Plugins/Purple Service/libpurple_extensions/ssl-cdsa.c
author mathuaerknedam <adium@ei8ht.us>
Fri, 07 Nov 2014 09:24:06 -0600
branchadium-1.5.11
changeset 5894 60d7d05396d7
parent 5881 5a62e233115d
child 5896 9db8b48c8cf6
permissions -rw-r--r--
Workaround for Yahoo's https server closing the connection without sending close_notify first. Thanks to reanimus for the patch. Fixes #16678. r=kbotc
0
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
     1
/*
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
     2
 * CDSA SSL-plugin for purple
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
     3
 *
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
     4
 * Copyright (c) 2007 Andreas Monitzer <andy@monitzer.com>
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
     5
 *
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
     6
 * Permission to use, copy, modify, and distribute this software for any
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
     7
 * purpose with or without fee is hereby granted, provided that the above
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
     8
 * copyright notice and this permission notice appear in all copies.
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
     9
 *
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    10
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    11
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    12
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    13
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    14
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    15
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    16
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    17
 */
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    18
2093
d470a05e220b I see no reason to not use #import for everything. Apple's compiler supports it fine in .c files, and it doesn't seem to have any downsides vs #include unless you're playing silly multiple inclusion tricks
David Smith <catfish.man@gmail.com>
parents: 74
diff changeset
    19
#import <libpurple/internal.h>
d470a05e220b I see no reason to not use #import for everything. Apple's compiler supports it fine in .c files, and it doesn't seem to have any downsides vs #include unless you're playing silly multiple inclusion tricks
David Smith <catfish.man@gmail.com>
parents: 74
diff changeset
    20
#import <libpurple/debug.h>
d470a05e220b I see no reason to not use #import for everything. Apple's compiler supports it fine in .c files, and it doesn't seem to have any downsides vs #include unless you're playing silly multiple inclusion tricks
David Smith <catfish.man@gmail.com>
parents: 74
diff changeset
    21
#import <libpurple/plugin.h>
d470a05e220b I see no reason to not use #import for everything. Apple's compiler supports it fine in .c files, and it doesn't seem to have any downsides vs #include unless you're playing silly multiple inclusion tricks
David Smith <catfish.man@gmail.com>
parents: 74
diff changeset
    22
#import <libpurple/sslconn.h>
d470a05e220b I see no reason to not use #import for everything. Apple's compiler supports it fine in .c files, and it doesn't seem to have any downsides vs #include unless you're playing silly multiple inclusion tricks
David Smith <catfish.man@gmail.com>
parents: 74
diff changeset
    23
#import <libpurple/version.h>
d470a05e220b I see no reason to not use #import for everything. Apple's compiler supports it fine in .c files, and it doesn't seem to have any downsides vs #include unless you're playing silly multiple inclusion tricks
David Smith <catfish.man@gmail.com>
parents: 74
diff changeset
    24
#import <libpurple/signals.h>
0
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    25
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    26
#define SSL_CDSA_PLUGIN_ID "ssl-cdsa"
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    27
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    28
#ifdef HAVE_CDSA
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    29
2922
841d7fc22454 Resolve some warnings related to 64-bit compilation
Evan Schoenberg
parents: 2735
diff changeset
    30
#if __LP64__ || NS_BUILD_32_LIKE_64
841d7fc22454 Resolve some warnings related to 64-bit compilation
Evan Schoenberg
parents: 2735
diff changeset
    31
typedef long NSInteger;
841d7fc22454 Resolve some warnings related to 64-bit compilation
Evan Schoenberg
parents: 2735
diff changeset
    32
typedef unsigned long NSUInteger;
841d7fc22454 Resolve some warnings related to 64-bit compilation
Evan Schoenberg
parents: 2735
diff changeset
    33
#else
841d7fc22454 Resolve some warnings related to 64-bit compilation
Evan Schoenberg
parents: 2735
diff changeset
    34
typedef int NSInteger;
841d7fc22454 Resolve some warnings related to 64-bit compilation
Evan Schoenberg
parents: 2735
diff changeset
    35
typedef unsigned int NSUInteger;
841d7fc22454 Resolve some warnings related to 64-bit compilation
Evan Schoenberg
parents: 2735
diff changeset
    36
#endif
841d7fc22454 Resolve some warnings related to 64-bit compilation
Evan Schoenberg
parents: 2735
diff changeset
    37
0
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    38
//#define CDSA_DEBUG
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    39
2093
d470a05e220b I see no reason to not use #import for everything. Apple's compiler supports it fine in .c files, and it doesn't seem to have any downsides vs #include unless you're playing silly multiple inclusion tricks
David Smith <catfish.man@gmail.com>
parents: 74
diff changeset
    40
#import <Security/Security.h>
d470a05e220b I see no reason to not use #import for everything. Apple's compiler supports it fine in .c files, and it doesn't seem to have any downsides vs #include unless you're playing silly multiple inclusion tricks
David Smith <catfish.man@gmail.com>
parents: 74
diff changeset
    41
#import <unistd.h>
0
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    42
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    43
typedef struct
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    44
{
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    45
	SSLContextRef	ssl_ctx;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    46
	guint	handshake_handler;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    47
} PurpleSslCDSAData;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    48
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    49
static GList *connections = NULL;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    50
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    51
#define PURPLE_SSL_CDSA_DATA(gsc) ((PurpleSslCDSAData *)gsc->private_data)
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    52
#define PURPLE_SSL_CONNECTION_IS_VALID(gsc) (g_list_find(connections, (gsc)) != NULL)
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    53
5118
9c2f63e75aca Work around buggy TLS implementations in certain older XMPP servers by disabling TLS 1.1 and above on reconnect.
Evan Kinney <emkinney@gmail.com>
parents: 5106
diff changeset
    54
#define PURPLE_SSL_CDSA_BUGGY_TLS_WORKAROUND "ssl_cdsa_buggy_tls_workaround"
5777
78db6a0ed1c7 Patch from mlamb: Add a way for protocols to disable 1/n-1 record splitting on TLS (which is used to counter the BEAST attack) for protocols that might want it.
Thijs Alkemade <me@thijsalkema.de>
parents: 5692
diff changeset
    55
#define PURPLE_SSL_CDSA_BEAST_TLS_WORKAROUND "ssl_cdsa_beast_tls_workaround"
5118
9c2f63e75aca Work around buggy TLS implementations in certain older XMPP servers by disabling TLS 1.1 and above on reconnect.
Evan Kinney <emkinney@gmail.com>
parents: 5106
diff changeset
    56
0
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    57
/*
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    58
 * query_cert_chain - callback for letting the user review the certificate before accepting it
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    59
 *
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    60
 * gsc: The secure connection used
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    61
 * err: one of the following:
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    62
 *  errSSLUnknownRootCert???The peer has a valid certificate chain, but the root of the chain is not a known anchor certificate.
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    63
 *  errSSLNoRootCert???The peer's certificate chain was not verifiable to a root certificate.
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    64
 *  errSSLCertExpired???The peer's certificate chain has one or more expired certificates.
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    65
 *  errSSLXCertChainInvalid???The peer has an invalid certificate chain; for example, signature verification within the chain failed, or no certificates were found.
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    66
 * hostname: The name of the host to be verified (for display purposes)
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    67
 * certs: an array of values of type SecCertificateRef representing the peer certificate and the certificate chain used to validate it. The certificate at index 0 of the returned array is the peer certificate; the root certificate (or the closest certificate to it) is at the end of the returned array.
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    68
 * accept_cert: the callback to be called when the user chooses to trust this certificate chain
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    69
 * reject_cert: the callback to be called when the user does not trust this certificate chain
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    70
 * userdata: opaque pointer which has to be passed to the callbacks
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    71
 */
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    72
typedef
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    73
void (*query_cert_chain)(PurpleSslConnection *gsc, const char *hostname, CFArrayRef certs, void (*query_cert_cb)(gboolean trusted, void *userdata), void *userdata);
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    74
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    75
static query_cert_chain certificate_ui_cb = NULL;
5099
61f9ea4acc88 workaround to retry SSL handshake with buggy servers
Evan Kinney <emkinney@gmail.com>
parents: 3362
diff changeset
    76
static void ssl_cdsa_create_context(gpointer data);
0
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    77
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    78
/*
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    79
 * ssl_cdsa_init
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    80
 */
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    81
static gboolean
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    82
ssl_cdsa_init(void)
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    83
{
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    84
	return (TRUE);
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    85
}
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    86
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    87
/*
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    88
 * ssl_cdsa_uninit
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    89
 */
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    90
static void
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    91
ssl_cdsa_uninit(void)
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    92
{
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    93
}
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    94
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    95
struct query_cert_userdata {
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    96
	CFArrayRef certs;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    97
	char *hostname;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    98
	PurpleSslConnection *gsc;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
    99
	PurpleInputCondition cond;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   100
};
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   101
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   102
static void ssl_cdsa_close(PurpleSslConnection *gsc);
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   103
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   104
static void query_cert_result(gboolean trusted, void *userdata) {
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   105
	struct query_cert_userdata *ud = (struct query_cert_userdata*)userdata;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   106
	PurpleSslConnection *gsc = (PurpleSslConnection *)ud->gsc;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   107
	
