# HG changeset patch # User Andreas Monitzer # Date 1181056710 0 # Node ID 988102692e390d8272ed58821dc6d17da913b708 # Parent 4c454d1a6f85ebe1f8caabadc4b1ef97c34a8083 Fixed one of the issues in the ssl stuff, allowing CN cert checks for starttls-connections in XMPP. diff -r 4c454d1a6f85 -r 988102692e39 libpurple/protocols/jabber/jabber.c --- a/libpurple/protocols/jabber/jabber.c Sun Jun 03 23:28:04 2007 +0000 +++ b/libpurple/protocols/jabber/jabber.c Tue Jun 05 15:18:30 2007 +0000 @@ -504,15 +504,13 @@ { purple_input_remove(js->gc->inpa); js->gc->inpa = 0; - js->gsc = purple_ssl_connect_fd(js->gc->account, js->fd, - jabber_login_callback_ssl, jabber_ssl_connect_failure, js->gc); + js->gsc = purple_ssl_connect_with_host_fd(js->gc->account, js->fd, + jabber_login_callback_ssl, jabber_ssl_connect_failure, js->serverFQDN, js->gc); } static void jabber_login_connect(JabberStream *js, const char *fqdn, const char *host, int port) { -#ifdef HAVE_CYRUS_SASL js->serverFQDN = g_strdup(fqdn); -#endif if (purple_proxy_connect(js->gc, js->gc->account, host, port, jabber_login_callback, js->gc) == NULL) @@ -1021,9 +1019,9 @@ g_string_free(js->sasl_mechs, TRUE); if(js->sasl_cb) g_free(js->sasl_cb); +#endif if(js->serverFQDN) g_free(js->serverFQDN); -#endif g_free(js->server_name); g_free(js->gmail_last_time); g_free(js->gmail_last_tid); diff -r 4c454d1a6f85 -r 988102692e39 libpurple/protocols/jabber/jabber.h --- a/libpurple/protocols/jabber/jabber.h Sun Jun 03 23:28:04 2007 +0000 +++ b/libpurple/protocols/jabber/jabber.h Tue Jun 05 15:18:30 2007 +0000 @@ -136,6 +136,8 @@ char *gmail_last_time; char *gmail_last_tid; + char *serverFQDN; + /* OK, this stays at the end of the struct, so plugins can depend * on the rest of the stuff being in the right place */ @@ -145,7 +147,6 @@ int sasl_state; int sasl_maxbuf; GString *sasl_mechs; - char *serverFQDN; #endif } JabberStream; diff -r 4c454d1a6f85 -r 988102692e39 libpurple/sslconn.c --- a/libpurple/sslconn.c Sun Jun 03 23:28:04 2007 +0000 +++ b/libpurple/sslconn.c Tue Jun 05 15:18:30 2007 +0000 @@ -154,7 +154,18 @@ PurpleSslConnection * purple_ssl_connect_fd(PurpleAccount *account, int fd, PurpleSslInputFunction func, - PurpleSslErrorFunction error_func, void *data) + PurpleSslErrorFunction error_func, + void *data) +{ + return purple_ssl_connect_with_host_fd(account, fd, func, error_func, NULL, data); +} + +PurpleSslConnection * +purple_ssl_connect_with_host_fd(PurpleAccount *account, int fd, + PurpleSslInputFunction func, + PurpleSslErrorFunction error_func, + const char *host, + void *data) { PurpleSslConnection *gsc; PurpleSslOps *ops; @@ -175,6 +186,8 @@ gsc->connect_cb = func; gsc->error_cb = error_func; gsc->fd = fd; + if(host) + gsc->host = g_strdup(host); ops = purple_ssl_get_ops(); ops->connectfunc(gsc); diff -r 4c454d1a6f85 -r 988102692e39 libpurple/sslconn.h --- a/libpurple/sslconn.h Sun Jun 03 23:28:04 2007 +0000 +++ b/libpurple/sslconn.h Tue Jun 05 15:18:30 2007 +0000 @@ -154,6 +154,7 @@ /** * Makes a SSL connection using an already open file descriptor. + * DEPRECATED. Use purple_ssl_connect_with_host_fd instead. * * @param account The account making the connection. * @param fd The file descriptor. @@ -166,7 +167,25 @@ PurpleSslConnection *purple_ssl_connect_fd(PurpleAccount *account, int fd, PurpleSslInputFunction func, PurpleSslErrorFunction error_func, - void *data); + void *data); + +/** + * Makes a SSL connection using an already open file descriptor. + * + * @param account The account making the connection. + * @param fd The file descriptor. + * @param func The SSL input handler function. + * @param error_func The SSL error handler function. + * @param host The hostname of the other peer (to verify the CN) + * @param data User-defined data. + * + * @return The SSL connection handle. + */ +PurpleSslConnection *purple_ssl_connect_with_host_fd(PurpleAccount *account, int fd, + PurpleSslInputFunction func, + PurpleSslErrorFunction error_func, + const char *host, + void *data); /** * Adds an input watcher for the specified SSL connection.