Mercurial > pidgin3 / annotate

libpurple/plugins/ssl/ssl-gnutls.c@ffc419116a7e (annotated)

libpurple/plugins/ssl/ssl-gnutls.c

Mon, 09 Jul 2007 03:26:18 +0000

author
William Ehlhardt <williamehlhardt@gmail.com>
date
Mon, 09 Jul 2007 03:26:18 +0000
branch
soc.2007.certmgr
changeset 18642
ffc419116a7e
parent 18641
4b3c12392054
child 18643
a6a86ac3c219
permissions
-rw-r--r--

- Remove a duplicate field from CertificateScheme. Oops.

7016
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
1 /**
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
2 * @file ssl-gnutls.c GNUTLS SSL plugin.
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
3 *
15884
4de1981757fc sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@pidgin.im>
parents: 15846
diff changeset
4 * purple
7016
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
5 *
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
6 * Copyright (C) 2003 Christian Hammond <chipx86@gnupdate.org>
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
7 *
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
8 * This program is free software; you can redistribute it and/or modify
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
9 * it under the terms of the GNU General Public License as published by
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
10 * the Free Software Foundation; either version 2 of the License, or
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
11 * (at your option) any later version.
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
12 *
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
13 * This program is distributed in the hope that it will be useful,
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
16 * GNU General Public License for more details.
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
17 *
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
18 * You should have received a copy of the GNU General Public License
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
19 * along with this program; if not, write to the Free Software
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
21 */
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
22 #include "internal.h"
7051
8ddb8f560399 [gaim-migrate @ 7614]
Christian Hammond <chipx86@chipx86.com>
parents: 7050
diff changeset
23 #include "debug.h"
17509
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
24 #include "certificate.h"
7016
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
25 #include "plugin.h"
7051
8ddb8f560399 [gaim-migrate @ 7614]
Christian Hammond <chipx86@chipx86.com>
parents: 7050
diff changeset
26 #include "sslconn.h"
9943
b54a762f60fa [gaim-migrate @ 10835]
Nathan Walp <nwalp@pidgin.im>
parents: 8749
diff changeset
27 #include "version.h"
17390
7fda160e7c5e - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17345
diff changeset
28 #include "util.h"
7016
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
29
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
30 #define SSL_GNUTLS_PLUGIN_ID "ssl-gnutls"
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
31
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
32 #ifdef HAVE_GNUTLS
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
33
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
34 #include <gnutls/gnutls.h>
17390
7fda160e7c5e - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17345
diff changeset
35 #include <gnutls/x509.h>
7016
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
36
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
37 typedef struct
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
38 {
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
39 gnutls_session session;
13201
8c224ef70efa [gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents: 11513
diff changeset
40 guint handshake_handler;
15884
4de1981757fc sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@pidgin.im>
parents: 15846
diff changeset
41 } PurpleSslGnutlsData;
7016
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
42
15884
4de1981757fc sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@pidgin.im>
parents: 15846
diff changeset
43 #define PURPLE_SSL_GNUTLS_DATA(gsc) ((PurpleSslGnutlsData *)gsc->private_data)
7016
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
44
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
45 static gnutls_certificate_client_credentials xcred;
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
46
7862
9b96706e44e7 [gaim-migrate @ 8516]
Bill Tompkins <obobo@users.sourceforge.net>
parents: 7834
diff changeset
47 static void
9b96706e44e7 [gaim-migrate @ 8516]
Bill Tompkins <obobo@users.sourceforge.net>
parents: 7834
diff changeset
48 ssl_gnutls_init_gnutls(void)
7016
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
49 {
17507
849f15622ee5 - GnuTLS uses glib memory mgmt
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17442
diff changeset
50 /* Configure GnuTLS to use glib memory management */
849f15622ee5 - GnuTLS uses glib memory mgmt
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17442
diff changeset
51 /* I expect that this isn't really necessary, but it may prevent
849f15622ee5 - GnuTLS uses glib memory mgmt
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17442
diff changeset
52 some bugs */
17509
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
53 /* TODO: It may be necessary to wrap this allocators for GnuTLS.
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
54 If there are strange bugs, perhaps look here (yes, I am a
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
55 hypocrite) */
17507
849f15622ee5 - GnuTLS uses glib memory mgmt
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17442
diff changeset
56 gnutls_global_set_mem_functions(
17509
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
57 (gnutls_alloc_function) g_malloc0, /* malloc */
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
58 (gnutls_alloc_function) g_malloc0, /* secure malloc */
17507
849f15622ee5 - GnuTLS uses glib memory mgmt
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17442
diff changeset
59 NULL, /* mem_is_secure */
17509
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
60 (gnutls_realloc_function) g_realloc, /* realloc */
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
61 (gnutls_free_function) g_free /* free */
17507
849f15622ee5 - GnuTLS uses glib memory mgmt
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17442
diff changeset
62 );
849f15622ee5 - GnuTLS uses glib memory mgmt
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17442
diff changeset
63
7016
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
64 gnutls_global_init();
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
65
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
66 gnutls_certificate_allocate_credentials(&xcred);
17509
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
67
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
68 /* TODO: I can likely remove this */
17430
95d550efcc3d disapproval of revision '8976f9e287fef5bd2856c34ea931afa70a997895'
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17429
diff changeset
69 gnutls_certificate_set_x509_trust_file(xcred, "ca.pem",
95d550efcc3d disapproval of revision '8976f9e287fef5bd2856c34ea931afa70a997895'
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17429
diff changeset
70 GNUTLS_X509_FMT_PEM);
7862
9b96706e44e7 [gaim-migrate @ 8516]
Bill Tompkins <obobo@users.sourceforge.net>
parents: 7834
diff changeset
71 }
7016
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
72
7862
9b96706e44e7 [gaim-migrate @ 8516]
Bill Tompkins <obobo@users.sourceforge.net>
parents: 7834
diff changeset
73 static gboolean
9b96706e44e7 [gaim-migrate @ 8516]
Bill Tompkins <obobo@users.sourceforge.net>
parents: 7834
diff changeset
74 ssl_gnutls_init(void)
9b96706e44e7 [gaim-migrate @ 8516]
Bill Tompkins <obobo@users.sourceforge.net>
parents: 7834
diff changeset
75 {
9b96706e44e7 [gaim-migrate @ 8516]
Bill Tompkins <obobo@users.sourceforge.net>
parents: 7834
diff changeset
76 return TRUE;
7016
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
77 }
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
78
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
79 static void
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
80 ssl_gnutls_uninit(void)
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
81 {
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
82 gnutls_global_deinit();
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
83
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
84 gnutls_certificate_free_credentials(xcred);
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
85 }
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
86
18475
e3893e58c4c2 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18458
diff changeset
87 static void
e3893e58c4c2 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18458
diff changeset
88 ssl_gnutls_verified_cb(PurpleCertificateVerificationStatus st,
e3893e58c4c2 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18458
diff changeset
89 gpointer userdata)
e3893e58c4c2 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18458
diff changeset
90 {
e3893e58c4c2 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18458
diff changeset
91 PurpleSslConnection *gsc = (PurpleSslConnection *) userdata;
e3893e58c4c2 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18458
diff changeset
92
e3893e58c4c2 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18458
diff changeset
93 if (st == PURPLE_CERTIFICATE_VALID) {
e3893e58c4c2 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18458
diff changeset
94 /* Certificate valid? Good! Do the connection! */
e3893e58c4c2 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18458
diff changeset
95 gsc->connect_cb(gsc->connect_cb_data, gsc, PURPLE_INPUT_READ);
e3893e58c4c2 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18458
diff changeset
96 } else {
e3893e58c4c2 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18458
diff changeset
97 /* Otherwise, signal an error */
e3893e58c4c2 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18458
diff changeset
98 if(gsc->error_cb != NULL)
e3893e58c4c2 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18458
diff changeset
99 gsc->error_cb(gsc, PURPLE_SSL_CERTIFICATE_INVALID,
e3893e58c4c2 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18458
diff changeset
100 gsc->connect_cb_data);
e3893e58c4c2 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18458
diff changeset
101 purple_ssl_close(gsc);
e3893e58c4c2 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18458
diff changeset
102 }
e3893e58c4c2 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18458
diff changeset
