add get_idlist support to tls_peers CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19026
diff
changeset
|
1254 |
15d9031e03b2
- Add get_idlist support to tls_peers CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19026
diff
changeset
|
1255 /* Traverse the directory listing and create an idlist */ |
15d9031e03b2
- Add get_idlist support to tls_peers CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19026
diff
changeset
|
1256 while ( (entry = g_dir_read_name(dir)) != NULL ) { |
19078
3987f76c0e4b
- tls_peers pool unescapes filenames in its directory, as it should
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19077
diff
changeset
|
1257 /* Unescape the filename */ |
3987f76c0e4b
- tls_peers pool unescapes filenames in its directory, as it should
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19077
diff
changeset
|
1258 const char *unescaped = purple_unescape_filename(entry); |
25924
584063555949
Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents:
25894
diff
changeset
|
1259 |
19027
15d9031e03b2
- Add get_idlist support to tls_peers CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19026
diff
changeset
|
1260 /* Copy the entry name into our list (GLib owns the original |
15d9031e03b2
- Add get_idlist support to tls_peers CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19026
diff
changeset
|
1261 string) */ |
19078
3987f76c0e4b
- tls_peers pool unescapes filenames in its directory, as it should
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19077
diff
changeset
|
1262 idlist = g_list_prepend(idlist, g_strdup(unescaped)); |
19027
15d9031e03b2
- Add get_idlist support to tls_peers CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19026
diff
changeset
|
1263 } |
15d9031e03b2
- Add get_idlist support to tls_peers CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19026
diff
changeset
|
1264 |
15d9031e03b2
- Add get_idlist support to tls_peers CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19026
diff
changeset
|
1265 /* Release the directory */ |
15d9031e03b2
- Add get_idlist support to tls_peers CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19026
diff
changeset
|
1266 g_dir_close(dir); |
25924
584063555949
Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents:
25894
diff
changeset
|
1267 |
19027
15d9031e03b2
- Add get_idlist support to tls_peers CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19026
diff
changeset
|
1268 return idlist; |
15d9031e03b2
- Add get_idlist support to tls_peers CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19026
diff
changeset
|
1269 } |
15d9031e03b2
- Add get_idlist support to tls_peers CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19026
diff
changeset
|
1270 |
18975
172b8d1dc2be
- CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18973
diff
changeset
|
1271 static PurpleCertificatePool x509_tls_peers = { |
172b8d1dc2be
- CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18973
diff
changeset
|
1272 "x509", /* Scheme name */ |
172b8d1dc2be
- CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18973
diff
changeset
|
1273 "tls_peers", /* Pool name */ |
172b8d1dc2be
- CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18973
diff
changeset
|
1274 N_("SSL Peers Cache"), /* User-friendly name */ |
172b8d1dc2be
- CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18973
diff
changeset
|
1275 NULL, /* Internal data */ |
172b8d1dc2be
- CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18973
diff
changeset
|
1276 x509_tls_peers_init, /* init */ |
172b8d1dc2be
- CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18973
diff
changeset
|
1277 NULL, /* uninit not required */ |
172b8d1dc2be
- CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18973
diff
changeset
|
1278 x509_tls_peers_cert_in_pool, /* Certificate exists? */ |
172b8d1dc2be
- CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18973
diff
changeset
|
1279 x509_tls_peers_get_cert, /* Cert retriever */ |
19026
b3acaf46d9ad
- Add pool_get_idlist / pool_destroy_idlist
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19024
diff
changeset
|
1280 x509_tls_peers_put_cert, /* Cert writer */ |
19049
8cbc110456ac
- Add purple_certificate_pool_delete
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19048
diff
changeset
|
1281 x509_tls_peers_delete_cert, /* Cert remover */ |
19649
450f4a3c4c0f
- Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19564
diff
changeset
|
1282 x509_tls_peers_get_idlist, /* idlist retriever */ |
450f4a3c4c0f
- Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19564
diff
changeset
|
1283 |
450f4a3c4c0f
- Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19564
diff
changeset
|
1284 NULL, |
450f4a3c4c0f
- Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19564
diff
changeset
|
1285 NULL, |
450f4a3c4c0f
- Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19564
diff
changeset
|
1286 NULL, |
450f4a3c4c0f
- Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19564
diff
changeset
|
1287 NULL |
18975
172b8d1dc2be
- CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18973
diff
changeset
|
1288 }; |
18993
33fb4930ad2b
- Add x509_tls_cached skeleton
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18992
diff
changeset
|
1289 |
33fb4930ad2b
- Add x509_tls_cached skeleton
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18992
diff
changeset
|
1290 |
19093
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
1291 /***** A Verifier that uses the tls_peers cache and the CA pool to validate certificates *****/ |
18993
33fb4930ad2b
- Add x509_tls_cached skeleton
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18992
diff
changeset
|
1292 static PurpleCertificateVerifier x509_tls_cached; |
33fb4930ad2b
- Add x509_tls_cached skeleton
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18992
diff
changeset
|
1293 |
19330
b65a23799dc2
In tls_cached:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19329
diff
changeset
|
1294 |
32556
b1f9e5e9c03f
Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32552
diff
changeset
|
1295 static void |
b1f9e5e9c03f
Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32552
diff
changeset
|
1296 x509_tls_cached_user_auth_accept_cb(PurpleCertificateVerificationRequest *vrq) |
19330
b65a23799dc2
In tls_cached:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19329
diff
changeset
|
1297 { |
32556
b1f9e5e9c03f
Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32552
diff
changeset
|
1298 PurpleCertificatePool *tls_peers; |
b1f9e5e9c03f
Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32552
diff
changeset
|
1299 gchar *cache_id; |
19330
b65a23799dc2
In tls_cached:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19329
diff
changeset
|
1300 |
32556
b1f9e5e9c03f
Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32552
diff
changeset
|
1301 g_return_if_fail(vrq); |
b1f9e5e9c03f
Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32552
diff
changeset
|
1302 |
b1f9e5e9c03f
Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32552
diff
changeset
|
1303 tls_peers = purple_certificate_find_pool("x509", "tls_peers"); |
19330
b65a23799dc2
In tls_cached:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19329
diff
changeset
|
1304 |
32556
b1f9e5e9c03f
Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32552
diff
changeset
|
1305 cache_id = vrq->subject_name; |
b1f9e5e9c03f
Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32552
diff
changeset
|
1306 purple_debug_info("certificate/x509/tls_cached", |
b1f9e5e9c03f
Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32552
diff
changeset
|
1307 "User ACCEPTED cert\nCaching first in chain for future use as %s...\n", |
b1f9e5e9c03f
Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32552
diff
changeset
|
1308 cache_id); |
19330
b65a23799dc2
In tls_cached:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19329
diff
changeset
|
1309 |
32556
b1f9e5e9c03f
Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32552
diff
changeset
|
1310 purple_certificate_pool_store(tls_peers, cache_id, vrq->cert_chain->data); |
b1f9e5e9c03f
Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32552
diff
changeset
|
1311 |
b1f9e5e9c03f
Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32552
diff
changeset
|
1312 purple_certificate_verify_complete(vrq, PURPLE_CERTIFICATE_VALID); |
19330
b65a23799dc2
In tls_cached:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19329
diff
changeset
|
1313 } |
b65a23799dc2
In tls_cached:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19329
diff
changeset
|
1314 |
b65a23799dc2
In tls_cached:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19329
diff
changeset
|
1315 static void |
32556
b1f9e5e9c03f
Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32552
diff
changeset
|
1316 x509_tls_cached_user_auth_reject_cb(PurpleCertificateVerificationRequest *vrq) |
19330
b65a23799dc2
In tls_cached:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19329
diff
changeset
|
1317 { |
32556
b1f9e5e9c03f
Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32552
diff
changeset
|
1318 g_return_if_fail(vrq); |
19001
b207701cb5a3
- Wrote the logic for the "previously unknown host" condition in
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19000
diff
changeset
|
1319 |
32556
b1f9e5e9c03f
Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32552
diff
changeset
|
1320 purple_debug_warning("certificate/x509/tls_cached", "User REJECTED cert\n"); |
19091
489889091b14
- Remove all usage of purple_certificate_verify_destroy, as it is
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19090
diff
changeset
|
1321 |
32556
b1f9e5e9c03f
Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32552
diff
changeset
|
1322 purple_certificate_verify_complete(vrq, PURPLE_CERTIFICATE_INVALID); |
19515
b62683f4120d
There's some disagreement over the response-id sent to the callbacks to
Sadrul Habib Chowdhury <imadil@gmail.com>
parents:
19504
diff
changeset
|
1323 } |
b62683f4120d
There's some disagreement over the response-id sent to the callbacks to
Sadrul Habib Chowdhury <imadil@gmail.com>
parents:
19504
diff
changeset
|
1324 |
19330
b65a23799dc2
In tls_cached:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19329
diff
changeset
|
1325 /** Validates a certificate by asking the user |
b65a23799dc2
In tls_cached:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19329
diff
changeset
|
1326 * @param reason String to explain why the user needs to accept/refuse the |
b65a23799dc2
In tls_cached:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19329
diff
changeset
|
1327 * certificate. |
b65a23799dc2
In tls_cached:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19329
diff
changeset
|
1328 * @todo Needs a handle argument |
b65a23799dc2
In tls_cached:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19329
diff
changeset
|
1329 */ |
19001
b207701cb5a3
- Wrote the logic for the "previously unknown host" condition in
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19000
diff
changeset
|
1330 static void |
19330
b65a23799dc2
In tls_cached:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19329
diff
changeset
|
1331 x509_tls_cached_user_auth(PurpleCertificateVerificationRequest *vrq, |
b65a23799dc2
In tls_cached:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19329
diff
changeset
|
1332 const gchar *reason) |
19000
986413850713
- More skeletonizing for tls_cached logic.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18999
diff
changeset
|
1333 { |
19330
b65a23799dc2
In tls_cached:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19329
diff
changeset
|
1334 gchar *primary; |
19001
b207701cb5a3
- Wrote the logic for the "previously unknown host" condition in
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19000
diff
changeset
|
1335 |
19330
b65a23799dc2
In tls_cached:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19329
diff
changeset
|
1336 primary = g_strdup_printf(_("Accept certificate for %s?"), |
b65a23799dc2
In tls_cached:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19329
diff
changeset
|
1337 vrq->subject_name); |
25924
584063555949
Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents:
25894
diff
changeset
|
1338 |
32556
b1f9e5e9c03f
Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32552
diff
changeset
|
1339 purple_request_certificate( |
19001
b207701cb5a3
- Wrote the logic for the "previously unknown host" condition in
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19000
diff
changeset
|
1340 vrq->cb_data, /* TODO: Find what the handle ought to be */ |
b207701cb5a3
- Wrote the logic for the "previously unknown host" condition in
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19000
diff
changeset
|
1341 _("SSL Certificate Verification"), |
b207701cb5a3
- Wrote the logic for the "previously unknown host" condition in
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19000
diff
changeset
|
1342 primary, |
19330
b65a23799dc2
In tls_cached:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19329
diff
changeset
|
1343 reason, |
32556
b1f9e5e9c03f
Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32552
diff
changeset
|
1344 vrq->cert_chain->data, |
b1f9e5e9c03f
Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32552
diff
changeset
|
1345 _("Accept"), G_CALLBACK(x509_tls_cached_user_auth_accept_cb), |
b1f9e5e9c03f
Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32552
diff
changeset
|
1346 _("Reject"), G_CALLBACK(x509_tls_cached_user_auth_reject_cb), |
b1f9e5e9c03f
Use new certificate request API when prompting the user to accept certs.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
32552
diff
changeset
|
1347 vrq); |
25924
584063555949
Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents:
25894
diff
changeset
|
1348 |
19001
b207701cb5a3
- Wrote the logic for the "previously unknown host" condition in
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19000
diff
changeset
|
1349 g_free(primary); |
19000
986413850713
- More skeletonizing for tls_cached logic.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18999
diff
changeset
|
1350 } |
986413850713
- More skeletonizing for tls_cached logic.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18999
diff
changeset
|
1351 |
986413850713
- More skeletonizing for tls_cached logic.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18999
diff
changeset
|
1352 static void |
28051
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1353 x509_tls_cached_unknown_peer(PurpleCertificateVerificationRequest *vrq, |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1354 PurpleCertificateInvalidityFlags flags); |
21929
cedbb3860134
If a peer certificate does not match our cached cert, do not auto reject it!