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   108
	CFRelease(ud->certs);
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   109
	free(ud->hostname);
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   110
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   111
	if (PURPLE_SSL_CONNECTION_IS_VALID(gsc)) {
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   112
		if (!trusted) {
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   113
			if (gsc->error_cb != NULL)
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   114
				gsc->error_cb(gsc, PURPLE_SSL_CERTIFICATE_INVALID,
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   115
							  gsc->connect_cb_data);
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   116
			
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   117
			purple_ssl_close(ud->gsc);
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   118
		} else {
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   119
			purple_debug_info("cdsa", "SSL_connect complete\n");
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   120
			
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   121
			/* SSL connected now */
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   122
			ud->gsc->connect_cb(ud->gsc->connect_cb_data, ud->gsc, ud->cond);
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   123
		}
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   124
	}
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   125
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   126
	free(ud);
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   127
}
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   128
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   129
/*
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   130
 * ssl_cdsa_handshake_cb
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   131
 */
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   132
static void
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   133
ssl_cdsa_handshake_cb(gpointer data, gint source, PurpleInputCondition cond)
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   134
{
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   135
	PurpleSslConnection *gsc = (PurpleSslConnection *)data;
5118
9c2f63e75aca Work around buggy TLS implementations in certain older XMPP servers by disabling TLS 1.1 and above on reconnect.
Evan Kinney <emkinney@gmail.com>
parents: 5106
diff changeset
   136
	PurpleAccount *account = gsc->account;
0
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   137
	PurpleSslCDSAData *cdsa_data = PURPLE_SSL_CDSA_DATA(gsc);
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   138
    OSStatus err;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   139
	
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   140
	purple_debug_info("cdsa", "Connecting\n");
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   141
	
