Merging SSL certificate verification for GnuTLS, with help from AopicieR.

5 files changed, 42 insertions, 11 deletions

diff --git a/protocols/jabber/io.c b/protocols/jabber/io.c
index d3383375..385c45c4 100644
--- a/protocols/jabber/io.c
+++ b/protocols/jabber/io.c
@@ -278,7 +278,7 @@ gboolean jabber_connected_plain( gpointer data, gint source, b_input_condition c
 	return jabber_start_stream( ic );
 }
 
-gboolean jabber_connected_ssl( gpointer data, void *source, b_input_condition cond )
+gboolean jabber_connected_ssl( gpointer data, int returncode, void *source, b_input_condition cond )
 {
 	struct im_connection *ic = data;
 	struct jabber_data *jd;
@@ -294,8 +294,20 @@ gboolean jabber_connected_ssl( gpointer data, void *source, b_input_condition co
 		   already, set it to NULL here to prevent a double cleanup: */
 		jd->ssl = NULL;
 		
-		imcb_error( ic, "Could not connect to server" );
-		imc_logout( ic, TRUE );
+		if( returncode != 0 )
+		{
+			char *err = ssl_verify_strerror( returncode );
+			imcb_error( ic, "Certificate verification problem 0x%x: %s",
+			            returncode, err ? err : "Unknown" );
+			g_free( err );
+			imc_logout( ic, FALSE );
+		}
+		else
+		{
+			imcb_error( ic, "Could not connect to server" );
+			imc_logout( ic, TRUE );
+		}
+		
 		return FALSE;
 	}
 	
@@ -399,7 +411,7 @@ static xt_status jabber_pkt_proceed_tls( struct xt_node *node, gpointer data )
 {
 	struct im_connection *ic = data;
 	struct jabber_data *jd = ic->proto_data;
-	char *xmlns;
+	char *xmlns, *tlsname;
 	
 	xmlns = xt_find_attr( node, "xmlns" );
 	
@@ -425,7 +437,17 @@ static xt_status jabber_pkt_proceed_tls( struct xt_node *node, gpointer data )
 	imcb_log( ic, "Converting stream to TLS" );
 	
 	jd->flags |= JFLAG_STARTTLS_DONE;
-	jd->ssl = ssl_starttls( jd->fd, jabber_connected_ssl, ic );
+
+	/* If the user specified a server for the account, use this server as the 
+	 * hostname in the certificate verification. Else we use the domain from 
+	 * the username. */
+	if( ic->acc->server && *ic->acc->server )
+		tlsname = ic->acc->server;
+	else
+		tlsname = jd->server;
+	
+	jd->ssl = ssl_starttls( jd->fd, tlsname, set_getbool( &ic->acc->set, "tls_verify" ),
+	                        jabber_connected_ssl, ic );
 	
 	return XT_HANDLED;
 }
diff --git a/protocols/jabber/jabber.c b/protocols/jabber/jabber.c
index fae55ffe..2856f1b6 100644
--- a/protocols/jabber/jabber.c
+++ b/protocols/jabber/jabber.c
@@ -81,6 +81,9 @@ static void jabber_init( account_t *acc )
 	s = set_add( &acc->set, "tls", "try", set_eval_tls, acc );
 	s->flags |= ACC_SET_OFFLINE_ONLY;
 	
+	s = set_add( &acc->set, "tls_verify", "true", set_eval_bool, acc );
+	s->flags |= ACC_SET_OFFLINE_ONLY;
+	
 	s = set_add( &acc->set, "sasl", "true", set_eval_bool, acc );
 	s->flags |= ACC_SET_OFFLINE_ONLY | SET_HIDDEN_DEFAULT;
 