Stu Tomlinson <stu@nosnilmot.com>
parents:
21927
diff
changeset
|
1355 |
cedbb3860134
If a peer certificate does not match our cached cert, do not auto reject it!
Stu Tomlinson <stu@nosnilmot.com>
parents:
21927
diff
changeset
|
1356 static void |
28051
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1357 x509_tls_cached_complete(PurpleCertificateVerificationRequest *vrq, |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1358 PurpleCertificateInvalidityFlags flags) |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1359 { |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1360 PurpleCertificatePool *tls_peers; |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1361 PurpleCertificate *peer_crt = vrq->cert_chain->data; |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1362 |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1363 if (flags & PURPLE_CERTIFICATE_FATALS_MASK) { |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1364 /* TODO: Also print any other warnings? */ |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1365 const gchar *error; |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1366 gchar *tmp, *secondary; |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1367 |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1368 if (flags & PURPLE_CERTIFICATE_INVALID_CHAIN) |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1369 error = invalidity_reason_to_string(PURPLE_CERTIFICATE_INVALID_CHAIN); |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1370 else if (flags & PURPLE_CERTIFICATE_REVOKED) |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1371 error = invalidity_reason_to_string(PURPLE_CERTIFICATE_REVOKED); |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1372 else |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1373 error = invalidity_reason_to_string(PURPLE_CERTIFICATE_UNKNOWN_ERROR); |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1374 |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1375 tmp = g_strdup_printf(_("The certificate for %s could not be validated."), |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1376 vrq->subject_name); |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1377 secondary = g_strconcat(tmp, " ", error, NULL); |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1378 g_free(tmp); |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1379 |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1380 purple_notify_error(NULL, /* TODO: Probably wrong. */ |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1381 _("SSL Certificate Error"), |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1382 _("Unable to validate certificate"), |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1383 secondary); |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1384 g_free(secondary); |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1385 |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1386 purple_certificate_verify_complete(vrq, PURPLE_CERTIFICATE_INVALID); |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1387 return; |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1388 } else if (flags & PURPLE_CERTIFICATE_NON_FATALS_MASK) { |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1389 /* Non-fatal error. Prompt the user. */ |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1390 gchar *tmp; |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1391 GString *errors; |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1392 guint32 i = 1; |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1393 |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1394 tmp = g_strdup_printf(_("The certificate for %s could not be validated."), |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1395 vrq->subject_name); |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1396 errors = g_string_new(tmp); |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1397 g_free(tmp); |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1398 |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1399 errors = g_string_append_c(errors, '\n'); |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1400 |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1401 /* Special case a name mismatch because we want to display the two names... */ |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1402 if (flags & PURPLE_CERTIFICATE_NAME_MISMATCH) { |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1403 gchar *sn = purple_certificate_get_subject_name(peer_crt); |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1404 |
28392
64fbf431d952
Print that specific message only when there is a CN; otherwise fall back
Paul Aurich <paul@darkrain42.org>
parents:
28391
diff
changeset
|
1405 if (sn) { |
64fbf431d952
Print that specific message only when there is a CN; otherwise fall back
Paul Aurich <paul@darkrain42.org>
parents:
28391
diff
changeset
|
1406 g_string_append_printf(errors, _("The certificate claims to be " |
64fbf431d952
Print that specific message only when there is a CN; otherwise fall back
Paul Aurich <paul@darkrain42.org>
parents:
28391
diff
changeset
|
1407 "from \"%s\" instead. This could mean that you are " |
64fbf431d952
Print that specific message only when there is a CN; otherwise fall back
Paul Aurich <paul@darkrain42.org>
parents:
28391
diff
changeset
|
1408 "not connecting to the service you believe you are."), |
64fbf431d952
Print that specific message only when there is a CN; otherwise fall back
Paul Aurich <paul@darkrain42.org>
parents:
28391
diff
changeset
|
1409 sn); |
64fbf431d952
Print that specific message only when there is a CN; otherwise fall back
Paul Aurich <paul@darkrain42.org>
parents:
28391
diff
changeset
|
1410 g_free(sn); |
28051
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1411 |
28392
64fbf431d952
Print that specific message only when there is a CN; otherwise fall back
Paul Aurich <paul@darkrain42.org>
parents:
28391
diff
changeset
|
1412 flags &= ~PURPLE_CERTIFICATE_NAME_MISMATCH; |
64fbf431d952
Print that specific message only when there is a CN; otherwise fall back
Paul Aurich <paul@darkrain42.org>
parents:
28391
diff
changeset
|
1413 } |
28051
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1414 } |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1415 |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1416 while (i != PURPLE_CERTIFICATE_LAST) { |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1417 if (flags & i) { |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1418 errors = g_string_append_c(errors, '\n'); |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1419 g_string_append(errors, invalidity_reason_to_string(i)); |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1420 } |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1421 |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1422 i <<= 1; |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1423 } |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1424 |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1425 x509_tls_cached_user_auth(vrq, errors->str); |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1426 g_string_free(errors, TRUE); |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1427 return; |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1428 } |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1429 |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1430 /* If we reach this point, the certificate is good. */ |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1431 |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1432 /* Look up the local cache and store it there for future use */ |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1433 tls_peers = purple_certificate_find_pool(x509_tls_cached.scheme_name, |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1434 "tls_peers"); |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1435 if (tls_peers) { |
28804
57ee55097ec8
certs: Cache certs once again (at the end of the verification process).
Paul Aurich <paul@darkrain42.org>
parents:
28647
diff
changeset
|
1436 if (!purple_certificate_pool_store(tls_peers,vrq->subject_name, |
57ee55097ec8
certs: Cache certs once again (at the end of the verification process).
Paul Aurich <paul@darkrain42.org>
parents:
28647
diff
changeset
|
1437 peer_crt)) { |
28051
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1438 purple_debug_error("certificate/x509/tls_cached", |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1439 "FAILED to cache peer certificate\n"); |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1440 } |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1441 } else { |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1442 purple_debug_error("certificate/x509/tls_cached", |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1443 "Unable to locate tls_peers certificate cache.\n"); |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1444 } |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1445 |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1446 purple_certificate_verify_complete(vrq, PURPLE_CERTIFICATE_VALID); |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1447 } |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1448 |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1449 static void |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1450 x509_tls_cached_cert_in_cache(PurpleCertificateVerificationRequest *vrq, |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1451 PurpleCertificateInvalidityFlags flags) |
19086
e256e0bf8ae1
- Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19085
diff
changeset
|
1452 { |
e256e0bf8ae1
- Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19085
diff
changeset
|
1453 /* TODO: Looking this up by name over and over is expensive. |
e256e0bf8ae1
- Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19085
diff
changeset
|
1454 Fix, please! */ |
e256e0bf8ae1
- Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19085
diff
changeset
|
1455 PurpleCertificatePool *tls_peers = |
e256e0bf8ae1
- Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19085
diff
changeset
|
1456 purple_certificate_find_pool(x509_tls_cached.scheme_name, |
e256e0bf8ae1
- Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19085
diff
changeset
|
1457 "tls_peers"); |
e256e0bf8ae1
- Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19085
diff
changeset
|
1458 |
e256e0bf8ae1
- Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19085
diff
changeset
|
1459 /* The peer's certificate should be the first in the list */ |
e256e0bf8ae1
- Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19085
diff
changeset
|
1460 PurpleCertificate *peer_crt = |
e256e0bf8ae1
- Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19085
diff
changeset
|
1461 (PurpleCertificate *) vrq->cert_chain->data; |
25924
584063555949
Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents:
25894
diff
changeset
|
1462 |
19086
e256e0bf8ae1
- Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19085
diff
changeset
|
1463 PurpleCertificate *cached_crt; |
e256e0bf8ae1
- Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19085
diff
changeset
|
1464 GByteArray *peer_fpr, *cached_fpr; |
e256e0bf8ae1
- Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19085
diff
changeset
|
1465 |
e256e0bf8ae1
- Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19085
diff
changeset
|
1466 /* Load up the cached certificate */ |
e256e0bf8ae1
- Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19085
diff
changeset
|
1467 cached_crt = purple_certificate_pool_retrieve( |
e256e0bf8ae1
- Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19085
diff
changeset
|
1468 tls_peers, vrq->subject_name); |
19553
f36d0d2bf6f2
- Remove g_assert()s. Fixes #2859
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19534
diff
changeset
|
1469 if ( !cached_crt ) { |
27567
199cf148cdf8
Continue verification when we can't find a *cached* peer. Fixes #9664.
