diff options
| author | Wilmer van der Gaast <wilmer@gaast.net> | 2011-12-23 13:44:08 +0100 |
|---|---|---|
| committer | Wilmer van der Gaast <wilmer@gaast.net> | 2011-12-23 13:44:08 +0100 |
| commit | 792a93b417c24a206d8995ca8bf51482f20e997e (patch) | |
| tree | c29c4ceae134df4ad52e79ef50bc09d00e1b245d /lib/ssl_nss.c | |
| parent | 2d93a51e15ac2d6daaac0d6ac1e2c41e33486c53 (diff) | |
| parent | 41658da57b611d17030dc7e2c3feb54f99b668ac (diff) | |
Merging SSL certificate verification for GnuTLS, with help from AopicieR.
Diffstat (limited to 'lib/ssl_nss.c')
| -rw-r--r-- | lib/ssl_nss.c | 27 |
1 files changed, 23 insertions, 4 deletions
diff --git a/lib/ssl_nss.c b/lib/ssl_nss.c index ec524ca6..5b573f9b 100644 --- a/lib/ssl_nss.c +++ b/lib/ssl_nss.c @@ -51,6 +51,7 @@ struct scd int fd; PRFileDesc *prfd; gboolean established; + gboolean verify; }; static gboolean ssl_connected( gpointer data, gint source, b_input_condition cond ); @@ -101,7 +102,7 @@ void ssl_init( void ) initialized = TRUE; } -void *ssl_connect( char *host, int port, ssl_input_function func, gpointer data ) +void *ssl_connect( char *host, int port, gboolean verify, ssl_input_function func, gpointer data ) { struct scd *conn = g_new0( struct scd, 1 ); @@ -131,13 +132,14 @@ static gboolean ssl_starttls_real( gpointer data, gint source, b_input_condition return ssl_connected( conn, conn->fd, B_EV_IO_WRITE ); } -void *ssl_starttls( int fd, ssl_input_function func, gpointer data ) +void *ssl_starttls( int fd, char *hostname, gboolean verify, ssl_input_function func, gpointer data ) { struct scd *conn = g_new0( struct scd, 1 ); conn->fd = fd; conn->func = func; conn->data = data; + conn->verify = verify; /* This function should be called via a (short) timeout instead of directly from here, because these SSL calls are *supposed* to be @@ -157,6 +159,18 @@ static gboolean ssl_connected( gpointer data, gint source, b_input_condition con { struct scd *conn = data; + /* Right now we don't have any verification functionality for nss so we + fail in case verification has been requested by the user. */ + + if( conn->verify ) + { + conn->func( conn->data, NSS_VERIFY_ERROR, NULL, cond ); + if( source >= 0 ) closesocket( source ); + g_free( conn ); + + return FALSE; + } + if( source == -1 ) goto ssl_connected_failure; @@ -176,12 +190,12 @@ static gboolean ssl_connected( gpointer data, gint source, b_input_condition con conn->established = TRUE; - conn->func( conn->data, conn, cond ); + conn->func( conn->data, 0, conn, cond ); return FALSE; ssl_connected_failure: - conn->func( conn->data, NULL, cond ); + conn->func( conn->data, 0, NULL, cond ); PR_Close( conn -> prfd ); if( source >= 0 ) closesocket( source ); @@ -237,3 +251,8 @@ b_input_condition ssl_getdirection( void *conn ) /* Just in case someone calls us, let's return the most likely case: */ return B_EV_IO_READ; } + +char *ssl_verify_strerror( int code ) +{ + return g_strdup( "SSL certificate verification not supported by BitlBee NSS code." ); +} |