Changeset a72dc2b


Ignore:
Timestamp:
2011-12-19T17:57:20Z (7 years ago)
Author:
Wilmer van der Gaast <wilmer@…>
Branches:
master
Children:
9f958f7
Parents:
25b05b7
Message:

Add verify argument to ssl_connect() so HTTPS-based stuff is also secure.
(Think of Twitter, but also MSN/Yahoo! authentication.)

Files:
8 edited

Legend:

Unmodified
Added
Removed
  • lib/http_client.c

    r25b05b7 ra72dc2b  
    4747        if( ssl )
    4848        {
    49                 req->ssl = ssl_connect( host, port, http_ssl_connected, req );
     49                req->ssl = ssl_connect( host, port, TRUE, http_ssl_connected, req );
    5050                if( req->ssl == NULL )
    5151                        error = 1;
     
    163163       
    164164error:
    165         req->status_string = g_strdup( "Error while writing HTTP request" );
     165        if( req->status_string == NULL )
     166                req->status_string = g_strdup( "Error while writing HTTP request" );
    166167       
    167168        req->func( req );
     
    176177       
    177178        if( source == NULL )
     179        {
     180                if( returncode != 0 )
     181                {
     182                        char *err = ssl_verify_strerror( returncode );
     183                        req->status_string = g_strdup_printf(
     184                                "Certificate verification problem 0x%x: %s",
     185                                returncode, err ? err : "Unknown" );
     186                        g_free( err );
     187                }
    178188                return http_connected( data, -1, cond );
     189        }
    179190       
    180191        req->fd = ssl_getfd( source );
     
    440451                if( new_proto == PROTO_HTTPS )
    441452                {
    442                         req->ssl = ssl_connect( new_host, new_port, http_ssl_connected, req );
     453                        req->ssl = ssl_connect( new_host, new_port, TRUE, http_ssl_connected, req );
    443454                        if( req->ssl == NULL )
    444455                                error = 1;
  • lib/ssl_bogus.c

    r25b05b7 ra72dc2b  
    3232}
    3333
    34 void *ssl_connect( char *host, int port, ssl_input_function func, gpointer data )
     34void *ssl_connect( char *host, int port, gboolean verify, ssl_input_function func, gpointer data )
    3535{
    3636        return( NULL );
  • lib/ssl_client.h

    r25b05b7 ra72dc2b  
    6464   ready to be used for SSL traffic. This is all done asynchronously, no
    6565   blocking I/O! (Except for the DNS lookups, for now...) */
    66 G_MODULE_EXPORT void *ssl_connect( char *host, int port, ssl_input_function func, gpointer data );
     66G_MODULE_EXPORT void *ssl_connect( char *host, int port, gboolean verify, ssl_input_function func, gpointer data );
    6767
    6868/* Start an SSL session on an existing fd. Useful for STARTTLS functionality,
  • lib/ssl_gnutls.c

    r25b05b7 ra72dc2b  
    7878}
    7979
    80 void *ssl_connect( char *host, int port, ssl_input_function func, gpointer data )
     80void *ssl_connect( char *host, int port, gboolean verify, ssl_input_function func, gpointer data )
    8181{
    8282        struct scd *conn = g_new0( struct scd, 1 );
     
    8686        conn->data = data;
    8787        conn->inpa = -1;
     88        conn->hostname = g_strdup( host );
     89        conn->verify = verify && global.conf->cafile;
    8890       
    8991        if( conn->fd < 0 )
  • lib/ssl_nss.c

    r25b05b7 ra72dc2b  
    103103}
    104104
    105 void *ssl_connect( char *host, int port, ssl_input_function func, gpointer data )
     105void *ssl_connect( char *host, int port, gboolean verify, ssl_input_function func, gpointer data )
    106106{
    107107        struct scd *conn = g_new0( struct scd, 1 );
  • lib/ssl_openssl.c

    r25b05b7 ra72dc2b  
    6565}
    6666
    67 void *ssl_connect( char *host, int port, ssl_input_function func, gpointer data )
     67void *ssl_connect( char *host, int port, gboolean verify, ssl_input_function func, gpointer data )
    6868{
    6969        struct scd *conn = g_new0( struct scd, 1 );
  • protocols/jabber/jabber.c

    r25b05b7 ra72dc2b  
    236236        if( set_getbool( &acc->set, "ssl" ) )
    237237        {
    238                 jd->ssl = ssl_connect( connect_to, set_getint( &acc->set, "port" ), jabber_connected_ssl, ic );
     238                jd->ssl = ssl_connect( connect_to, set_getint( &acc->set, "port" ), FALSE, jabber_connected_ssl, ic );
    239239                jd->fd = jd->ssl ? ssl_getfd( jd->ssl ) : -1;
    240240        }
  • protocols/skype/skype.c

    r25b05b7 ra72dc2b  
    11851185        imcb_log(ic, "Connecting");
    11861186        sd->ssl = ssl_connect(set_getstr(&acc->set, "server"),
    1187                 set_getint(&acc->set, "port"), skype_connected, ic);
     1187                set_getint(&acc->set, "port"), FALSE, skype_connected, ic);
    11881188        sd->fd = sd->ssl ? ssl_getfd(sd->ssl) : -1;
    11891189        sd->username = g_strdup(acc->user);
Note: See TracChangeset for help on using the changeset viewer.