Mercurial > pidgin
changeset 21934:cebfc2263199
merge of '4fa938e6f980314ccc4a44725eb809c3b5a4fcbc'
and '6c2e7fa15994f21e52019f1bce7323acdad62892'
author | Sadrul Habib Chowdhury <imadil@gmail.com> |
---|---|
date | Mon, 24 Dec 2007 10:40:28 +0000 |
parents | a368ee78a798 (current diff) 7d0ef1e3ac4f (diff) |
children | d230e1cfff62 94dad52b61b4 |
files | |
diffstat | 6 files changed, 79 insertions(+), 46 deletions(-) [+] |
line wrap: on
line diff
--- a/libpurple/certificate.c Mon Dec 24 07:04:08 2007 +0000 +++ b/libpurple/certificate.c Mon Dec 24 10:40:28 2007 +0000 @@ -1228,6 +1228,9 @@ } static void +x509_tls_cached_unknown_peer(PurpleCertificateVerificationRequest *vrq); + +static void x509_tls_cached_cert_in_cache(PurpleCertificateVerificationRequest *vrq) { /* TODO: Looking this up by name over and over is expensive. @@ -1268,8 +1271,8 @@ } else { purple_debug_info("certificate/x509/tls_cached", "Peer cert did NOT match cached\n"); - /* vrq now becomes the problem of cert_changed */ - x509_tls_cached_peer_cert_changed(vrq); + /* vrq now becomes the problem of the user */ + x509_tls_cached_unknown_peer(vrq); } purple_certificate_destroy(cached_crt); @@ -1280,7 +1283,9 @@ /* For when we've never communicated with this party before */ /* TODO: Need ways to specify possibly multiple problems with a cert, or at least reprioritize them. For example, maybe the signature ought to be - checked BEFORE the hostname checking? */ + checked BEFORE the hostname checking? + Stu thinks we should check the signature before the name, so we do now. + The above TODO still stands. */ static void x509_tls_cached_unknown_peer(PurpleCertificateVerificationRequest *vrq) { @@ -1292,35 +1297,6 @@ peer_crt = (PurpleCertificate *) chain->data; - /* First, check that the hostname matches */ - if ( ! purple_certificate_check_subject_name(peer_crt, - vrq->subject_name) ) { - gchar *sn = purple_certificate_get_subject_name(peer_crt); - gchar *msg; - - purple_debug_info("certificate/x509/tls_cached", - "Name mismatch: Certificate given for %s " - "has a name of %s\n", - vrq->subject_name, sn); - - /* Prompt the user to authenticate the certificate */ - /* TODO: Provide the user with more guidance about why he is - being prompted */ - /* vrq will be completed by user_auth */ - msg = g_strdup_printf(_("The certificate presented by \"%s\" " - "claims to be from \"%s\" instead. " - "This could mean that you are not " - "connecting to the service you " - "believe you are."), - vrq->subject_name, sn); - - x509_tls_cached_user_auth(vrq,msg); - - g_free(sn); - g_free(msg); - return; - } /* if (name mismatch) */ - /* TODO: Figure out a way to check for a bad signature, as opposed to "not self-signed" */ if ( purple_certificate_signed_by(peer_crt, peer_crt) ) { @@ -1341,7 +1317,7 @@ g_free(msg); return; - } /* if (name mismatch) */ + } /* if (self signed) */ /* Next, check that the certificate chain is valid */ if ( ! purple_certificate_check_signature_chain(chain) ) { @@ -1440,6 +1416,35 @@ return; } /* if (CA signature not good) */ + /* Last, check that the hostname matches */ + if ( ! purple_certificate_check_subject_name(peer_crt, + vrq->subject_name) ) { + gchar *sn = purple_certificate_get_subject_name(peer_crt); + gchar *msg; + + purple_debug_info("certificate/x509/tls_cached", + "Name mismatch: Certificate given for %s " + "has a name of %s\n", + vrq->subject_name, sn); + + /* Prompt the user to authenticate the certificate */ + /* TODO: Provide the user with more guidance about why he is + being prompted */ + /* vrq will be completed by user_auth */ + msg = g_strdup_printf(_("The certificate presented by \"%s\" " + "claims to be from \"%s\" instead. " + "This could mean that you are not " + "connecting to the service you " + "believe you are."), + vrq->subject_name, sn); + + x509_tls_cached_user_auth(vrq,msg); + + g_free(sn); + g_free(msg); + return; + } /* if (name mismatch) */ + /* If we reach this point, the certificate is good. */ /* Look up the local cache and store it there for future use */ tls_peers = purple_certificate_find_pool(x509_tls_cached.scheme_name,
--- a/libpurple/cmds.h Mon Dec 24 07:04:08 2007 +0000 +++ b/libpurple/cmds.h Mon Dec 24 10:40:28 2007 +0000 @@ -30,25 +30,20 @@ /**************************************************************************/ /*@{*/ -typedef enum _PurpleCmdPriority PurpleCmdPriority; -typedef enum _PurpleCmdFlag PurpleCmdFlag; -typedef enum _PurpleCmdStatus PurpleCmdStatus; -typedef enum _PurpleCmdRet PurpleCmdRet; - -enum _PurpleCmdStatus { +typedef enum _PurpleCmdStatus { PURPLE_CMD_STATUS_OK, PURPLE_CMD_STATUS_FAILED, PURPLE_CMD_STATUS_NOT_FOUND, PURPLE_CMD_STATUS_WRONG_ARGS, PURPLE_CMD_STATUS_WRONG_PRPL, PURPLE_CMD_STATUS_WRONG_TYPE, -}; +} PurpleCmdStatus; -enum _PurpleCmdRet { +typedef enum _PurpleCmdRet { PURPLE_CMD_RET_OK, /**< Everything's okay. Don't look for another command to call. */ PURPLE_CMD_RET_FAILED, /**< The command failed, but stop looking.*/ PURPLE_CMD_RET_CONTINUE, /**< Continue, looking for other commands with the same name to call. */ -}; +} PurpleCmdRet; #define PURPLE_CMD_FUNC(func) ((PurpleCmdFunc)func) @@ -56,7 +51,7 @@ gchar **args, gchar **error, void *data); typedef guint PurpleCmdId; -enum _PurpleCmdPriority { +typedef enum _PurpleCmdPriority { PURPLE_CMD_P_VERY_LOW = -1000, PURPLE_CMD_P_LOW = 0, PURPLE_CMD_P_DEFAULT = 1000, @@ -65,7 +60,7 @@ PURPLE_CMD_P_ALIAS = 4000, PURPLE_CMD_P_HIGH = 5000, PURPLE_CMD_P_VERY_HIGH = 6000, -}; +} PurpleCmdPriority; /** Flags used to set various properties of commands. Every command should * have at least one of #PURPLE_CMD_FLAG_IM and #PURPLE_CMD_FLAG_CHAT set in @@ -73,7 +68,7 @@ * * @see purple_cmd_register */ -enum _PurpleCmdFlag { +typedef enum _PurpleCmdFlag { /** Command is usable in IMs. */ PURPLE_CMD_FLAG_IM = 0x01, /** Command is usable in multi-user chats. */ @@ -82,7 +77,7 @@ PURPLE_CMD_FLAG_PRPL_ONLY = 0x04, /** Incorrect arguments to this command should be accepted anyway. */ PURPLE_CMD_FLAG_ALLOW_WRONG_ARGS = 0x08, -}; +} PurpleCmdFlag; /*@}*/
--- a/pidgin/minidialog.c Mon Dec 24 07:04:08 2007 +0000 +++ b/pidgin/minidialog.c Mon Dec 24 10:40:28 2007 +0000 @@ -63,6 +63,7 @@ sizeof (PidginMiniDialog), 0, /* n_preallocs */ (GInstanceInitFunc) pidgin_mini_dialog_init, + NULL, }; g_define_type_id = g_type_register_static (GTK_TYPE_VBOX, "PidginMiniDialog", &g_define_type_info, 0);