Paul Aurich <paul@darkrain42.org>
parents:
27536
diff
changeset
|
1470 purple_debug_warning("certificate/x509/tls_cached", |
19553
f36d0d2bf6f2
- Remove g_assert()s. Fixes #2859
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19534
diff
changeset
|
1471 "Lookup failed on cached certificate!\n" |
27567
199cf148cdf8
Continue verification when we can't find a *cached* peer. Fixes #9664.
Paul Aurich <paul@darkrain42.org>
parents:
27536
diff
changeset
|
1472 "Falling back to full verification.\n"); |
199cf148cdf8
Continue verification when we can't find a *cached* peer. Fixes #9664.
Paul Aurich <paul@darkrain42.org>
parents:
27536
diff
changeset
|
1473 /* vrq now becomes the problem of unknown_peer */ |
28051
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1474 x509_tls_cached_unknown_peer(vrq, flags); |
24840
7608cf033a88
Prevent a NULL ptr deref when unexpected stuff happens in the cert cache. Fixes #7776,#7769
Daniel Atallah <daniel.atallah@gmail.com>
parents:
24732
diff
changeset
|
1475 return; |
19553
f36d0d2bf6f2
- Remove g_assert()s. Fixes #2859
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19534
diff
changeset
|
1476 } |
19086
e256e0bf8ae1
- Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19085
diff
changeset
|
1477 |
e256e0bf8ae1
- Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19085
diff
changeset
|
1478 /* Now get SHA1 sums for both and compare them */ |
e256e0bf8ae1
- Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19085
diff
changeset
|
1479 /* TODO: This is not an elegant way to compare certs */ |
e256e0bf8ae1
- Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19085
diff
changeset
|
1480 peer_fpr = purple_certificate_get_fingerprint_sha1(peer_crt); |
e256e0bf8ae1
- Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19085
diff
changeset
|
1481 cached_fpr = purple_certificate_get_fingerprint_sha1(cached_crt); |
e256e0bf8ae1
- Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19085
diff
changeset
|
1482 if (!memcmp(peer_fpr->data, cached_fpr->data, peer_fpr->len)) { |
e256e0bf8ae1
- Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19085
diff
changeset
|
1483 purple_debug_info("certificate/x509/tls_cached", |
e256e0bf8ae1
- Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19085
diff
changeset
|
1484 "Peer cert matched cached\n"); |
28051
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1485 x509_tls_cached_complete(vrq, flags); |
19086
e256e0bf8ae1
- Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19085
diff
changeset
|
1486 } else { |
27231
627d23bfdb05
Increase the logging level of some debugging messages that seemed to be a
mauro.brasil@tqi.com.br
parents:
25941
diff
changeset
|
1487 purple_debug_error("certificate/x509/tls_cached", |
19086
e256e0bf8ae1
- Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19085
diff
changeset
|
1488 "Peer cert did NOT match cached\n"); |
21929
cedbb3860134
If a peer certificate does not match our cached cert, do not auto reject it!
Stu Tomlinson <stu@nosnilmot.com>
parents:
21927
diff
changeset
|
1489 /* vrq now becomes the problem of the user */ |
28051
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1490 x509_tls_cached_unknown_peer(vrq, flags); |
19086
e256e0bf8ae1
- Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19085
diff
changeset
|
1491 } |
25924
584063555949
Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents:
25894
diff
changeset
|
1492 |
19086
e256e0bf8ae1
- Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19085
diff
changeset
|
1493 purple_certificate_destroy(cached_crt); |
e256e0bf8ae1
- Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19085
diff
changeset
|
1494 g_byte_array_free(peer_fpr, TRUE); |
e256e0bf8ae1
- Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19085
diff
changeset
|
1495 g_byte_array_free(cached_fpr, TRUE); |
e256e0bf8ae1
- Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19085
diff
changeset
|
1496 } |
e256e0bf8ae1
- Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19085
diff
changeset
|
1497 |
27734
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1498 /* |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1499 * This is called from two points in x509_tls_cached_unknown_peer below |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1500 * once we've verified the signature chain is valid. Now we need to verify |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1501 * the subject name of the certificate. |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1502 */ |
19085
1bd9557f866e
In tls_cached Verifier:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19084
diff
changeset
|
1503 static void |
27763
f834ffa7490b
cert: Validate subject name before prompting due to no CA pool.
Paul Aurich <paul@darkrain42.org>
parents:
27734
diff
changeset
|
1504 x509_tls_cached_check_subject_name(PurpleCertificateVerificationRequest *vrq, |
28051
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1505 PurpleCertificateInvalidityFlags flags) |
19085
1bd9557f866e
In tls_cached Verifier:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19084
diff
changeset
|
1506 { |
27671
99baf778e0b9
Fix GnuTLS validation of the CACert Chain. Closes #4458.
Paul Aurich <paul@darkrain42.org>
parents:
27669
diff
changeset
|
1507 PurpleCertificate *peer_crt; |
19089
c8962b52579e
- Wrote a tls_cached unknown_peer function that does many fun things,
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19088
diff
changeset
|
1508 GList *chain = vrq->cert_chain; |
c8962b52579e
- Wrote a tls_cached unknown_peer function that does many fun things,
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19088
diff
changeset
|
1509 |
19090
5310b1294287
- Add HOSTNAME CHECKING to tls_cached unknown_peer mode, which is kind
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19089
diff
changeset
|
1510 peer_crt = (PurpleCertificate *) chain->data; |
5310b1294287
- Add HOSTNAME CHECKING to tls_cached unknown_peer mode, which is kind
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19089
diff
changeset
|
1511 |
21927
a464f202e6c4
Add the StartCom Free SSL Certificate Authority certificate (as used by
Stu Tomlinson <stu@nosnilmot.com>
parents:
21887
diff
changeset
|
1512 /* Last, check that the hostname matches */ |
a464f202e6c4
Add the StartCom Free SSL Certificate Authority certificate (as used by
Stu Tomlinson <stu@nosnilmot.com>
parents:
21887
diff
changeset
|
1513 if ( ! purple_certificate_check_subject_name(peer_crt, |
a464f202e6c4
Add the StartCom Free SSL Certificate Authority certificate (as used by
Stu Tomlinson <stu@nosnilmot.com>
parents:
21887
diff
changeset
|
1514 vrq->subject_name) ) { |
a464f202e6c4
Add the StartCom Free SSL Certificate Authority certificate (as used by
Stu Tomlinson <stu@nosnilmot.com>
parents:
21887
diff
changeset
|
1515 gchar *sn = purple_certificate_get_subject_name(peer_crt); |
25924
584063555949
Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents:
25894
diff
changeset
|
1516 |
28051
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1517 flags |= PURPLE_CERTIFICATE_NAME_MISMATCH; |
27231
627d23bfdb05
Increase the logging level of some debugging messages that seemed to be a
mauro.brasil@tqi.com.br
parents:
25941
diff
changeset
|
1518 purple_debug_error("certificate/x509/tls_cached", |
21927
a464f202e6c4
Add the StartCom Free SSL Certificate Authority certificate (as used by
Stu Tomlinson <stu@nosnilmot.com>
parents:
21887
diff
changeset
|
1519 "Name mismatch: Certificate given for %s " |
a464f202e6c4
Add the StartCom Free SSL Certificate Authority certificate (as used by
Stu Tomlinson <stu@nosnilmot.com>
parents:
21887
diff
changeset
|
1520 "has a name of %s\n", |
a464f202e6c4
Add the StartCom Free SSL Certificate Authority certificate (as used by
Stu Tomlinson <stu@nosnilmot.com>
parents:
21887
diff
changeset
|
1521 vrq->subject_name, sn); |
29699
8474495b9dfc
A couple more leak fixes.
Sadrul Habib Chowdhury <imadil@gmail.com>
parents:
29647
diff
changeset
|
1522 g_free(sn); |
27763
f834ffa7490b
cert: Validate subject name before prompting due to no CA pool.
Paul Aurich <paul@darkrain42.org>
parents:
27734
diff
changeset
|
1523 } |
f834ffa7490b
cert: Validate subject name before prompting due to no CA pool.
Paul Aurich <paul@darkrain42.org>
parents:
27734
diff
changeset
|
1524 |
28051
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1525 x509_tls_cached_complete(vrq, flags); |
27734
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1526 } |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1527 |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1528 /* For when we've never communicated with this party before */ |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1529 /* TODO: Need ways to specify possibly multiple problems with a cert, or at |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1530 least reprioritize them. |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1531 */ |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1532 static void |
28051
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1533 x509_tls_cached_unknown_peer(PurpleCertificateVerificationRequest *vrq, |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1534 PurpleCertificateInvalidityFlags flags) |
27734
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1535 { |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1536 PurpleCertificatePool *ca; |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1537 PurpleCertificate *peer_crt; |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1538 PurpleCertificate *ca_crt, *end_crt; |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1539 PurpleCertificate *failing_crt; |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1540 GList *chain = vrq->cert_chain; |
30960
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
1541 GSList *ca_crts, *cur; |
27734
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1542 GByteArray *last_fpr, *ca_fpr; |
30960
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
1543 gboolean valid = FALSE; |
31172
e89df17f5ae7
certificate: Better validation of chains which have an intermediate signed w/ MD5.
