libpurple/plugins/ssl/ssl-gnutls.c@1b8a743d0ceb (annotated)
libpurple/plugins/ssl/ssl-gnutls.c
Tue, 29 May 2007 21:51:53 +0000
- author
- William Ehlhardt <williamehlhardt@gmail.com>
- date
- Tue, 29 May 2007 21:51:53 +0000
- branch
- soc.2007.certmgr
- changeset 17433
- 1b8a743d0ceb
- parent 17432
- b81591d629b9
- child 17434
- 2c2486b5d271
- permissions
- -rw-r--r--
Cosmetics
| 7016 | 1 | /** |
| 2 | * @file ssl-gnutls.c GNUTLS SSL plugin. | |
| 3 | * | |
| 15884 | 4 | * purple |
| 7016 | 5 | * |
| 6 | * Copyright (C) 2003 Christian Hammond <chipx86@gnupdate.org> | |
| 7 | * | |
| 8 | * This program is free software; you can redistribute it and/or modify | |
| 9 | * it under the terms of the GNU General Public License as published by | |
| 10 | * the Free Software Foundation; either version 2 of the License, or | |
| 11 | * (at your option) any later version. | |
| 12 | * | |
| 13 | * This program is distributed in the hope that it will be useful, | |
| 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
| 16 | * GNU General Public License for more details. | |
| 17 | * | |
| 18 | * You should have received a copy of the GNU General Public License | |
| 19 | * along with this program; if not, write to the Free Software | |
| 20 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA | |
| 21 | */ | |
| 22 | #include "internal.h" | |
|
7051
8ddb8f560399
[gaim-migrate @ 7614]
Christian Hammond <chipx86@chipx86.com>
parents:
7050
diff
changeset
|
23 | #include "debug.h" |
| 7016 | 24 | #include "plugin.h" |
|
17429
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
25 | #include "request.h" |
|
7051
8ddb8f560399
[gaim-migrate @ 7614]
Christian Hammond <chipx86@chipx86.com>
parents:
7050
diff
changeset
|
26 | #include "sslconn.h" |
| 9943 | 27 | #include "version.h" |
|
17390
7fda160e7c5e
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17345
diff
changeset
|
28 | #include "util.h" |
| 7016 | 29 | |
| 30 | #define SSL_GNUTLS_PLUGIN_ID "ssl-gnutls" | |
| 31 | ||
| 32 | #ifdef HAVE_GNUTLS | |
| 33 | ||
| 34 | #include <gnutls/gnutls.h> | |
|
17390
7fda160e7c5e
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17345
diff
changeset
|
35 | #include <gnutls/x509.h> |
| 7016 | 36 | |
| 37 | typedef struct | |
| 38 | { | |
| 39 | gnutls_session session; | |
|
13201
8c224ef70efa
[gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents:
11513
diff
changeset
|
40 | guint handshake_handler; |
| 15884 | 41 | } PurpleSslGnutlsData; |
| 7016 | 42 | |
| 15884 | 43 | #define PURPLE_SSL_GNUTLS_DATA(gsc) ((PurpleSslGnutlsData *)gsc->private_data) |
| 7016 | 44 | |
| 45 | static gnutls_certificate_client_credentials xcred; | |
| 46 | ||
|
7862
9b96706e44e7
[gaim-migrate @ 8516]
Bill Tompkins <obobo@users.sourceforge.net>
parents:
7834
diff
changeset
|
47 | static void |
|
9b96706e44e7
[gaim-migrate @ 8516]
Bill Tompkins <obobo@users.sourceforge.net>
parents:
7834
diff
changeset
|
48 | ssl_gnutls_init_gnutls(void) |
| 7016 | 49 | { |
| 50 | gnutls_global_init(); | |
| 51 | ||
| 52 | gnutls_certificate_allocate_credentials(&xcred); | |
|
17429
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
53 | /*gnutls_certificate_set_x509_trust_file(xcred, "ca.pem", |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
54 | GNUTLS_X509_FMT_PEM);*/ |
|
7862
9b96706e44e7
[gaim-migrate @ 8516]
Bill Tompkins <obobo@users.sourceforge.net>
parents:
7834
diff
changeset
|
55 | } |
| 7016 | 56 | |
|
7862
9b96706e44e7
[gaim-migrate @ 8516]
Bill Tompkins <obobo@users.sourceforge.net>
parents:
7834
diff
changeset
|
57 | static gboolean |
|
9b96706e44e7
[gaim-migrate @ 8516]
Bill Tompkins <obobo@users.sourceforge.net>
parents:
7834
diff
changeset
|
58 | ssl_gnutls_init(void) |
|
9b96706e44e7
[gaim-migrate @ 8516]
Bill Tompkins <obobo@users.sourceforge.net>
parents:
7834
diff
changeset
|
59 | { |
|
9b96706e44e7
[gaim-migrate @ 8516]
Bill Tompkins <obobo@users.sourceforge.net>
parents:
7834
diff
changeset
|
60 | return TRUE; |
| 7016 | 61 | } |
| 62 | ||
| 63 | static void | |
| 64 | ssl_gnutls_uninit(void) | |
| 65 | { | |
| 66 | gnutls_global_deinit(); | |
| 67 | ||
| 68 | gnutls_certificate_free_credentials(xcred); | |
| 69 | } | |
| 70 | ||
|
17429
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
71 | /** Callback from the dialog in ssl_gnutls_authcheck_ask */ |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
72 | static void ssl_gnutls_authcheck_cb(PurpleSslConnection * gsc, gint choice) |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
73 | { |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
74 | if (NULL == gsc) |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
75 | { |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
76 | purple_debug_error("gnutls","Inappropriate NULL argument at %s:%d\n", |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
77 | __FILE__, (int) __LINE__); |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
78 | return; |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
79 | } |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
80 | |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
81 | switch(choice) |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
82 | { |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
83 | case 1: /* "Accept" */ |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
84 | /* TODO: Shoud PURPLE_INPUT_READ be hardcoded? */ |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
85 | gsc->connect_cb(gsc->connect_cb_data, gsc, PURPLE_INPUT_READ); |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
86 | break; |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
87 | |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