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   142
	/*
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   143
	 * do the negotiation that sets up the SSL connection between
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   144
	 * here and there.
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   145
	 */
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   146
	err = SSLHandshake(cdsa_data->ssl_ctx);
5118
9c2f63e75aca Work around buggy TLS implementations in certain older XMPP servers by disabling TLS 1.1 and above on reconnect.
Evan Kinney <emkinney@gmail.com>
parents: 5106
diff changeset
   147
    if (err == errSSLPeerBadRecordMac
9c2f63e75aca Work around buggy TLS implementations in certain older XMPP servers by disabling TLS 1.1 and above on reconnect.
Evan Kinney <emkinney@gmail.com>
parents: 5106
diff changeset
   148
		&& !purple_account_get_bool(account, PURPLE_SSL_CDSA_BUGGY_TLS_WORKAROUND, false)
9c2f63e75aca Work around buggy TLS implementations in certain older XMPP servers by disabling TLS 1.1 and above on reconnect.
Evan Kinney <emkinney@gmail.com>
parents: 5106
diff changeset
   149
		&& !strcmp(purple_account_get_protocol_id(account),"prpl-jabber")) {
5099
61f9ea4acc88 workaround to retry SSL handshake with buggy servers
Evan Kinney <emkinney@gmail.com>
parents: 3362
diff changeset
   150
        /*
5118
9c2f63e75aca Work around buggy TLS implementations in certain older XMPP servers by disabling TLS 1.1 and above on reconnect.
Evan Kinney <emkinney@gmail.com>
parents: 5106
diff changeset
   151
         * Set a flag so we know to explicitly disable TLS 1.1 and 1.2 on our next (immediate) connection attempt for this account.
9c2f63e75aca Work around buggy TLS implementations in certain older XMPP servers by disabling TLS 1.1 and above on reconnect.
Evan Kinney <emkinney@gmail.com>
parents: 5106
diff changeset
   152
         * Some XMPP servers use buggy TLS stacks that incorrectly report their capabilities, which breaks things with 10.8's new support
9c2f63e75aca Work around buggy TLS implementations in certain older XMPP servers by disabling TLS 1.1 and above on reconnect.
Evan Kinney <emkinney@gmail.com>
parents: 5106
diff changeset
   153
         * for TLS 1.1 and 1.2.
5099
61f9ea4acc88 workaround to retry SSL handshake with buggy servers
Evan Kinney <emkinney@gmail.com>
parents: 3362
diff changeset
   154
         */
5118
9c2f63e75aca Work around buggy TLS implementations in certain older XMPP servers by disabling TLS 1.1 and above on reconnect.
Evan Kinney <emkinney@gmail.com>
parents: 5106
diff changeset
   155
        purple_debug_info("cdsa", "SSLHandshake reported that the server rejected our MAC, which most likely means it lied about the TLS versions it supports.");
9c2f63e75aca Work around buggy TLS implementations in certain older XMPP servers by disabling TLS 1.1 and above on reconnect.
Evan Kinney <emkinney@gmail.com>
parents: 5106
diff changeset
   156
        purple_debug_info("cdsa", "Setting a flag in this account to only use TLS 1.0 and below on the next connection attempt.");
9c2f63e75aca Work around buggy TLS implementations in certain older XMPP servers by disabling TLS 1.1 and above on reconnect.
Evan Kinney <emkinney@gmail.com>
parents: 5106
diff changeset
   157
    
9c2f63e75aca Work around buggy TLS implementations in certain older XMPP servers by disabling TLS 1.1 and above on reconnect.
Evan Kinney <emkinney@gmail.com>
parents: 5106
diff changeset
   158
        purple_account_set_bool(account, PURPLE_SSL_CDSA_BUGGY_TLS_WORKAROUND, true);
9c2f63e75aca Work around buggy TLS implementations in certain older XMPP servers by disabling TLS 1.1 and above on reconnect.
Evan Kinney <emkinney@gmail.com>
parents: 5106
diff changeset
   159
        if (gsc->error_cb != NULL)
9c2f63e75aca Work around buggy TLS implementations in certain older XMPP servers by disabling TLS 1.1 and above on reconnect.
Evan Kinney <emkinney@gmail.com>
parents: 5106
diff changeset
   160
            gsc->error_cb(gsc, PURPLE_SSL_HANDSHAKE_FAILED, gsc->connect_cb_data);
9c2f63e75aca Work around buggy TLS implementations in certain older XMPP servers by disabling TLS 1.1 and above on reconnect.
Evan Kinney <emkinney@gmail.com>
parents: 5106
diff changeset
   161
        purple_ssl_close(gsc);
9c2f63e75aca Work around buggy TLS implementations in certain older XMPP servers by disabling TLS 1.1 and above on reconnect.
Evan Kinney <emkinney@gmail.com>
parents: 5106
diff changeset
   162
        return;
5099
61f9ea4acc88 workaround to retry SSL handshake with buggy servers
Evan Kinney <emkinney@gmail.com>
parents: 3362
diff changeset
   163
    } else if (err != noErr) {
0
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   164
		if(err == errSSLWouldBlock)
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   165
			return;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   166
		fprintf(stderr,"cdsa: SSLHandshake failed with error %d\n",(int)err);
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   167
		purple_debug_error("cdsa", "SSLHandshake failed with error %d\n",(int)err);
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   168
		if (gsc->error_cb != NULL)
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   169
			gsc->error_cb(gsc, PURPLE_SSL_HANDSHAKE_FAILED,
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   170
						  gsc->connect_cb_data);
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   171
		