Paul Aurich <paul@darkrain42.org>
parents:
31171
diff
changeset
|
1544 gchar *ca_id, *ca2_id; |
27734
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1545 |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1546 peer_crt = (PurpleCertificate *) chain->data; |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1547 |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1548 /* TODO: Figure out a way to check for a bad signature, as opposed to |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1549 "not self-signed" */ |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1550 if ( purple_certificate_signed_by(peer_crt, peer_crt) ) { |
28051
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1551 flags |= PURPLE_CERTIFICATE_SELF_SIGNED; |
27734
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1552 |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1553 purple_debug_info("certificate/x509/tls_cached", |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1554 "Certificate for %s is self-signed.\n", |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1555 vrq->subject_name); |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1556 |
28051
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1557 x509_tls_cached_check_subject_name(vrq, flags); |
27734
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1558 return; |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1559 } /* if (self signed) */ |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1560 |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1561 ca = purple_certificate_find_pool(x509_tls_cached.scheme_name, "ca"); |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1562 |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1563 /* Next, check that the certificate chain is valid */ |
32212
1bcedeb32bb4
Remove the old deprecated purple_certificate_check_signature_chain.
andrew.victor@mxit.com
parents:
31851
diff
changeset
|
1564 if (!purple_certificate_check_signature_chain(chain, |
27734
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1565 &failing_crt)) |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1566 { |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1567 gboolean chain_validated = FALSE; |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1568 /* |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1569 * Check if the failing certificate is in the CA store. If it is, then |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1570 * consider this fully validated. This works around issues with some |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1571 * prominent intermediate CAs whose signature is md5WithRSAEncryption. |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1572 * I'm looking at CACert Class 3 here. See #4458 for details. |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1573 */ |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1574 if (ca) { |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1575 gchar *uid = purple_certificate_get_unique_id(failing_crt); |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1576 PurpleCertificate *ca_crt = purple_certificate_pool_retrieve(ca, uid); |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1577 if (ca_crt != NULL) { |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1578 GByteArray *failing_fpr; |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1579 GByteArray *ca_fpr; |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1580 failing_fpr = purple_certificate_get_fingerprint_sha1(failing_crt); |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1581 ca_fpr = purple_certificate_get_fingerprint_sha1(ca_crt); |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1582 if (byte_arrays_equal(failing_fpr, ca_fpr)) { |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1583 purple_debug_info("certificate/x509/tls_cached", |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1584 "Full chain verification failed (probably a bad " |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1585 "signature algorithm), but found the last " |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1586 "certificate %s in the CA pool.\n", uid); |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1587 chain_validated = TRUE; |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1588 } |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1589 |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1590 g_byte_array_free(failing_fpr, TRUE); |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1591 g_byte_array_free(ca_fpr, TRUE); |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1592 } |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1593 |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1594 purple_certificate_destroy(ca_crt); |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1595 g_free(uid); |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1596 } |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1597 |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1598 /* |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1599 * If we get here, either the cert matched the stuff right above |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1600 * or it didn't, in which case we give up and complain to the user. |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1601 */ |
28051
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1602 if (!chain_validated) |
27734
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1603 /* TODO: Tell the user where the chain broke? */ |
28051
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1604 flags |= PURPLE_CERTIFICATE_INVALID_CHAIN; |
27734
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1605 |
28051
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1606 x509_tls_cached_check_subject_name(vrq, flags); |
27734
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1607 return; |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1608 } /* if (signature chain not good) */ |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1609 |
31172
e89df17f5ae7
certificate: Better validation of chains which have an intermediate signed w/ MD5.
Paul Aurich <paul@darkrain42.org>
parents:
31171
diff
changeset
|
1610 /* Next, attempt to verify the last certificate is signed by a trusted |
e89df17f5ae7
certificate: Better validation of chains which have an intermediate signed w/ MD5.
Paul Aurich <paul@darkrain42.org>
parents:
31171
diff
changeset
|
1611 * CA, or is a trusted CA (based on fingerprint). |
e89df17f5ae7
certificate: Better validation of chains which have an intermediate signed w/ MD5.
Paul Aurich <paul@darkrain42.org>
parents:
31171
diff
changeset
|
1612 */ |
27734
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1613 /* If, for whatever reason, there is no Certificate Authority pool |
27763
f834ffa7490b
cert: Validate subject name before prompting due to no CA pool.
Paul Aurich <paul@darkrain42.org>
parents:
27734
diff
changeset
|
1614 loaded, we'll verify the subject name and then warn about thsi. */ |
27734
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1615 if ( !ca ) { |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1616 purple_debug_error("certificate/x509/tls_cached", |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1617 "No X.509 Certificate Authority pool " |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1618 "could be found!\n"); |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1619 |
28051
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1620 flags |= PURPLE_CERTIFICATE_NO_CA_POOL; |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1621 |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1622 x509_tls_cached_check_subject_name(vrq, flags); |
27734
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1623 return; |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1624 } |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1625 |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1626 end_crt = g_list_last(chain)->data; |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1627 |
31172
e89df17f5ae7
certificate: Better validation of chains which have an intermediate signed w/ MD5.
Paul Aurich <paul@darkrain42.org>
parents:
31171
diff
changeset
|
1628 /* Attempt to look up the last certificate, and the last certificate's |
e89df17f5ae7
certificate: Better validation of chains which have an intermediate signed w/ MD5.
Paul Aurich <paul@darkrain42.org>
parents:
31171
diff
changeset
|
1629 * issuer. |
e89df17f5ae7
certificate: Better validation of chains which have an intermediate signed w/ MD5.
Paul Aurich <paul@darkrain42.org>
parents:
31171
diff
changeset
|
1630 */ |
e89df17f5ae7
certificate: Better validation of chains which have an intermediate signed w/ MD5.
Paul Aurich <paul@darkrain42.org>
parents:
31171
diff
changeset
|
1631 ca_id = purple_certificate_get_issuer_unique_id(end_crt); |
e89df17f5ae7
certificate: Better validation of chains which have an intermediate signed w/ MD5.
Paul Aurich <paul@darkrain42.org>
parents:
31171
diff
changeset
|
1632 ca2_id = purple_certificate_get_unique_id(end_crt); |
27734
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1633 purple_debug_info("certificate/x509/tls_cached", |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1634 "Checking for a CA with DN=%s\n", |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1635 ca_id); |
31172
e89df17f5ae7
certificate: Better validation of chains which have an intermediate signed w/ MD5.
Paul Aurich <paul@darkrain42.org>
parents:
31171
diff
changeset
|
1636 purple_debug_info("certificate/x509/tls_cached", |
e89df17f5ae7
certificate: Better validation of chains which have an intermediate signed w/ MD5.
Paul Aurich <paul@darkrain42.org>
parents:
31171
diff
changeset
|
1637 "Also checking for a CA with DN=%s\n", |
e89df17f5ae7
certificate: Better validation of chains which have an intermediate signed w/ MD5.
Paul Aurich <paul@darkrain42.org>
parents:
31171
diff
changeset
|
1638 ca2_id); |
e89df17f5ae7
certificate: Better validation of chains which have an intermediate signed w/ MD5.
Paul Aurich <paul@darkrain42.org>
parents:
31171
diff
changeset
|
1639 ca_crts = g_slist_concat(x509_ca_get_certs(ca_id), x509_ca_get_certs(ca2_id)); |
e89df17f5ae7
certificate: Better validation of chains which have an intermediate signed w/ MD5.
Paul Aurich <paul@darkrain42.org>
parents:
31171
diff
changeset
|
1640 g_free(ca_id); |
e89df17f5ae7
certificate: Better validation of chains which have an intermediate signed w/ MD5.
Paul Aurich <paul@darkrain42.org>
parents:
31171
diff
changeset
|
1641 g_free(ca2_id); |
30960
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
1642 if ( NULL == ca_crts ) { |
28051
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1643 flags |= PURPLE_CERTIFICATE_CA_UNKNOWN; |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1644 |
27734
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1645 purple_debug_warning("certificate/x509/tls_cached", |
31851
a3b1dcf433b5
Remove duplicate word "found" in this debug message
Mark Doliner <mark@kingant.net>
parents:
31172
diff
changeset
|
1646 "No Certificate Authorities with either DN " |
31172
e89df17f5ae7
certificate: Better validation of chains which have an intermediate signed w/ MD5.
Paul Aurich <paul@darkrain42.org>
parents:
31171
diff
changeset
|
1647 "found. I'll prompt the user, I guess.\n"); |
28051
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1648 |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1649 x509_tls_cached_check_subject_name(vrq, flags); |
27734
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1650 return; |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1651 } |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1652 |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1653 /* |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1654 * Check the fingerprints; if they match, then this certificate *is* one |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1655 * of the designated "trusted roots", and we don't need to verify the |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1656 * signature. This is good because some of the older roots are self-signed |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1657 * with bad hash algorithms that we don't want to allow in any other |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1658 * circumstances (one of Verisign's root CAs is self-signed with MD2). |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1659 * |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1660 * If the fingerprints don't match, we'll fall back to checking the |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1661 * signature. |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1662 */ |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1663 last_fpr = purple_certificate_get_fingerprint_sha1(end_crt); |
30960
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
1664 for (cur = ca_crts; cur; cur = cur->next) { |
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
1665 ca_crt = cur->data; |
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
1666 ca_fpr = purple_certificate_get_fingerprint_sha1(ca_crt); |
27734
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1667 |
30960
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
1668 if ( byte_arrays_equal(last_fpr, ca_fpr) || |
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
1669 purple_certificate_signed_by(end_crt, ca_crt) ) |
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
1670 { |
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
1671 /* TODO: If signed_by ever returns a reason, maybe mention |
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
1672 that, too. */ |
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
1673 /* TODO: Also mention the CA involved. While I could do this |
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
1674 now, a full DN is a little much with which to assault the |
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
1675 user's poor, leaky eyes. */ |
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
1676 valid = TRUE; |
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
1677 g_byte_array_free(ca_fpr, TRUE); |
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
1678 break; |
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
1679 } |
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
1680 |
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
1681 g_byte_array_free(ca_fpr, TRUE); |
28051
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1682 } |
27734
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1683 |
30960
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
1684 if (valid == FALSE) |
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
1685 flags |= PURPLE_CERTIFICATE_INVALID_CHAIN; |
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
1686 |
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
1687 g_slist_foreach(ca_crts, (GFunc)purple_certificate_destroy, NULL); |
27c56e6b5fa6
Our certificate code is generally designed around no two CA
Stu Tomlinson <stu@nosnilmot.com>
parents:
30573
diff
changeset
|
1688 g_slist_free(ca_crts); |
27734
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1689 g_byte_array_free(last_fpr, TRUE); |
d0654dea0575
certs: Clean up the code a little, since I made it hard to follow.
