aboutsummaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/ssl_bogus.c5
-rw-r--r--lib/ssl_client.h4
-rw-r--r--lib/ssl_gnutls.c31
-rw-r--r--lib/ssl_nss.c5
-rw-r--r--lib/ssl_openssl.c5
5 files changed, 50 insertions, 0 deletions
diff --git a/lib/ssl_bogus.c b/lib/ssl_bogus.c
index e2466c19..8dba05f4 100644
--- a/lib/ssl_bogus.c
+++ b/lib/ssl_bogus.c
@@ -69,3 +69,8 @@ int ssl_pending( void *conn )
{
return 0;
}
+
+char *ssl_verify_strerror( int code )
+{
+ return NULL;
+}
diff --git a/lib/ssl_client.h b/lib/ssl_client.h
index 03355297..9ce878a1 100644
--- a/lib/ssl_client.h
+++ b/lib/ssl_client.h
@@ -100,4 +100,8 @@ G_MODULE_EXPORT int ssl_getfd( void *conn );
the same action as the handler that just received the SSL_AGAIN.) */
G_MODULE_EXPORT b_input_condition ssl_getdirection( void *conn );
+/* Converts a verification bitfield passed to ssl_input_function into
+ a more useful string. Or NULL if it had no useful bits set. */
+G_MODULE_EXPORT char *ssl_verify_strerror( int code );
+
G_MODULE_EXPORT size_t ssl_des3_encrypt(const unsigned char *key, size_t key_len, const unsigned char *input, size_t input_len, const unsigned char *iv, unsigned char **res);
diff --git a/lib/ssl_gnutls.c b/lib/ssl_gnutls.c
index 41f71f63..3ecc6eee 100644
--- a/lib/ssl_gnutls.c
+++ b/lib/ssl_gnutls.c
@@ -194,6 +194,37 @@ static int verify_certificate_callback( gnutls_session_t session )
return verifyret;
}
+char *ssl_verify_strerror( int code )
+{
+ GString *ret = g_string_new( "" );
+
+ if( code & VERIFY_CERT_REVOKED )
+ g_string_append( ret, "certificate has been revoked, " );
+ if( code & VERIFY_CERT_SIGNER_NOT_FOUND )
+ g_string_append( ret, "certificate hasn't got a known issuer, " );
+ if( code & VERIFY_CERT_SIGNER_NOT_CA )
+ g_string_append( ret, "certificate's issuer is not a CA, " );
+ if( code & VERIFY_CERT_INSECURE_ALGORITHM )
+ g_string_append( ret, "certificate uses an insecure algorithm, " );
+ if( code & VERIFY_CERT_NOT_ACTIVATED )
+ g_string_append( ret, "certificate has not been activated, " );
+ if( code & VERIFY_CERT_EXPIRED )
+ g_string_append( ret, "certificate has expired, " );
+ if( code & VERIFY_CERT_WRONG_HOSTNAME )
+ g_string_append( ret, "certificate hostname mismatch, " );
+
+ if( ret->len == 0 )
+ {
+ g_string_free( ret, TRUE );
+ return NULL;
+ }
+ else
+ {
+ g_string_truncate( ret, ret->len - 2 );
+ return g_string_free( ret, FALSE );
+ }
+}
+
static gboolean ssl_connected( gpointer data, gint source, b_input_condition cond )
{
struct scd *conn = data;
diff --git a/lib/ssl_nss.c b/lib/ssl_nss.c
index 4dfa063d..3f26960c 100644
--- a/lib/ssl_nss.c
+++ b/lib/ssl_nss.c
@@ -251,3 +251,8 @@ b_input_condition ssl_getdirection( void *conn )
/* Just in case someone calls us, let's return the most likely case: */
return B_EV_IO_READ;
}
+
+char *ssl_verify_strerror( int code )
+{
+ return g_strdup( "SSL certificate verification not supported by BitlBee NSS code." );
+}
diff --git a/lib/ssl_openssl.c b/lib/ssl_openssl.c
index 7c7f725e..d43c7ab2 100644
--- a/lib/ssl_openssl.c
+++ b/lib/ssl_openssl.c
@@ -287,6 +287,11 @@ b_input_condition ssl_getdirection( void *conn )
return( ((struct scd*)conn)->lasterr == SSL_ERROR_WANT_WRITE ? B_EV_IO_WRITE : B_EV_IO_READ );
}
+char *ssl_verify_strerror( int code )
+{
+ return g_strdup( "SSL certificate verification not supported by BitlBee OpenSSL code." );
+}
+
size_t ssl_des3_encrypt(const unsigned char *key, size_t key_len, const unsigned char *input, size_t input_len, const unsigned char *iv, unsigned char **res)
{
int output_length = 0;
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-27 23:04:50 +0000