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   172
		purple_ssl_close(gsc);
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   173
		return;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   174
	}
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   175
		
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   176
	purple_input_remove(cdsa_data->handshake_handler);
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   177
	cdsa_data->handshake_handler = 0;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   178
	
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   179
	purple_debug_info("cdsa", "SSL_connect: verifying certificate\n");
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   180
	
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   181
	if(certificate_ui_cb) { // does the application want to verify the certificate?
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   182
		struct query_cert_userdata *userdata = (struct query_cert_userdata*)malloc(sizeof(struct query_cert_userdata));
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   183
		size_t hostnamelen = 0;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   184
		
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   185
		SSLGetPeerDomainNameLength(cdsa_data->ssl_ctx, &hostnamelen);
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   186
		userdata->hostname = (char*)malloc(hostnamelen+1);
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   187
		SSLGetPeerDomainName(cdsa_data->ssl_ctx, userdata->hostname, &hostnamelen);
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   188
		userdata->hostname[hostnamelen] = '\0'; // just make sure it's zero-terminated
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   189
		userdata->cond = cond;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   190
		userdata->gsc = gsc;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   191
		SSLCopyPeerCertificates(cdsa_data->ssl_ctx, &userdata->certs);
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   192
		
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   193
		certificate_ui_cb(gsc, userdata->hostname, userdata->certs, query_cert_result, userdata);
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   194
	} else {
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   195
		purple_debug_info("cdsa", "SSL_connect complete (did not verify certificate)\n");
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   196
		
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   197
		/* SSL connected now */
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   198
		gsc->connect_cb(gsc->connect_cb_data, gsc, cond);
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   199
	}
5674
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   200
	
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   201
	SSLCipherSuite suite;
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   202
	SSLGetNegotiatedCipher(cdsa_data->ssl_ctx, &suite);
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   203
	
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   204
	purple_debug_info("cdsa", "Using cipher %x.\n", suite);
0
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   205
}
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   206
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   207
/*
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   208
 * R/W. Called out from SSL.
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   209
 */
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   210
static OSStatus SocketRead(
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   211
                    SSLConnectionRef   connection,
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   212
                    void         *data,       /* owned by 
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   213
                                               * caller, data
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   214
                                               * RETURNED */
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   215
                    size_t         *dataLength)  /* IN/OUT */ 
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   216
                    {
3078
1b883db24823 Resolve implicit 64->32 bit castings in AdiumLibpurple.framework. Add asserts to ensure sanity where needed.
Stephen Holt <sholt@adium.im>
parents: 3060
diff changeset
   217
    NSUInteger      bytesToGo = *dataLength;
1b883db24823 Resolve implicit 64->32 bit castings in AdiumLibpurple.framework. Add asserts to ensure sanity where needed.
Stephen Holt <sholt@adium.im>
parents: 3060
diff changeset
   218
    NSUInteger       initLen = bytesToGo;
0
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   219
    UInt8      *currData = (UInt8 *)data;
3078
1b883db24823 Resolve implicit 64->32 bit castings in AdiumLibpurple.framework. Add asserts to ensure sanity where needed.
Stephen Holt <sholt@adium.im>
parents: 3060
diff changeset
   220
    int        sock;
0
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   221
    OSStatus    rtn = noErr;
3078
1b883db24823 Resolve implicit 64->32 bit castings in AdiumLibpurple.framework. Add asserts to ensure sanity where needed.
Stephen Holt <sholt@adium.im>
parents: 3060
diff changeset
   222
    ssize_t      bytesRead;
1b883db24823 Resolve implicit 64->32 bit castings in AdiumLibpurple.framework. Add asserts to ensure sanity where needed.
Stephen Holt <sholt@adium.im>
parents: 3060
diff changeset
   223
    ssize_t     rrtn;
0
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   224
    
3078
1b883db24823 Resolve implicit 64->32 bit castings in AdiumLibpurple.framework. Add asserts to ensure sanity where needed.
Stephen Holt <sholt@adium.im>
parents: 3060
diff changeset
   225
		assert( UINT_MAX >= (NSUInteger)connection );
1b883db24823 Resolve implicit 64->32 bit castings in AdiumLibpurple.framework. Add asserts to ensure sanity where needed.
Stephen Holt <sholt@adium.im>
parents: 3060
diff changeset
   226
		sock = (int)(NSUInteger)connection;
1b883db24823 Resolve implicit 64->32 bit castings in AdiumLibpurple.framework. Add asserts to ensure sanity where needed.
Stephen Holt <sholt@adium.im>
parents: 3060
diff changeset
   227
										 
0
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   228
    *dataLength = 0;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   229
    