103 }
e3893e58c4c2 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18458
diff changeset
104
e3893e58c4c2 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18458
diff changeset
105
13201
8c224ef70efa [gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents: 11513
diff changeset
106
8c224ef70efa [gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents: 11513
diff changeset
107 static void ssl_gnutls_handshake_cb(gpointer data, gint source,
15884
4de1981757fc sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@pidgin.im>
parents: 15846
diff changeset
108 PurpleInputCondition cond)
13201
8c224ef70efa [gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents: 11513
diff changeset
109 {
15884
4de1981757fc sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@pidgin.im>
parents: 15846
diff changeset
110 PurpleSslConnection *gsc = data;
4de1981757fc sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@pidgin.im>
parents: 15846
diff changeset
111 PurpleSslGnutlsData *gnutls_data = PURPLE_SSL_GNUTLS_DATA(gsc);
13201
8c224ef70efa [gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents: 11513
diff changeset
112 ssize_t ret;
8c224ef70efa [gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents: 11513
diff changeset
113
18450
2b7852940d01 - Debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18447
diff changeset
114 purple_debug_info("gnutls", "Handshaking with %s\n", gsc->host);
13201
8c224ef70efa [gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents: 11513
diff changeset
115 ret = gnutls_handshake(gnutls_data->session);
8c224ef70efa [gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents: 11513
diff changeset
116
8c224ef70efa [gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents: 11513
diff changeset
117 if(ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED)
8c224ef70efa [gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents: 11513
diff changeset
118 return;
8c224ef70efa [gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents: 11513
diff changeset
119
15884
4de1981757fc sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@pidgin.im>
parents: 15846
diff changeset
120 purple_input_remove(gnutls_data->handshake_handler);
13201
8c224ef70efa [gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents: 11513
diff changeset
121 gnutls_data->handshake_handler = 0;
8c224ef70efa [gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents: 11513
diff changeset
122
8c224ef70efa [gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents: 11513
diff changeset
123 if(ret != 0) {
15884
4de1981757fc sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@pidgin.im>
parents: 15846
diff changeset
124 purple_debug_error("gnutls", "Handshake failed. Error %s\n",
15846
7a956b382f6c There were a few problems here
Mark Doliner <markdoliner@pidgin.im>
parents: 15435
diff changeset
125 gnutls_strerror(ret));
13201
8c224ef70efa [gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents: 11513
diff changeset
126
8c224ef70efa [gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents: 11513
diff changeset
127 if(gsc->error_cb != NULL)
15884
4de1981757fc sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@pidgin.im>
parents: 15846
diff changeset
128 gsc->error_cb(gsc, PURPLE_SSL_HANDSHAKE_FAILED,
13201
8c224ef70efa [gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents: 11513
diff changeset
129 gsc->connect_cb_data);
8c224ef70efa [gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents: 11513
diff changeset
130
15884
4de1981757fc sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@pidgin.im>
parents: 15846
diff changeset
131 purple_ssl_close(gsc);
13201
8c224ef70efa [gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents: 11513
diff changeset
132 } else {
15884
4de1981757fc sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@pidgin.im>
parents: 15846
diff changeset
133 purple_debug_info("gnutls", "Handshake complete\n");
13201
8c224ef70efa [gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents: 11513
diff changeset
134
18458
e2f60e9d44aa - Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18455
diff changeset
135 /* TODO: Remove all this debugging babble */
e2f60e9d44aa - Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18455
diff changeset
136 /* Now we are cooking with gas! */
e2f60e9d44aa - Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18455
diff changeset
137 PurpleSslOps *ops = purple_ssl_get_ops();
e2f60e9d44aa - Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18455
diff changeset
138 GList * peers = ops->get_peer_certificates(gsc);
e2f60e9d44aa - Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18455
diff changeset
139
e2f60e9d44aa - Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18455
diff changeset
140 PurpleCertificateScheme *x509 =
e2f60e9d44aa - Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18455
diff changeset
141 purple_certificate_find_scheme("x509");
e2f60e9d44aa - Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18455
diff changeset
142
e2f60e9d44aa - Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18455
diff changeset
143 GList * l;
e2f60e9d44aa - Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18455
diff changeset
144 for (l=peers; l; l = l->next) {
e2f60e9d44aa - Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18455
diff changeset
145 PurpleCertificate *crt = l->data;
e2f60e9d44aa - Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18455
diff changeset
146 GByteArray *z =
e2f60e9d44aa - Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18455
diff changeset
147 x509->get_fingerprint_sha1(crt);
e2f60e9d44aa - Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18455
diff changeset
148 gchar * fpr =
e2f60e9d44aa - Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18455
diff changeset
149 purple_base16_encode_chunked(z->data,
e2f60e9d44aa - Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18455
diff changeset
150 z->len);
e2f60e9d44aa - Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18455
diff changeset
151
e2f60e9d44aa - Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18455
diff changeset
152 purple_debug_info("gnutls/x509",
e2f60e9d44aa - Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18455
diff changeset
153 "Key print: %s\n",
e2f60e9d44aa - Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18455
diff changeset
154 fpr);
e2f60e9d44aa - Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18455
diff changeset
155
e2f60e9d44aa - Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18455
diff changeset
156 /* Kill the cert! */
e2f60e9d44aa - Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18455
diff changeset
157 x509->destroy_certificate(crt);
e2f60e9d44aa - Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18455
diff changeset
158
e2f60e9d44aa - Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18455
diff changeset
159 g_free(fpr);
e2f60e9d44aa - Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18455
diff changeset
160 g_byte_array_free(z, TRUE);
e2f60e9d44aa - Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18455
diff changeset
161 }
e2f60e9d44aa - Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18455
diff changeset
162 g_list_free(peers);
e2f60e9d44aa - Add debugging babble
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18455
diff changeset
163
17390
7fda160e7c5e - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17345
diff changeset
164 {
7fda160e7c5e - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17345
diff changeset
165 const gnutls_datum_t *cert_list;
7fda160e7c5e - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17345
diff changeset
166 unsigned int cert_list_size = 0;
7fda160e7c5e - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17345
diff changeset
167 gnutls_session_t session=gnutls_data->session;
7fda160e7c5e - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17345
diff changeset
168
7fda160e7c5e - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17345
diff changeset
169 cert_list =
7fda160e7c5e - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17345
diff changeset
170 gnutls_certificate_get_peers(session, &cert_list_size);
7fda160e7c5e - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17345
diff changeset
171
7fda160e7c5e - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17345
diff changeset
172 purple_debug_info("gnutls",
7fda160e7c5e - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17345
diff changeset
173 "Peer provided %d certs\n",
7fda160e7c5e - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17345
diff changeset
174 cert_list_size);
7fda160e7c5e - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17345
diff changeset
175 int i;
7fda160e7c5e - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17345
diff changeset
176 for (i=0; i<cert_list_size; i++)
7fda160e7c5e - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17345
diff changeset
177 {
7fda160e7c5e - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17345
diff changeset
178 gchar fpr_bin[256];
7fda160e7c5e - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17345
diff changeset
179 gsize fpr_bin_sz = sizeof(fpr_bin);
7fda160e7c5e - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17345
diff changeset
180 gchar * fpr_asc = NULL;
7fda160e7c5e - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17345
diff changeset
181 gchar tbuf[256];
7fda160e7c5e - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17345
diff changeset
182 gsize tsz=sizeof(tbuf);
7fda160e7c5e - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17345
diff changeset
183 gchar * tasc = NULL;
7fda160e7c5e - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17345
diff changeset
184 gnutls_x509_crt_t cert;
7fda160e7c5e - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17345
diff changeset
185
7fda160e7c5e - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17345
diff changeset
186 gnutls_x509_crt_init(&cert);
7fda160e7c5e - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17345
diff changeset
187 gnutls_x509_crt_import (cert, &cert_list[i],
7fda160e7c5e - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17345
diff changeset
188 GNUTLS_X509_FMT_DER);
7fda160e7c5e - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17345
diff changeset
189
7fda160e7c5e - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17345
diff changeset
190 gnutls_x509_crt_get_fingerprint(cert, GNUTLS_MAC_SHA,
7fda160e7c5e - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17345
diff changeset
191 fpr_bin, &fpr_bin_sz);
7fda160e7c5e - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17345
diff changeset
192
7fda160e7c5e - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17345
diff changeset
193 fpr_asc =
7fda160e7c5e - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17345