Paul Aurich <paul@darkrain42.org>
parents:
27671
diff
changeset
|
1690 |
28051
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1691 x509_tls_cached_check_subject_name(vrq, flags); |
19085
1bd9557f866e
In tls_cached Verifier:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19084
diff
changeset
|
1692 } |
1bd9557f866e
In tls_cached Verifier:
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19084
diff
changeset
|
1693 |
19000
986413850713
- More skeletonizing for tls_cached logic.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18999
diff
changeset
|
1694 static void |
18993
33fb4930ad2b
- Add x509_tls_cached skeleton
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18992
diff
changeset
|
1695 x509_tls_cached_start_verify(PurpleCertificateVerificationRequest *vrq) |
33fb4930ad2b
- Add x509_tls_cached skeleton
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18992
diff
changeset
|
1696 { |
18999
7fbd0a6ac8d6
- Made a logic skeleton for tls_cached verifier
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18996
diff
changeset
|
1697 const gchar *tls_peers_name = "tls_peers"; /* Name of local cache */ |
7fbd0a6ac8d6
- Made a logic skeleton for tls_cached verifier
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18996
diff
changeset
|
1698 PurpleCertificatePool *tls_peers; |
27664
151ec92db74c
Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents:
27567
diff
changeset
|
1699 time_t now, activation, expiration; |
28051
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1700 PurpleCertificateInvalidityFlags flags = PURPLE_CERTIFICATE_NO_PROBLEMS; |
27664
151ec92db74c
Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents:
27567
diff
changeset
|
1701 gboolean ret; |
18999
7fbd0a6ac8d6
- Made a logic skeleton for tls_cached verifier
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18996
diff
changeset
|
1702 |
18993
33fb4930ad2b
- Add x509_tls_cached skeleton
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18992
diff
changeset
|
1703 g_return_if_fail(vrq); |
18999
7fbd0a6ac8d6
- Made a logic skeleton for tls_cached verifier
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18996
diff
changeset
|
1704 |
7fbd0a6ac8d6
- Made a logic skeleton for tls_cached verifier
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18996
diff
changeset
|
1705 purple_debug_info("certificate/x509/tls_cached", |
7fbd0a6ac8d6
- Made a logic skeleton for tls_cached verifier
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18996
diff
changeset
|
1706 "Starting verify for %s\n", |
7fbd0a6ac8d6
- Made a logic skeleton for tls_cached verifier
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18996
diff
changeset
|
1707 vrq->subject_name); |
25924
584063555949
Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents:
25894
diff
changeset
|
1708 |
27664
151ec92db74c
Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents:
27567
diff
changeset
|
1709 /* |
151ec92db74c
Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents:
27567
diff
changeset
|
1710 * Verify the first certificate (the main one) has been activated and |
151ec92db74c
Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents:
27567
diff
changeset
|
1711 * isn't expired, i.e. activation < now < expiration. |
151ec92db74c
Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents:
27567
diff
changeset
|
1712 */ |
151ec92db74c
Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents:
27567
diff
changeset
|
1713 now = time(NULL); |
151ec92db74c
Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents:
27567
diff
changeset
|
1714 ret = purple_certificate_get_times(vrq->cert_chain->data, &activation, |
151ec92db74c
Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents:
27567
diff
changeset
|
1715 &expiration); |
28051
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1716 if (!ret) { |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1717 flags |= PURPLE_CERTIFICATE_EXPIRED | PURPLE_CERTIFICATE_NOT_ACTIVATED; |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1718 purple_debug_error("certificate/x509/tls_cached", |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1719 "Failed to get validity times for certificate %s\n", |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1720 vrq->subject_name); |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1721 } else if (now > expiration) { |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1722 flags |= PURPLE_CERTIFICATE_EXPIRED; |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1723 purple_debug_error("certificate/x509/tls_cached", |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1724 "Certificate %s expired at %s\n", |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1725 vrq->subject_name, ctime(&expiration)); |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1726 } else if (now < activation) { |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1727 flags |= PURPLE_CERTIFICATE_NOT_ACTIVATED; |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1728 purple_debug_error("certificate/x509/tls_cached", |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1729 "Certificate %s is not yet valid, will be at %s\n", |
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1730 vrq->subject_name, ctime(&activation)); |
27664
151ec92db74c
Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents:
27567
diff
changeset
|
1731 } |
151ec92db74c
Check expiration/activation times on certificates. Closes #8226.
Paul Aurich <paul@darkrain42.org>
parents:
27567
diff
changeset
|
1732 |
18999
7fbd0a6ac8d6
- Made a logic skeleton for tls_cached verifier
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18996
diff
changeset
|
1733 tls_peers = purple_certificate_find_pool(x509_tls_cached.scheme_name,tls_peers_name); |
7fbd0a6ac8d6
- Made a logic skeleton for tls_cached verifier
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18996
diff
changeset
|
1734 |
7fbd0a6ac8d6
- Made a logic skeleton for tls_cached verifier
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18996
diff
changeset
|
1735 if (!tls_peers) { |
7fbd0a6ac8d6
- Made a logic skeleton for tls_cached verifier
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18996
diff
changeset
|
1736 purple_debug_error("certificate/x509/tls_cached", |
23987
11f98b1e605b
remove misleading portion of the debug line
Ka-Hing Cheung <khc@hxbc.us>
parents:
23685
diff
changeset
|
1737 "Couldn't find local peers cache %s\n", |
18999
7fbd0a6ac8d6
- Made a logic skeleton for tls_cached verifier
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18996
diff
changeset
|
1738 tls_peers_name); |
19091
489889091b14
- Remove all usage of purple_certificate_verify_destroy, as it is
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19090
diff
changeset
|
1739 |
20247
e6315ec87124
applied changes from 92e6c32278d711f0d5807c4d931b26162e4a720f
Richard Laager <rlaager@wiktel.com>
parents:
19688
diff
changeset
|
1740 /* vrq now becomes the problem of unknown_peer */ |
28051
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1741 x509_tls_cached_unknown_peer(vrq, flags); |
18999
7fbd0a6ac8d6
- Made a logic skeleton for tls_cached verifier
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18996
diff
changeset
|
1742 return; |
7fbd0a6ac8d6
- Made a logic skeleton for tls_cached verifier
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18996
diff
changeset
|
1743 } |
25924
584063555949
Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents:
25894
diff
changeset
|
1744 |
18999
7fbd0a6ac8d6
- Made a logic skeleton for tls_cached verifier
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18996
diff
changeset
|
1745 /* Check if the peer has a certificate cached already */ |
7fbd0a6ac8d6
- Made a logic skeleton for tls_cached verifier
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18996
diff
changeset
|
1746 purple_debug_info("certificate/x509/tls_cached", |
7fbd0a6ac8d6
- Made a logic skeleton for tls_cached verifier
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18996
diff
changeset
|
1747 "Checking for cached cert...\n"); |
7fbd0a6ac8d6
- Made a logic skeleton for tls_cached verifier
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18996
diff
changeset
|
1748 if (purple_certificate_pool_contains(tls_peers, vrq->subject_name)) { |
7fbd0a6ac8d6
- Made a logic skeleton for tls_cached verifier
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18996
diff
changeset
|
1749 purple_debug_info("certificate/x509/tls_cached", |
7fbd0a6ac8d6
- Made a logic skeleton for tls_cached verifier
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18996
diff
changeset
|
1750 "...Found cached cert\n"); |
19086
e256e0bf8ae1
- Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19085
diff
changeset
|
1751 /* vrq is now the responsibility of cert_in_cache */ |
28051
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1752 x509_tls_cached_cert_in_cache(vrq, flags); |
19086
e256e0bf8ae1
- Move "certificate found in cache" out of tls_cached_start_verify into
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19085
diff
changeset
|
1753 } else { |
27231
627d23bfdb05
Increase the logging level of some debugging messages that seemed to be a
mauro.brasil@tqi.com.br
parents:
25941
diff
changeset
|
1754 purple_debug_warning("certificate/x509/tls_cached", |
18999
7fbd0a6ac8d6
- Made a logic skeleton for tls_cached verifier
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18996
diff
changeset
|
1755 "...Not in cache\n"); |
19000
986413850713
- More skeletonizing for tls_cached logic.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18999
diff
changeset
|
1756 /* vrq now becomes the problem of unknown_peer */ |
28051
b341ae89f5ce
certs: Allow for dealing with multiple things wrong with a cert.