88 | default: /* "Cancel" or otherwise...? */ |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
89 | purple_debug_info("gnutls", |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
90 | "User rejected certificate from %s\n", |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
91 | gsc->host); |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
92 | if(gsc->error_cb != NULL) |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
93 | gsc->error_cb(gsc, PURPLE_SSL_PEER_AUTH_FAILED, |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
94 | gsc->connect_cb_data); |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
95 | purple_ssl_close(gsc); |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
96 | } |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
97 | } |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
98 | |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
99 | /** Pop up a dialog asking for verification of the given certificate */ |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
100 | static void ssl_gnutls_authcheck_ask(PurpleSslConnection * gsc) |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
101 | { |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
102 | PurpleSslGnutlsData *gnutls_data = PURPLE_SSL_GNUTLS_DATA(gsc); |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
103 | |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
104 | const gnutls_datum_t *cert_list; |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
105 | unsigned int cert_list_size = 0; |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
106 | gnutls_session_t session=gnutls_data->session; |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
107 | |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
108 | cert_list = |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
109 | gnutls_certificate_get_peers(session, &cert_list_size); |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
110 | |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
111 | if (0 == cert_list_size || NULL == cert_list) |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
112 | { |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
113 | /* Peer provided no certificates at all. |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
114 | TODO: We should write a witty message here. |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
115 | */ |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
116 | gchar * primary = g_strdup_printf |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
117 | ( |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
118 | _("Peer %s provided no certificates.\n Connect anyway?"), |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
119 | gsc->host |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
120 | ); |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
121 | |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
122 | purple_request_accept_cancel |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
123 | (gsc, |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
124 | _("SSL Authorization Request"), |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
125 | primary, |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
126 | _("The server you are connecting to presented no certificates identifying itself. You have no assurance that you are not connecting to an imposter. Connect anyway?"), |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
127 | 2, /* Default action is "Cancel" */ |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
128 | NULL, NULL, /* There is no way to extract account data from |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
129 | a connection handle, it seems. */ |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
130 | NULL, /* Same goes for the conversation data */ |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
131 | gsc, /* Pass connection ptr to callback */ |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
132 | ssl_gnutls_authcheck_cb, /* Accept */ |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
133 | ssl_gnutls_authcheck_cb /* Cancel */ |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
134 | ); |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
135 | g_free(primary); |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
136 | } |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
137 | else |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
138 | { |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
139 | /* Grab the first certificate and display some data about it */ |
|
17431
036fc127991b
- Eliminate some warnings
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17429
diff
changeset
|
140 | guchar fpr_bin[256]; /* Raw binary key fingerprint */ |
|
17429
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
141 | gsize fpr_bin_sz = sizeof(fpr_bin); /* Size of above (used later) */ |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
142 | gchar * fpr_asc = NULL; /* ASCII representation of key fingerprint */ |
|
17431
036fc127991b
- Eliminate some warnings
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17429
diff
changeset
|
143 | guchar ser_bin[256]; /* Certificate Serial Number field */ |
|
17429
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
144 | gsize ser_bin_sz = sizeof(ser_bin); |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
145 | gchar * ser_asc = NULL; |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
146 | gchar dn[1024]; /* Certificate Name field */ |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
147 | gsize dn_sz = sizeof(dn); |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