diff changeset
194 purple_base16_encode_chunked(fpr_bin,fpr_bin_sz);
7fda160e7c5e - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17345
diff changeset
195
7fda160e7c5e - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17345
diff changeset
196 purple_debug_info("gnutls",
7fda160e7c5e - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17345
diff changeset
197 "Lvl %d SHA1 fingerprint: %s\n",
7fda160e7c5e - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17345
diff changeset
198 i, fpr_asc);
7fda160e7c5e - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17345
diff changeset
199
7fda160e7c5e - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17345
diff changeset
200 tsz=sizeof(tbuf);
17430
95d550efcc3d disapproval of revision '8976f9e287fef5bd2856c34ea931afa70a997895'
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17429
diff changeset
201 gnutls_x509_crt_get_serial(cert,tbuf,&tsz);
17390
7fda160e7c5e - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17345
diff changeset
202 tasc=
7fda160e7c5e - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17345
diff changeset
203 purple_base16_encode_chunked(tbuf, tsz);
7fda160e7c5e - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17345
diff changeset
204 purple_debug_info("gnutls",
17430
95d550efcc3d disapproval of revision '8976f9e287fef5bd2856c34ea931afa70a997895'
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17429
diff changeset
205 "Serial: %s\n",
95d550efcc3d disapproval of revision '8976f9e287fef5bd2856c34ea931afa70a997895'
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17429
diff changeset
206 tasc);
17390
7fda160e7c5e - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17345
diff changeset
207 g_free(tasc);
7fda160e7c5e - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17345
diff changeset
208
7fda160e7c5e - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17345
diff changeset
209 tsz=sizeof(tbuf);
7fda160e7c5e - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17345
diff changeset
210 gnutls_x509_crt_get_dn (cert, tbuf, &tsz);
7fda160e7c5e - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17345
diff changeset
211 purple_debug_info("gnutls",
7fda160e7c5e - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17345
diff changeset
212 "Cert DN: %s\n",
7fda160e7c5e - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17345
diff changeset
213 tbuf);
7fda160e7c5e - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17345
diff changeset
214 tsz=sizeof(tbuf);
7fda160e7c5e - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17345
diff changeset
215 gnutls_x509_crt_get_issuer_dn (cert, tbuf, &tsz);
7fda160e7c5e - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17345
diff changeset
216 purple_debug_info("gnutls",
7fda160e7c5e - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17345
diff changeset
217 "Cert Issuer DN: %s\n",
7fda160e7c5e - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17345
diff changeset
218 tbuf);
7fda160e7c5e - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17345
diff changeset
219
7fda160e7c5e - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17345
diff changeset
220 g_free(fpr_asc); fpr_asc = NULL;
7fda160e7c5e - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17345
diff changeset
221 gnutls_x509_crt_deinit(cert);
17430
95d550efcc3d disapproval of revision '8976f9e287fef5bd2856c34ea931afa70a997895'
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17429
diff changeset
222 }
17390
7fda160e7c5e - Made a big mess of stuff in the GnuTLS pluging to look at cert auth
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17345
diff changeset
223
17430
95d550efcc3d disapproval of revision '8976f9e287fef5bd2856c34ea931afa70a997895'
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17429
diff changeset
224 }
18475
e3893e58c4c2 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18458
diff changeset
225
e3893e58c4c2 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18458
diff changeset
226 /* TODO: The following logic should really be in libpurple */
e3893e58c4c2 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18458
diff changeset
227 /* If a Verifier was given, hand control over to it */
e3893e58c4c2 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18458
diff changeset
228 if (gsc->verifier) {
e3893e58c4c2 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18458
diff changeset
229 GList *peers;
e3893e58c4c2 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18458
diff changeset
230 /* First, get the peer cert chain */
e3893e58c4c2 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18458
diff changeset
231 peers = purple_ssl_get_peer_certificates(gsc);
e3893e58c4c2 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18458
diff changeset
232
e3893e58c4c2 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18458
diff changeset
233 /* Now kick off the verification process */
e3893e58c4c2 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18458
diff changeset
234 purple_certificate_verify(gsc->verifier,
e3893e58c4c2 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18458
diff changeset
235 gsc->host,
e3893e58c4c2 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18458
diff changeset
236 peers,
e3893e58c4c2 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18458
diff changeset
237 ssl_gnutls_verified_cb,
e3893e58c4c2 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18458
diff changeset
238 gsc);
e3893e58c4c2 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18458
diff changeset
239
e3893e58c4c2 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18458
diff changeset
240 } else {
e3893e58c4c2 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18458
diff changeset
241 /* Otherwise, just call the "connection complete"
e3893e58c4c2 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18458
diff changeset
242 callback */
e3893e58c4c2 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18458
diff changeset
243 gsc->connect_cb(gsc->connect_cb_data, gsc, cond);
e3893e58c4c2 - ssl-gnutls plugin uses Verifiers now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18458
diff changeset
244 }
13201
8c224ef70efa [gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents: 11513
diff changeset
245 }
8c224ef70efa [gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents: 11513
diff changeset
246
8c224ef70efa [gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents: 11513
diff changeset
247 }
8c224ef70efa [gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents: 11513
diff changeset
248
8c224ef70efa [gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents: 11513
diff changeset
249
7016
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
250 static void
15884
4de1981757fc sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@pidgin.im>
parents: 15846
diff changeset
251 ssl_gnutls_connect(PurpleSslConnection *gsc)
7016
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
252 {
15884
4de1981757fc sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@pidgin.im>
parents: 15846
diff changeset
253 PurpleSslGnutlsData *gnutls_data;
7016
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
254 static const int cert_type_priority[2] = { GNUTLS_CRT_X509, 0 };
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
255
15884
4de1981757fc sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@pidgin.im>
parents: 15846
diff changeset
256 gnutls_data = g_new0(PurpleSslGnutlsData, 1);
7016
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
257 gsc->private_data = gnutls_data;
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
258
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
259 gnutls_init(&gnutls_data->session, GNUTLS_CLIENT);
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
260 gnutls_set_default_priority(gnutls_data->session);
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
261
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
262 gnutls_certificate_type_set_priority(gnutls_data->session,
13201
8c224ef70efa [gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents: 11513
diff changeset
263 cert_type_priority);
7016
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
264
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
265 gnutls_credentials_set(gnutls_data->session, GNUTLS_CRD_CERTIFICATE,
13201
8c224ef70efa [gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents: 11513
diff changeset
266 xcred);
7016
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
267
14223
c6ba4f3482de [gaim-migrate @ 16809]
Mark Doliner <markdoliner@pidgin.im>
parents: 13985
diff changeset
268 gnutls_transport_set_ptr(gnutls_data->session, GINT_TO_POINTER(gsc->fd));
7016
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
269
15884
4de1981757fc sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@pidgin.im>
parents: 15846
diff changeset
270 gnutls_data->handshake_handler = purple_input_add(gsc->fd,
4de1981757fc sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@pidgin.im>
parents: 15846
diff changeset
271 PURPLE_INPUT_READ, ssl_gnutls_handshake_cb, gsc);
7016
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
272
17345
cbe9758e542e - Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents: 16744
diff changeset
273 /* Orborde asks: Why are we configuring a callback, then
cbe9758e542e - Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents: 16744
diff changeset
274 immediately calling it?
cbe9758e542e - Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents: 16744
diff changeset
275
cbe9758e542e - Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents: 16744
diff changeset
276 Answer: gnutls_handshake (up in handshake_cb) needs to be called
cbe9758e542e - Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents: 16744
diff changeset
277 once in order to get the ball rolling on the SSL connection.
cbe9758e542e - Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents: 16744
diff changeset
278 Once it has done so, only then will the server reply, triggering
cbe9758e542e - Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents: 16744
diff changeset
279 the callback.
cbe9758e542e - Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents: 16744
diff changeset
280
cbe9758e542e - Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents: 16744
diff changeset
281 Since the logic driving gnutls_handshake is the same with the first
cbe9758e542e - Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents: 16744
diff changeset
282 and subsequent calls, we'll just fire the callback immediately to
cbe9758e542e - Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents: 16744
diff changeset
283 accomplish this.
cbe9758e542e - Document some weird-looking logic in the GnuTLS plugin.
