Mercurial > pidgin

comparison libpurple/plugins/ssl/ssl-gnutls.c @ 17914:2f119e2a1b33

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
- Wrote GnuTLS get_peer_certificates function
author William Ehlhardt <williamehlhardt@gmail.com>
date Sat, 02 Jun 2007 06:33:48 +0000
parents 55a0b0a42000
children 80c909c5bb7a
comparison
equal deleted inserted replaced
17913:55a0b0a42000 17914:2f119e2a1b33
291 } 291 }
292 292
293 return s; 293 return s;
294 } 294 }
295 295
296 /* Forward declarations are fun!
297 TODO: This is a stupid place for this */
298 static Certificate *
299 x509_import_from_datum(const gnutls_datum_t dt);
300
301 static GList *
302 ssl_gnutls_get_peer_certificates(PurpleSslConnection * gsc)
303 {
304 PurpleSslGnutlsData *gnutls_data = PURPLE_SSL_GNUTLS_DATA(gsc);
305
306 /* List of Certificate instances to return */
307 GList * peer_certs = NULL;
308
309 /* List of raw certificates as given by GnuTLS */
310 const gnutls_datum_t *cert_list;
311 unsigned int cert_list_size = 0;
312
313 unsigned int i;
314
315 /* This should never, ever happen. */
316 g_return_val_if_fail( gnutls_certificate_type_get (gnutls_data->session) == GNUTLS_CRT_X509, NULL);
317
318 /* Get the certificate list from GnuTLS */
319 /* TODO: I am _pretty sure_ this doesn't block or do other exciting things */
320 cert_list = gnutls_certificate_get_peers(gnutls_data->session,
321 &cert_list_size);
322
323 /* Convert each certificate to a Certificate and append it to the list */
324 for (i = 0; i < cert_list_size; i++) {
325 Certificate * newcrt = x509_import_from_datum(cert_list[i]);
326 /* Append is somewhat inefficient on linked lists, but is easy
327 to read. If someone complains, I'll change it.
328 TODO: Is anyone complaining? (Maybe elb?) */
329 peer_certs = g_list_append(peer_certs, newcrt);
330 }
331
332 /* cert_list shouldn't need free()-ing */
333 /* TODO: double-check this */
334
335 return peer_certs;
336 }
337
296 /************************************************************************/ 338 /************************************************************************/
297 /* X.509 functionality */ 339 /* X.509 functionality */
298 /************************************************************************/ 340 /************************************************************************/
299 const gchar * SCHEME_NAME = "x509"; 341 const gchar * SCHEME_NAME = "x509";
300 342
302 /* TODO: Flesh this out! */ 344 /* TODO: Flesh this out! */
303 static CertificateScheme x509_gnutls = { 345 static CertificateScheme x509_gnutls = {
304 "x509" /* Scheme name */ 346 "x509" /* Scheme name */
305 }; 347 };
306 348
349 /** Transforms a gnutls_datum_t containing an X.509 certificate into a Certificate instance under the x509_gnutls scheme
350 *
351 * @param dt Datum to transform
352 *
353 * @return A newly allocated Certificate structure of the x509_gnutls scheme
354 */
355 static Certificate *
356 x509_import_from_datum(const gnutls_datum_t dt)
357 {
358 /* Internal certificate data structure */
359 gnutls_x509_crt_t *certdat;
360 /* New certificate to return */
361 Certificate * crt;
362
363 /* Allocate and prepare the internal certificate data */
364 certdat = g_new(gnutls_x509_crt_t, 1);
365 gnutls_x509_crt_init(certdat);
366
367 /* Perform the actual certificate parse */
368 /* Yes, certdat SHOULD be dereferenced */
369 gnutls_x509_crt_import(*certdat, &dt, GNUTLS_X509_FMT_PEM);
370
371 /* Allocate the certificate and load it with data */
372 crt = g_new(Certificate, 1);
373 crt->scheme = &x509_gnutls;
374 crt->data = certdat;
375
376 return crt;
377 }
378
307 /** Imports a PEM-formatted X.509 certificate from the specified file. 379 /** Imports a PEM-formatted X.509 certificate from the specified file.
308 * @param filename Filename to import from. Format is PEM 380 * @param filename Filename to import from. Format is PEM
309 * 381 *
310 * @return A newly allocated Certificate structure of the x509_gnutls scheme 382 * @return A newly allocated Certificate structure of the x509_gnutls scheme
311 */ 383 */
313 x509_import_from_file(const gchar * filename) 385 x509_import_from_file(const gchar * filename)
314 { 386 {
315 Certificate *crt; /* Certificate being constructed */ 387 Certificate *crt; /* Certificate being constructed */
316 gchar *buf; /* Used to load the raw file data */ 388 gchar *buf; /* Used to load the raw file data */
317 gsize buf_sz; /* Size of the above */ 389 gsize buf_sz; /* Size of the above */
318 gnutls_datum_t dt; /* Struct to pass to GnuTLS */ 390 gnutls_datum_t dt; /* Struct to pass down to GnuTLS */
319
320 /* Internal certificate data structure */
321 gnutls_x509_crt_t *certdat;
322 391
323 purple_debug_info("gnutls", 392 purple_debug_info("gnutls",
324 "Attempting to load X.509 certificate from %s\n", 393 "Attempting to load X.509 certificate from %s\n",
325 filename); 394 filename);
326 395
332 &buf, 401 &buf,
333 &buf_sz, 402 &buf_sz,
334 NULL /* No error checking for now */ 403 NULL /* No error checking for now */
335 ); 404 );
336 405
337 /* Allocate and prepare the internal certificate data */
338 certdat = g_new(gnutls_x509_crt_t, 1);
339 gnutls_x509_crt_init(certdat);
340
341 /* Load the datum struct */ 406 /* Load the datum struct */
342 dt.data = (unsigned char *) buf; 407 dt.data = (unsigned char *) buf;
343 dt.size = buf_sz; 408 dt.size = buf_sz;
344 409
345 /* Perform the actual certificate parse */ 410 /* Perform the conversion */
346 /* Yes, certdat SHOULD be dereferenced */ 411 crt = x509_import_from_datum(dt);
347 gnutls_x509_crt_import(*certdat, &dt, GNUTLS_X509_FMT_PEM);
348 412
349 /* Allocate the certificate and load it with data */
350 crt = g_new(Certificate, 1);
351 crt->scheme = &x509_gnutls;
352 crt->data = certdat;
353
354 /* Cleanup */ 413 /* Cleanup */
355 g_free(buf); 414 g_free(buf);
356 415
357 return crt; 416 return crt;
358 } 417 }