src/ssl-nss.c@61144295083e (annotated)
src/ssl-nss.c
Wed, 17 Sep 2003 03:45:04 +0000
- author
- Nathan Walp <nwalp@pidgin.im>
- date
- Wed, 17 Sep 2003 03:45:04 +0000
- changeset 6872
- 61144295083e
- parent 6795
- 396b24cfeeb6
- child 6963
- 785108267c91
- permissions
- -rw-r--r--
[gaim-migrate @ 7418]
ok, these are some tweaks i've made to core code working on the new jabber
plugin.
- add gaim_find_buddy_in_group() that searches a specific group instead
of the entire list. kinda handy.
- re-did the base64 encoding function. i think it may have been broken,
i'm not sure, but this i know works.
- fix the formatted notify dialog to be more to my liking, and to have
a working Close button.
| 6738 | 1 | /** |
| 2 | * @file ssl-nss.c SSL Operations for Mozilla NSS | |
| 3 | * @ingroup core | |
| 4 | * | |
| 5 | * gaim | |
| 6 | * | |
| 7 | * Copyright (C) 2003 Christian Hammond <chipx86@gnupdate.org> | |
| 8 | * | |
| 9 | * This program is free software; you can redistribute it and/or modify | |
| 10 | * it under the terms of the GNU General Public License as published by | |
| 11 | * the Free Software Foundation; either version 2 of the License, or | |
| 12 | * (at your option) any later version. | |
| 13 | * | |
| 14 | * This program is distributed in the hope that it will be useful, | |
| 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
| 17 | * GNU General Public License for more details. | |
| 18 | * | |
| 19 | * You should have received a copy of the GNU General Public License | |
| 20 | * along with this program; if not, write to the Free Software | |
| 21 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA | |
| 22 | */ | |
|
6747
3fe6952785ae
[gaim-migrate @ 7279]
Christian Hammond <chipx86@chipx86.com>
parents:
6738
diff
changeset
|
23 | #include "internal.h" |
|
3fe6952785ae
[gaim-migrate @ 7279]
Christian Hammond <chipx86@chipx86.com>
parents:
6738
diff
changeset
|
24 | |
|
3fe6952785ae
[gaim-migrate @ 7279]
Christian Hammond <chipx86@chipx86.com>
parents:
6738
diff
changeset
|
25 | #ifdef HAVE_NSS |
|
3fe6952785ae
[gaim-migrate @ 7279]
Christian Hammond <chipx86@chipx86.com>
parents:
6738
diff
changeset
|
26 | |
| 6738 | 27 | #include "debug.h" |
| 28 | #include "sslconn.h" | |
| 29 | ||
| 30 | #include <nspr.h> | |
|
6770
5437edb4b2a8
[gaim-migrate @ 7307]
Christian Hammond <chipx86@chipx86.com>
parents:
6764
diff
changeset
|
31 | #include <private/pprio.h> |
| 6738 | 32 | #include <nss.h> |
| 33 | #include <pk11func.h> | |
| 34 | #include <prio.h> | |
| 35 | #include <secerr.h> | |
| 36 | #include <secmod.h> | |
| 37 | #include <ssl.h> | |
| 38 | #include <sslerr.h> | |
| 39 | #include <sslproto.h> | |
| 40 | ||
| 41 | typedef struct | |
| 42 | { | |
| 43 | PRFileDesc *fd; | |
| 44 | PRFileDesc *in; | |
| 45 | ||
| 46 | } GaimSslNssData; | |
| 47 | ||
| 48 | #define GAIM_SSL_NSS_DATA(gsc) ((GaimSslNssData *)gsc->private_data) | |
| 49 | ||
| 50 | static const PRIOMethods *_nss_methods = NULL; | |
| 51 | static PRDescIdentity _identity; | |
| 52 | ||
| 53 | static SECStatus | |
| 54 | ssl_auth_cert(void *arg, PRFileDesc *socket, PRBool checksig, | |
| 55 | PRBool is_server) | |
| 56 | { | |
| 57 | return SECSuccess; | |
| 58 | ||
| 59 | #if 0 | |
| 60 | CERTCertificate *cert; | |
| 61 | void *pinArg; | |
| 62 | SECStatus status; | |
| 63 | ||
| 64 | cert = SSL_PeerCertificate(socket); | |
| 65 | pinArg = SSL_RevealPinArg(socket); | |
| 66 | ||