William Ehlhardt <williamehlhardt@gmail.com>
parents: 16744
diff changeset
284 */
15884
4de1981757fc sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@pidgin.im>
parents: 15846
diff changeset
285 ssl_gnutls_handshake_cb(gsc, gsc->fd, PURPLE_INPUT_READ);
7016
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
286 }
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
287
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
288 static void
15884
4de1981757fc sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@pidgin.im>
parents: 15846
diff changeset
289 ssl_gnutls_close(PurpleSslConnection *gsc)
7016
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
290 {
15884
4de1981757fc sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@pidgin.im>
parents: 15846
diff changeset
291 PurpleSslGnutlsData *gnutls_data = PURPLE_SSL_GNUTLS_DATA(gsc);
7016
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
292
7467
a459b5408f83 [gaim-migrate @ 8080]
Nathan Walp <nwalp@pidgin.im>
parents: 7325
diff changeset
293 if(!gnutls_data)
a459b5408f83 [gaim-migrate @ 8080]
Nathan Walp <nwalp@pidgin.im>
parents: 7325
diff changeset
294 return;
a459b5408f83 [gaim-migrate @ 8080]
Nathan Walp <nwalp@pidgin.im>
parents: 7325
diff changeset
295
13201
8c224ef70efa [gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents: 11513
diff changeset
296 if(gnutls_data->handshake_handler)
15884
4de1981757fc sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@pidgin.im>
parents: 15846
diff changeset
297 purple_input_remove(gnutls_data->handshake_handler);
13201
8c224ef70efa [gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents: 11513
diff changeset
298
7016
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
299 gnutls_bye(gnutls_data->session, GNUTLS_SHUT_RDWR);
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
300
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
301 gnutls_deinit(gnutls_data->session);
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
302
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
303 g_free(gnutls_data);
13201
8c224ef70efa [gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents: 11513
diff changeset
304 gsc->private_data = NULL;
7016
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
305 }
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
306
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
307 static size_t
15884
4de1981757fc sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@pidgin.im>
parents: 15846
diff changeset
308 ssl_gnutls_read(PurpleSslConnection *gsc, void *data, size_t len)
7016
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
309 {
15884
4de1981757fc sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@pidgin.im>
parents: 15846
diff changeset
310 PurpleSslGnutlsData *gnutls_data = PURPLE_SSL_GNUTLS_DATA(gsc);
13201
8c224ef70efa [gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents: 11513
diff changeset
311 ssize_t s;
8c224ef70efa [gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents: 11513
diff changeset
312
8c224ef70efa [gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents: 11513
diff changeset
313 s = gnutls_record_recv(gnutls_data->session, data, len);
7016
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
314
13201
8c224ef70efa [gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents: 11513
diff changeset
315 if(s == GNUTLS_E_AGAIN || s == GNUTLS_E_INTERRUPTED) {
8c224ef70efa [gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents: 11513
diff changeset
316 s = -1;
8c224ef70efa [gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents: 11513
diff changeset
317 errno = EAGAIN;
8c224ef70efa [gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents: 11513
diff changeset
318 } else if(s < 0) {
15884
4de1981757fc sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@pidgin.im>
parents: 15846
diff changeset
319 purple_debug_error("gnutls", "receive failed: %s\n",
15846
7a956b382f6c There were a few problems here
Mark Doliner <markdoliner@pidgin.im>
parents: 15435
diff changeset
320 gnutls_strerror(s));
7a956b382f6c There were a few problems here
Mark Doliner <markdoliner@pidgin.im>
parents: 15435
diff changeset
321 s = -1;
7a956b382f6c There were a few problems here
Mark Doliner <markdoliner@pidgin.im>
parents: 15435
diff changeset
322 /*
7a956b382f6c There were a few problems here
Mark Doliner <markdoliner@pidgin.im>
parents: 15435
diff changeset
323 * TODO: Set errno to something more appropriate. Or even
7a956b382f6c There were a few problems here
Mark Doliner <markdoliner@pidgin.im>
parents: 15435
diff changeset
324 * better: allow ssl plugins to keep track of their
7a956b382f6c There were a few problems here
Mark Doliner <markdoliner@pidgin.im>
parents: 15435
diff changeset
325 * own error message, then add a new ssl_ops function
7a956b382f6c There were a few problems here
Mark Doliner <markdoliner@pidgin.im>
parents: 15435
diff changeset
326 * that returns the error message.
7a956b382f6c There were a few problems here
Mark Doliner <markdoliner@pidgin.im>
parents: 15435
diff changeset
327 */
7a956b382f6c There were a few problems here
Mark Doliner <markdoliner@pidgin.im>
parents: 15435
diff changeset
328 errno = EIO;
7834
6a092463d774 [gaim-migrate @ 8487]
Mike Hearn <mike@theoretic.com>
parents: 7631
diff changeset
329 }
7016
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
330
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
331 return s;
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
332 }
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
333
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
334 static size_t
15884
4de1981757fc sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@pidgin.im>
parents: 15846
diff changeset
335 ssl_gnutls_write(PurpleSslConnection *gsc, const void *data, size_t len)
7016
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
336 {
15884
4de1981757fc sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@pidgin.im>
parents: 15846
diff changeset
337 PurpleSslGnutlsData *gnutls_data = PURPLE_SSL_GNUTLS_DATA(gsc);
13201
8c224ef70efa [gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents: 11513
diff changeset
338 ssize_t s = 0;
7016
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
339
13201
8c224ef70efa [gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents: 11513
diff changeset
340 /* XXX: when will gnutls_data be NULL? */
7467
a459b5408f83 [gaim-migrate @ 8080]
Nathan Walp <nwalp@pidgin.im>
parents: 7325
diff changeset
341 if(gnutls_data)
a459b5408f83 [gaim-migrate @ 8080]
Nathan Walp <nwalp@pidgin.im>
parents: 7325
diff changeset
342 s = gnutls_record_send(gnutls_data->session, data, len);
7016
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
343
13201
8c224ef70efa [gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents: 11513
diff changeset
344 if(s == GNUTLS_E_AGAIN || s == GNUTLS_E_INTERRUPTED) {
8c224ef70efa [gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents: 11513
diff changeset
345 s = -1;
8c224ef70efa [gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents: 11513
diff changeset
346 errno = EAGAIN;
8c224ef70efa [gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents: 11513
diff changeset
347 } else if(s < 0) {
15884
4de1981757fc sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@pidgin.im>
parents: 15846
diff changeset
348 purple_debug_error("gnutls", "send failed: %s\n",
15846
7a956b382f6c There were a few problems here
Mark Doliner <markdoliner@pidgin.im>
parents: 15435
diff changeset
349 gnutls_strerror(s));
7a956b382f6c There were a few problems here
Mark Doliner <markdoliner@pidgin.im>
parents: 15435
diff changeset
350 s = -1;
7a956b382f6c There were a few problems here
Mark Doliner <markdoliner@pidgin.im>
parents: 15435
diff changeset
351 /*
7a956b382f6c There were a few problems here
Mark Doliner <markdoliner@pidgin.im>
parents: 15435
diff changeset
352 * TODO: Set errno to something more appropriate. Or even
7a956b382f6c There were a few problems here
Mark Doliner <markdoliner@pidgin.im>
parents: 15435
diff changeset
353 * better: allow ssl plugins to keep track of their
7a956b382f6c There were a few problems here
Mark Doliner <markdoliner@pidgin.im>
parents: 15435
diff changeset
354 * own error message, then add a new ssl_ops function
7a956b382f6c There were a few problems here
Mark Doliner <markdoliner@pidgin.im>
parents: 15435
diff changeset
355 * that returns the error message.
7a956b382f6c There were a few problems here
Mark Doliner <markdoliner@pidgin.im>
parents: 15435
diff changeset
356 */
7a956b382f6c There were a few problems here
Mark Doliner <markdoliner@pidgin.im>
parents: 15435
diff changeset
357 errno = EIO;
13201
8c224ef70efa [gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents: 11513
diff changeset
358 }
8c224ef70efa [gaim-migrate @ 15563]
Daniel Atallah <datallah@pidgin.im>
parents: 11513
diff changeset
359
7016
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
360 return s;
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
361 }
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
362
17510
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
363 /* Forward declarations are fun!
