changeset 27555:bff61dad9a6b

Add purple_ssl_connect_with_ssl_cn, which takes a host to connect to in addition to a string with which to validate the SSL certificate. Useful for OSCAR (and XMPP BOSH soon), where we have an IP to connect to, but need to validate the SSL cert.
author Paul Aurich <paul@darkrain42.org>
date Wed, 15 Jul 2009 16:57:33 +0000
parents 38feacee7c86
children 12f5a7916131
files ChangeLog.API libpurple/protocols/oscar/flap_connection.c libpurple/protocols/oscar/oscar.c libpurple/protocols/oscar/oscar.h libpurple/sslconn.c libpurple/sslconn.h
diffstat 6 files changed, 45 insertions(+), 44 deletions(-) [+]
line wrap: on
line diff
--- a/ChangeLog.API	Wed Jul 15 15:32:11 2009 +0000
+++ b/ChangeLog.API	Wed Jul 15 16:57:33 2009 +0000
@@ -56,6 +56,7 @@
 		* purple_request_field_get_group
 		* purple_request_field_get_ui_data
 		* purple_request_field_set_ui_data
+		* purple_ssl_connect_with_ssl_cn
 		* purple_strequal
 		* purple_utf8_strip_unprintables
 		* purple_util_fetch_url_request_len_with_account
--- a/libpurple/protocols/oscar/flap_connection.c	Wed Jul 15 15:32:11 2009 +0000
+++ b/libpurple/protocols/oscar/flap_connection.c	Wed Jul 15 16:57:33 2009 +0000
@@ -505,7 +505,6 @@
 
 	g_free(conn->error_message);
 	g_free(conn->cookie);
-	g_free(conn->ssl_cert_cn);
 
 	/*
 	 * Free conn->internal, if necessary
--- a/libpurple/protocols/oscar/oscar.c	Wed Jul 15 15:32:11 2009 +0000
+++ b/libpurple/protocols/oscar/oscar.c	Wed Jul 15 16:57:33 2009 +0000
@@ -1246,32 +1246,6 @@
 }
 
 static void
-ssl_proxy_conn_established_cb(gpointer data, gint source, const gchar *error_message)
-{
-	OscarData *od;
-	PurpleConnection *gc;
-	PurpleAccount *account;
-	FlapConnection *conn;
-
-	conn = data;
-	od = conn->od;
-	gc = od->gc;
-	account = purple_connection_get_account(gc);
-
-	conn->connect_data = NULL;
-
-	if (source < 0)
-	{
-		connection_common_error_cb(conn, error_message);
-		return;
-	}
-
-	conn->gsc = purple_ssl_connect_with_host_fd(account, source,
-			ssl_connection_established_cb, ssl_connection_error_cb,
-			conn->ssl_cert_cn, conn);
-}
-
-static void
 flap_connection_established_bos(OscarData *od, FlapConnection *conn)
 {
 	PurpleConnection *gc = od->gc;
@@ -1943,12 +1917,13 @@
 	if (od->use_ssl)
 	{
 		/*
-		 * This shouldn't be hardcoded except that the server isn't sending
-		 * us a name to use for comparing the certificate common name.
+		 * This shouldn't be hardcoded to "bos.oscar.aol.com" except that
+		 * the server isn't sending us a name to use for comparing the
+		 * certificate common name.
 		 */
-		newconn->ssl_cert_cn = g_strdup("bos.oscar.aol.com");
-		newconn->connect_data = purple_proxy_connect(NULL, account, host, port,
-				ssl_proxy_conn_established_cb, newconn);
+		newconn->gsc = purple_ssl_connect_with_ssl_cn(account, host, port,
+				ssl_connection_established_cb, ssl_connection_error_cb,
+				"bos.oscar.aol.com", newconn);
 	}
 	else
 	{
@@ -1957,7 +1932,7 @@
 	}
 
 	g_free(host);
-	if (newconn->connect_data == NULL)
+	if (newconn->gsc == NULL && newconn->connect_data == NULL)
 	{
 		purple_connection_error_reason(gc, PURPLE_CONNECTION_ERROR_NETWORK_ERROR, _("Unable to connect"));
 		return 0;
@@ -2114,15 +2089,9 @@
 