Paul Aurich <paul@darkrain42.org>
parents:
27982
diff
changeset
|
1757 x509_tls_cached_unknown_peer(vrq, flags); |
18999
7fbd0a6ac8d6
- Made a logic skeleton for tls_cached verifier
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18996
diff
changeset
|
1758 } |
18993
33fb4930ad2b
- Add x509_tls_cached skeleton
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18992
diff
changeset
|
1759 } |
33fb4930ad2b
- Add x509_tls_cached skeleton
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18992
diff
changeset
|
1760 |
33fb4930ad2b
- Add x509_tls_cached skeleton
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18992
diff
changeset
|
1761 static void |
33fb4930ad2b
- Add x509_tls_cached skeleton
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18992
diff
changeset
|
1762 x509_tls_cached_destroy_request(PurpleCertificateVerificationRequest *vrq) |
33fb4930ad2b
- Add x509_tls_cached skeleton
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18992
diff
changeset
|
1763 { |
33fb4930ad2b
- Add x509_tls_cached skeleton
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18992
diff
changeset
|
1764 g_return_if_fail(vrq); |
33fb4930ad2b
- Add x509_tls_cached skeleton
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18992
diff
changeset
|
1765 } |
33fb4930ad2b
- Add x509_tls_cached skeleton
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18992
diff
changeset
|
1766 |
33fb4930ad2b
- Add x509_tls_cached skeleton
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18992
diff
changeset
|
1767 static PurpleCertificateVerifier x509_tls_cached = { |
33fb4930ad2b
- Add x509_tls_cached skeleton
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18992
diff
changeset
|
1768 "x509", /* Scheme name */ |
33fb4930ad2b
- Add x509_tls_cached skeleton
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18992
diff
changeset
|
1769 "tls_cached", /* Verifier name */ |
33fb4930ad2b
- Add x509_tls_cached skeleton
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18992
diff
changeset
|
1770 x509_tls_cached_start_verify, /* Verification begin */ |
19649
450f4a3c4c0f
- Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19564
diff
changeset
|
1771 x509_tls_cached_destroy_request,/* Request cleanup */ |
450f4a3c4c0f
- Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19564
diff
changeset
|
1772 |
450f4a3c4c0f
- Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19564
diff
changeset
|
1773 NULL, |
450f4a3c4c0f
- Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19564
diff
changeset
|
1774 NULL, |
450f4a3c4c0f
- Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19564
diff
changeset
|
1775 NULL, |
450f4a3c4c0f
- Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19564
diff
changeset
|
1776 NULL |
450f4a3c4c0f
- Add purple_reserved fields to various structures.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19564
diff
changeset
|
1777 |
18993
33fb4930ad2b
- Add x509_tls_cached skeleton
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18992
diff
changeset
|
1778 }; |
18975
172b8d1dc2be
- CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18973
diff
changeset
|
1779 |
18950
f78a9efa9eaf
- Add purple_certificate_register_builtins
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18949
diff
changeset
|
1780 /****************************************************************************/ |
f78a9efa9eaf
- Add purple_certificate_register_builtins
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18949
diff
changeset
|
1781 /* Subsystem */ |
f78a9efa9eaf
- Add purple_certificate_register_builtins
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18949
diff
changeset
|
1782 /****************************************************************************/ |
f78a9efa9eaf
- Add purple_certificate_register_builtins
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18949
diff
changeset
|
1783 void |
18957
9205841eed06
- Certificate system now has init and uninit like other systems
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18953
diff
changeset
|
1784 purple_certificate_init(void) |
18950
f78a9efa9eaf
- Add purple_certificate_register_builtins
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18949
diff
changeset
|
1785 { |
18957
9205841eed06
- Certificate system now has init and uninit like other systems
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18953
diff
changeset
|
1786 /* Register builtins */ |
18953
89b32569890c
- Add purple_certificate_get_fingerprint_sha1
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18952
diff
changeset
|
1787 purple_certificate_register_verifier(&x509_singleuse); |
19093
f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19092
diff
changeset
|
1788 purple_certificate_register_pool(&x509_ca); |
18975
172b8d1dc2be
- CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18973
diff
changeset
|
1789 purple_certificate_register_pool(&x509_tls_peers); |
18993
33fb4930ad2b
- Add x509_tls_cached skeleton
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18992
diff
changeset
|
1790 purple_certificate_register_verifier(&x509_tls_cached); |
18950
f78a9efa9eaf
- Add purple_certificate_register_builtins
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18949
diff
changeset
|
1791 } |
18946
617447a71ab7
- Add certificate_destroy and certificate_destroy_list
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18943
diff
changeset
|
1792 |
18957
9205841eed06
- Certificate system now has init and uninit like other systems
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18953
diff
changeset
|
1793 void |
9205841eed06
- Certificate system now has init and uninit like other systems
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18953
diff
changeset
|
1794 purple_certificate_uninit(void) |
9205841eed06
- Certificate system now has init and uninit like other systems
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18953
diff
changeset
|
1795 { |
19024
264f00bc8f22
- Change certificate_uninit to unregister all Pools, Schemes, and
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19023
diff
changeset
|
1796 /* Unregister all Verifiers */ |
25375
fc8fd4fef166
Fix a crash on exit with a patch from im.pidgin.next.minor.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
24840
diff
changeset
|
1797 g_list_foreach(cert_verifiers, (GFunc)purple_certificate_unregister_verifier, NULL); |
19024
264f00bc8f22
- Change certificate_uninit to unregister all Pools, Schemes, and
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19023
diff
changeset
|
1798 |
264f00bc8f22
- Change certificate_uninit to unregister all Pools, Schemes, and
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19023
diff
changeset
|
1799 /* Unregister all Pools */ |
25375
fc8fd4fef166
Fix a crash on exit with a patch from im.pidgin.next.minor.
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
24840
diff
changeset
|
1800 g_list_foreach(cert_pools, (GFunc)purple_certificate_unregister_pool, NULL); |
18957
9205841eed06
- Certificate system now has init and uninit like other systems
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18953
diff
changeset
|
1801 } |
9205841eed06
- Certificate system now has init and uninit like other systems
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18953
diff
changeset
|
1802 |
19022
1f07f96dc1ce
- Add purple_certificate_get_handle
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19021
diff
changeset
|
1803 gpointer |
1f07f96dc1ce
- Add purple_certificate_get_handle
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19021
diff
changeset
|
1804 purple_certificate_get_handle(void) |
1f07f96dc1ce
- Add purple_certificate_get_handle
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19021
diff
changeset
|
1805 { |
1f07f96dc1ce
- Add purple_certificate_get_handle
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19021
diff
changeset
|
1806 static gint handle; |
1f07f96dc1ce
- Add purple_certificate_get_handle
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19021
diff
changeset
|
1807 return &handle; |
1f07f96dc1ce
- Add purple_certificate_get_handle
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19021
diff
changeset
|
1808 } |
1f07f96dc1ce
- Add purple_certificate_get_handle
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19021
diff
changeset
|
1809 |
18192
dc7e7b8bdc8c
- Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
1810 PurpleCertificateScheme * |
dc7e7b8bdc8c
- Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
1811 purple_certificate_find_scheme(const gchar *name) |
dc7e7b8bdc8c
- Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
1812 { |
dc7e7b8bdc8c
- Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
1813 PurpleCertificateScheme *scheme = NULL; |
dc7e7b8bdc8c
- Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
1814 GList *l; |
dc7e7b8bdc8c
- Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
1815 |
dc7e7b8bdc8c
- Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
1816 g_return_val_if_fail(name, NULL); |
dc7e7b8bdc8c
- Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
1817 |
dc7e7b8bdc8c
- Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
1818 /* Traverse the list of registered schemes and locate the |
dc7e7b8bdc8c
- Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
1819 one whose name matches */ |
dc7e7b8bdc8c
- Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
1820 for(l = cert_schemes; l; l = l->next) { |
dc7e7b8bdc8c
- Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
1821 scheme = (PurpleCertificateScheme *)(l->data); |
dc7e7b8bdc8c
- Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
1822 |
dc7e7b8bdc8c
- Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
1823 /* Name matches? that's our man */ |
dc7e7b8bdc8c
- Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
1824 if(!g_ascii_strcasecmp(scheme->name, name)) |
dc7e7b8bdc8c
- Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
1825 return scheme; |
dc7e7b8bdc8c
- Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
1826 } |
17910
668a294f9a72
- Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff
changeset
|
1827 |
18192
dc7e7b8bdc8c
- Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
1828 purple_debug_warning("certificate", |
dc7e7b8bdc8c
- Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
1829 "CertificateScheme %s requested but not found.\n", |
dc7e7b8bdc8c
- Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
1830 name); |
17910
668a294f9a72
- Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff
changeset
|
1831 |
18192
dc7e7b8bdc8c
- Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
1832 /* TODO: Signalling and such? */ |
25924
584063555949
Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents:
25894
diff
changeset
|
1833 |
18192
dc7e7b8bdc8c
- Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
1834 return NULL; |
dc7e7b8bdc8c
- Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
1835 } |
17910
668a294f9a72
- Added certificate.[ch] and got them integrated into the build
William Ehlhardt <williamehlhardt@gmail.com>
parents:
diff
changeset
|
1836 |
19023
eb86ff3ba21a
- Add get_pools, get_verifiers, and get_schemes
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19022
diff
changeset
|
1837 GList * |
eb86ff3ba21a
- Add get_pools, get_verifiers, and get_schemes
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19022
diff
changeset
|
1838 purple_certificate_get_schemes(void) |
eb86ff3ba21a
- Add get_pools, get_verifiers, and get_schemes
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19022
diff
changeset
|
1839 { |
eb86ff3ba21a
- Add get_pools, get_verifiers, and get_schemes
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19022
diff
changeset
|
1840 return cert_schemes; |
eb86ff3ba21a
- Add get_pools, get_verifiers, and get_schemes
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19022
diff
changeset
|
1841 } |
eb86ff3ba21a
- Add get_pools, get_verifiers, and get_schemes
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19022
diff
changeset
|
1842 |
18192
dc7e7b8bdc8c
- Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
1843 gboolean |
dc7e7b8bdc8c
- Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
1844 purple_certificate_register_scheme(PurpleCertificateScheme *scheme) |
dc7e7b8bdc8c
- Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
1845 { |
dc7e7b8bdc8c
- Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
1846 g_return_val_if_fail(scheme != NULL, FALSE); |
dc7e7b8bdc8c
- Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
1847 |
dc7e7b8bdc8c
- Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
1848 /* Make sure no scheme is registered with the same name */ |
dc7e7b8bdc8c
- Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
1849 if (purple_certificate_find_scheme(scheme->name) != NULL) { |
dc7e7b8bdc8c
- Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
1850 return FALSE; |
dc7e7b8bdc8c
- Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
1851 } |
dc7e7b8bdc8c
- Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
1852 |
dc7e7b8bdc8c
- Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
1853 /* Okay, we're golden. Register it. */ |
18972
486563a6bb5c
- prepend > append
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18971
diff
changeset
|
1854 cert_schemes = g_list_prepend(cert_schemes, scheme); |
18192
dc7e7b8bdc8c
- Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
1855 |
dc7e7b8bdc8c
- Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
1856 /* TODO: Signalling and such? */ |
19063
2f51578e6602
- Add debugging babble for registers/unregisters
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19060
diff
changeset
|
1857 |
2f51578e6602
- Add debugging babble for registers/unregisters
