diff options
Diffstat (limited to 'protocols')
| -rw-r--r-- | protocols/jabber/io.c | 53 | ||||
| -rw-r--r-- | protocols/jabber/jabber.c | 3 | ||||
| -rw-r--r-- | protocols/jabber/jabber.h | 2 | ||||
| -rw-r--r-- | protocols/skype/skype.c | 2 |
4 files changed, 55 insertions, 5 deletions
diff --git a/protocols/jabber/io.c b/protocols/jabber/io.c index a28eea90..9e55e3f9 100644 --- a/protocols/jabber/io.c +++ b/protocols/jabber/io.c @@ -275,7 +275,7 @@ gboolean jabber_connected_plain( gpointer data, gint source, b_input_condition c return jabber_start_stream( ic ); } -gboolean jabber_connected_ssl( gpointer data, void *source, b_input_condition cond ) +gboolean jabber_connected_ssl( gpointer data, int returncode, void *source, b_input_condition cond ) { struct im_connection *ic = data; struct jabber_data *jd; @@ -292,6 +292,43 @@ gboolean jabber_connected_ssl( gpointer data, void *source, b_input_condition co jd->ssl = NULL; imcb_error( ic, "Could not connect to server" ); + if (returncode == OPENSSL_VERIFY_ERROR ) + { + imcb_error( ic, "This BitlBee server is built agains the OpenSSL library." ); + imcb_error( ic, "Unfortunately certificate verification is only supported when built against GnuTLS for now." ); + imc_logout( ic, FALSE ); + } + else if (returncode == NSS_VERIFY_ERROR ) + { + imcb_error( ic, "This BitlBee server is built agains the NSS library." ); + imcb_error( ic, "Unfortunately certificate verification is only supported when built against GnuTLS for now." ); + imc_logout( ic, FALSE ); + } + else if (returncode == VERIFY_CERT_ERROR ) + { + imcb_error( ic, "An error occured during the certificate verification." ); + imc_logout( ic, FALSE ); + } + else if (returncode & VERIFY_CERT_INVALID) + { + imcb_error( ic, "Unable to verify peer's certificate." ); + if (returncode & VERIFY_CERT_REVOKED) + imcb_error( ic, "The certificate has been revoked." ); + if (returncode & VERIFY_CERT_SIGNER_NOT_FOUND) + imcb_error( ic, "The certificate hasn't got a known issuer." ); + if (returncode & VERIFY_CERT_SIGNER_NOT_CA) + imcb_error( ic, "The certificate's issuer is not a CA." ); + if (returncode & VERIFY_CERT_INSECURE_ALGORITHM) + imcb_error( ic, "The certificate uses an insecure algorithm." ); + if (returncode & VERIFY_CERT_NOT_ACTIVATED) + imcb_error( ic, "The certificate has not been activated." ); + if (returncode & VERIFY_CERT_EXPIRED) + imcb_error( ic, "The certificate has expired." ); + if (returncode & VERIFY_CERT_WRONG_HOSTNAME) + imcb_error( ic, "The hostname specified in the certificate doesn't match the server name." ); + imc_logout( ic, FALSE ); + } + else imc_logout( ic, TRUE ); return FALSE; } @@ -396,7 +433,7 @@ static xt_status jabber_pkt_proceed_tls( struct xt_node *node, gpointer data ) { struct im_connection *ic = data; struct jabber_data *jd = ic->proto_data; - char *xmlns; + char *xmlns, *tlsname; xmlns = xt_find_attr( node, "xmlns" ); @@ -422,7 +459,17 @@ static xt_status jabber_pkt_proceed_tls( struct xt_node *node, gpointer data ) imcb_log( ic, "Converting stream to TLS" ); jd->flags |= JFLAG_STARTTLS_DONE; - jd->ssl = ssl_starttls( jd->fd, jabber_connected_ssl, ic ); + + /* If the user specified a server for the account, use this server as the + * hostname in the certificate verification. Else we use the domain from + * the username. */ + if( ic->acc->server && *ic->acc->server ) + tlsname = ic->acc->server; + else + tlsname = jd->server; + + jd->ssl = ssl_starttls( jd->fd, tlsname, set_getbool( &ic->acc->set, "tls_verify" ), + jabber_connected_ssl, ic ); return XT_HANDLED; } diff --git a/protocols/jabber/jabber.c b/protocols/jabber/jabber.c index 7d9547ab..dd2f0866 100644 --- a/protocols/jabber/jabber.c +++ b/protocols/jabber/jabber.c @@ -81,6 +81,9 @@ static void jabber_init( account_t *acc ) s = set_add( &acc->set, "tls", "try", set_eval_tls, acc ); s->flags |= ACC_SET_OFFLINE_ONLY; + s = set_add( &acc->set, "tls_verify", "true", set_eval_bool, acc ); + s->flags |= ACC_SET_OFFLINE_ONLY; + s = set_add( &acc->set, "sasl", "true", set_eval_bool, acc ); s->flags |= ACC_SET_OFFLINE_ONLY | SET_HIDDEN_DEFAULT; diff --git a/protocols/jabber/jabber.h b/protocols/jabber/jabber.h index adf9a291..5996c301 100644 --- a/protocols/jabber/jabber.h +++ b/protocols/jabber/jabber.h @@ -306,7 +306,7 @@ extern const struct jabber_away_state jabber_away_state_list[]; int jabber_write_packet( struct im_connection *ic, struct xt_node *node ); int jabber_write( struct im_connection *ic, char *buf, int len ); gboolean jabber_connected_plain( gpointer data, gint source, b_input_condition cond ); -gboolean jabber_connected_ssl( gpointer data, void *source, b_input_condition cond ); +gboolean jabber_connected_ssl( gpointer data, int returncode, void *source, b_input_condition cond ); gboolean jabber_start_stream( struct im_connection *ic ); void jabber_end_stream( struct im_connection *ic ); diff --git a/protocols/skype/skype.c b/protocols/skype/skype.c index 5b1a6c30..10f355a6 100644 --- a/protocols/skype/skype.c +++ b/protocols/skype/skype.c @@ -1156,7 +1156,7 @@ gboolean skype_start_stream(struct im_connection *ic) return st; } -gboolean skype_connected(gpointer data, void *source, b_input_condition cond) +gboolean skype_connected(gpointer data, int returncode, void *source, b_input_condition cond) { struct im_connection *ic = data; struct skype_data *sd = ic->proto_data; |