148 | /* TODO: Analyze certificate time/date stuff */ |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
149 | gboolean CERT_OK = TRUE; /* Is the certificate "good"? */ |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
150 | |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
151 | gnutls_x509_crt_t cert; /* Certificate data itself */ |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
152 | |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
153 | /* Suck the certificate data into the structure */ |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
154 | gnutls_x509_crt_init(&cert); |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
155 | gnutls_x509_crt_import (cert, &cert_list[0], |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
156 | GNUTLS_X509_FMT_DER); |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
157 | |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
158 | /* Read key fingerprint */ |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
159 | gnutls_x509_crt_get_fingerprint(cert, GNUTLS_MAC_SHA, |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
160 | fpr_bin, &fpr_bin_sz); |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
161 | fpr_asc = purple_base16_encode_chunked(fpr_bin,fpr_bin_sz); |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
162 | |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
163 | /* Read serial number */ |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
164 | gnutls_x509_crt_get_serial(cert, ser_bin, &ser_bin_sz); |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
165 | ser_asc = purple_base16_encode_chunked(ser_bin,ser_bin_sz); |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
166 | |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
167 | /* Read the certificate DN field */ |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
168 | gnutls_x509_crt_get_dn(cert, dn, &dn_sz); |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
169 | |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
170 | /* TODO: Certificate checking here */ |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
171 | |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
172 | |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
173 | /* Build the dialog */ |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
174 | { |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
175 | gchar * primary = NULL; |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
176 | gchar * secondary = NULL; |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
177 | |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
178 | if ( CERT_OK == TRUE ) |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
179 | { |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
180 | primary = g_strdup_printf |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
181 | ( |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
182 | _("Certificate from %s is valid. Accept?"), |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
183 | gsc->host |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
184 | ); |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
185 | } |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
186 | else |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
187 | { |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
188 | primary = g_strdup_printf |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
189 | ( |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
190 | _("Certificate from %s not valid! Accept anyway?"), |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
191 | gsc->host |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
192 | ); |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
193 | } |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
194 | |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
195 | secondary = g_strdup_printf |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
196 | ( |
| 17433 | 197 | _("Certificate name:\n%s\n\nKey fingerprint (SHA1): %s\n\nSerial Number: %s\n\nTODO: Expiration dates, etc.\n"), |
|
17429
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
198 | dn, fpr_asc, ser_asc |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
199 | ); |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
200 | |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
201 | purple_request_accept_cancel |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
202 | (gsc, |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
203 | _("SSL Authorization Request"), |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
204 | primary, |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
205 | secondary, |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
206 | (CERT_OK == TRUE ? 1:2), /* Default action depends on certificate |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
207 | status. */ |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
208 | NULL, NULL, /* There is no way to extract account data from |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
209 | a connection handle, it seems. */ |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
210 | NULL, /* Same goes for the conversation data */ |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
211 | gsc, /* Pass connection ptr to callback */ |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
212 | ssl_gnutls_authcheck_cb, /* Accept */ |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
213 | ssl_gnutls_authcheck_cb /* Cancel */ |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
214 | ); |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