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
364 TODO: This is a stupid place for this */
18248
8f462eaffecd - Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18247
diff changeset
365 static PurpleCertificate *
18245
2ddae03c3c9e - Add a mode switch to allow DER or PEM imports (necessary because SSL certs
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17510
diff changeset
366 x509_import_from_datum(const gnutls_datum_t dt, gnutls_x509_crt_fmt_t mode);
17510
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
367
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
368 static GList *
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
369 ssl_gnutls_get_peer_certificates(PurpleSslConnection * gsc)
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
370 {
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
371 PurpleSslGnutlsData *gnutls_data = PURPLE_SSL_GNUTLS_DATA(gsc);
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
372
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
373 /* List of Certificate instances to return */
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
374 GList * peer_certs = NULL;
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
375
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
376 /* List of raw certificates as given by GnuTLS */
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
377 const gnutls_datum_t *cert_list;
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
378 unsigned int cert_list_size = 0;
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
379
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
380 unsigned int i;
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
381
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
382 /* This should never, ever happen. */
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
383 g_return_val_if_fail( gnutls_certificate_type_get (gnutls_data->session) == GNUTLS_CRT_X509, NULL);
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
384
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
385 /* Get the certificate list from GnuTLS */
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
386 /* TODO: I am _pretty sure_ this doesn't block or do other exciting things */
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
387 cert_list = gnutls_certificate_get_peers(gnutls_data->session,
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
388 &cert_list_size);
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
389
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
390 /* Convert each certificate to a Certificate and append it to the list */
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
391 for (i = 0; i < cert_list_size; i++) {
18248
8f462eaffecd - Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18247
diff changeset
392 PurpleCertificate * newcrt = x509_import_from_datum(cert_list[i],
18245
2ddae03c3c9e - Add a mode switch to allow DER or PEM imports (necessary because SSL certs
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17510
diff changeset
393 GNUTLS_X509_FMT_DER);
17510
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
394 /* Append is somewhat inefficient on linked lists, but is easy
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
395 to read. If someone complains, I'll change it.
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
396 TODO: Is anyone complaining? (Maybe elb?) */
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
397 peer_certs = g_list_append(peer_certs, newcrt);
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
398 }
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
399
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
400 /* cert_list shouldn't need free()-ing */
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
401 /* TODO: double-check this */
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
402
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
403 return peer_certs;
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
404 }
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
405
17509
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
406 /************************************************************************/
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
407 /* X.509 functionality */
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
408 /************************************************************************/
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
409 const gchar * SCHEME_NAME = "x509";
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
410
18248
8f462eaffecd - Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18247
diff changeset
411 static PurpleCertificateScheme x509_gnutls;
17509
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
412
17510
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
413 /** Transforms a gnutls_datum_t containing an X.509 certificate into a Certificate instance under the x509_gnutls scheme
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
414 *
18245
2ddae03c3c9e - Add a mode switch to allow DER or PEM imports (necessary because SSL certs
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17510
diff changeset
415 * @param dt Datum to transform
2ddae03c3c9e - Add a mode switch to allow DER or PEM imports (necessary because SSL certs
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17510
diff changeset
416 * @param mode GnuTLS certificate format specifier (GNUTLS_X509_FMT_PEM for
2ddae03c3c9e - Add a mode switch to allow DER or PEM imports (necessary because SSL certs
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17510
diff changeset
417 * reading from files, and GNUTLS_X509_FMT_DER for converting
2ddae03c3c9e - Add a mode switch to allow DER or PEM imports (necessary because SSL certs
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17510
diff changeset
418 * "over the wire" certs for SSL)
17510
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
419 *
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
420 * @return A newly allocated Certificate structure of the x509_gnutls scheme
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
421 */
18248
8f462eaffecd - Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18247
diff changeset
422 static PurpleCertificate *
18245
2ddae03c3c9e - Add a mode switch to allow DER or PEM imports (necessary because SSL certs
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17510
diff changeset
423 x509_import_from_datum(const gnutls_datum_t dt, gnutls_x509_crt_fmt_t mode)
17510
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
424 {
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
425 /* Internal certificate data structure */
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
426 gnutls_x509_crt_t *certdat;
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
427 /* New certificate to return */
18248
8f462eaffecd - Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18247
diff changeset
428 PurpleCertificate * crt;
17510
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
429
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
430 /* Allocate and prepare the internal certificate data */
18480
42936c867fee - More g_new0 instead of g_new
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18475
diff changeset
431 certdat = g_new0(gnutls_x509_crt_t, 1);
17510
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
432 gnutls_x509_crt_init(certdat);
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
433
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
434 /* Perform the actual certificate parse */
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
435 /* Yes, certdat SHOULD be dereferenced */
18245
2ddae03c3c9e - Add a mode switch to allow DER or PEM imports (necessary because SSL certs
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17510
diff changeset
436 gnutls_x509_crt_import(*certdat, &dt, mode);
17510
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
437
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
438 /* Allocate the certificate and load it with data */
18480
42936c867fee - More g_new0 instead of g_new
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18475
diff changeset
439 crt = g_new0(PurpleCertificate, 1);
17510
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
440 crt->scheme = &x509_gnutls;
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
441 crt->data = certdat;
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
442
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
443 return crt;
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
444 }
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
445
17509
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
446 /** Imports a PEM-formatted X.509 certificate from the specified file.
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
447 * @param filename Filename to import from. Format is PEM
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
448 *
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
449 * @return A newly allocated Certificate structure of the x509_gnutls scheme
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
450 */
18248
8f462eaffecd - Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18247
diff changeset
451 static PurpleCertificate *
17509
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
452 x509_import_from_file(const gchar * filename)
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
453 {
18248
8f462eaffecd - Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18247
diff changeset
454 PurpleCertificate *crt; /* Certificate being constructed */
17509
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
455 gchar *buf; /* Used to load the raw file data */
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
456 gsize buf_sz; /* Size of the above */
17510
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
457 gnutls_datum_t dt; /* Struct to pass down to GnuTLS */
17509
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
458
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
459 purple_debug_info("gnutls",
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
460 "Attempting to load X.509 certificate from %s\n",
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
461 filename);
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
462
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
463 /* Next, we'll simply yank the entire contents of the file
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
464 into memory */
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
465 /* TODO: Should I worry about very large files here? */
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
466 /* TODO: Error checking */
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
467 g_file_get_contents(filename,
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
468 &buf,
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
469 &buf_sz,
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
470 NULL /* No error checking for now */
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
471 );
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
472
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
473 /* Load the datum struct */
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
474 dt.data = (unsigned char *) buf;
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
475 dt.size = buf_sz;
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
476
17510
b9314561d25a - Wrote GnuTLS get_peer_certificates function
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17509
diff changeset
477 /* Perform the conversion */
18245
2ddae03c3c9e - Add a mode switch to allow DER or PEM imports (necessary because SSL certs
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17510
diff changeset
478 crt = x509_import_from_datum(dt,
2ddae03c3c9e - Add a mode switch to allow DER or PEM imports (necessary because SSL certs
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17510
diff changeset
479 GNUTLS_X509_FMT_PEM); // files should be in PEM format
17509
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
480
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
481 /* Cleanup */
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
482 g_free(buf);
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
483
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
484 return crt;
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
485 }
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
486
18496
3bb8e716482e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18482
diff changeset
487 /**
3bb8e716482e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18482
diff changeset
488 * Exports a PEM-formatted X.509 certificate to the specified file.
