Mercurial > pidgin
comparison libpurple/plugins/ssl/ssl-nss.c @ 19670:fb3b3e93b9ca
Attempt to display user readable error messages for NSS.
| author | Daniel Atallah <daniel.atallah@gmail.com> |
|---|---|
| date | Thu, 06 Sep 2007 15:38:03 +0000 |
| parents | 450f4a3c4c0f |
| children | 44b4e8bd759b |
comparison
equal
deleted
inserted
replaced
| 19668:a2f5a28ba983 | 19670:fb3b3e93b9ca |
|---|---|
| 103 case PR_IO_ERROR: | 103 case PR_IO_ERROR: |
| 104 default: | 104 default: |
| 105 errno = EIO; | 105 errno = EIO; |
| 106 break; | 106 break; |
| 107 } | 107 } |
| 108 } | |
| 109 | |
| 110 static gchar *get_error_text() | |
| 111 { | |
| 112 PRInt32 len = PR_GetErrorTextLength(); | |
| 113 gchar *ret = NULL; | |
| 114 | |
| 115 if (len > 0) { | |
| 116 ret = g_malloc(len + 1); | |
| 117 len = PR_GetErrorText(ret); | |
| 118 ret[len] = '\0'; | |
| 119 } | |
| 120 | |
| 121 return ret; | |
| 108 } | 122 } |
| 109 | 123 |
| 110 static void | 124 static void |
| 111 ssl_nss_init_nss(void) | 125 ssl_nss_init_nss(void) |
| 112 { | 126 { |
| 218 | 232 |
| 219 /* I don't think this the best way to do this... | 233 /* I don't think this the best way to do this... |
| 220 * It seems to work because it'll eventually use the cached value | 234 * It seems to work because it'll eventually use the cached value |
| 221 */ | 235 */ |
| 222 if(SSL_ForceHandshake(nss_data->in) != SECSuccess) { | 236 if(SSL_ForceHandshake(nss_data->in) != SECSuccess) { |
| 237 gchar *error_txt; | |
| 223 set_errno(PR_GetError()); | 238 set_errno(PR_GetError()); |
| 224 if (errno == EAGAIN || errno == EWOULDBLOCK) | 239 if (errno == EAGAIN || errno == EWOULDBLOCK) |
| 225 return; | 240 return; |
| 226 | 241 |
| 227 purple_debug_error("nss", "Handshake failed %d\n", PR_GetError()); | 242 error_txt = get_error_text(); |
| 243 purple_debug_error("nss", "Handshake failed %s (%d)\n", error_txt ? error_txt : "", PR_GetError()); | |
| 244 g_free(error_txt); | |
| 228 | 245 |
| 229 if (gsc->error_cb != NULL) | 246 if (gsc->error_cb != NULL) |
| 230 gsc->error_cb(gsc, PURPLE_SSL_HANDSHAKE_FAILED, gsc->connect_cb_data); | 247 gsc->error_cb(gsc, PURPLE_SSL_HANDSHAKE_FAILED, gsc->connect_cb_data); |
| 231 | 248 |
| 232 purple_ssl_close(gsc); | 249 purple_ssl_close(gsc); |
| 263 } | 280 } |
| 264 | 281 |
| 265 socket_opt.option = PR_SockOpt_Nonblocking; | 282 socket_opt.option = PR_SockOpt_Nonblocking; |
| 266 socket_opt.value.non_blocking = PR_TRUE; | 283 socket_opt.value.non_blocking = PR_TRUE; |
| 267 | 284 |
| 268 if (PR_SetSocketOption(nss_data->fd, &socket_opt) != PR_SUCCESS) | 285 if (PR_SetSocketOption(nss_data->fd, &socket_opt) != PR_SUCCESS) { |
| 269 purple_debug_warning("nss", "unable to set socket into non-blocking mode: %d\n", PR_GetError()); | 286 gchar *error_txt = get_error_text(); |
| 287 purple_debug_warning("nss", "unable to set socket into non-blocking mode: %s (%d)\n", error_txt ? error_txt : "", PR_GetError()); | |
| 288 g_free(error_txt); | |
| 289 } | |
| 270 | 290 |
| 271 nss_data->in = SSL_ImportFD(NULL, nss_data->fd); | 291 nss_data->in = SSL_ImportFD(NULL, nss_data->fd); |
| 272 | 292 |
| 273 if (nss_data->in == NULL) | 293 if (nss_data->in == NULL) |
| 274 { | 294 { |
| 363 | 383 |
| 364 static GList * | 384 static GList * |
| 365 ssl_nss_peer_certs(PurpleSslConnection *gsc) | 385 ssl_nss_peer_certs(PurpleSslConnection *gsc) |
| 366 { | 386 { |
| 367 PurpleSslNssData *nss_data = PURPLE_SSL_NSS_DATA(gsc); | 387 PurpleSslNssData *nss_data = PURPLE_SSL_NSS_DATA(gsc); |
| 388 CERTCertificate *cert; | |
| 389 /* | |
| 368 GList *chain = NULL; | 390 GList *chain = NULL; |
| 369 CERTCertificate *cert; | |
| 370 void *pinArg; | 391 void *pinArg; |
| 371 SECStatus status; | 392 SECStatus status; |
| 393 */ | |
| 372 | 394 |
| 373 /* TODO: this is a blind guess */ | 395 /* TODO: this is a blind guess */ |
| 374 cert = SSL_PeerCertificate(nss_data->fd); | 396 cert = SSL_PeerCertificate(nss_data->fd); |
| 375 | 397 |
| 376 | 398 |
| 485 | 507 |
| 486 /* Delete the PurpleCertificate as well */ | 508 /* Delete the PurpleCertificate as well */ |
| 487 g_free(crt); | 509 g_free(crt); |
| 488 } | 510 } |
| 489 | 511 |
| 512 #if 0 | |
| 490 /** Determines whether one certificate has been issued and signed by another | 513 /** Determines whether one certificate has been issued and signed by another |
| 491 * | 514 * |
| 492 * @param crt Certificate to check the signature of | 515 * @param crt Certificate to check the signature of |
| 493 * @param issuer Issuer's certificate | 516 * @param issuer Issuer's certificate |
| 494 * | 517 * |
| 499 x509_certificate_signed_by(PurpleCertificate * crt, | 522 x509_certificate_signed_by(PurpleCertificate * crt, |
| 500 PurpleCertificate * issuer) | 523 PurpleCertificate * issuer) |
| 501 { | 524 { |
| 502 return FALSE; | 525 return FALSE; |
| 503 } | 526 } |
| 527 #endif | |
| 504 | 528 |
| 505 static GByteArray * | 529 static GByteArray * |
| 506 x509_sha1sum(PurpleCertificate *crt) | 530 x509_sha1sum(PurpleCertificate *crt) |
| 507 { | 531 { |
| 508 CERTCertificate *crt_dat; | 532 CERTCertificate *crt_dat; |