215 | |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
216 | g_free(primary); |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
217 | g_free(secondary); |
|
17431
036fc127991b
- Eliminate some warnings
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17429
diff
changeset
|
218 | } /* End dialog construction */ |
|
17429
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
219 | |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
220 | |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
221 | /* Cleanup! */ |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
222 | g_free(fpr_asc); |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
223 | g_free(ser_asc); |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
224 | |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
225 | gnutls_x509_crt_deinit(cert); |
|
17431
036fc127991b
- Eliminate some warnings
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17429
diff
changeset
|
226 | } /* if (0 == ... */ |
|
17432
b81591d629b9
- Fixed the lack of callbackness
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17431
diff
changeset
|
227 | |
|
b81591d629b9
- Fixed the lack of callbackness
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17431
diff
changeset
|
228 | purple_debug_info("gnutls","Requested user verification for certificate from %s\n", gsc->host); |
|
17429
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
229 | } |
|
13201
8c224ef70efa
[gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents:
11513
diff
changeset
|
230 | |
|
8c224ef70efa
[gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents:
11513
diff
changeset
|
231 | static void ssl_gnutls_handshake_cb(gpointer data, gint source, |
| 15884 | 232 | PurpleInputCondition cond) |
|
13201
8c224ef70efa
[gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents:
11513
diff
changeset
|
233 | { |
| 15884 | 234 | PurpleSslConnection *gsc = data; |
| 235 | PurpleSslGnutlsData *gnutls_data = PURPLE_SSL_GNUTLS_DATA(gsc); | |
|
13201
8c224ef70efa
[gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents:
11513
diff
changeset
|
236 | ssize_t ret; |
|
8c224ef70efa
[gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents:
11513
diff
changeset
|
237 | |
| 15884 | 238 | purple_debug_info("gnutls", "Handshaking\n"); |
|
13201
8c224ef70efa
[gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents:
11513
diff
changeset
|
239 | ret = gnutls_handshake(gnutls_data->session); |
|
8c224ef70efa
[gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents:
11513
diff
changeset
|
240 | |
|
8c224ef70efa
[gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents:
11513
diff
changeset
|
241 | if(ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED) |
|
8c224ef70efa
[gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents:
11513
diff
changeset
|
242 | return; |
|
8c224ef70efa
[gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents:
11513
diff
changeset
|
243 | |
| 15884 | 244 | purple_input_remove(gnutls_data->handshake_handler); |
|
13201
8c224ef70efa
[gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents:
11513
diff
changeset
|
245 | gnutls_data->handshake_handler = 0; |
|
8c224ef70efa
[gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents:
11513
diff
changeset
|
246 | |
|
8c224ef70efa
[gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents:
11513
diff
changeset
|
247 | if(ret != 0) { |
| 15884 | 248 | purple_debug_error("gnutls", "Handshake failed. Error %s\n", |
|
15846
7a956b382f6c
There were a few problems here
Mark Doliner <markdoliner@pidgin.im>
parents:
15435
diff
changeset
|
249 | gnutls_strerror(ret)); |
|
13201
8c224ef70efa
[gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents:
11513
diff
changeset
|
250 | |
|
8c224ef70efa
[gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents:
11513
diff
changeset
|
251 | if(gsc->error_cb != NULL) |
| 15884 | 252 | gsc->error_cb(gsc, PURPLE_SSL_HANDSHAKE_FAILED, |
|
13201
8c224ef70efa
[gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents:
11513
diff
changeset
|
253 | gsc->connect_cb_data); |
|
8c224ef70efa
[gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents:
11513
diff
changeset
|
254 | |
| 15884 | 255 | purple_ssl_close(gsc); |
|
13201
8c224ef70efa
[gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents:
11513
diff
changeset
|
256 | } else { |
| 15884 | 257 | purple_debug_info("gnutls", "Handshake complete\n"); |
|
13201
8c224ef70efa
[gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents:
11513
diff
changeset
|
258 | |
|
17429
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
259 | /* Spit some key info to debug */ |
|
17390
7fda160e7c5e
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17345
diff
changeset
|
260 | { |
|
7fda160e7c5e
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17345
diff
changeset
|
261 | const gnutls_datum_t *cert_list; |
|
7fda160e7c5e
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17345
diff
changeset
|
262 | unsigned int cert_list_size = 0; |
|
7fda160e7c5e
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17345
diff
changeset
|
263 | gnutls_session_t session=gnutls_data->session; |
|
17431
036fc127991b
- Eliminate some warnings
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17429
diff
changeset
|
264 | int i; |
|
17390
7fda160e7c5e
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17345
diff
changeset
|
265 | |
|
7fda160e7c5e
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17345
diff
changeset
|
266 | cert_list = |
|
7fda160e7c5e
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17345
diff
changeset
|
267 | gnutls_certificate_get_peers(session, &cert_list_size); |
|
7fda160e7c5e
