Mercurial > pidgin
comparison libpurple/plugins/ssl/ssl-nss.c @ 19670:fb3b3e93b9ca
Attempt to display user readable error messages for NSS.
author | Daniel Atallah <daniel.atallah@gmail.com> |
---|---|
date | Thu, 06 Sep 2007 15:38:03 +0000 |
parents | 450f4a3c4c0f |
children | 44b4e8bd759b |
comparison
equal
deleted
inserted
replaced
19668:a2f5a28ba983 | 19670:fb3b3e93b9ca |
---|---|
103 case PR_IO_ERROR: | 103 case PR_IO_ERROR: |
104 default: | 104 default: |
105 errno = EIO; | 105 errno = EIO; |
106 break; | 106 break; |
107 } | 107 } |
108 } | |
109 | |
110 static gchar *get_error_text() | |
111 { | |
112 PRInt32 len = PR_GetErrorTextLength(); | |
113 gchar *ret = NULL; | |
114 | |
115 if (len > 0) { | |
116 ret = g_malloc(len + 1); | |
117 len = PR_GetErrorText(ret); | |
118 ret[len] = '\0'; | |
119 } | |
120 | |
121 return ret; | |
108 } | 122 } |
109 | 123 |
110 static void | 124 static void |
111 ssl_nss_init_nss(void) | 125 ssl_nss_init_nss(void) |
112 { | 126 { |
218 | 232 |
219 /* I don't think this the best way to do this... | 233 /* I don't think this the best way to do this... |
220 * It seems to work because it'll eventually use the cached value | 234 * It seems to work because it'll eventually use the cached value |
221 */ | 235 */ |
222 if(SSL_ForceHandshake(nss_data->in) != SECSuccess) { | 236 if(SSL_ForceHandshake(nss_data->in) != SECSuccess) { |
237 gchar *error_txt; | |
223 set_errno(PR_GetError()); | 238 set_errno(PR_GetError()); |
224 if (errno == EAGAIN || errno == EWOULDBLOCK) | 239 if (errno == EAGAIN || errno == EWOULDBLOCK) |
225 return; | 240 return; |
226 | 241 |
227 purple_debug_error("nss", "Handshake failed %d\n", PR_GetError()); | 242 error_txt = get_error_text(); |
243 purple_debug_error("nss", "Handshake failed %s (%d)\n", error_txt ? error_txt : "", PR_GetError()); | |
244 g_free(error_txt); | |
228 | 245 |
229 if (gsc->error_cb != NULL) | 246 if (gsc->error_cb != NULL) |
230 gsc->error_cb(gsc, PURPLE_SSL_HANDSHAKE_FAILED, gsc->connect_cb_data); | 247 gsc->error_cb(gsc, PURPLE_SSL_HANDSHAKE_FAILED, gsc->connect_cb_data); |
231 | 248 |
232 purple_ssl_close(gsc); | 249 purple_ssl_close(gsc); |
263 } | 280 } |
264 | 281 |
265 socket_opt.option = PR_SockOpt_Nonblocking; | 282 socket_opt.option = PR_SockOpt_Nonblocking; |
266 socket_opt.value.non_blocking = PR_TRUE; | 283 socket_opt.value.non_blocking = PR_TRUE; |
267 | 284 |
268 if (PR_SetSocketOption(nss_data->fd, &socket_opt) != PR_SUCCESS) | 285 if (PR_SetSocketOption(nss_data->fd, &socket_opt) != PR_SUCCESS) { |
269 purple_debug_warning("nss", "unable to set socket into non-blocking mode: %d\n", PR_GetError()); | 286 gchar *error_txt = get_error_text(); |
287 purple_debug_warning("nss", "unable to set socket into non-blocking mode: %s (%d)\n", error_txt ? error_txt : "", PR_GetError()); | |
288 g_free(error_txt); | |
289 } | |
270 | 290 |
271 nss_data->in = SSL_ImportFD(NULL, nss_data->fd); | 291 nss_data->in = SSL_ImportFD(NULL, nss_data->fd); |
272 | 292 |
273 if (nss_data->in == NULL) | 293 if (nss_data->in == NULL) |
274 { | 294 { |
363 | 383 |
364 static GList * | 384 static GList * |
365 ssl_nss_peer_certs(PurpleSslConnection *gsc) | 385 ssl_nss_peer_certs(PurpleSslConnection *gsc) |
366 { | 386 { |
367 PurpleSslNssData *nss_data = PURPLE_SSL_NSS_DATA(gsc); | 387 PurpleSslNssData *nss_data = PURPLE_SSL_NSS_DATA(gsc); |
388 CERTCertificate *cert; | |
389 /* | |
368 GList *chain = NULL; | 390 GList *chain = NULL; |
369 CERTCertificate *cert; | |
370 void *pinArg; | 391 void *pinArg; |
371 SECStatus status; | 392 SECStatus status; |
393 */ | |
372 | 394 |
373 /* TODO: this is a blind guess */ | 395 /* TODO: this is a blind guess */ |
374 cert = SSL_PeerCertificate(nss_data->fd); | 396 cert = SSL_PeerCertificate(nss_data->fd); |
375 | 397 |
376 | 398 |
485 | 507 |
486 /* Delete the PurpleCertificate as well */ | 508 /* Delete the PurpleCertificate as well */ |
487 g_free(crt); | 509 g_free(crt); |
488 } | 510 } |
489 | 511 |
512 #if 0 | |
490 /** Determines whether one certificate has been issued and signed by another | 513 /** Determines whether one certificate has been issued and signed by another |
491 * | 514 * |
492 * @param crt Certificate to check the signature of | 515 * @param crt Certificate to check the signature of |
493 * @param issuer Issuer's certificate | 516 * @param issuer Issuer's certificate |
494 * | 517 * |
499 x509_certificate_signed_by(PurpleCertificate * crt, | 522 x509_certificate_signed_by(PurpleCertificate * crt, |
500 PurpleCertificate * issuer) | 523 PurpleCertificate * issuer) |
501 { | 524 { |
502 return FALSE; | 525 return FALSE; |
503 } | 526 } |
527 #endif | |
504 | 528 |
505 static GByteArray * | 529 static GByteArray * |
506 x509_sha1sum(PurpleCertificate *crt) | 530 x509_sha1sum(PurpleCertificate *crt) |
507 { | 531 { |
508 CERTCertificate *crt_dat; | 532 CERTCertificate *crt_dat; |