Mercurial > pidgin
changeset 32556:b1f9e5e9c03f
Use new certificate request API when prompting the user to accept certs.
| author | Elliott Sales de Andrade <qulogic@pidgin.im> |
|---|---|
| date | Sun, 26 Feb 2012 05:11:02 +0000 |
| parents | ca8b2ec198d9 |
| children | c7dfb2a13206 |
| files | libpurple/certificate.c |
| diffstat | 1 files changed, 46 insertions(+), 137 deletions(-) [+] |
line wrap: on
line diff
--- a/libpurple/certificate.c Sun Feb 26 04:37:10 2012 +0000 +++ b/libpurple/certificate.c Sun Feb 26 05:11:02 2012 +0000 @@ -680,77 +680,62 @@ /****************************************************************************/ static void -x509_singleuse_verify_cb (PurpleCertificateVerificationRequest *vrq, gint id) +x509_singleuse_verify_accept_cb(PurpleCertificateVerificationRequest *vrq) { g_return_if_fail(vrq); purple_debug_info("certificate/x509_singleuse", - "VRQ on cert from %s gave %d\n", - vrq->subject_name, id); + "VRQ on cert from %s accepted\n", + vrq->subject_name); + + purple_certificate_verify_complete(vrq, PURPLE_CERTIFICATE_VALID); +} - /* Signal what happened back to the caller */ - if (1 == id) { - /* Accepted! */ - purple_certificate_verify_complete(vrq, - PURPLE_CERTIFICATE_VALID); - } else { - /* Not accepted */ - purple_certificate_verify_complete(vrq, - PURPLE_CERTIFICATE_INVALID); +static void +x509_singleuse_verify_reject_cb(PurpleCertificateVerificationRequest *vrq) +{ + g_return_if_fail(vrq); - } + purple_debug_info("certificate/x509_singleuse", + "VRQ on cert from %s rejected\n", + vrq->subject_name); + + purple_certificate_verify_complete(vrq, PURPLE_CERTIFICATE_INVALID); } static void x509_singleuse_start_verify (PurpleCertificateVerificationRequest *vrq) { - gchar *sha_asc; - GByteArray *sha_bin; gchar *cn; const gchar *cn_match; gchar *primary, *secondary; - PurpleCertificate *crt = (PurpleCertificate *) vrq->cert_chain->data; + PurpleCertificate *crt = (PurpleCertificate *)vrq->cert_chain->data; - /* Pull out the SHA1 checksum */ - sha_bin = purple_certificate_get_fingerprint_sha1(crt); - /* Now decode it for display */ - sha_asc = purple_base16_encode_chunked(sha_bin->data, - sha_bin->len); - - /* Get the cert Common Name */ cn = purple_certificate_get_subject_name(crt); - /* Determine whether the name matches */ if (purple_certificate_check_subject_name(crt, vrq->subject_name)) { - cn_match = ""; + cn_match = _("(MATCH)"); } else { cn_match = _("(DOES NOT MATCH)"); } - /* Make messages */ primary = g_strdup_printf(_("%s has presented the following certificate for just-this-once use:"), vrq->subject_name); - secondary = g_strdup_printf(_("Common name: %s %s\nFingerprint (SHA1): %s"), cn, cn_match, sha_asc); + secondary = g_strdup_printf(_("Common name: %s %s"), cn, cn_match); /* Make a semi-pretty display */ - purple_request_accept_cancel( + purple_request_certificate( vrq->cb_data, /* TODO: Find what the handle ought to be */ _("Single-use Certificate Verification"), primary, secondary, - 0, /* Accept by default */ - NULL, /* No account */ - NULL, /* No other user */ - NULL, /* No associated conversation */ - vrq, - x509_singleuse_verify_cb, - x509_singleuse_verify_cb ); + crt, + _("Accept"), G_CALLBACK(x509_singleuse_verify_accept_cb), + _("Reject"), G_CALLBACK(x509_singleuse_verify_reject_cb), + vrq); - /* Cleanup */ g_free(cn); g_free(primary); g_free(secondary); - g_free(sha_asc); - g_byte_array_free(sha_bin, TRUE); } static void @@ -1307,102 +1292,34 @@ static PurpleCertificateVerifier x509_tls_cached; -/* The following is several hacks piled together and needs to be fixed. - * It exists because show_cert (see its comments) needs the original reason - * given to user_auth in order to rebuild the dialog. - */ -/* TODO: This will cause a ua_ctx to become memleaked if the request(s) get - closed by handle or otherwise abnormally. */ -typedef struct { - PurpleCertificateVerificationRequest *vrq; - gchar *reason; -} x509_tls_cached_ua_ctx; - -static x509_tls_cached_ua_ctx * -x509_tls_cached_ua_ctx_new(PurpleCertificateVerificationRequest *vrq, - const gchar *reason) +static void +x509_tls_cached_user_auth_accept_cb(PurpleCertificateVerificationRequest *vrq) { - x509_tls_cached_ua_ctx *c; + PurpleCertificatePool *tls_peers; + gchar *cache_id; - c = g_new0(x509_tls_cached_ua_ctx, 1); - c->vrq = vrq; - c->reason = g_strdup(reason); + g_return_if_fail(vrq); + + tls_peers = purple_certificate_find_pool("x509", "tls_peers"); - return c; -} - + cache_id = vrq->subject_name; + purple_debug_info("certificate/x509/tls_cached", + "User ACCEPTED cert\nCaching first in chain for future use as %s...\n", + cache_id); -static void -x509_tls_cached_ua_ctx_free(x509_tls_cached_ua_ctx *c) -{ - g_return_if_fail(c); - g_free(c->reason); - g_free(c); + purple_certificate_pool_store(tls_peers, cache_id, vrq->cert_chain->data); + + purple_certificate_verify_complete(vrq, PURPLE_CERTIFICATE_VALID); } static void -x509_tls_cached_user_auth(PurpleCertificateVerificationRequest *vrq, - const gchar *reason); - -static void -x509_tls_cached_show_cert(x509_tls_cached_ua_ctx *c, gint id) +x509_tls_cached_user_auth_reject_cb(PurpleCertificateVerificationRequest *vrq) { - PurpleCertificate *disp_crt = c->vrq->cert_chain->data; - - /* Since clicking a button closes the request, show it again */ - x509_tls_cached_user_auth(c->vrq, c->reason); - - /* Show the certificate AFTER re-opening the dialog so that this - appears above the other */ - purple_certificate_display_x509(disp_crt); - - x509_tls_cached_ua_ctx_free(c); -} - -static void -x509_tls_cached_user_auth_cb (x509_tls_cached_ua_ctx *c, gint id) -{ - PurpleCertificateVerificationRequest *vrq; - PurpleCertificatePool *tls_peers; - - g_return_if_fail(c); - g_return_if_fail(c->vrq); - - vrq = c->vrq; - - x509_tls_cached_ua_ctx_free(c); + g_return_if_fail(vrq); - tls_peers = purple_certificate_find_pool("x509","tls_peers"); - - if (2 == id) { - gchar *cache_id = vrq->subject_name; - purple_debug_info("certificate/x509/tls_cached", - "User ACCEPTED cert\nCaching first in chain for future use as %s...\n", - cache_id); - - purple_certificate_pool_store(tls_peers, cache_id, - vrq->cert_chain->data); + purple_debug_warning("certificate/x509/tls_cached", "User REJECTED cert\n"); - purple_certificate_verify_complete(vrq, - PURPLE_CERTIFICATE_VALID); - } else { - purple_debug_warning("certificate/x509/tls_cached", - "User REJECTED cert\n"); - purple_certificate_verify_complete(vrq, - PURPLE_CERTIFICATE_INVALID); - } -} - -static void -x509_tls_cached_user_auth_accept_cb(x509_tls_cached_ua_ctx *c, gint ignore) -{ - x509_tls_cached_user_auth_cb(c, 2); -} - -static void -x509_tls_cached_user_auth_reject_cb(x509_tls_cached_ua_ctx *c, gint ignore) -{ - x509_tls_cached_user_auth_cb(c, 1); + purple_certificate_verify_complete(vrq, PURPLE_CERTIFICATE_INVALID); } /** Validates a certificate by asking the user @@ -1416,27 +1333,19 @@ { gchar *primary; - /* Make messages */ primary = g_strdup_printf(_("Accept certificate for %s?"), vrq->subject_name); - /* Make a semi-pretty display */ - purple_request_action( + purple_request_certificate( vrq->cb_data, /* TODO: Find what the handle ought to be */ _("SSL Certificate Verification"), primary, reason, - 0, /* Accept by default */ - NULL, /* No account */ - NULL, /* No other user */ - NULL, /* No associated conversation */ - x509_tls_cached_ua_ctx_new(vrq, reason), - 3, /* Number of actions */ - _("Accept"), x509_tls_cached_user_auth_accept_cb, - _("Reject"), x509_tls_cached_user_auth_reject_cb, - _("_View Certificate..."), x509_tls_cached_show_cert); + vrq->cert_chain->data, + _("Accept"), G_CALLBACK(x509_tls_cached_user_auth_accept_cb), + _("Reject"), G_CALLBACK(x509_tls_cached_user_auth_reject_cb), + vrq); - /* Cleanup */ g_free(primary); }