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   230
    for(;;) {
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   231
        bytesRead = 0;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   232
        rrtn = read(sock, currData, bytesToGo);
5843
9b4717820ead We should not read errno when reading 0 bytes, because it is not set. The connection has been closed.
Thijs Alkemade <me@thijsalkema.de>
parents: 5842
diff changeset
   233
		if (rrtn == 0) {
5881
5a62e233115d Backing out e9b20f65795c, this is no longer necessary.
Thijs Alkemade <me@thijsalkema.de>
parents: 5880
diff changeset
   234
			rtn = errSSLClosedGraceful;
5843
9b4717820ead We should not read errno when reading 0 bytes, because it is not set. The connection has been closed.
Thijs Alkemade <me@thijsalkema.de>
parents: 5842
diff changeset
   235
			break;
9b4717820ead We should not read errno when reading 0 bytes, because it is not set. The connection has been closed.
Thijs Alkemade <me@thijsalkema.de>
parents: 5842
diff changeset
   236
		} else if (rrtn < 0) {
0
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   237
            /* this is guesswork... */
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   238
            int theErr = errno;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   239
            switch(theErr) {
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   240
                case ENOENT:
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   241
                    /* connection closed */
5842
f8d2f42c499b Backed out ef796c40efb0: the code can cause busy loops on disconnect, especially with XMPP servers (in particular when prompted to enter a password).
Thijs Alkemade <me@thijsalkema.de>
parents: 5782
diff changeset
   242
                    rtn = errSSLClosedGraceful; 
0
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   243
                    break;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   244
                case ECONNRESET:
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   245
                    rtn = errSSLClosedAbort;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   246
                    break;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   247
                case EAGAIN:
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   248
                    rtn = errSSLWouldBlock;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   249
                    break;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   250
                default:
5842
f8d2f42c499b Backed out ef796c40efb0: the code can cause busy loops on disconnect, especially with XMPP servers (in particular when prompted to enter a password).
Thijs Alkemade <me@thijsalkema.de>
parents: 5782
diff changeset
   251
                    fprintf(stderr,"SocketRead: read(%lu) error %d\n", 
f8d2f42c499b Backed out ef796c40efb0: the code can cause busy loops on disconnect, especially with XMPP servers (in particular when prompted to enter a password).
Thijs Alkemade <me@thijsalkema.de>
parents: 5782
diff changeset
   252
                             (unsigned long)bytesToGo, theErr);
0
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   253
                    rtn = errSSLFatalAlert;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   254
                    break;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   255
            }
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   256
            break;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   257
        }
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   258
        else {
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   259
            bytesRead = rrtn;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   260
        }
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   261
        bytesToGo -= bytesRead;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   262
        currData  += bytesRead;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   263
        
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   264
        if(bytesToGo == 0) {
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   265
            /* filled buffer with incoming data, done */
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   266
            break;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   267
        }
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   268
    }
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   269
    *dataLength = initLen - bytesToGo;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   270
    if(rtn != noErr && rtn != errSSLWouldBlock)
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   271
        fprintf(stderr,"SocketRead err = %d\n", (int)rtn);
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   272
    
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   273
    return rtn;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   274
}
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   275
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   276
static OSStatus SocketWrite(
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   277
                     SSLConnectionRef   connection,
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   278
                     const void       *data, 
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   279
                     size_t         *dataLength)  /* IN/OUT */ 
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   280
                     {
3078
1b883db24823 Resolve implicit 64->32 bit castings in AdiumLibpurple.framework. Add asserts to ensure sanity where needed.
Stephen Holt <sholt@adium.im>
parents: 3060
diff changeset
   281
    NSUInteger    bytesSent = 0;
1b883db24823 Resolve implicit 64->32 bit castings in AdiumLibpurple.framework. Add asserts to ensure sanity where needed.
Stephen Holt <sholt@adium.im>
parents: 3060
diff changeset
   282
    int sock;
1b883db24823 Resolve implicit 64->32 bit castings in AdiumLibpurple.framework. Add asserts to ensure sanity where needed.
Stephen Holt <sholt@adium.im>
parents: 3060
diff changeset
   283
    ssize_t    length;
1b883db24823 Resolve implicit 64->32 bit castings in AdiumLibpurple.framework. Add asserts to ensure sanity where needed.
Stephen Holt <sholt@adium.im>
parents: 3060
diff changeset
   284
    NSUInteger    dataLen = *dataLength;
0
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   285
    const UInt8 *dataPtr = (UInt8 *)data;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   286
    OSStatus  ortn;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   287
3078
1b883db24823 Resolve implicit 64->32 bit castings in AdiumLibpurple.framework. Add asserts to ensure sanity where needed.
Stephen Holt <sholt@adium.im>
parents: 3060
diff changeset
   288
		assert( UINT_MAX >= (NSUInteger)connection );
1b883db24823 Resolve implicit 64->32 bit castings in AdiumLibpurple.framework. Add asserts to ensure sanity where needed.
Stephen Holt <sholt@adium.im>
parents: 3060
diff changeset
   289
		sock = (int)(NSUInteger)connection;
1b883db24823 Resolve implicit 64->32 bit castings in AdiumLibpurple.framework. Add asserts to ensure sanity where needed.
Stephen Holt <sholt@adium.im>
parents: 3060
diff changeset
   290
											
0
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   291
    *dataLength = 0;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   292
    
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   293
    do {
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   294
        length = write(sock, 
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   295
                       (char*)dataPtr + bytesSent, 
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   296
                       dataLen - bytesSent);
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   297
    } while ((length > 0) && 
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   298
             ( (bytesSent += length) < dataLen) );
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   299
    