--- a/pidgin/win32/nsis/pidgin-installer.nsi Mon Dec 24 07:04:08 2007 +0000 +++ b/pidgin/win32/nsis/pidgin-installer.nsi Mon Dec 24 10:40:28 2007 +0000 @@ -699,6 +699,7 @@ Delete "$INSTDIR\ca-certs\Equifax_Secure_CA.pem" Delete "$INSTDIR\ca-certs\GTE_CyberTrust_Global_Root.pem" Delete "$INSTDIR\ca-certs\Microsoft_Secure_Server_Authority.pem" + Delete "$INSTDIR\ca-certs\StartCom_Free_SSL_CA.pem" Delete "$INSTDIR\ca-certs\Verisign_Class3_Extended_Validation_CA.pem" Delete "$INSTDIR\ca-certs\Verisign_Class3_Primary_CA.pem" Delete "$INSTDIR\ca-certs\Verisign_RSA_Secure_Server_CA.pem"
--- a/share/ca-certs/Makefile.am Mon Dec 24 07:04:08 2007 +0000 +++ b/share/ca-certs/Makefile.am Mon Dec 24 10:40:28 2007 +0000 @@ -3,6 +3,7 @@ Equifax_Secure_CA.pem \ GTE_CyberTrust_Global_Root.pem \ Microsoft_Secure_Server_Authority.pem \ + StartCom_Free_SSL_CA.pem \ Verisign_RSA_Secure_Server_CA.pem \ Verisign_Class3_Primary_CA.pem
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/share/ca-certs/StartCom_Free_SSL_CA.pem Mon Dec 24 10:40:28 2007 +0000 @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFFjCCBH+gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBsDELMAkGA1UEBhMCSUwx +DzANBgNVBAgTBklzcmFlbDEOMAwGA1UEBxMFRWlsYXQxFjAUBgNVBAoTDVN0YXJ0 +Q29tIEx0ZC4xGjAYBgNVBAsTEUNBIEF1dGhvcml0eSBEZXAuMSkwJwYDVQQDEyBG +cmVlIFNTTCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS +YWRtaW5Ac3RhcnRjb20ub3JnMB4XDTA1MDMxNzE3Mzc0OFoXDTM1MDMxMDE3Mzc0 +OFowgbAxCzAJBgNVBAYTAklMMQ8wDQYDVQQIEwZJc3JhZWwxDjAMBgNVBAcTBUVp +bGF0MRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMRowGAYDVQQLExFDQSBBdXRob3Jp +dHkgRGVwLjEpMCcGA1UEAxMgRnJlZSBTU0wgQ2VydGlmaWNhdGlvbiBBdXRob3Jp +dHkxITAfBgkqhkiG9w0BCQEWEmFkbWluQHN0YXJ0Y29tLm9yZzCBnzANBgkqhkiG +9w0BAQEFAAOBjQAwgYkCgYEA7YRgACOeyEpRKSfeOqE5tWmrCbIvNP1h3D3TsM+x +18LEwrHkllbEvqoUDufMOlDIOmKdw6OsWXuO7lUaHEe+o5c5s7XvIywI6Nivcy+5 +yYPo7QAPyHWlLzRMGOh2iCNJitu27Wjaw7ViKUylS7eYtAkUEKD4/mJ2IhULpNYI +LzUCAwEAAaOCAjwwggI4MA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgHmMB0G +A1UdDgQWBBQcicOWzL3+MtUNjIExtpidjShkjTCB3QYDVR0jBIHVMIHSgBQcicOW +zL3+MtUNjIExtpidjShkjaGBtqSBszCBsDELMAkGA1UEBhMCSUwxDzANBgNVBAgT +BklzcmFlbDEOMAwGA1UEBxMFRWlsYXQxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4x +GjAYBgNVBAsTEUNBIEF1dGhvcml0eSBEZXAuMSkwJwYDVQQDEyBGcmVlIFNTTCBD +ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSYWRtaW5Ac3Rh +cnRjb20ub3JnggEAMB0GA1UdEQQWMBSBEmFkbWluQHN0YXJ0Y29tLm9yZzAdBgNV +HRIEFjAUgRJhZG1pbkBzdGFydGNvbS5vcmcwEQYJYIZIAYb4QgEBBAQDAgAHMC8G +CWCGSAGG+EIBDQQiFiBGcmVlIFNTTCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAy +BglghkgBhvhCAQQEJRYjaHR0cDovL2NlcnQuc3RhcnRjb20ub3JnL2NhLWNybC5j +cmwwKAYJYIZIAYb4QgECBBsWGWh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy8wOQYJ +YIZIAYb4QgEIBCwWKmh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9pbmRleC5waHA/ +YXBwPTExMTANBgkqhkiG9w0BAQQFAAOBgQBscSXhnjSRIe/bbL0BCFaPiNhBOlP1 +ct8nV0t2hPdopP7rPwl+KLhX6h/BquL/lp9JmeaylXOWxkjHXo0Hclb4g4+fd68p +00UOpO6wNnQt8M2YI3s3S9r+UZjEHjQ8iP2ZO1CnwYszx8JSFhKVU2Ui77qLzmLb +cCOxgN8aIDjnfg== +-----END CERTIFICATE-----