 	if (redir->use_ssl)
 	{
-		/*
-		 * TODO: It should be possible to specify a certificate common name
-		 * distinct from the host we're passing to purple_ssl_connect. The
-		 * way to work around that is to use purple_proxy_connect +
-		 * purple_ssl_connect_with_host_fd
-		 */
-		newconn->ssl_cert_cn = g_strdup(redir->ssl_cert_cn);
-		newconn->connect_data = purple_proxy_connect(NULL, account, host, port,
-				ssl_proxy_conn_established_cb, newconn);
+		newconn->gsc = purple_ssl_connect_with_ssl_cn(account, host, port,
+				ssl_connection_established_cb, ssl_connection_error_cb,
+				redir->ssl_cert_cn, newconn);
 	}
 	else
 	{
--- a/libpurple/protocols/oscar/oscar.h	Wed Jul 15 15:32:11 2009 +0000
+++ b/libpurple/protocols/oscar/oscar.h	Wed Jul 15 16:57:33 2009 +0000
@@ -429,7 +429,6 @@
 	guint16 cookielen;
 	guint8 *cookie;
 	gpointer new_conn_data;
-	gchar *ssl_cert_cn;
 
 	int fd;
 	PurpleSslConnection *gsc;
--- a/libpurple/sslconn.c	Wed Jul 15 15:32:11 2009 +0000
+++ b/libpurple/sslconn.c	Wed Jul 15 16:57:33 2009 +0000
@@ -100,6 +100,15 @@
 				 PurpleSslInputFunction func, PurpleSslErrorFunction error_func,
 				 void *data)
 {
+	return purple_ssl_connect_with_ssl_cn(account, host, port, func, error_func,
+	                                  NULL, data);
+}
+
+PurpleSslConnection *
+purple_ssl_connect_with_ssl_cn(PurpleAccount *account, const char *host, int port,
+				 PurpleSslInputFunction func, PurpleSslErrorFunction error_func,
+				 const char *ssl_cn, void *data)
+{
 	PurpleSslConnection *gsc;
 
 	g_return_val_if_fail(host != NULL,            NULL);
@@ -116,7 +125,7 @@
 	gsc = g_new0(PurpleSslConnection, 1);
 
 	gsc->fd              = -1;
-	gsc->host            = g_strdup(host);
+	gsc->host            = ssl_cn ? g_strdup(ssl_cn) : g_strdup(host);
 	gsc->port            = port;
 	gsc->connect_cb_data = data;
 	gsc->connect_cb      = func;
--- a/libpurple/sslconn.h	Wed Jul 15 15:32:11 2009 +0000
+++ b/libpurple/sslconn.h	Wed Jul 15 16:57:33 2009 +0000
@@ -186,6 +186,30 @@
 									PurpleSslErrorFunction error_func,
 									void *data);
 
+/**
+ * Makes a SSL connection to the specified host and port, using the separate
+ * name to verify with the certificate.  The caller should keep track of the
+ * returned value and use it to cancel the connection, if needed.
+ *
+ * @param account    The account making the connection.
+ * @param host       The destination host.
+ * @param port       The destination port.
+ * @param func       The SSL input handler function.
+ * @param error_func The SSL error handler function.  This function
+ *                   should <strong>NOT</strong> call purple_ssl_close().  In
+ *                   the event of an error the #PurpleSslConnection will be
+ *                   destroyed for you.
+ * @param ssl_host   The hostname of the other peer (to verify the CN)
+ * @param data       User-defined data.
+ *
+ * @return The SSL connection handle.
+ */
+PurpleSslConnection *purple_ssl_connect_with_ssl_cn(PurpleAccount *account, const char *host,
+									int port, PurpleSslInputFunction func,
+									PurpleSslErrorFunction error_func,
+									const char *ssl_host,
+									void *data);
+
 #if !(defined PURPLE_DISABLE_DEPRECATED) || (defined _PURPLE_SSLCONN_C_)
 /**
  * Makes a SSL connection using an already open file descriptor.