3bb8e716482e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18482
diff changeset
489 * @param filename Filename to export to. Format will be PEM
3bb8e716482e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18482
diff changeset
490 * @param crt Certificate to export
3bb8e716482e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18482
diff changeset
491 *
3bb8e716482e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18482
diff changeset
492 * @return TRUE if success, otherwise FALSE
3bb8e716482e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18482
diff changeset
493 */
3bb8e716482e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18482
diff changeset
494 static gboolean
3bb8e716482e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18482
diff changeset
495 x509_export_certificate(const gchar *filename, PurpleCertificate *crt)
3bb8e716482e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18482
diff changeset
496 {
3bb8e716482e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18482
diff changeset
497 gnutls_x509_crt_t crt_dat; /* GnuTLS cert struct */
3bb8e716482e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18482
diff changeset
498 int ret;
3bb8e716482e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18482
diff changeset
499 gchar * out_buf; /* Data to output */
3bb8e716482e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18482
diff changeset
500 size_t out_size; /* Output size */
3bb8e716482e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18482
diff changeset
501 gboolean success = FALSE;
3bb8e716482e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18482
diff changeset
502
3bb8e716482e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18482
diff changeset
503 /* Paranoia paranoia paranoia! */
3bb8e716482e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18482
diff changeset
504 g_return_val_if_fail(filename, FALSE);
3bb8e716482e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18482
diff changeset
505 g_return_val_if_fail(crt, FALSE);
3bb8e716482e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18482
diff changeset
506 g_return_val_if_fail(crt->scheme == &x509_gnutls, FALSE);
3bb8e716482e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18482
diff changeset
507 g_return_val_if_fail(crt->data, FALSE);
3bb8e716482e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18482
diff changeset
508
3bb8e716482e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18482
diff changeset
509 crt_dat = *( (gnutls_x509_crt_t *) crt->data);
3bb8e716482e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18482
diff changeset
510
3bb8e716482e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18482
diff changeset
511 /* Obtain the output size required */
18593
9d2bd532bf74 - Fix intermittent crash due to uninitialized variable
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18592
diff changeset
512 out_size = 0;
18496
3bb8e716482e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18482
diff changeset
513 ret = gnutls_x509_crt_export(crt_dat, GNUTLS_X509_FMT_PEM,
3bb8e716482e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18482
diff changeset
514 NULL, /* Provide no buffer yet */
3bb8e716482e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18482
diff changeset
515 &out_size /* Put size here */
3bb8e716482e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18482
diff changeset
516 );
18591
9d7c99e312b9 - Fix an incorrect assertion in GnuTLS plugin
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18496
diff changeset
517 g_return_val_if_fail(ret == GNUTLS_E_SHORT_MEMORY_BUFFER, FALSE);
18496
3bb8e716482e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18482
diff changeset
518
3bb8e716482e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18482
diff changeset
519 /* Now allocate a buffer and *really* export it */
3bb8e716482e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18482
diff changeset
520 out_buf = g_new0(gchar, out_size);
3bb8e716482e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18482
diff changeset
521 ret = gnutls_x509_crt_export(crt_dat, GNUTLS_X509_FMT_PEM,
3bb8e716482e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18482
diff changeset
522 out_buf, /* Export to our new buffer */
3bb8e716482e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18482
diff changeset
523 &out_size /* Put size here */
3bb8e716482e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18482
diff changeset
524 );
3bb8e716482e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18482
diff changeset
525 if (ret != 0) {
3bb8e716482e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18482
diff changeset
526 purple_debug_error("gnutls/x509",
3bb8e716482e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18482
diff changeset
527 "Failed to export cert to buffer with code %d\n",
3bb8e716482e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18482
diff changeset
528 ret);
3bb8e716482e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18482
diff changeset
529 g_free(out_buf);
3bb8e716482e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18482
diff changeset
530 return FALSE;
3bb8e716482e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18482
diff changeset
531 }
3bb8e716482e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18482
diff changeset
532
3bb8e716482e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18482
diff changeset
533 /* Write it out to an actual file */
18592
8ac486cb3d21 - GnuTLS plugin no longer uses write_data_to_file from util. It has been
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18591
diff changeset
534 /* TODO: THIS IS A COMPATIBILITY VIOLATION
8ac486cb3d21 - GnuTLS plugin no longer uses write_data_to_file from util. It has been
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18591
diff changeset
535 Look into util.c write_data_to_file. */
8ac486cb3d21 - GnuTLS plugin no longer uses write_data_to_file from util. It has been
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18591
diff changeset
536 success = g_file_set_contents(filename,
8ac486cb3d21 - GnuTLS plugin no longer uses write_data_to_file from util. It has been
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18591
diff changeset
537 out_buf,
8ac486cb3d21 - GnuTLS plugin no longer uses write_data_to_file from util. It has been
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18591
diff changeset
538 out_size,
8ac486cb3d21 - GnuTLS plugin no longer uses write_data_to_file from util. It has been
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18591
diff changeset
539 NULL);
18496
3bb8e716482e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18482
diff changeset
540
3bb8e716482e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18482
diff changeset
541
3bb8e716482e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18482
diff changeset
542 g_free(out_buf);
3bb8e716482e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18482
diff changeset
543 g_return_val_if_fail(success, FALSE);
3bb8e716482e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18482
diff changeset
544 return success;
3bb8e716482e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18482
diff changeset
545 }
3bb8e716482e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18482
diff changeset
546
17509
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
547 /** Frees a Certificate
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
548 *
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
549 * Destroys a Certificate's internal data structures and frees the pointer
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
550 * given.
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
551 * @param crt Certificate instance to be destroyed. It WILL NOT be destroyed
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
552 * if it is not of the correct CertificateScheme. Can be NULL
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
553 *
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
554 */
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
555 static void
18248
8f462eaffecd - Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18247
diff changeset
556 x509_destroy_certificate(PurpleCertificate * crt)
17509
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
557 {
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
558 /* TODO: Issue a warning here? */
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
559 if (NULL == crt) return;
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
560
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
561 /* Check that the scheme is x509_gnutls */
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
562 if ( crt->scheme != &x509_gnutls ) {
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
563 purple_debug_error("gnutls",
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
564 "destroy_certificate attempted on certificate of wrong scheme (scheme was %s, expected %s)\n",
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
565 crt->scheme->name,
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
566 SCHEME_NAME);
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
567 return;
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
568 }
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
569
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
570 /* TODO: Different error checking? */
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
571 g_return_if_fail(crt->data != NULL);
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
572 g_return_if_fail(crt->scheme != NULL);
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
573
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
574 /* Destroy the GnuTLS-specific data */
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
575 gnutls_x509_crt_deinit( *( (gnutls_x509_crt_t *) crt->data ) );
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
576 g_free(crt->data);
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
577
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
578 /* TODO: Reference counting here? */
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
579
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
580 /* Kill the structure itself */
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
581 g_free(crt);
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
582 }
fa009823dbfd - Exposed the _Certificate struct definition in certificate.h
William Ehlhardt <williamehlhardt@gmail.com>
parents: 17507
diff changeset
583
18250
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
584 /** Determines whether one certificate has been issued and signed by another
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
585 *
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
586 * @param crt Certificate to check the signature of
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
587 * @param issuer Issuer's certificate
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
588 *
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
589 * @return TRUE if crt was signed and issued by issuer, otherwise FALSE
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
590 * @TODO Modify this function to return a reason for invalidity?