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   300
    if(length <= 0) {
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   301
        if(errno == EAGAIN) {
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   302
            ortn = errSSLWouldBlock;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   303
        }
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   304
        else {
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   305
            ortn = errSSLFatalAlert;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   306
        }
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   307
    }
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   308
    else {
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   309
        ortn = noErr;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   310
    }
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   311
    *dataLength = bytesSent;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   312
    return ortn;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   313
}
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   314
5674
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   315
static gboolean
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   316
ssl_cdsa_use_cipher(SSLCipherSuite suite) {
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   317
	switch (suite) {
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   318
		case SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA:
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   319
		case SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA:
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   320
		case SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA:
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   321
		case SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
5780
d2d6645f5e9d Removed the following TLS ciphers:
Thijs Alkemade <me@thijsalkema.de>
parents: 5779
diff changeset
   322
		case SSL_RSA_WITH_3DES_EDE_CBC_SHA:
d2d6645f5e9d Removed the following TLS ciphers:
Thijs Alkemade <me@thijsalkema.de>
parents: 5779
diff changeset
   323
		case SSL_RSA_WITH_RC4_128_SHA:
d2d6645f5e9d Removed the following TLS ciphers:
Thijs Alkemade <me@thijsalkema.de>
parents: 5779
diff changeset
   324
		case TLS_DH_DSS_WITH_AES_128_CBC_SHA:
d2d6645f5e9d Removed the following TLS ciphers:
Thijs Alkemade <me@thijsalkema.de>
parents: 5779
diff changeset
   325
		case TLS_DH_DSS_WITH_AES_128_CBC_SHA256:
d2d6645f5e9d Removed the following TLS ciphers:
Thijs Alkemade <me@thijsalkema.de>
parents: 5779
diff changeset
   326
		case TLS_DH_DSS_WITH_AES_128_GCM_SHA256:
d2d6645f5e9d Removed the following TLS ciphers:
Thijs Alkemade <me@thijsalkema.de>
parents: 5779
diff changeset
   327
		case TLS_DH_DSS_WITH_AES_256_CBC_SHA:
d2d6645f5e9d Removed the following TLS ciphers:
Thijs Alkemade <me@thijsalkema.de>
parents: 5779
diff changeset
   328
		case TLS_DH_DSS_WITH_AES_256_CBC_SHA256:
d2d6645f5e9d Removed the following TLS ciphers:
Thijs Alkemade <me@thijsalkema.de>
parents: 5779
diff changeset
   329
		case TLS_DH_DSS_WITH_AES_256_GCM_SHA384:
d2d6645f5e9d Removed the following TLS ciphers:
Thijs Alkemade <me@thijsalkema.de>
parents: 5779
diff changeset
   330
		case TLS_DH_RSA_WITH_AES_128_CBC_SHA:
d2d6645f5e9d Removed the following TLS ciphers:
Thijs Alkemade <me@thijsalkema.de>
parents: 5779
diff changeset
   331
		case TLS_DH_RSA_WITH_AES_128_CBC_SHA256:
d2d6645f5e9d Removed the following TLS ciphers:
Thijs Alkemade <me@thijsalkema.de>
parents: 5779
diff changeset
   332
		case TLS_DH_RSA_WITH_AES_128_GCM_SHA256:
d2d6645f5e9d Removed the following TLS ciphers:
Thijs Alkemade <me@thijsalkema.de>
parents: 5779
diff changeset
   333
		case TLS_DH_RSA_WITH_AES_256_CBC_SHA:
d2d6645f5e9d Removed the following TLS ciphers:
Thijs Alkemade <me@thijsalkema.de>
parents: 5779
diff changeset
   334
		case TLS_DH_RSA_WITH_AES_256_CBC_SHA256:
d2d6645f5e9d Removed the following TLS ciphers:
Thijs Alkemade <me@thijsalkema.de>
parents: 5779
diff changeset
   335
		case TLS_DH_RSA_WITH_AES_256_GCM_SHA384:
d2d6645f5e9d Removed the following TLS ciphers:
Thijs Alkemade <me@thijsalkema.de>
parents: 5779
diff changeset
   336
		case TLS_DHE_DSS_WITH_AES_128_CBC_SHA:
d2d6645f5e9d Removed the following TLS ciphers:
Thijs Alkemade <me@thijsalkema.de>
parents: 5779
diff changeset
   337
		case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256:
d2d6645f5e9d Removed the following TLS ciphers:
Thijs Alkemade <me@thijsalkema.de>
parents: 5779
diff changeset
   338
		case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256:
d2d6645f5e9d Removed the following TLS ciphers:
Thijs Alkemade <me@thijsalkema.de>
parents: 5779
diff changeset
   339
		case TLS_DHE_DSS_WITH_AES_256_CBC_SHA:
d2d6645f5e9d Removed the following TLS ciphers:
Thijs Alkemade <me@thijsalkema.de>
parents: 5779
diff changeset
   340
		case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256:
d2d6645f5e9d Removed the following TLS ciphers:
Thijs Alkemade <me@thijsalkema.de>
parents: 5779
diff changeset
   341
		case TLS_DHE_DSS_WITH_AES_256_GCM_SHA384:
d2d6645f5e9d Removed the following TLS ciphers:
Thijs Alkemade <me@thijsalkema.de>
parents: 5779
diff changeset
   342
		case TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
d2d6645f5e9d Removed the following TLS ciphers:
Thijs Alkemade <me@thijsalkema.de>
parents: 5779
diff changeset
   343
		case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
d2d6645f5e9d Removed the following TLS ciphers:
Thijs Alkemade <me@thijsalkema.de>
parents: 5779
diff changeset
   344
		case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
d2d6645f5e9d Removed the following TLS ciphers:
Thijs Alkemade <me@thijsalkema.de>
parents: 5779
diff changeset
   345
		case TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
d2d6645f5e9d Removed the following TLS ciphers:
Thijs Alkemade <me@thijsalkema.de>
parents: 5779
diff changeset
   346
		case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
d2d6645f5e9d Removed the following TLS ciphers:
Thijs Alkemade <me@thijsalkema.de>
parents: 5779
diff changeset
   347
		case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
5674
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   348
		case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA:
5780
d2d6645f5e9d Removed the following TLS ciphers:
