comparison: libpurple/plugins/ssl/ssl-nss.c
libpurple/plugins/ssl/ssl-nss.c
- changeset 19983
- 2d79626570ae
- parent 19982
- 1b453261f6ec
- child 19984
- b7baf98c4e73
equal
deleted
inserted
replaced
| 19982:1b453261f6ec | 19983:2d79626570ae |
|---|---|
| 22 #include "internal.h" | 22 #include "internal.h" |
| 23 #include "debug.h" | 23 #include "debug.h" |
| 24 #include "certificate.h" | 24 #include "certificate.h" |
| 25 #include "plugin.h" | 25 #include "plugin.h" |
| 26 #include "sslconn.h" | 26 #include "sslconn.h" |
| 27 #include "util.h" | |
| 27 #include "version.h" | 28 #include "version.h" |
| 28 | 29 |
| 29 #define SSL_NSS_PLUGIN_ID "ssl-nss" | 30 #define SSL_NSS_PLUGIN_ID "ssl-nss" |
| 30 | 31 |
| 31 #ifdef HAVE_NSS | 32 #ifdef HAVE_NSS |
| 32 | 33 |
| 33 #undef HAVE_LONG_LONG /* Make Mozilla less angry. If angry, Mozilla SMASH! */ | 34 #undef HAVE_LONG_LONG /* Make Mozilla less angry. If angry, Mozilla SMASH! */ |
| 34 | 35 |
| 35 #include <nspr.h> | 36 #include <nspr.h> |
| 36 #include <nss.h> | 37 #include <nss.h> |
| 38 #include <nssb64.h> | |
| 37 #include <pk11func.h> | 39 #include <pk11func.h> |
| 38 #include <prio.h> | 40 #include <prio.h> |
| 39 #include <secerr.h> | 41 #include <secerr.h> |
| 40 #include <secmod.h> | 42 #include <secmod.h> |
| 41 #include <ssl.h> | 43 #include <ssl.h> |
| 452 * @param filename Filename to export to. Format will be PEM | 454 * @param filename Filename to export to. Format will be PEM |
| 453 * @param crt Certificate to export | 455 * @param crt Certificate to export |
| 454 * | 456 * |
| 455 * @return TRUE if success, otherwise FALSE | 457 * @return TRUE if success, otherwise FALSE |
| 456 */ | 458 */ |
| 459 /* This function should not be so complicated, but NSS doesn't seem to have a | |
| 460 "convert yon certificate to PEM format" function. */ | |
| 457 static gboolean | 461 static gboolean |
| 458 x509_export_certificate(const gchar *filename, PurpleCertificate *crt) | 462 x509_export_certificate(const gchar *filename, PurpleCertificate *crt) |
| 459 { | 463 { |
| 460 /* TODO: WRITEME */ | 464 CERTCertificate *crt_dat; |
| 461 return FALSE; | 465 SECItem *dercrt; |
| 466 gchar *b64crt; | |
| 467 gchar *pemcrt; | |
| 468 gboolean ret = FALSE; | |
| 469 | |
| 470 g_return_val_if_fail(filename, FALSE); | |
| 471 g_return_val_if_fail(crt, FALSE); | |
| 472 g_return_val_if_fail(crt->scheme == &x509_nss, FALSE); | |
| 473 | |
| 474 crt_dat = X509_NSS_DATA(crt); | |
| 475 g_return_val_if_fail(crt_dat, FALSE); | |
| 476 | |
| 477 purple_debug_info("nss/x509", | |
| 478 "Exporting certificate to %s\n", filename); | |
| 479 | |
| 480 /* First, use NSS voodoo to create a DER-formatted certificate */ | |
| 481 dercrt = SEC_ASN1EncodeItem(NULL, NULL, crt_dat, | |
| 482 SEC_ASN1_GET(SEC_SignedCertificateTemplate)); | |
| 483 g_return_val_if_fail(dercrt != NULL, FALSE); | |
| 484 | |
| 485 /* Now encode it to b64 */ | |
| 486 b64crt = NSSBase64_EncodeItem(NULL, NULL, 0, dercrt); | |
| 487 SECITEM_FreeItem(dercrt, PR_TRUE); | |
| 488 g_return_val_if_fail(b64crt, FALSE); | |
| 489 | |
| 490 /* Wrap it in nice PEM header things */ | |
| 491 pemcrt = g_strdup_printf("-----BEGIN CERTIFICATE-----\n%s\n-----END CERTIFICATE-----\n", b64crt); | |
| 492 PORT_Free(b64crt); /* Notice that b64crt was allocated by an NSS | |
| 493 function; hence, we'll let NSPR free it. */ | |
| 494 | |
| 495 /* Finally, dump the silly thing to a file. */ | |
| 496 ret = purple_util_write_data_to_file_absolute(filename, pemcrt, -1); | |
| 497 | |
| 498 g_free(pemcrt); | |
| 499 | |
| 500 return ret; | |
| 462 } | 501 } |
| 463 | 502 |
| 464 static PurpleCertificate * | 503 static PurpleCertificate * |
| 465 x509_copy_certificate(PurpleCertificate *crt) | 504 x509_copy_certificate(PurpleCertificate *crt) |
| 466 { | 505 { |