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
591 */
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
592 static gboolean
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
593 x509_certificate_signed_by(PurpleCertificate * crt,
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
594 PurpleCertificate * issuer)
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
595 {
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
596 gnutls_x509_crt_t crt_dat;
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
597 gnutls_x509_crt_t issuer_dat;
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
598 unsigned int verify; /* used to store details from GnuTLS verifier */
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
599 int ret;
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
600
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
601 /* TODO: Change this error checking? */
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
602 g_return_val_if_fail(crt, FALSE);
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
603 g_return_val_if_fail(issuer, FALSE);
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
604
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
605 /* Verify that both certs are the correct scheme */
18482
be73de06d821 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18480
diff changeset
606 g_return_val_if_fail(crt->scheme == &x509_gnutls, FALSE);
be73de06d821 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18480
diff changeset
607 g_return_val_if_fail(issuer->scheme == &x509_gnutls, FALSE);
18250
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
608
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
609 /* TODO: check for more nullness? */
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
610
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
611 crt_dat = *((gnutls_x509_crt_t *) crt->data);
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
612 issuer_dat = *((gnutls_x509_crt_t *) issuer->data);
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
613
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
614 /* First, let's check that crt.issuer is actually issuer */
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
615 ret = gnutls_x509_crt_check_issuer(crt_dat, issuer_dat);
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
616 if (ret <= 0) {
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
617
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
618 if (ret < 0) {
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
619 purple_debug_error("gnutls/x509",
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
620 "GnuTLS error %d while checking certificate issuer match.",
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
621 ret);
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
622 }
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
623
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
624 /* The issuer is not correct, or there were errors */
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
625 return FALSE;
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
626 }
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
627
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
628 /* Now, check the signature */
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
629 /* The second argument is a ptr to an array of "trusted" issuer certs,
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
630 but we're only using one trusted one */
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
631 ret = gnutls_x509_crt_verify(crt_dat, &issuer_dat, 1, 0, &verify);
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
632
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
633 if (ret > 0) {
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
634 /* The certificate is good. */
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
635 return TRUE;
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
636 }
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
637 else if (ret < 0) {
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
638 purple_debug_error("gnutls/x509",
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
639 "Attempted certificate verification caused a GnuTLS error code %d. I will just say the signature is bad, but you should look into this.\n", ret);
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
640 return FALSE;
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
641 }
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
642 else {
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
643 /* Signature didn't check out, but at least
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
644 there were no errors*/
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
645 return FALSE;
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
646 } /* if (ret, etc.) */
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
647
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
648 /* Control does not reach this point */
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
649 }
d7663374e33d - Add x509_certificate_signed_by, which checks a signature on a certificate made by an issuer
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18248
diff changeset
650
18455
4fe7da78f38d - Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18454
diff changeset
651 static GByteArray *
4fe7da78f38d - Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18454
diff changeset
652 x509_sha1sum(PurpleCertificate *crt)
4fe7da78f38d - Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18454
diff changeset
653 {
4fe7da78f38d - Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18454
diff changeset
654 size_t hashlen = 20; /* SHA1 hashes are 20 bytes */
4fe7da78f38d - Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18454
diff changeset
655 size_t tmpsz = hashlen; /* Throw-away variable for GnuTLS to stomp on*/
4fe7da78f38d - Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18454
diff changeset
656 gnutls_x509_crt_t crt_dat;
4fe7da78f38d - Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18454
diff changeset
657 GByteArray *hash; /**< Final hash container */
4fe7da78f38d - Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18454
diff changeset
658 guchar hashbuf[hashlen]; /**< Temporary buffer to contain hash */
4fe7da78f38d - Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18454
diff changeset
659
4fe7da78f38d - Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18454
diff changeset
660 g_return_val_if_fail(crt, NULL);
4fe7da78f38d - Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18454
diff changeset
661
4fe7da78f38d - Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18454
diff changeset
662 crt_dat = *( (gnutls_x509_crt_t *) crt->data );
4fe7da78f38d - Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18454
diff changeset
663
4fe7da78f38d - Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18454
diff changeset
664 /* Extract the fingerprint */
4fe7da78f38d - Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18454
diff changeset
665 /* TODO: Errorcheck? */
4fe7da78f38d - Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18454
diff changeset
666 gnutls_x509_crt_get_fingerprint(crt_dat, GNUTLS_MAC_SHA,
4fe7da78f38d - Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18454
diff changeset
667 hashbuf, &tmpsz);
4fe7da78f38d - Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18454
diff changeset
668
4fe7da78f38d - Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18454
diff changeset
669 /* This shouldn't happen */
4fe7da78f38d - Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18454
diff changeset
670 g_return_val_if_fail(tmpsz == hashlen, NULL);
4fe7da78f38d - Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18454
diff changeset
671
4fe7da78f38d - Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18454
diff changeset
672 /* Okay, now create and fill hash array */
4fe7da78f38d - Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18454
diff changeset
673 hash = g_byte_array_new();
4fe7da78f38d - Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18454
diff changeset
674 g_byte_array_append(hash, hashbuf, hashlen);
4fe7da78f38d - Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18454
diff changeset
675
4fe7da78f38d - Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18454
diff changeset
676 return hash;
4fe7da78f38d - Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18454
diff changeset
677 }
4fe7da78f38d - Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18454
diff changeset
678
18482
be73de06d821 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18480
diff changeset
679 static gchar *
be73de06d821 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18480
diff changeset
680 x509_common_name (PurpleCertificate *crt)
be73de06d821 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18480
diff changeset
681 {
be73de06d821 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18480
diff changeset
682 gnutls_x509_crt_t cert_dat;
be73de06d821 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18480
diff changeset
683 gchar *cn = NULL;
be73de06d821 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18480
diff changeset
684 size_t cn_size;
be73de06d821 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18480
diff changeset
685
be73de06d821 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18480
diff changeset
686 g_return_val_if_fail(crt, NULL);
be73de06d821 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18480
diff changeset
687 g_return_val_if_fail(crt->scheme == &x509_gnutls, NULL);
be73de06d821 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18480
diff changeset
688
be73de06d821 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18480
diff changeset
689 cert_dat = *( (gnutls_x509_crt_t *) crt->data );
be73de06d821 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18480
diff changeset
690
be73de06d821 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18480
diff changeset
691 /* TODO: Not return values? */
be73de06d821 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18480
diff changeset
692
be73de06d821 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18480
diff changeset
693 /* Figure out the length of the Common Name */
be73de06d821 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18480
diff changeset
694 /* Claim that the buffer is size 0 so GnuTLS just tells us how much
be73de06d821 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18480
diff changeset
695 space it needs */
be73de06d821 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18480
diff changeset
696 cn_size = 0;
be73de06d821 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18480
diff changeset
697 gnutls_x509_crt_get_dn_by_oid(cert_dat,
be73de06d821 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18480
diff changeset
698 GNUTLS_OID_X520_COMMON_NAME,
be73de06d821 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18480
diff changeset
699 0, /* First CN found, please */
be73de06d821 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18480
diff changeset
700 0, /* Not in raw mode */
be73de06d821 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18480
diff changeset
701 cn, &cn_size);
be73de06d821 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18480
diff changeset
702
be73de06d821 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18480
diff changeset
703 /* Now allocate and get the Common Name */
be73de06d821 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18480
diff changeset
704 cn = g_new0(gchar, cn_size);
be73de06d821 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18480
diff changeset
705 gnutls_x509_crt_get_dn_by_oid(cert_dat,
be73de06d821 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18480
diff changeset
706 GNUTLS_OID_X520_COMMON_NAME,
be73de06d821 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18480
diff changeset
707 0, /* First CN found, please */
be73de06d821 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18480
diff changeset
708 0, /* Not in raw mode */
be73de06d821 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18480
diff changeset
709 cn, &cn_size);
be73de06d821 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18480
diff changeset
710
be73de06d821 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18480
diff changeset
711 return cn;
be73de06d821 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18480
diff changeset
712 }
be73de06d821 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18480
diff changeset
713
18248
8f462eaffecd - Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18247