Thijs Alkemade <me@thijsalkema.de>
parents: 5779
diff changeset
   349
		case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:
d2d6645f5e9d Removed the following TLS ciphers:
Thijs Alkemade <me@thijsalkema.de>
parents: 5779
diff changeset
   350
		case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256:
d2d6645f5e9d Removed the following TLS ciphers:
Thijs Alkemade <me@thijsalkema.de>
parents: 5779
diff changeset
   351
		case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256:
d2d6645f5e9d Removed the following TLS ciphers:
Thijs Alkemade <me@thijsalkema.de>
parents: 5779
diff changeset
   352
		case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:
d2d6645f5e9d Removed the following TLS ciphers:
Thijs Alkemade <me@thijsalkema.de>
parents: 5779
diff changeset
   353
		case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384:
d2d6645f5e9d Removed the following TLS ciphers:
Thijs Alkemade <me@thijsalkema.de>
parents: 5779
diff changeset
   354
		case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384:
d2d6645f5e9d Removed the following TLS ciphers:
Thijs Alkemade <me@thijsalkema.de>
parents: 5779
diff changeset
   355
		case TLS_ECDH_ECDSA_WITH_RC4_128_SHA:
d2d6645f5e9d Removed the following TLS ciphers:
Thijs Alkemade <me@thijsalkema.de>
parents: 5779
diff changeset
   356
		case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA:
d2d6645f5e9d Removed the following TLS ciphers:
Thijs Alkemade <me@thijsalkema.de>
parents: 5779
diff changeset
   357
		case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA:
d2d6645f5e9d Removed the following TLS ciphers:
Thijs Alkemade <me@thijsalkema.de>
parents: 5779
diff changeset
   358
		case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256:
d2d6645f5e9d Removed the following TLS ciphers:
Thijs Alkemade <me@thijsalkema.de>
parents: 5779
diff changeset
   359
		case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256:
d2d6645f5e9d Removed the following TLS ciphers:
Thijs Alkemade <me@thijsalkema.de>
parents: 5779
diff changeset
   360
		case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:
d2d6645f5e9d Removed the following TLS ciphers:
Thijs Alkemade <me@thijsalkema.de>
parents: 5779
diff changeset
   361
		case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384:
d2d6645f5e9d Removed the following TLS ciphers:
Thijs Alkemade <me@thijsalkema.de>
parents: 5779
diff changeset
   362
		case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384:
d2d6645f5e9d Removed the following TLS ciphers:
Thijs Alkemade <me@thijsalkema.de>
parents: 5779
diff changeset
   363
		case TLS_ECDH_RSA_WITH_RC4_128_SHA:
5674
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   364
		case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
5780
d2d6645f5e9d Removed the following TLS ciphers:
Thijs Alkemade <me@thijsalkema.de>
parents: 5779
diff changeset
   365
		case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
d2d6645f5e9d Removed the following TLS ciphers:
Thijs Alkemade <me@thijsalkema.de>
parents: 5779
diff changeset
   366
		case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
d2d6645f5e9d Removed the following TLS ciphers:
Thijs Alkemade <me@thijsalkema.de>
parents: 5779
diff changeset
   367
		case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
d2d6645f5e9d Removed the following TLS ciphers:
Thijs Alkemade <me@thijsalkema.de>
parents: 5779
diff changeset
   368
		case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
d2d6645f5e9d Removed the following TLS ciphers:
Thijs Alkemade <me@thijsalkema.de>
parents: 5779
diff changeset
   369
		case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
d2d6645f5e9d Removed the following TLS ciphers:
Thijs Alkemade <me@thijsalkema.de>
parents: 5779
diff changeset
   370
		case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
d2d6645f5e9d Removed the following TLS ciphers:
Thijs Alkemade <me@thijsalkema.de>
parents: 5779
diff changeset
   371
		case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
5674
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   372
		case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
5780
d2d6645f5e9d Removed the following TLS ciphers:
Thijs Alkemade <me@thijsalkema.de>
parents: 5779
diff changeset
   373
		case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
d2d6645f5e9d Removed the following TLS ciphers:
Thijs Alkemade <me@thijsalkema.de>
parents: 5779
diff changeset
   374
		case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
d2d6645f5e9d Removed the following TLS ciphers:
Thijs Alkemade <me@thijsalkema.de>
parents: 5779
diff changeset
   375
		case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
d2d6645f5e9d Removed the following TLS ciphers:
Thijs Alkemade <me@thijsalkema.de>
parents: 5779
diff changeset
   376
		case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
d2d6645f5e9d Removed the following TLS ciphers:
Thijs Alkemade <me@thijsalkema.de>
parents: 5779
diff changeset
   377
		case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
d2d6645f5e9d Removed the following TLS ciphers:
Thijs Alkemade <me@thijsalkema.de>
parents: 5779
diff changeset
   378
		case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
5674
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   379
		case TLS_ECDHE_RSA_WITH_RC4_128_SHA:
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   380
		case TLS_RSA_WITH_AES_128_CBC_SHA:
5780
d2d6645f5e9d Removed the following TLS ciphers:
Thijs Alkemade <me@thijsalkema.de>
parents: 5779
diff changeset
   381
		case TLS_RSA_WITH_AES_128_CBC_SHA256:
d2d6645f5e9d Removed the following TLS ciphers:
Thijs Alkemade <me@thijsalkema.de>
parents: 5779
diff changeset
   382
		case TLS_RSA_WITH_AES_128_GCM_SHA256:
5674
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   383
		case TLS_RSA_WITH_AES_256_CBC_SHA:
5780
d2d6645f5e9d Removed the following TLS ciphers:
Thijs Alkemade <me@thijsalkema.de>
parents: 5779
diff changeset
   384
		case TLS_RSA_WITH_AES_256_CBC_SHA256:
5687
6c2293048ca9 Disable SSLv2 even for bad servers. Added a number of TLS 1.2 suites to the whitelist (not all of those are supported by Apple yet).
Thijs Alkemade <me@thijsalkema.de>
parents: 5674
diff changeset
   385
		case TLS_RSA_WITH_AES_256_GCM_SHA384:
5780
d2d6645f5e9d Removed the following TLS ciphers:
Thijs Alkemade <me@thijsalkema.de>
parents: 5779
diff changeset
   386
		
