Changeset 78b8401


Ignore:
Timestamp:
2011-12-19T17:22:37Z (7 years ago)
Author:
Wilmer van der Gaast <wilmer@…>
Branches:
master
Children:
af5764e
Parents:
486ddb5
Message:

Move conversion of status codes to status messages into SSL libs.

Files:
6 edited

Legend:

Unmodified
Added
Removed
  • lib/ssl_bogus.c

    r486ddb5 r78b8401  
    7070        return 0;
    7171}
     72
     73char *ssl_verify_strerror( int code )
     74{
     75        return NULL;
     76}
  • lib/ssl_client.h

    r486ddb5 r78b8401  
    101101G_MODULE_EXPORT b_input_condition ssl_getdirection( void *conn );
    102102
     103/* Converts a verification bitfield passed to ssl_input_function into
     104   a more useful string. Or NULL if it had no useful bits set. */
     105G_MODULE_EXPORT char *ssl_verify_strerror( int code );
     106
    103107G_MODULE_EXPORT size_t ssl_des3_encrypt(const unsigned char *key, size_t key_len, const unsigned char *input, size_t input_len, const unsigned char *iv, unsigned char **res);
  • lib/ssl_gnutls.c

    r486ddb5 r78b8401  
    193193
    194194        return verifyret;
     195}
     196
     197char *ssl_verify_strerror( int code )
     198{
     199        GString *ret = g_string_new( "" );
     200       
     201        if( code & VERIFY_CERT_REVOKED )
     202                g_string_append( ret, "certificate has been revoked, " );
     203        if( code & VERIFY_CERT_SIGNER_NOT_FOUND )
     204                g_string_append( ret, "certificate hasn't got a known issuer, " );
     205        if( code & VERIFY_CERT_SIGNER_NOT_CA )
     206                g_string_append( ret, "certificate's issuer is not a CA, " );
     207        if( code & VERIFY_CERT_INSECURE_ALGORITHM )
     208                g_string_append( ret, "certificate uses an insecure algorithm, " );
     209        if( code & VERIFY_CERT_NOT_ACTIVATED )
     210                g_string_append( ret, "certificate has not been activated, " );
     211        if( code & VERIFY_CERT_EXPIRED )
     212                g_string_append( ret, "certificate has expired, " );
     213        if( code & VERIFY_CERT_WRONG_HOSTNAME )
     214                g_string_append( ret, "certificate hostname mismatch, " );
     215       
     216        if( ret->len == 0 )
     217        {
     218                g_string_free( ret, TRUE );
     219                return NULL;
     220        }
     221        else
     222        {
     223                g_string_truncate( ret, ret->len - 2 );
     224                return g_string_free( ret, FALSE );
     225        }
    195226}
    196227
  • lib/ssl_nss.c

    r486ddb5 r78b8401  
    252252        return B_EV_IO_READ;
    253253}
     254
     255char *ssl_verify_strerror( int code )
     256{
     257        return g_strdup( "SSL certificate verification not supported by BitlBee NSS code." );
     258}
  • lib/ssl_openssl.c

    r486ddb5 r78b8401  
    288288}
    289289
     290char *ssl_verify_strerror( int code )
     291{
     292        return g_strdup( "SSL certificate verification not supported by BitlBee OpenSSL code." );
     293}
     294
    290295size_t ssl_des3_encrypt(const unsigned char *key, size_t key_len, const unsigned char *input, size_t input_len, const unsigned char *iv, unsigned char **res)
    291296{
  • protocols/jabber/io.c

    r486ddb5 r78b8401  
    292292                jd->ssl = NULL;
    293293               
    294                 imcb_error( ic, "Could not connect to server" );
    295                 if (returncode ==  OPENSSL_VERIFY_ERROR )
    296                 {
    297                         imcb_error( ic, "This BitlBee server is built agains the OpenSSL library." );
    298                         imcb_error( ic, "Unfortunately certificate verification is only supported when built against GnuTLS for now." );
     294                if( returncode & VERIFY_CERT_INVALID)
     295                {
     296                        char *err = ssl_verify_strerror( returncode );
     297                        imcb_error( ic, "Certificate verification problem 0x%x: %s",
     298                                    returncode, err ? err : "Unknown" );
     299                        g_free( err );
    299300                        imc_logout( ic, FALSE );
    300301                }
    301                 else if (returncode ==  NSS_VERIFY_ERROR )
    302                 {
    303                         imcb_error( ic, "This BitlBee server is built agains the NSS library." );
    304                         imcb_error( ic, "Unfortunately certificate verification is only supported when built against GnuTLS for now." );
    305                         imc_logout( ic, FALSE );
    306                 }
    307                 else if (returncode == VERIFY_CERT_ERROR )
    308                 {
    309                         imcb_error( ic, "An error occured during the certificate verification." );
    310                         imc_logout( ic, FALSE );
    311                 }
    312                 else if (returncode  & VERIFY_CERT_INVALID)
    313                 {
    314                         imcb_error( ic, "Unable to verify peer's certificate." );
    315                         if (returncode & VERIFY_CERT_REVOKED)
    316                                 imcb_error( ic, "The certificate has been revoked." );
    317                         if (returncode & VERIFY_CERT_SIGNER_NOT_FOUND)
    318                                 imcb_error( ic, "The certificate hasn't got a known issuer." );
    319                         if (returncode & VERIFY_CERT_SIGNER_NOT_CA)
    320                                 imcb_error( ic, "The certificate's issuer is not a CA." );
    321                         if (returncode & VERIFY_CERT_INSECURE_ALGORITHM)
    322                                 imcb_error( ic, "The certificate uses an insecure algorithm." );
    323                         if (returncode & VERIFY_CERT_NOT_ACTIVATED)
    324                                 imcb_error( ic, "The certificate has not been activated." );
    325                         if (returncode & VERIFY_CERT_EXPIRED)
    326                                 imcb_error( ic, "The certificate has expired." );
    327                         if (returncode & VERIFY_CERT_WRONG_HOSTNAME)
    328                                 imcb_error( ic, "The hostname specified in the certificate doesn't match the server name." );
    329                         imc_logout( ic, FALSE );
    330                 }
    331302                else
    332                 imc_logout( ic, TRUE );
     303                {
     304                        imcb_error( ic, "Could not connect to server" );
     305                        imc_logout( ic, TRUE );
     306                }
     307               
    333308                return FALSE;
    334309        }
Note: See TracChangeset for help on using the changeset viewer.