diff changeset
714 /* X.509 certificate operations provided by this plugin */
8f462eaffecd - Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18247
diff changeset
715 /* TODO: Flesh this out! */
8f462eaffecd - Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18247
diff changeset
716 static PurpleCertificateScheme x509_gnutls = {
8f462eaffecd - Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18247
diff changeset
717 "x509", /* Scheme name */
8f462eaffecd - Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18247
diff changeset
718 N_("X.509 Certificates"), /* User-visible scheme name */
8f462eaffecd - Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18247
diff changeset
719 x509_import_from_file, /* Certificate import function */
18496
3bb8e716482e - Add purple_certificate_export and associated libpurple stuff
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18482
diff changeset
720 x509_export_certificate, /* Certificate export function */
18454
9a56a88152b9 - Add more to the Certificate struct
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18450
diff changeset
721 x509_destroy_certificate, /* Destroy cert */
18455
4fe7da78f38d - Add GnuTLS SHA1 key fingerprinter
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18454
diff changeset
722 x509_sha1sum, /* SHA1 fingerprint */
18454
9a56a88152b9 - Add more to the Certificate struct
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18450
diff changeset
723 NULL, /* Unique ID */
18482
be73de06d821 - Add subject_name (AKA Common Name) functions to GnuTLS x509 scheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18480
diff changeset
724 NULL, /* Issuer Unique ID */
18641
4b3c12392054 - Add get_activation_time and get_expiration_time to CertificateScheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18593
diff changeset
725 x509_common_name, /* Subject name */
4b3c12392054 - Add get_activation_time and get_expiration_time to CertificateScheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18593
diff changeset
726 NULL, /* Activation time */
4b3c12392054 - Add get_activation_time and get_expiration_time to CertificateScheme
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18593
diff changeset
727 NULL /* Expiration time */
18248
8f462eaffecd - Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18247
diff changeset
728 };
8f462eaffecd - Style issues
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18247
diff changeset
729
15884
4de1981757fc sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@pidgin.im>
parents: 15846
diff changeset
730 static PurpleSslOps ssl_ops =
7016
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
731 {
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
732 ssl_gnutls_init,
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
733 ssl_gnutls_uninit,
14223
c6ba4f3482de [gaim-migrate @ 16809]
Mark Doliner <markdoliner@pidgin.im>
parents: 13985
diff changeset
734 ssl_gnutls_connect,
7016
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
735 ssl_gnutls_close,
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
736 ssl_gnutls_read,
16744
fcdab37ba1c2 Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents: 15884
diff changeset
737 ssl_gnutls_write,
18246
212bfb9c9cc7 - Expose get_peer_certificates in the SslOps struct, and modify gnutls
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18245
diff changeset
738 ssl_gnutls_get_peer_certificates,
16744
fcdab37ba1c2 Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents: 15884
diff changeset
739
fcdab37ba1c2 Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents: 15884
diff changeset
740 /* padding */
fcdab37ba1c2 Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents: 15884
diff changeset
741 NULL,
fcdab37ba1c2 Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents: 15884
diff changeset
742 NULL,
fcdab37ba1c2 Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents: 15884
diff changeset
743 NULL
7016
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
744 };
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
745
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
746 #endif /* HAVE_GNUTLS */
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
747
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
748 static gboolean
15884
4de1981757fc sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@pidgin.im>
parents: 15846
diff changeset
749 plugin_load(PurplePlugin *plugin)
7016
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
750 {
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
751 #ifdef HAVE_GNUTLS
18447
27554a183269 - GnuTLS plugin registers an x509 certscheme now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18250
diff changeset
752 /* Register that we're providing an X.509 CertScheme */
27554a183269 - GnuTLS plugin registers an x509 certscheme now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18250
diff changeset
753 /* @TODO : error checking */
27554a183269 - GnuTLS plugin registers an x509 certscheme now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18250
diff changeset
754 purple_certificate_register_scheme( &x509_gnutls );
27554a183269 - GnuTLS plugin registers an x509 certscheme now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18250
diff changeset
755
15884
4de1981757fc sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@pidgin.im>
parents: 15846
diff changeset
756 if(!purple_ssl_get_ops()) {
4de1981757fc sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@pidgin.im>
parents: 15846
diff changeset
757 purple_ssl_set_ops(&ssl_ops);
7862
9b96706e44e7 [gaim-migrate @ 8516]
Bill Tompkins <obobo@users.sourceforge.net>
parents: 7834
diff changeset
758 }
7016
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
759
11033
dc68e074f10d [gaim-migrate @ 12919]
Etan Reisner <deryni@pidgin.im>
parents: 9943
diff changeset
760 /* Init GNUTLS now so others can use it even if sslconn never does */
dc68e074f10d [gaim-migrate @ 12919]
Etan Reisner <deryni@pidgin.im>
parents: 9943
diff changeset
761 ssl_gnutls_init_gnutls();
dc68e074f10d [gaim-migrate @ 12919]
Etan Reisner <deryni@pidgin.im>
parents: 9943
diff changeset
762
7016
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
763 return TRUE;
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
764 #else
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
765 return FALSE;
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
766 #endif
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
767 }
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
768
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
769 static gboolean
15884
4de1981757fc sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@pidgin.im>
parents: 15846
diff changeset
770 plugin_unload(PurplePlugin *plugin)
7016
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
771 {
7050
12730863b0f9 [gaim-migrate @ 7613]
Christian Hammond <chipx86@chipx86.com>
parents: 7016
diff changeset
772 #ifdef HAVE_GNUTLS
15884
4de1981757fc sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@pidgin.im>
parents: 15846
diff changeset
773 if(purple_ssl_get_ops() == &ssl_ops) {
4de1981757fc sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@pidgin.im>
parents: 15846
diff changeset
774 purple_ssl_set_ops(NULL);
7862
9b96706e44e7 [gaim-migrate @ 8516]
Bill Tompkins <obobo@users.sourceforge.net>
parents: 7834
diff changeset
775 }
18447
27554a183269 - GnuTLS plugin registers an x509 certscheme now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18250
diff changeset
776
27554a183269 - GnuTLS plugin registers an x509 certscheme now
William Ehlhardt <williamehlhardt@gmail.com>
parents: 18250
diff changeset
777 purple_certificate_unregister_scheme( &x509_gnutls );
7050
12730863b0f9 [gaim-migrate @ 7613]
Christian Hammond <chipx86@chipx86.com>
parents: 7016
diff changeset
778 #endif
12730863b0f9 [gaim-migrate @ 7613]
Christian Hammond <chipx86@chipx86.com>
parents: 7016
diff changeset
779
7016
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
780 return TRUE;
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
781 }
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
782
15884
4de1981757fc sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@pidgin.im>
parents: 15846
diff changeset
783 static PurplePluginInfo info =
7016
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
784 {
15884
4de1981757fc sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@pidgin.im>
parents: 15846
diff changeset
785 PURPLE_PLUGIN_MAGIC,
4de1981757fc sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@pidgin.im>
parents: 15846
diff changeset
786 PURPLE_MAJOR_VERSION,
4de1981757fc sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@pidgin.im>
parents: 15846
diff changeset
787 PURPLE_MINOR_VERSION,
4de1981757fc sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@pidgin.im>
parents: 15846
diff changeset
788 PURPLE_PLUGIN_STANDARD, /**< type */
7016
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
789 NULL, /**< ui_requirement */
15884
4de1981757fc sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@pidgin.im>
parents: 15846
diff changeset
790 PURPLE_PLUGIN_FLAG_INVISIBLE, /**< flags */
7016
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
791 NULL, /**< dependencies */
15884
4de1981757fc sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@pidgin.im>
parents: 15846
diff changeset
792 PURPLE_PRIORITY_DEFAULT, /**< priority */
7016
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
793
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
794 SSL_GNUTLS_PLUGIN_ID, /**< id */
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
795 N_("GNUTLS"), /**< name */
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
796 VERSION, /**< version */
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
797 /** summary */
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
798 N_("Provides SSL support through GNUTLS."),
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
799 /** description */
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
800 N_("Provides SSL support through GNUTLS."),
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
801 "Christian Hammond <chipx86@gnupdate.org>",
15884
4de1981757fc sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@pidgin.im>
parents: 15846
diff changeset
802 PURPLE_WEBSITE, /**< homepage */
7016
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
803
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
804 plugin_load, /**< load */
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
805 plugin_unload, /**< unload */
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
806 NULL, /**< destroy */
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
807
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
808 NULL, /**< ui_info */
11513
89bf8d856291 [gaim-migrate @ 13758]
Stu Tomlinson <nosnilmot@pidgin.im>
parents: 11256
diff changeset
809 NULL, /**< extra_info */
89bf8d856291 [gaim-migrate @ 13758]
Stu Tomlinson <nosnilmot@pidgin.im>
parents: 11256
diff changeset
810 NULL, /**< prefs_info */
16744
fcdab37ba1c2 Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents: 15884
diff changeset
811 NULL, /**< actions */
fcdab37ba1c2 Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents: 15884
diff changeset
812
fcdab37ba1c2 Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents: 15884
diff changeset
813 /* padding */
fcdab37ba1c2 Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents: 15884
diff changeset
814 NULL,
fcdab37ba1c2 Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents: 15884
diff changeset
815 NULL,
fcdab37ba1c2 Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents: 15884
diff changeset
816 NULL,
fcdab37ba1c2 Added NULL pads to ssl stuff
Gary Kramlich <grim@reaperworld.com>
parents: 15884
diff changeset
817 NULL
7016
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
818 };
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
819
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
820 static void
15884
4de1981757fc sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@pidgin.im>
parents: 15846
diff changeset
821 init_plugin(PurplePlugin *plugin)
7016
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
822 {
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
823 }
895a5ff9ebd4 [gaim-migrate @ 7579]
Christian Hammond <chipx86@chipx86.com>
parents:
diff changeset
824
15884
4de1981757fc sed -ie 's/gaim/purple/g'
Sean Egan <seanegan@pidgin.im>
parents: 15846
diff changeset
825 PURPLE_INIT_PLUGIN(ssl_gnutls, init_plugin, info)

Mercurial Repository: pidgin3

mercurial