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17345
diff
changeset
|
268 | |
|
7fda160e7c5e
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17345
diff
changeset
|
269 | purple_debug_info("gnutls", |
| 17433 | 270 | "Peer %s provided %d certs\n", |
| 271 | gsc->host, | |
|
17390
7fda160e7c5e
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17345
diff
changeset
|
272 | cert_list_size); |
|
17431
036fc127991b
- Eliminate some warnings
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17429
diff
changeset
|
273 | |
|
17390
7fda160e7c5e
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17345
diff
changeset
|
274 | for (i=0; i<cert_list_size; i++) |
|
7fda160e7c5e
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17345
diff
changeset
|
275 | { |
|
17431
036fc127991b
- Eliminate some warnings
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17429
diff
changeset
|
276 | guchar fpr_bin[256]; |
|
17390
7fda160e7c5e
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17345
diff
changeset
|
277 | gsize fpr_bin_sz = sizeof(fpr_bin); |
|
7fda160e7c5e
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17345
diff
changeset
|
278 | gchar * fpr_asc = NULL; |
|
17431
036fc127991b
- Eliminate some warnings
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17429
diff
changeset
|
279 | guchar tbuf[256]; |
|
17390
7fda160e7c5e
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17345
diff
changeset
|
280 | gsize tsz=sizeof(tbuf); |
|
7fda160e7c5e
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17345
diff
changeset
|
281 | gchar * tasc = NULL; |
|
7fda160e7c5e
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17345
diff
changeset
|
282 | gnutls_x509_crt_t cert; |
|
17431
036fc127991b
- Eliminate some warnings
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17429
diff
changeset
|
283 | int ret; |
|
17390
7fda160e7c5e
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17345
diff
changeset
|
284 | |
|
7fda160e7c5e
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17345
diff
changeset
|
285 | gnutls_x509_crt_init(&cert); |
|
7fda160e7c5e
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17345
diff
changeset
|
286 | gnutls_x509_crt_import (cert, &cert_list[i], |
|
7fda160e7c5e
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17345
diff
changeset
|
287 | GNUTLS_X509_FMT_DER); |
|
7fda160e7c5e
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17345
diff
changeset
|
288 | |
|
7fda160e7c5e
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17345
diff
changeset
|
289 | gnutls_x509_crt_get_fingerprint(cert, GNUTLS_MAC_SHA, |
|
7fda160e7c5e
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17345
diff
changeset
|
290 | fpr_bin, &fpr_bin_sz); |
|
7fda160e7c5e
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17345
diff
changeset
|
291 | |
|
7fda160e7c5e
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17345
diff
changeset
|
292 | fpr_asc = |
|
7fda160e7c5e
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17345
diff
changeset
|
293 | purple_base16_encode_chunked(fpr_bin,fpr_bin_sz); |
|
7fda160e7c5e
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17345
diff
changeset
|
294 | |
|
7fda160e7c5e
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17345
diff
changeset
|
295 | purple_debug_info("gnutls", |
|
7fda160e7c5e
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17345
diff
changeset
|
296 | "Lvl %d SHA1 fingerprint: %s\n", |
|
7fda160e7c5e
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17345
diff
changeset
|
297 | i, fpr_asc); |
|
7fda160e7c5e
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17345
diff
changeset
|
298 | |
|
7fda160e7c5e
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17345
diff
changeset
|
299 | tsz=sizeof(tbuf); |
|
17431
036fc127991b
- Eliminate some warnings
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17429
diff
changeset
|
300 | gnutls_x509_crt_get_serial(cert,tbuf,&tsz); |
|
17390
7fda160e7c5e
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17345
diff
changeset
|
301 | tasc= |
|
7fda160e7c5e
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17345
diff
changeset
|
302 | purple_base16_encode_chunked(tbuf, tsz); |
|
7fda160e7c5e
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17345
diff
changeset
|
303 | purple_debug_info("gnutls", |
|
17429
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
304 | "Serial: %s(%d bytes, ret=%d)\n", |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
305 | tasc, tsz, ret); |
|
17390
7fda160e7c5e
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17345
diff
changeset
|
306 | g_free(tasc); |
|
7fda160e7c5e
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17345
diff
changeset
|
307 | |
|
7fda160e7c5e
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17345
diff
changeset
|
308 | tsz=sizeof(tbuf); |
|
7fda160e7c5e
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17345
diff
changeset
|
309 | gnutls_x509_crt_get_dn (cert, tbuf, &tsz); |
|
7fda160e7c5e
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17345
diff
changeset
|
310 | purple_debug_info("gnutls", |
|
7fda160e7c5e
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17345
diff
changeset
|
311 | "Cert DN: %s\n", |
|
7fda160e7c5e
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17345
diff
changeset
|
312 | tbuf); |
|
7fda160e7c5e
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17345
diff
changeset
|
313 | tsz=sizeof(tbuf); |
|
7fda160e7c5e
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17345
diff
changeset
|
314 | gnutls_x509_crt_get_issuer_dn (cert, tbuf, &tsz); |
|
7fda160e7c5e
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17345
diff
changeset
|
