Changeset 486ddb5 for protocols/jabber


Ignore:
Timestamp:
2011-12-19T14:50:58Z (13 years ago)
Author:
Wilmer van der Gaast <wilmer@…>
Branches:
master
Children:
78b8401
Parents:
5a48afd
Message:

Initial merge of tls_verify patch from AopicieR.

Location:
protocols/jabber
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • protocols/jabber/io.c

    r5a48afd r486ddb5  
    276276}
    277277
    278 gboolean jabber_connected_ssl( gpointer data, void *source, b_input_condition cond )
     278gboolean jabber_connected_ssl( gpointer data, int returncode, void *source, b_input_condition cond )
    279279{
    280280        struct im_connection *ic = data;
     
    293293               
    294294                imcb_error( ic, "Could not connect to server" );
     295                if (returncode ==  OPENSSL_VERIFY_ERROR )
     296                {
     297                        imcb_error( ic, "This BitlBee server is built agains the OpenSSL library." );
     298                        imcb_error( ic, "Unfortunately certificate verification is only supported when built against GnuTLS for now." );
     299                        imc_logout( ic, FALSE );
     300                }
     301                else if (returncode ==  NSS_VERIFY_ERROR )
     302                {
     303                        imcb_error( ic, "This BitlBee server is built agains the NSS library." );
     304                        imcb_error( ic, "Unfortunately certificate verification is only supported when built against GnuTLS for now." );
     305                        imc_logout( ic, FALSE );
     306                }
     307                else if (returncode == VERIFY_CERT_ERROR )
     308                {
     309                        imcb_error( ic, "An error occured during the certificate verification." );
     310                        imc_logout( ic, FALSE );
     311                }
     312                else if (returncode  & VERIFY_CERT_INVALID)
     313                {
     314                        imcb_error( ic, "Unable to verify peer's certificate." );
     315                        if (returncode & VERIFY_CERT_REVOKED)
     316                                imcb_error( ic, "The certificate has been revoked." );
     317                        if (returncode & VERIFY_CERT_SIGNER_NOT_FOUND)
     318                                imcb_error( ic, "The certificate hasn't got a known issuer." );
     319                        if (returncode & VERIFY_CERT_SIGNER_NOT_CA)
     320                                imcb_error( ic, "The certificate's issuer is not a CA." );
     321                        if (returncode & VERIFY_CERT_INSECURE_ALGORITHM)
     322                                imcb_error( ic, "The certificate uses an insecure algorithm." );
     323                        if (returncode & VERIFY_CERT_NOT_ACTIVATED)
     324                                imcb_error( ic, "The certificate has not been activated." );
     325                        if (returncode & VERIFY_CERT_EXPIRED)
     326                                imcb_error( ic, "The certificate has expired." );
     327                        if (returncode & VERIFY_CERT_WRONG_HOSTNAME)
     328                                imcb_error( ic, "The hostname specified in the certificate doesn't match the server name." );
     329                        imc_logout( ic, FALSE );
     330                }
     331                else
    295332                imc_logout( ic, TRUE );
    296333                return FALSE;
     
    397434        struct im_connection *ic = data;
    398435        struct jabber_data *jd = ic->proto_data;
    399         char *xmlns;
     436        char *xmlns, *tlsname;
    400437       
    401438        xmlns = xt_find_attr( node, "xmlns" );
     
    423460       
    424461        jd->flags |= JFLAG_STARTTLS_DONE;
    425         jd->ssl = ssl_starttls( jd->fd, jabber_connected_ssl, ic );
     462
     463        /* If the user specified a server for the account, use this server as the
     464         * hostname in the certificate verification. Else we use the domain from
     465         * the username. */
     466        if( ic->acc->server && *ic->acc->server )
     467                tlsname = ic->acc->server;
     468        else
     469                tlsname = jd->server;
     470       
     471        jd->ssl = ssl_starttls( jd->fd, tlsname, set_getbool( &ic->acc->set, "tls_verify" ),
     472                                jabber_connected_ssl, ic );
    426473       
    427474        return XT_HANDLED;
  • protocols/jabber/jabber.c

    r5a48afd r486ddb5  
    8080       
    8181        s = set_add( &acc->set, "tls", "try", set_eval_tls, acc );
     82        s->flags |= ACC_SET_OFFLINE_ONLY;
     83       
     84        s = set_add( &acc->set, "tls_verify", "true", set_eval_bool, acc );
    8285        s->flags |= ACC_SET_OFFLINE_ONLY;
    8386       
  • protocols/jabber/jabber.h

    r5a48afd r486ddb5  
    307307int jabber_write( struct im_connection *ic, char *buf, int len );
    308308gboolean jabber_connected_plain( gpointer data, gint source, b_input_condition cond );
    309 gboolean jabber_connected_ssl( gpointer data, void *source, b_input_condition cond );
     309gboolean jabber_connected_ssl( gpointer data, int returncode, void *source, b_input_condition cond );
    310310gboolean jabber_start_stream( struct im_connection *ic );
    311311void jabber_end_stream( struct im_connection *ic );
Note: See TracChangeset for help on using the changeset viewer.