@@ -232,7 +235,7 @@ static void jabber_login( account_t *acc )
 	   non-standard ports... */
 	if( set_getbool( &acc->set, "ssl" ) )
 	{
-		jd->ssl = ssl_connect( connect_to, set_getint( &acc->set, "port" ), jabber_connected_ssl, ic );
+		jd->ssl = ssl_connect( connect_to, set_getint( &acc->set, "port" ), FALSE, jabber_connected_ssl, ic );
 		jd->fd = jd->ssl ? ssl_getfd( jd->ssl ) : -1;
 	}
 	else
diff --git a/protocols/jabber/jabber.h b/protocols/jabber/jabber.h
index 364d561c..aa552558 100644
--- a/protocols/jabber/jabber.h
+++ b/protocols/jabber/jabber.h
@@ -308,7 +308,7 @@ extern const struct jabber_away_state jabber_away_state_list[];
 int jabber_write_packet( struct im_connection *ic, struct xt_node *node );
 int jabber_write( struct im_connection *ic, char *buf, int len );
 gboolean jabber_connected_plain( gpointer data, gint source, b_input_condition cond );
-gboolean jabber_connected_ssl( gpointer data, void *source, b_input_condition cond );
+gboolean jabber_connected_ssl( gpointer data, int returncode, void *source, b_input_condition cond );
 gboolean jabber_start_stream( struct im_connection *ic );
 void jabber_end_stream( struct im_connection *ic );
 
diff --git a/protocols/msn/soap.c b/protocols/msn/soap.c
index 7d9f3791..d9804f49 100644
--- a/protocols/msn/soap.c
+++ b/protocols/msn/soap.c
@@ -59,6 +59,7 @@ struct msn_soap_req_data
 	void *data;
 	struct im_connection *ic;
 	int ttl;
+	char *error;
 	
 	char *url, *action, *payload;
 	struct http_request *http_req;
@@ -157,13 +158,17 @@ static void msn_soap_handle_response( struct http_request *http_req )
 		xt_free( parser );
 	}
 	
+	if( http_req->status_code != 200 )
+		soap_req->error = g_strdup( http_req->status_string );
+	
 	st = soap_req->handle_response( soap_req );
 
 fail:	
 	g_free( soap_req->url );
 	g_free( soap_req->action );
 	g_free( soap_req->payload );
-	soap_req->url = soap_req->action = soap_req->payload = NULL;
+	g_free( soap_req->error );
+	soap_req->url = soap_req->action = soap_req->payload = soap_req->error = NULL;
 	
 	if( st == MSN_SOAP_RETRY && --soap_req->ttl )
 	{
@@ -252,6 +257,7 @@ static void msn_soap_free( struct msn_soap_req_data *soap_req )
 	g_free( soap_req->url );
 	g_free( soap_req->action );
 	g_free( soap_req->payload );
+	g_free( soap_req->error );
 	g_free( soap_req );
 }
 
@@ -409,7 +415,7 @@ static int msn_soap_passport_sso_handle_response( struct msn_soap_req_data *soap
 	
 	if( sd->secret == NULL )
 	{
-		msn_auth_got_passport_token( ic, NULL, sd->error );
+		msn_auth_got_passport_token( ic, NULL, sd->error ? sd->error : soap_req->error );
 		return MSN_SOAP_OK;
 	}
 
diff --git a/protocols/skype/skype.c b/protocols/skype/skype.c
index 5b1a6c30..760aeb3d 100644
--- a/protocols/skype/skype.c
+++ b/protocols/skype/skype.c
@@ -1156,7 +1156,7 @@ gboolean skype_start_stream(struct im_connection *ic)
 	return st;
 }
 
-gboolean skype_connected(gpointer data, void *source, b_input_condition cond)
+gboolean skype_connected(gpointer data, int returncode, void *source, b_input_condition cond)
 {
 	struct im_connection *ic = data;
 	struct skype_data *sd = ic->proto_data;
@@ -1184,7 +1184,7 @@ static void skype_login(account_t *acc)
 
 	imcb_log(ic, "Connecting");
 	sd->ssl = ssl_connect(set_getstr(&acc->set, "server"),
-		set_getint(&acc->set, "port"), skype_connected, ic);
+		set_getint(&acc->set, "port"), FALSE, skype_connected, ic);
 	sd->fd = sd->ssl ? ssl_getfd(sd->ssl) : -1;
 	sd->username = g_strdup(acc->user);