# HG changeset patch
# User Paul Aurich <paul@darkrain42.org>
# Date 1228979690 0
# Node ID d3f47707e2603c2ba11ea7338554ae424fc4ae44
# Parent  ea70a446dde4024d3426a1c250506e769f6d4bce
Part 2 of the continuing effort to get OSCAR over SSL working.

  * Request SSL when getting new FLAP connections and parse the returned
    attributes (regarding what to use as the SSL common name).
  * Work around what is apparently weird buginess with FLAP connections
    to SNAC families ADMIN and BART (they don't like SSL).

SSL connections still pop up certificate warnings.

diff -r ea70a446dde4 -r d3f47707e260 libpurple/protocols/oscar/family_oservice.c
--- a/libpurple/protocols/oscar/family_oservice.c	Wed Dec 10 23:41:28 2008 +0000
+++ b/libpurple/protocols/oscar/family_oservice.c	Thu Dec 11 07:14:50 2008 +0000
@@ -103,12 +103,31 @@
 aim_srv_requestnew(OscarData *od, guint16 serviceid)
 {
 	FlapConnection *conn;
+	ByteStream bs;
+	aim_snacid_t snacid;
+	GSList *tlvlist = NULL;
 
 	conn = flap_connection_findbygroup(od, SNAC_FAMILY_BOS);
 	if(!conn)
 		return;
 
-	aim_genericreq_s(od, conn, SNAC_FAMILY_OSERVICE, 0x0004, &serviceid);
+	byte_stream_new(&bs, 6);
+
+	byte_stream_put16(&bs, serviceid);
+
+	/*
+	 * Request SSL Connection
+	 */
+	if (od->use_ssl)
+		aim_tlvlist_add_noval(&tlvlist, 0x008c);
+
+	aim_tlvlist_write(&bs, &tlvlist);
+	aim_tlvlist_free(tlvlist);
+
+	snacid = aim_cachesnac(od, SNAC_FAMILY_OSERVICE, 0x0004, 0x0000, NULL, 0);
+	flap_connection_send_snac(od, conn, SNAC_FAMILY_OSERVICE, 0x0004, 0x0000, snacid, &bs);
+
+	byte_stream_destroy(&bs);
 }
 
 /*
@@ -127,10 +146,10 @@
 	struct chatsnacinfo csi;
 
 	conn = flap_connection_findbygroup(od, SNAC_FAMILY_BOS);
-	if (!conn || !roomname || !strlen(roomname))
+	if (!conn || !roomname || roomname[0] == '\0')
 		return -EINVAL;
 
-	byte_stream_new(&bs, 502);
+	byte_stream_new(&bs, 506);
 
 	memset(&csi, 0, sizeof(csi));
 	csi.exchange = exchange;
@@ -143,6 +162,13 @@
 	byte_stream_put16(&bs, 0x000e);
 
 	aim_tlvlist_add_chatroom(&tlvlist, 0x0001, exchange, roomname, instance);
+
+	/*
+	 * Request SSL Connection
+	 */
+	if (od->use_ssl)
+		aim_tlvlist_add_noval(&tlvlist, 0x008c);
+
 	aim_tlvlist_write(&bs, &tlvlist);
 	aim_tlvlist_free(tlvlist);
 
@@ -179,6 +205,8 @@
 	redir.ip = aim_tlv_getstr(tlvlist, 0x0005, 1);
 	redir.cookielen = aim_tlv_gettlv(tlvlist, 0x0006, 1)->length;
 	redir.cookie = (guchar *)aim_tlv_getstr(tlvlist, 0x0006, 1);
+	redir.ssl_cert_cn = aim_tlv_getstr(tlvlist, 0x008d, 1);
+	redir.use_ssl = aim_tlv_get8(tlvlist, 0x008e, 1);
 