315 | purple_debug_info("gnutls", |
|
7fda160e7c5e
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17345
diff
changeset
|
316 | "Cert Issuer DN: %s\n", |
|
7fda160e7c5e
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17345
diff
changeset
|
317 | tbuf); |
|
7fda160e7c5e
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17345
diff
changeset
|
318 | |
|
17429
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
319 | tsz=sizeof(tbuf); |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
320 | gnutls_x509_crt_get_key_id(cert,0, tbuf, &tsz); |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
321 | tasc = purple_base16_encode_chunked(tbuf, tsz); |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
322 | purple_debug_info("gnutls", |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
323 | "Key ID: %s\n", |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
324 | tasc); |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
325 | g_free(tasc); |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
326 | |
|
17390
7fda160e7c5e
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17345
diff
changeset
|
327 | g_free(fpr_asc); fpr_asc = NULL; |
|
7fda160e7c5e
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17345
diff
changeset
|
328 | gnutls_x509_crt_deinit(cert); |
|
17429
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
329 | } /* for */ |
|
17390
7fda160e7c5e
- Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17345
diff
changeset
|
330 | |
|
17429
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
331 | } /* End keydata spitting */ |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
332 | |
|
8976f9e287fe
- Added PURPLE_SSL_PEER_AUTH_FAILED to show that an SSL connection was
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17390
diff
changeset
|
333 | /* Ask for cert verification */ |
|
17432
b81591d629b9
- Fixed the lack of callbackness
William Ehlhardt <williamehlhardt@gmail.com>
parents:
17431
diff
changeset
|
334 | ssl_gnutls_authcheck_ask(gsc); |
|
13201
8c224ef70efa
[gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents:
11513
diff
changeset
|
335 | } |
|
8c224ef70efa
[gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents:
11513
diff
changeset
|
336 | |
|
8c224ef70efa
[gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents:
11513
diff
changeset
|
337 | } |
|
8c224ef70efa
[gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents:
11513
diff
changeset
|
338 | |
|
8c224ef70efa
[gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents:
11513
diff
changeset
|
339 | |
| 7016 | 340 | static void |
| 15884 | 341 | ssl_gnutls_connect(PurpleSslConnection *gsc) |
| 7016 | 342 | { |
| 15884 | 343 | PurpleSslGnutlsData *gnutls_data; |
| 7016 | 344 | static const int cert_type_priority[2] = { GNUTLS_CRT_X509, 0 }; |
| 345 | ||
| 15884 | 346 | gnutls_data = g_new0(PurpleSslGnutlsData, 1); |
| 7016 | 347 | gsc->private_data = gnutls_data; |
| 348 | ||
| 349 | gnutls_init(&gnutls_data->session, GNUTLS_CLIENT); | |
| 350 | gnutls_set_default_priority(gnutls_data->session); | |
| 351 | ||
| 352 | gnutls_certificate_type_set_priority(gnutls_data->session, | |
|
13201
8c224ef70efa
[gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents:
11513
diff
changeset
|
353 | cert_type_priority); |
| 7016 | 354 | |
| 355 | gnutls_credentials_set(gnutls_data->session, GNUTLS_CRD_CERTIFICATE, | |
|
13201
8c224ef70efa
[gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents:
11513
diff
changeset
|
356 | xcred); |
| 7016 | 357 | |
|
14223
c6ba4f3482de
[gaim-migrate @ 16809]
Mark Doliner <markdoliner@pidgin.im>
parents:
13985
diff
changeset
|
358 | gnutls_transport_set_ptr(gnutls_data->session, GINT_TO_POINTER(gsc->fd)); |
| 7016 | 359 | |
| 15884 | 360 | gnutls_data->handshake_handler = purple_input_add(gsc->fd, |
| 361 | PURPLE_INPUT_READ, ssl_gnutls_handshake_cb, gsc); | |
| 7016 | 362 | |
|
17345
cbe9758e542e
- Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
16744
diff
changeset
|
363 | /* Orborde asks: Why are we configuring a callback, then |
|
cbe9758e542e
- Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
16744
diff
changeset
|
364 | immediately calling it? |
|
cbe9758e542e
- Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
16744
diff
changeset
|
365 | |
|
cbe9758e542e
- Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
16744
diff
changeset
|
366 | Answer: gnutls_handshake (up in handshake_cb) needs to be called |
|
cbe9758e542e
- Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
16744
diff
changeset
|
367 | once in order to get the ball rolling on the SSL connection. |
|
cbe9758e542e
- Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
16744
diff
changeset
|
368 | Once it has done so, only then will the server reply, triggering |
|
cbe9758e542e
- Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
16744
diff
changeset
|
369 | the callback. |
|
cbe9758e542e
- Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
16744
diff
changeset
|
370 | |
|
cbe9758e542e
- Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
16744
diff
changeset
|
371 | Since the logic driving gnutls_handshake is the same with the first |
|
cbe9758e542e
- Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
16744
diff
changeset
|
372 | and subsequent calls, we'll just fire the callback immediately to |
|
cbe9758e542e
- Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
16744
diff
changeset
|
373 | accomplish this. |
|
cbe9758e542e
- Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents:
16744
diff
changeset
|
374 | */ |
| 15884 | 375 | ssl_gnutls_handshake_cb(gsc, gsc->fd, PURPLE_INPUT_READ); |
| 7016 | 376 | } |
| 377 | ||
| 378 | static void | |