| 67 | status = CERT_VerifyCertNow((CERTCertDBHandle *)arg, cert, checksig, | |
| 68 | certUsageSSLClient, pinArg); | |
| 69 | ||
| 70 | if (status != SECSuccess) { | |
| 71 | gaim_debug_error("nss", "CERT_VerifyCertNow failed\n"); | |
| 72 | CERT_DestroyCertificate(cert); | |
| 73 | return status; | |
| 74 | } | |
| 75 | ||
| 76 | CERT_DestroyCertificate(cert); | |
| 77 | return SECSuccess; | |
| 78 | #endif | |
| 79 | } | |
| 80 | ||
| 81 | SECStatus | |
| 82 | ssl_bad_cert(void *arg, PRFileDesc *socket) | |
| 83 | { | |
| 84 | SECStatus status = SECFailure; | |
| 85 | PRErrorCode err; | |
| 86 | ||
| 87 | if (arg == NULL) | |
| 88 | return status; | |
| 89 | ||
| 90 | *(PRErrorCode *)arg = err = PORT_GetError(); | |
| 91 | ||
| 92 | switch (err) | |
| 93 | { | |
| 94 | case SEC_ERROR_INVALID_AVA: | |
| 95 | case SEC_ERROR_INVALID_TIME: | |
| 96 | case SEC_ERROR_BAD_SIGNATURE: | |
| 97 | case SEC_ERROR_EXPIRED_CERTIFICATE: | |
| 98 | case SEC_ERROR_UNKNOWN_ISSUER: | |
| 99 | case SEC_ERROR_UNTRUSTED_CERT: | |
| 100 | case SEC_ERROR_CERT_VALID: | |
| 101 | case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE: | |
| 102 | case SEC_ERROR_CRL_EXPIRED: | |
| 103 | case SEC_ERROR_CRL_BAD_SIGNATURE: | |
| 104 | case SEC_ERROR_EXTENSION_VALUE_INVALID: | |
| 105 | case SEC_ERROR_CA_CERT_INVALID: | |
| 106 | case SEC_ERROR_CERT_USAGES_INVALID: | |
| 107 | case SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION: | |
| 108 | status = SECSuccess; | |
| 109 | break; | |
| 110 | ||
| 111 | default: | |
| 112 | status = SECFailure; | |
| 113 | break; | |
| 114 | } | |
| 115 | ||
| 116 | gaim_debug_error("nss", "Bad certificate: %d\n"); | |
| 117 | ||
| 118 | return status; | |
| 119 | } | |
| 120 | ||
| 121 | static gboolean | |
| 122 | ssl_nss_init(void) | |
| 123 | { | |
| 124 | PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); | |
| 125 | NSS_NoDB_Init(NULL); | |
| 126 | ||
| 127 | /* TODO: Fix this so autoconf does the work trying to find this lib. */ | |
|
6795
396b24cfeeb6
[gaim-migrate @ 7334]
Herman Bloggs <herman@bluedigits.com>
parents:
6783
diff
changeset
|
128 | SECMOD_AddNewModule("Builtins", |
|
396b24cfeeb6
[gaim-migrate @ 7334]
Herman Bloggs <herman@bluedigits.com>
parents:
6783
diff
changeset
|
129 | #ifndef _WIN32 |
|
396b24cfeeb6
[gaim-migrate @ 7334]
Herman Bloggs <herman@bluedigits.com>
parents:
6783
diff
changeset
|
130 | LIBDIR "/libnssckbi.so", |
|
396b24cfeeb6
[gaim-migrate @ 7334]
Herman Bloggs <herman@bluedigits.com>
parents:
6783
diff
changeset
|
131 | #else |
|
396b24cfeeb6
[gaim-migrate @ 7334]
Herman Bloggs <herman@bluedigits.com>
parents:
6783
diff
changeset
|
132 | "nssckbi.dll", |
|
396b24cfeeb6
[gaim-migrate @ 7334]
Herman Bloggs <herman@bluedigits.com>
parents:
6783
diff
changeset
|
133 | #endif |
|
396b24cfeeb6
[gaim-migrate @ 7334]
Herman Bloggs <herman@bluedigits.com>
parents:
6783
diff
changeset
|
134 | 0, 0); |
| 6738 | 135 | NSS_SetDomesticPolicy(); |
| 136 | ||
| 137 | _identity = PR_GetUniqueIdentity("Gaim"); | |
| 138 | _nss_methods = PR_GetDefaultIOMethods(); | |
| 139 | ||
| 140 | return TRUE; | |
| 141 | } | |
| 142 | ||
| 143 | static void | |
| 144 | ssl_nss_uninit(void) | |
| 145 | { | |
| 146 | PR_Cleanup(); | |
| 147 | ||
| 148 | _nss_methods = NULL; | |
| 149 | } | |
| 150 | ||
| 151 | static void | |
| 152 | ssl_nss_connect_cb(gpointer data, gint source, GaimInputCondition cond) | |
| 153 | { | |
| 154 | GaimSslConnection *gsc = (GaimSslConnection *)data; | |