 	/* Fetch original SNAC so we can get csi if needed */
 	origsnac = aim_remsnac(od, snac->id);
@@ -196,6 +224,7 @@
 
 	g_free((void *)redir.ip);
 	g_free((void *)redir.cookie);
+	g_free((void *)redir.ssl_cert_cn);
 
 	if (origsnac)
 		g_free(origsnac->data);
diff -r ea70a446dde4 -r d3f47707e260 libpurple/protocols/oscar/oscar.c
--- a/libpurple/protocols/oscar/oscar.c	Wed Dec 10 23:41:28 2008 +0000
+++ b/libpurple/protocols/oscar/oscar.c	Thu Dec 11 07:14:50 2008 +0000
@@ -1956,8 +1956,22 @@
 	else
 		host = g_strdup(redir->ip);
 
-	purple_debug_info("oscar", "Connecting to FLAP server %s:%d of type 0x%04hx\n",
-					host, port, redir->group);
+	/*
+	 * These FLAP servers advertise SSL (type "0x02"), but SSL connections to these hosts
+	 * die a painful death. iChat and Miranda, when using SSL, still do these in plaintext.
+	 */
+	if (redir->use_ssl && (redir->group == SNAC_FAMILY_ADMIN ||
+	                       redir->group == SNAC_FAMILY_BART))
+	{
+		purple_debug_info("oscar", "Ignoring broken SSL for FLAP type 0x%04hx.\n",
+						redir->group);
+		redir->use_ssl = 0;
+	}
+
+	purple_debug_info("oscar", "Connecting to FLAP server %s:%d of type 0x%04hx%s\n",
+					host, port, redir->group,
+					od->use_ssl && !redir->use_ssl ? " without SSL, despite main stream encryption" : "");
+
 	newconn = flap_connection_new(od, redir->group);
 	newconn->cookielen = redir->cookielen;
 	newconn->cookie = g_memdup(redir->cookie, redir->cookielen);
@@ -1975,7 +1989,8 @@
 		purple_debug_info("oscar", "Connecting to chat room %s exchange %hu\n", cc->name, cc->exchange);
 	}
 
-	if (od->use_ssl)
+
+	if (redir->use_ssl)
 	{
 		newconn->gsc = purple_ssl_connect(account, host, port,
 				ssl_connection_established_cb, ssl_connection_error_cb,
diff -r ea70a446dde4 -r d3f47707e260 libpurple/protocols/oscar/oscar.h
--- a/libpurple/protocols/oscar/oscar.h	Wed Dec 10 23:41:28 2008 +0000
+++ b/libpurple/protocols/oscar/oscar.h	Thu Dec 11 07:14:50 2008 +0000
@@ -595,6 +595,8 @@
 	const char *ip;
 	guint16 cookielen;
 	const guint8 *cookie;
+	const char *ssl_cert_cn;
+	guint8 use_ssl;
 	struct { /* group == SNAC_FAMILY_CHAT */
 		guint16 exchange;
 		const char *room;
diff -r ea70a446dde4 -r d3f47707e260 libpurple/protocols/oscar/snactypes.h
--- a/libpurple/protocols/oscar/snactypes.h	Wed Dec 10 23:41:28 2008 +0000
+++ b/libpurple/protocols/oscar/snactypes.h	Thu Dec 11 07:14:50 2008 +0000
@@ -40,14 +40,14 @@
 #define SNAC_FAMILY_USERLOOKUP 0x000a
 #define SNAC_FAMILY_STATS      0x000b
 #define SNAC_FAMILY_TRANSLATE  0x000c
-#define SNAC_FAMILY_CHATNAV    0x000d /* XXX "provides info, searching and creating" */
+#define SNAC_FAMILY_CHATNAV    0x000d
 #define SNAC_FAMILY_CHAT       0x000e
 #define SNAC_FAMILY_ODIR       0x000f
-#define SNAC_FAMILY_BART       0x0010 /* XXX user avatars */
+#define SNAC_FAMILY_BART       0x0010
 #define SNAC_FAMILY_FEEDBAG    0x0013
 #define SNAC_FAMILY_ICQ        0x0015
 #define SNAC_FAMILY_AUTH       0x0017
-#define SNAC_FAMILY_ALERT      0x0018 /* XXX email notification */
+#define SNAC_FAMILY_ALERT      0x0018
 
 #define AIM_CB_FAM_SPECIAL 0xffff /* Internal libfaim use */