| 15884 | 379 | ssl_gnutls_close(PurpleSslConnection *gsc) |
| 7016 | 380 | { |
| 15884 | 381 | PurpleSslGnutlsData *gnutls_data = PURPLE_SSL_GNUTLS_DATA(gsc); |
| 7016 | 382 | |
| 7467 | 383 | if(!gnutls_data) |
| 384 | return; | |
| 385 | ||
|
13201
8c224ef70efa
[gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents:
11513
diff
changeset
|
386 | if(gnutls_data->handshake_handler) |
| 15884 | 387 | purple_input_remove(gnutls_data->handshake_handler); |
|
13201
8c224ef70efa
[gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents:
11513
diff
changeset
|
388 | |
| 7016 | 389 | gnutls_bye(gnutls_data->session, GNUTLS_SHUT_RDWR); |
| 390 | ||
| 391 | gnutls_deinit(gnutls_data->session); | |
| 392 | ||
| 393 | g_free(gnutls_data); | |
|
13201
8c224ef70efa
[gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents:
11513
diff
changeset
|
394 | gsc->private_data = NULL; |
| 7016 | 395 | } |
| 396 | ||
| 397 | static size_t | |
| 15884 | 398 | ssl_gnutls_read(PurpleSslConnection *gsc, void *data, size_t len) |
| 7016 | 399 | { |
| 15884 | 400 | PurpleSslGnutlsData *gnutls_data = PURPLE_SSL_GNUTLS_DATA(gsc); |
|
13201
8c224ef70efa
[gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents:
11513
diff
changeset
|
401 | ssize_t s; |
|
8c224ef70efa
[gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents:
11513
diff
changeset
|
402 | |
|
8c224ef70efa
[gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents:
11513
diff
changeset
|
403 | s = gnutls_record_recv(gnutls_data->session, data, len); |
| 7016 | 404 | |
|
13201
8c224ef70efa
[gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents:
11513
diff
changeset
|
405 | if(s == GNUTLS_E_AGAIN || s == GNUTLS_E_INTERRUPTED) { |
|
8c224ef70efa
[gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents:
11513
diff
changeset
|
406 | s = -1; |
|
8c224ef70efa
[gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents:
11513
diff
changeset
|
407 | errno = EAGAIN; |
|
8c224ef70efa
[gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents:
11513
diff
changeset
|
408 | } else if(s < 0) { |
| 15884 | 409 | purple_debug_error("gnutls", "receive failed: %s\n", |
|
15846
7a956b382f6c
There were a few problems here
Mark Doliner <markdoliner@pidgin.im>
parents:
15435
diff
changeset
|
410 | gnutls_strerror(s)); |
|
7a956b382f6c
There were a few problems here
Mark Doliner <markdoliner@pidgin.im>
parents:
15435
diff
changeset
|
411 | s = -1; |
|
7a956b382f6c
There were a few problems here
Mark Doliner <markdoliner@pidgin.im>
parents:
15435
diff
changeset
|
412 | /* |
|
7a956b382f6c
There were a few problems here
Mark Doliner <markdoliner@pidgin.im>
parents:
15435
diff
changeset
|
413 | * TODO: Set errno to something more appropriate. Or even |
|
7a956b382f6c
There were a few problems here
Mark Doliner <markdoliner@pidgin.im>
parents:
15435
diff
changeset
|
414 | * better: allow ssl plugins to keep track of their |
|
7a956b382f6c
There were a few problems here
Mark Doliner <markdoliner@pidgin.im>
parents:
15435
diff
changeset
|
415 | * own error message, then add a new ssl_ops function |
|
7a956b382f6c
There were a few problems here
Mark Doliner <markdoliner@pidgin.im>
parents:
15435
diff
changeset
|
416 | * that returns the error message. |
|
7a956b382f6c
There were a few problems here
Mark Doliner <markdoliner@pidgin.im>
parents:
15435
diff
changeset
|
417 | */ |
|
7a956b382f6c
There were a few problems here
Mark Doliner <markdoliner@pidgin.im>
parents:
15435
diff
changeset
|
418 | errno = EIO; |
| 7834 | 419 | } |
| 7016 | 420 | |
| 421 | return s; | |
| 422 | } | |
| 423 | ||
| 424 | static size_t | |
| 15884 | 425 | ssl_gnutls_write(PurpleSslConnection *gsc, const void *data, size_t len) |
| 7016 | 426 | { |
| 15884 | 427 | PurpleSslGnutlsData *gnutls_data = PURPLE_SSL_GNUTLS_DATA(gsc); |
|
13201
8c224ef70efa
[gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents:
11513
diff
changeset
|
428 | ssize_t s = 0; |
| 7016 | 429 | |
|
13201
8c224ef70efa
[gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents:
11513
diff
changeset
|
430 | /* XXX: when will gnutls_data be NULL? */ |
| 7467 | 431 | if(gnutls_data) |
| 432 | s = gnutls_record_send(gnutls_data->session, data, len); | |
| 7016 | 433 | |
|
13201
8c224ef70efa
[gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents:
11513
diff
changeset
|
434 | if(s == GNUTLS_E_AGAIN || s == GNUTLS_E_INTERRUPTED) { |
|
8c224ef70efa
[gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents:
11513
diff
changeset
|
435 | s = -1; |
|
8c224ef70efa
[gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents:
11513
diff
changeset
|
436 | errno = EAGAIN; |
|
8c224ef70efa
[gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents:
11513
diff
changeset
|
437 | } else if(s < 0) { |
| 15884 | 438 | purple_debug_error("gnutls", "send failed: %s\n", |
|
15846
7a956b382f6c
There were a few problems here
Mark Doliner <markdoliner@pidgin.im>
parents:
15435
diff
changeset
|
439 | gnutls_strerror(s)); |
|
7a956b382f6c
There were a few problems here
Mark Doliner <markdoliner@pidgin.im>
parents:
15435
diff
changeset
|
440 | s = -1; |
|
7a956b382f6c
There were a few problems here
Mark Doliner <markdoliner@pidgin.im>
parents:
15435
diff
changeset
|
441 | /* |
|
7a956b382f6c
There were a few problems here
Mark Doliner <markdoliner@pidgin.im>
parents:
15435
diff
changeset
|
442 | * TODO: Set errno to something more appropriate. Or even |
|
7a956b382f6c
There were a few problems here
Mark Doliner <markdoliner@pidgin.im>
parents:
15435
diff
changeset
|
443 | * better: allow ssl plugins to keep track of their |
|
7a956b382f6c
There were a few problems here
Mark Doliner <markdoliner@pidgin.im>
parents:
15435