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19060
diff
changeset
|
1858 purple_debug_info("certificate", |
2f51578e6602
- Add debugging babble for registers/unregisters
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19060
diff
changeset
|
1859 "CertificateScheme %s registered\n", |
2f51578e6602
- Add debugging babble for registers/unregisters
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19060
diff
changeset
|
1860 scheme->name); |
25924
584063555949
Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents:
25894
diff
changeset
|
1861 |
18192
dc7e7b8bdc8c
- Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
1862 return TRUE; |
dc7e7b8bdc8c
- Add chunks of the certificate scheme registration interface
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17913
diff
changeset
|
1863 } |
18926
8c4d52bc0319
- Add unregister_scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18192
diff
changeset
|
1864 |
8c4d52bc0319
- Add unregister_scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18192
diff
changeset
|
1865 gboolean |
8c4d52bc0319
- Add unregister_scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18192
diff
changeset
|
1866 purple_certificate_unregister_scheme(PurpleCertificateScheme *scheme) |
8c4d52bc0319
- Add unregister_scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18192
diff
changeset
|
1867 { |
8c4d52bc0319
- Add unregister_scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18192
diff
changeset
|
1868 if (NULL == scheme) { |
8c4d52bc0319
- Add unregister_scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18192
diff
changeset
|
1869 purple_debug_warning("certificate", |
18973
28673b6fb8a2
- Fix some errors and return values
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18972
diff
changeset
|
1870 "Attempting to unregister NULL scheme\n"); |
28673b6fb8a2
- Fix some errors and return values
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18972
diff
changeset
|
1871 return FALSE; |
18926
8c4d52bc0319
- Add unregister_scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18192
diff
changeset
|
1872 } |
8c4d52bc0319
- Add unregister_scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18192
diff
changeset
|
1873 |
8c4d52bc0319
- Add unregister_scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18192
diff
changeset
|
1874 /* TODO: signalling? */ |
8c4d52bc0319
- Add unregister_scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18192
diff
changeset
|
1875 |
18941
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1876 /* TODO: unregister all CertificateVerifiers for this scheme?*/ |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1877 /* TODO: unregister all CertificatePools for this scheme? */ |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1878 /* Neither of the above should be necessary, though */ |
18926
8c4d52bc0319
- Add unregister_scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18192
diff
changeset
|
1879 cert_schemes = g_list_remove(cert_schemes, scheme); |
8c4d52bc0319
- Add unregister_scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18192
diff
changeset
|
1880 |
19063
2f51578e6602
- Add debugging babble for registers/unregisters
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19060
diff
changeset
|
1881 purple_debug_info("certificate", |
2f51578e6602
- Add debugging babble for registers/unregisters
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19060
diff
changeset
|
1882 "CertificateScheme %s unregistered\n", |
2f51578e6602
- Add debugging babble for registers/unregisters
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19060
diff
changeset
|
1883 scheme->name); |
2f51578e6602
- Add debugging babble for registers/unregisters
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19060
diff
changeset
|
1884 |
2f51578e6602
- Add debugging babble for registers/unregisters
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19060
diff
changeset
|
1885 |
18926
8c4d52bc0319
- Add unregister_scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18192
diff
changeset
|
1886 return TRUE; |
8c4d52bc0319
- Add unregister_scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18192
diff
changeset
|
1887 } |
18941
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1888 |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1889 PurpleCertificateVerifier * |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1890 purple_certificate_find_verifier(const gchar *scheme_name, const gchar *ver_name) |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1891 { |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1892 PurpleCertificateVerifier *vr = NULL; |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1893 GList *l; |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1894 |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1895 g_return_val_if_fail(scheme_name, NULL); |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1896 g_return_val_if_fail(ver_name, NULL); |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1897 |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1898 /* Traverse the list of registered verifiers and locate the |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1899 one whose name matches */ |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1900 for(l = cert_verifiers; l; l = l->next) { |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1901 vr = (PurpleCertificateVerifier *)(l->data); |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1902 |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1903 /* Scheme and name match? */ |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1904 if(!g_ascii_strcasecmp(vr->scheme_name, scheme_name) && |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1905 !g_ascii_strcasecmp(vr->name, ver_name)) |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1906 return vr; |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1907 } |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1908 |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1909 purple_debug_warning("certificate", |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1910 "CertificateVerifier %s, %s requested but not found.\n", |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1911 scheme_name, ver_name); |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1912 |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1913 /* TODO: Signalling and such? */ |
25924
584063555949
Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents:
25894
diff
changeset
|
1914 |
18941
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1915 return NULL; |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1916 } |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1917 |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1918 |
19023
eb86ff3ba21a
- Add get_pools, get_verifiers, and get_schemes
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19022
diff
changeset
|
1919 GList * |
eb86ff3ba21a
- Add get_pools, get_verifiers, and get_schemes
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19022
diff
changeset
|
1920 purple_certificate_get_verifiers(void) |
eb86ff3ba21a
- Add get_pools, get_verifiers, and get_schemes
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19022
diff
changeset
|
1921 { |
eb86ff3ba21a
- Add get_pools, get_verifiers, and get_schemes
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19022
diff
changeset
|
1922 return cert_verifiers; |
eb86ff3ba21a
- Add get_pools, get_verifiers, and get_schemes
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19022
diff
changeset
|
1923 } |
eb86ff3ba21a
- Add get_pools, get_verifiers, and get_schemes
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19022
diff
changeset
|
1924 |
18941
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1925 gboolean |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1926 purple_certificate_register_verifier(PurpleCertificateVerifier *vr) |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1927 { |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1928 g_return_val_if_fail(vr != NULL, FALSE); |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1929 |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1930 /* Make sure no verifier is registered with the same scheme/name */ |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1931 if (purple_certificate_find_verifier(vr->scheme_name, vr->name) != NULL) { |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1932 return FALSE; |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1933 } |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1934 |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1935 /* Okay, we're golden. Register it. */ |
18972
486563a6bb5c
- prepend > append
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18971
diff
changeset
|
1936 cert_verifiers = g_list_prepend(cert_verifiers, vr); |
18941
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1937 |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1938 /* TODO: Signalling and such? */ |
19063
2f51578e6602
- Add debugging babble for registers/unregisters
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19060
diff
changeset
|
1939 |
2f51578e6602
- Add debugging babble for registers/unregisters
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19060
diff
changeset
|
1940 purple_debug_info("certificate", |
2f51578e6602
- Add debugging babble for registers/unregisters
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19060
diff
changeset
|
1941 "CertificateVerifier %s registered\n", |
2f51578e6602
- Add debugging babble for registers/unregisters
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19060
diff
changeset
|
1942 vr->name); |
18941
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1943 return TRUE; |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1944 } |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1945 |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1946 gboolean |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1947 purple_certificate_unregister_verifier(PurpleCertificateVerifier *vr) |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1948 { |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1949 if (NULL == vr) { |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1950 purple_debug_warning("certificate", |
18973
28673b6fb8a2
- Fix some errors and return values
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18972
diff
changeset
|
1951 "Attempting to unregister NULL verifier\n"); |
28673b6fb8a2
- Fix some errors and return values
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18972
diff
changeset
|
1952 return FALSE; |
18941
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1953 } |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1954 |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1955 /* TODO: signalling? */ |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1956 |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1957 cert_verifiers = g_list_remove(cert_verifiers, vr); |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1958 |
19063
2f51578e6602
- Add debugging babble for registers/unregisters
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19060
diff
changeset
|
1959 |
2f51578e6602
- Add debugging babble for registers/unregisters
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19060
diff
changeset
|
1960 purple_debug_info("certificate", |
2f51578e6602
- Add debugging babble for registers/unregisters
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19060
diff
changeset
|
1961 "CertificateVerifier %s unregistered\n", |
2f51578e6602
- Add debugging babble for registers/unregisters
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19060
diff
changeset
|
1962 vr->name); |
2f51578e6602
- Add debugging babble for registers/unregisters
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19060
diff
changeset
|
1963 |
18941
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1964 return TRUE; |
425f494bd1ec
- CertificateVerifier register/unregister/find
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18926
diff
changeset
|
1965 } |
18971
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
1966 |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
1967 PurpleCertificatePool * |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
1968 purple_certificate_find_pool(const gchar *scheme_name, const gchar *pool_name) |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
1969 { |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
1970 PurpleCertificatePool *pool = NULL; |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
1971 GList *l; |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
1972 |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
1973 g_return_val_if_fail(scheme_name, NULL); |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
1974 g_return_val_if_fail(pool_name, NULL); |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
1975 |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
1976 /* Traverse the list of registered pools and locate the |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
1977 one whose name matches */ |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
1978 for(l = cert_pools; l; l = l->next) { |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
1979 pool = (PurpleCertificatePool *)(l->data); |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
1980 |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
1981 /* Scheme and name match? */ |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
1982 if(!g_ascii_strcasecmp(pool->scheme_name, scheme_name) && |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