| 155 | GaimSslNssData *nss_data = g_new0(GaimSslNssData, 1); | |
| 156 | PRSocketOptionData socket_opt; | |
| 157 | ||
| 158 | gsc->private_data = nss_data; | |
| 159 | ||
| 160 | gsc->fd = source; | |
| 161 | ||
| 162 | nss_data->fd = PR_ImportTCPSocket(gsc->fd); | |
| 163 | ||
| 164 | if (nss_data->fd == NULL) | |
| 165 | { | |
| 166 | gaim_debug_error("nss", "nss_data->fd == NULL!\n"); | |
| 167 | ||
| 168 | gaim_ssl_close((GaimSslConnection *)gsc); | |
| 169 | ||
| 170 | return; | |
| 171 | } | |
| 172 | ||
| 173 | socket_opt.option = PR_SockOpt_Nonblocking; | |
| 174 | socket_opt.value.non_blocking = PR_FALSE; | |
| 175 | ||
| 176 | PR_SetSocketOption(nss_data->fd, &socket_opt); | |
| 177 | ||
| 178 | nss_data->in = SSL_ImportFD(NULL, nss_data->fd); | |
| 179 | ||
| 180 | if (nss_data->in == NULL) | |
| 181 | { | |
| 182 | gaim_debug_error("nss", "nss_data->in == NUL!\n"); | |
| 183 | ||
| 184 | gaim_ssl_close((GaimSslConnection *)gsc); | |
| 185 | ||
| 186 | return; | |
| 187 | } | |
| 188 | ||
| 189 | SSL_OptionSet(nss_data->in, SSL_SECURITY, PR_TRUE); | |
| 190 | SSL_OptionSet(nss_data->in, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE); | |
| 191 | ||
| 192 | SSL_AuthCertificateHook(nss_data->in, | |
| 193 | (SSLAuthCertificate)ssl_auth_cert, | |
| 194 | (void *)CERT_GetDefaultCertDB()); | |
| 195 | SSL_BadCertHook(nss_data->in, (SSLBadCertHandler)ssl_bad_cert, NULL); | |
| 196 | ||
| 197 | SSL_SetURL(nss_data->in, gsc->host); | |
| 198 | ||
| 199 | SSL_ResetHandshake(nss_data->in, PR_FALSE); | |
| 200 | ||
| 201 | if (SSL_ForceHandshake(nss_data->in)) | |
| 202 | { | |
| 203 | gaim_debug_error("nss", "Handshake failed\n"); | |
| 204 | ||
|
6759
9f7c4eead612
[gaim-migrate @ 7291]
Christian Hammond <chipx86@chipx86.com>
parents:
6747
diff
changeset
|
205 | gaim_ssl_close(gsc); |
| 6738 | 206 | |
| 207 | return; | |
| 208 | } | |
| 209 | ||
| 6764 | 210 | gsc->connect_cb(gsc->connect_cb_data, gsc, cond); |
| 211 | } | |
| 212 | ||
| 213 | static void | |
| 6738 | 214 | ssl_nss_close(GaimSslConnection *gsc) |
| 215 | { | |
| 216 | GaimSslNssData *nss_data = GAIM_SSL_NSS_DATA(gsc); | |
| 217 | ||
| 218 | if (nss_data->in) PR_Close(nss_data->in); | |
| 219 | if (nss_data->fd) PR_Close(nss_data->fd); | |
| 220 | ||
| 221 | g_free(nss_data); | |
| 222 | } | |
| 223 | ||
| 224 | static size_t | |
| 225 | ssl_nss_read(GaimSslConnection *gsc, void *data, size_t len) | |
| 226 | { | |
| 227 | GaimSslNssData *nss_data = GAIM_SSL_NSS_DATA(gsc); | |
| 228 | ||
| 229 | return PR_Read(nss_data->in, data, len); | |
| 230 | } | |
| 231 | ||
| 232 | static size_t | |
| 233 | ssl_nss_write(GaimSslConnection *gsc, const void *data, size_t len) | |
| 234 | { | |
| 235 | GaimSslNssData *nss_data = GAIM_SSL_NSS_DATA(gsc); | |
| 236 | ||
| 237 | return PR_Write(nss_data->in, data, len); | |
| 238 | } | |
| 239 | ||
| 240 | static GaimSslOps ssl_ops = | |
| 241 | { | |
| 242 | ssl_nss_init, | |
| 243 | ssl_nss_uninit, | |
| 244 | ssl_nss_connect_cb, | |
| 245 | ssl_nss_close, | |
| 246 | ssl_nss_read, | |
| 247 | ssl_nss_write | |
| 248 | }; | |
| 249 | ||
| 250 | GaimSslOps * | |
| 251 | gaim_ssl_nss_get_ops() | |
| 252 | { | |
| 253 | return &ssl_ops; | |
| 254 | } | |
|
6747
3fe6952785ae
[gaim-migrate @ 7279]
Christian Hammond <chipx86@chipx86.com>
parents:
6738
diff
changeset
|
255 | |
|
3fe6952785ae
[gaim-migrate @ 7279]
Christian Hammond <chipx86@chipx86.com>
parents:
6738
diff
changeset
|
256 | #endif /* HAVE_NSS */ |