diff
changeset
|
444 | * own error message, then add a new ssl_ops function |
|
7a956b382f6c
There were a few problems here
Mark Doliner <markdoliner@pidgin.im>
parents:
15435
diff
changeset
|
445 | * that returns the error message. |
|
7a956b382f6c
There were a few problems here
Mark Doliner <markdoliner@pidgin.im>
parents:
15435
diff
changeset
|
446 | */ |
|
7a956b382f6c
There were a few problems here
Mark Doliner <markdoliner@pidgin.im>
parents:
15435
diff
changeset
|
447 | errno = EIO; |
|
13201
8c224ef70efa
[gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents:
11513
diff
changeset
|
448 | } |
|
8c224ef70efa
[gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents:
11513
diff
changeset
|
449 | |
| 7016 | 450 | return s; |
| 451 | } | |
| 452 | ||
| 15884 | 453 | static PurpleSslOps ssl_ops = |
| 7016 | 454 | { |
| 455 | ssl_gnutls_init, | |
| 456 | ssl_gnutls_uninit, | |
|
14223
c6ba4f3482de
[gaim-migrate @ 16809]
Mark Doliner <markdoliner@pidgin.im>
parents:
13985
diff
changeset
|
457 | ssl_gnutls_connect, |
| 7016 | 458 | ssl_gnutls_close, |
| 459 | ssl_gnutls_read, | |
|
16744
fcdab37ba1c2
Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents:
15884
diff
changeset
|
460 | ssl_gnutls_write, |
|
fcdab37ba1c2
Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents:
15884
diff
changeset
|
461 | |
|
fcdab37ba1c2
Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents:
15884
diff
changeset
|
462 | /* padding */ |
|
fcdab37ba1c2
Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents:
15884
diff
changeset
|
463 | NULL, |
|
fcdab37ba1c2
Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents:
15884
diff
changeset
|
464 | NULL, |
|
fcdab37ba1c2
Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents:
15884
diff
changeset
|
465 | NULL, |
|
fcdab37ba1c2
Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents:
15884
diff
changeset
|
466 | NULL |
| 7016 | 467 | }; |
| 468 | ||
| 469 | #endif /* HAVE_GNUTLS */ | |
| 470 | ||
| 471 | static gboolean | |
| 15884 | 472 | plugin_load(PurplePlugin *plugin) |
| 7016 | 473 | { |
| 474 | #ifdef HAVE_GNUTLS | |
| 15884 | 475 | if(!purple_ssl_get_ops()) { |
| 476 | purple_ssl_set_ops(&ssl_ops); | |
|
7862
9b96706e44e7
[gaim-migrate @ 8516]
Bill Tompkins <obobo@users.sourceforge.net>
parents:
7834
diff
changeset
|
477 | } |
| 7016 | 478 | |
| 11033 | 479 | /* Init GNUTLS now so others can use it even if sslconn never does */ |
| 480 | ssl_gnutls_init_gnutls(); | |
| 481 | ||
| 7016 | 482 | return TRUE; |
| 483 | #else | |
| 484 | return FALSE; | |
| 485 | #endif | |
| 486 | } | |
| 487 | ||
| 488 | static gboolean | |
| 15884 | 489 | plugin_unload(PurplePlugin *plugin) |
| 7016 | 490 | { |
|
7050
12730863b0f9
[gaim-migrate @ 7613]
Christian Hammond <chipx86@chipx86.com>
parents:
7016
diff
changeset
|
491 | #ifdef HAVE_GNUTLS |
| 15884 | 492 | if(purple_ssl_get_ops() == &ssl_ops) { |
| 493 | purple_ssl_set_ops(NULL); | |
|
7862
9b96706e44e7
[gaim-migrate @ 8516]
Bill Tompkins <obobo@users.sourceforge.net>
parents:
7834
diff
changeset
|
494 | } |
|
7050
12730863b0f9
[gaim-migrate @ 7613]
Christian Hammond <chipx86@chipx86.com>
parents:
7016
diff
changeset
|
495 | #endif |
|
12730863b0f9
[gaim-migrate @ 7613]
Christian Hammond <chipx86@chipx86.com>
parents:
7016
diff
changeset
|
496 | |
| 7016 | 497 | return TRUE; |
| 498 | } | |
| 499 | ||
| 15884 | 500 | static PurplePluginInfo info = |
| 7016 | 501 | { |
| 15884 | 502 | PURPLE_PLUGIN_MAGIC, |
| 503 | PURPLE_MAJOR_VERSION, | |
| 504 | PURPLE_MINOR_VERSION, | |
| 505 | PURPLE_PLUGIN_STANDARD, /**< type */ | |
| 7016 | 506 | NULL, /**< ui_requirement */ |
| 15884 | 507 | PURPLE_PLUGIN_FLAG_INVISIBLE, /**< flags */ |
| 7016 | 508 | NULL, /**< dependencies */ |
| 15884 | 509 | PURPLE_PRIORITY_DEFAULT, /**< priority */ |
| 7016 | 510 | |
| 511 | SSL_GNUTLS_PLUGIN_ID, /**< id */ | |
| 512 | N_("GNUTLS"), /**< name */ | |
| 513 | VERSION, /**< version */ | |
| 514 | /** summary */ | |
| 515 | N_("Provides SSL support through GNUTLS."), | |
| 516 | /** description */ | |
| 517 | N_("Provides SSL support through GNUTLS."), | |
| 518 | "Christian Hammond <chipx86@gnupdate.org>", | |
| 15884 | 519 | PURPLE_WEBSITE, /**< homepage */ |
| 7016 | 520 | |
| 521 | plugin_load, /**< load */ | |
| 522 | plugin_unload, /**< unload */ | |
| 523 | NULL, /**< destroy */ | |
| 524 | ||
| 525 | NULL, /**< ui_info */ | |
|
11513
89bf8d856291
[gaim-migrate @ 13758]
Stu Tomlinson <nosnilmot@pidgin.im>
parents:
11256
diff
changeset
|
526 | NULL, /**< extra_info */ |
|
89bf8d856291
[gaim-migrate @ 13758]
Stu Tomlinson <nosnilmot@pidgin.im>
parents:
11256
diff
changeset
|
527 | NULL, /**< prefs_info */ |
|
16744
fcdab37ba1c2
Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents:
15884
diff
changeset
|
528 | NULL, /**< actions */ |
|
fcdab37ba1c2
Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents:
15884
diff
changeset
|
529 | |
|
fcdab37ba1c2
Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents:
15884
diff
changeset
|
530 | /* padding */ |
|
fcdab37ba1c2
Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents:
15884
diff
changeset
|
531 | NULL, |
|
fcdab37ba1c2
Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents:
15884
diff
changeset
|
532 | NULL, |
|
fcdab37ba1c2
Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents:
15884
diff
changeset
|
533 | NULL, |
|
fcdab37ba1c2
Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents:
15884
diff
changeset
|
534 | NULL |
| 7016 | 535 | }; |
| 536 | ||
| 537 | static void | |
| 15884 | 538 | init_plugin(PurplePlugin *plugin) |
| 7016 | 539 | { |
| 540 | } | |
| 541 | ||
| 15884 | 542 | PURPLE_INIT_PLUGIN(ssl_gnutls, init_plugin, info) |