1983 !g_ascii_strcasecmp(pool->name, pool_name)) |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
1984 return pool; |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
1985 } |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
1986 |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
1987 purple_debug_warning("certificate", |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
1988 "CertificatePool %s, %s requested but not found.\n", |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
1989 scheme_name, pool_name); |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
1990 |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
1991 /* TODO: Signalling and such? */ |
25924
584063555949
Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents:
25894
diff
changeset
|
1992 |
18971
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
1993 return NULL; |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
1994 |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
1995 } |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
1996 |
19023
eb86ff3ba21a
- Add get_pools, get_verifiers, and get_schemes
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19022
diff
changeset
|
1997 GList * |
eb86ff3ba21a
- Add get_pools, get_verifiers, and get_schemes
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19022
diff
changeset
|
1998 purple_certificate_get_pools(void) |
eb86ff3ba21a
- Add get_pools, get_verifiers, and get_schemes
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19022
diff
changeset
|
1999 { |
eb86ff3ba21a
- Add get_pools, get_verifiers, and get_schemes
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19022
diff
changeset
|
2000 return cert_pools; |
eb86ff3ba21a
- Add get_pools, get_verifiers, and get_schemes
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19022
diff
changeset
|
2001 } |
18971
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
2002 |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
2003 gboolean |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
2004 purple_certificate_register_pool(PurpleCertificatePool *pool) |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
2005 { |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
2006 g_return_val_if_fail(pool, FALSE); |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
2007 g_return_val_if_fail(pool->scheme_name, FALSE); |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
2008 g_return_val_if_fail(pool->name, FALSE); |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
2009 g_return_val_if_fail(pool->fullname, FALSE); |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
2010 |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
2011 /* Make sure no pools are registered under this name */ |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
2012 if (purple_certificate_find_pool(pool->scheme_name, pool->name)) { |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
2013 return FALSE; |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
2014 } |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
2015 |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
2016 /* Initialize the pool if needed */ |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
2017 if (pool->init) { |
21655
10a2ac84349d
Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents:
21561
diff
changeset
|
2018 gboolean success; |
10a2ac84349d
Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents:
21561
diff
changeset
|
2019 |
18975
172b8d1dc2be
- CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18973
diff
changeset
|
2020 success = pool->init(); |
21655
10a2ac84349d
Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents:
21561
diff
changeset
|
2021 if (!success) |
10a2ac84349d
Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents:
21561
diff
changeset
|
2022 return FALSE; |
18971
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
2023 } |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
2024 |
21655
10a2ac84349d
Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents:
21561
diff
changeset
|
2025 /* Register the Pool */ |
10a2ac84349d
Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents:
21561
diff
changeset
|
2026 cert_pools = g_list_prepend(cert_pools, pool); |
10a2ac84349d
Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents:
21561
diff
changeset
|
2027 |
10a2ac84349d
Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents:
21561
diff
changeset
|
2028 /* TODO: Emit a signal that the pool got registered */ |
19044
602295db8e6b
- Register the certificate-stored and certificate-deleted signals
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19034
diff
changeset
|
2029 |
21655
10a2ac84349d
Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents:
21561
diff
changeset
|
2030 PURPLE_DBUS_REGISTER_POINTER(pool, PurpleCertificatePool); |
10a2ac84349d
Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents:
21561
diff
changeset
|
2031 purple_signal_register(pool, /* Signals emitted from pool */ |
10a2ac84349d
Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents:
21561
diff
changeset
|
2032 "certificate-stored", |
10a2ac84349d
Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents:
21561
diff
changeset
|
2033 purple_marshal_VOID__POINTER_POINTER, |
10a2ac84349d
Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents:
21561
diff
changeset
|
2034 NULL, /* No callback return value */ |
10a2ac84349d
Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents:
21561
diff
changeset
|
2035 2, /* Two non-data arguments */ |
10a2ac84349d
Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents:
21561
diff
changeset
|
2036 purple_value_new(PURPLE_TYPE_SUBTYPE, |
10a2ac84349d
Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents:
21561
diff
changeset
|
2037 PURPLE_SUBTYPE_CERTIFICATEPOOL), |
10a2ac84349d
Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents:
21561
diff
changeset
|
2038 purple_value_new(PURPLE_TYPE_STRING)); |
19044
602295db8e6b
- Register the certificate-stored and certificate-deleted signals
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19034
diff
changeset
|
2039 |
21655
10a2ac84349d
Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents:
21561
diff
changeset
|
2040 purple_signal_register(pool, /* Signals emitted from pool */ |
10a2ac84349d
Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents:
21561
diff
changeset
|
2041 "certificate-deleted", |
10a2ac84349d
Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents:
21561
diff
changeset
|
2042 purple_marshal_VOID__POINTER_POINTER, |
10a2ac84349d
Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents:
21561
diff
changeset
|
2043 NULL, /* No callback return value */ |
10a2ac84349d
Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents:
21561
diff
changeset
|
2044 2, /* Two non-data arguments */ |
10a2ac84349d
Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents:
21561
diff
changeset
|
2045 purple_value_new(PURPLE_TYPE_SUBTYPE, |
10a2ac84349d
Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents:
21561
diff
changeset
|
2046 PURPLE_SUBTYPE_CERTIFICATEPOOL), |
10a2ac84349d
Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents:
21561
diff
changeset
|
2047 purple_value_new(PURPLE_TYPE_STRING)); |
19063
2f51578e6602
- Add debugging babble for registers/unregisters
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19060
diff
changeset
|
2048 |
21655
10a2ac84349d
Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents:
21561
diff
changeset
|
2049 purple_debug_info("certificate", |
10a2ac84349d
Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents:
21561
diff
changeset
|
2050 "CertificatePool %s registered\n", |
10a2ac84349d
Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents:
21561
diff
changeset
|
2051 pool->name); |
10a2ac84349d
Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents:
21561
diff
changeset
|
2052 |
10a2ac84349d
Simplify this a little bit. Most of this change is just removing
Mark Doliner <mark@kingant.net>
parents:
21561
diff
changeset
|
2053 return TRUE; |
18971
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
2054 } |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
2055 |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
2056 gboolean |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
2057 purple_certificate_unregister_pool(PurpleCertificatePool *pool) |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
2058 { |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
2059 if (NULL == pool) { |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
2060 purple_debug_warning("certificate", |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
2061 "Attempting to unregister NULL pool\n"); |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
2062 return FALSE; |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
2063 } |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
2064 |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
2065 /* Check that the pool is registered */ |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
2066 if (!g_list_find(cert_pools, pool)) { |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
2067 purple_debug_warning("certificate", |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
2068 "Pool to unregister isn't registered!\n"); |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
2069 |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
2070 return FALSE; |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
2071 } |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
2072 |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
2073 /* Uninit the pool if needed */ |
19517
7bea9c9fd2a5
(Un)Register the pools with DBus to avoid a runtime fit.
Sadrul Habib Chowdhury <imadil@gmail.com>
parents:
19515
diff
changeset
|
2074 PURPLE_DBUS_UNREGISTER_POINTER(pool); |
18971
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
2075 if (pool->uninit) { |
18975
172b8d1dc2be
- CertificatePool member functions no longer accept a Pool instance, as Pools are expected to be singletons
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18973
diff
changeset
|
2076 pool->uninit(); |
18971
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
2077 } |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
2078 |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
2079 cert_pools = g_list_remove(cert_pools, pool); |
25924
584063555949
Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents:
25894
diff
changeset
|
2080 |
18971
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
2081 /* TODO: Signalling? */ |
19044
602295db8e6b
- Register the certificate-stored and certificate-deleted signals
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19034
diff
changeset
|
2082 purple_signal_unregister(pool, "certificate-stored"); |
602295db8e6b
- Register the certificate-stored and certificate-deleted signals
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19034
diff
changeset
|
2083 purple_signal_unregister(pool, "certificate-deleted"); |
25924
584063555949
Remove trailing whitespace
Mark Doliner <mark@kingant.net>
parents:
25894
diff
changeset
|
2084 |
19063
2f51578e6602
- Add debugging babble for registers/unregisters
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19060
diff
changeset
|
2085 purple_debug_info("certificate", |
2f51578e6602
- Add debugging babble for registers/unregisters
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19060
diff
changeset
|
2086 "CertificatePool %s unregistered\n", |
2f51578e6602
- Add debugging babble for registers/unregisters
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19060
diff
changeset
|
2087 pool->name); |
18971
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
2088 return TRUE; |
898e2bd70f23
- Add find, register, and unregister for CertificatePools
William Ehlhardt <williamehlhardt@gmail.com>
parents:
18964
diff
changeset
|
2089 } |
19329
e93db0c87b26
- Add purple_certificate_display_x509
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19271
diff
changeset
|
2090 |
e93db0c87b26
- Add purple_certificate_display_x509
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19271
diff
changeset
|
2091 /****************************************************************************/ |
e93db0c87b26
- Add purple_certificate_display_x509
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19271
diff
changeset
|
2092 /* Scheme-specific functions */ |
e93db0c87b26
- Add purple_certificate_display_x509
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19271
diff
changeset
|
2093 /****************************************************************************/ |
e93db0c87b26
- Add purple_certificate_display_x509
William Ehlhardt <williamehlhardt@gmail.com>
parents:
19271
diff
changeset
|
2094 |
21647
a57adf1de9cb
Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents:
21561
diff
changeset
|
2095 void purple_certificate_add_ca_search_path(const char *path) |
a57adf1de9cb
Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents:
21561
diff
changeset
|
2096 { |
a57adf1de9cb
Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents:
21561
diff
changeset
|
2097 if (g_list_find_custom(x509_ca_paths, path, (GCompareFunc)strcmp)) |
a57adf1de9cb
Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents:
21561
diff
changeset
|
2098 return; |
a57adf1de9cb
Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents:
21561
diff
changeset
|
2099 x509_ca_paths = g_list_append(x509_ca_paths, g_strdup(path)); |
a57adf1de9cb
Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents:
21561
diff
changeset
|
2100 } |
a57adf1de9cb
Patch from Florian Quze (the InstantBird dude) to add a search path for
Sadrul Habib Chowdhury <imadil@gmail.com>
parents:
21561
diff
changeset
|
2101 |