5674
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   387
			return TRUE;
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   388
			
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   389
		default:
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   390
			return FALSE;
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   391
	}
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   392
}
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   393
0
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   394
static void
5099
61f9ea4acc88 workaround to retry SSL handshake with buggy servers
Evan Kinney <emkinney@gmail.com>
parents: 3362
diff changeset
   395
ssl_cdsa_create_context(gpointer data) {
61f9ea4acc88 workaround to retry SSL handshake with buggy servers
Evan Kinney <emkinney@gmail.com>
parents: 3362
diff changeset
   396
    PurpleSslConnection *gsc = (PurpleSslConnection *)data;
5118
9c2f63e75aca Work around buggy TLS implementations in certain older XMPP servers by disabling TLS 1.1 and above on reconnect.
Evan Kinney <emkinney@gmail.com>
parents: 5106
diff changeset
   397
    PurpleAccount *account = gsc->account;
0
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   398
	PurpleSslCDSAData *cdsa_data;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   399
    OSStatus err;
5099
61f9ea4acc88 workaround to retry SSL handshake with buggy servers
Evan Kinney <emkinney@gmail.com>
parents: 3362
diff changeset
   400
    
61f9ea4acc88 workaround to retry SSL handshake with buggy servers
Evan Kinney <emkinney@gmail.com>
parents: 3362
diff changeset
   401
    /*
0
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   402
	 * allocate some memory to store variables for the cdsa connection.
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   403
	 * the memory comes zero'd from g_new0 so we don't need to null the
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   404
	 * pointers held in this struct.
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   405
	 */
5099
61f9ea4acc88 workaround to retry SSL handshake with buggy servers
Evan Kinney <emkinney@gmail.com>
parents: 3362
diff changeset
   406
    cdsa_data = g_new0(PurpleSslCDSAData, 1);
0
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   407
	gsc->private_data = cdsa_data;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   408
	connections = g_list_append(connections, gsc);
5099
61f9ea4acc88 workaround to retry SSL handshake with buggy servers
Evan Kinney <emkinney@gmail.com>
parents: 3362
diff changeset
   409
    
61f9ea4acc88 workaround to retry SSL handshake with buggy servers
Evan Kinney <emkinney@gmail.com>
parents: 3362
diff changeset
   410
    /*
0
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   411
	 * allocate a new SSLContextRef object
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   412
	 */
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   413
    err = SSLNewContext(false, &cdsa_data->ssl_ctx);
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   414
	if (err != noErr) {
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   415
		purple_debug_error("cdsa", "SSLNewContext failed\n");
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   416
		if (gsc->error_cb != NULL)
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   417
			gsc->error_cb(gsc, PURPLE_SSL_HANDSHAKE_FAILED,
5099
61f9ea4acc88 workaround to retry SSL handshake with buggy servers
Evan Kinney <emkinney@gmail.com>
parents: 3362
diff changeset
   418
                          gsc->connect_cb_data);
61f9ea4acc88 workaround to retry SSL handshake with buggy servers
Evan Kinney <emkinney@gmail.com>
parents: 3362
diff changeset
   419
        
0
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   420
		purple_ssl_close(gsc);
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   421
		return;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   422
	}
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   423
    
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   424
    /*
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   425
     * Set up our callbacks for reading/writing the file descriptor
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   426
     */
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   427
    err = SSLSetIOFuncs(cdsa_data->ssl_ctx, SocketRead, SocketWrite);
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   428
    if (err != noErr) {
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   429
		purple_debug_error("cdsa", "SSLSetIOFuncs failed\n");
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   430
		if (gsc->error_cb != NULL)
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   431
			gsc->error_cb(gsc, PURPLE_SSL_HANDSHAKE_FAILED,
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   432
                          gsc->connect_cb_data);
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   433
        
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   434
		purple_ssl_close(gsc);
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   435
		return;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   436
    }
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   437
    
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   438
    /*
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   439
     * Pass the connection information to the connection to be used by our callbacks
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   440
     */
5674
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   441
    err = SSLSetConnection(cdsa_data->ssl_ctx, (SSLConnectionRef)(intptr_t)gsc->fd);
0
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   442
    if (err != noErr) {
5674
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   443
		purple_debug_error("cdsa", "SSLSetConnection failed: %d\n", err);
0
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   444
		if (gsc->error_cb != NULL)
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   445
			gsc->error_cb(gsc, PURPLE_SSL_HANDSHAKE_FAILED,
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   446
                          gsc->connect_cb_data);
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   447
        
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   448
		purple_ssl_close(gsc);
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   449
		return;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   450
    }
5674
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   451
	
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   452
	size_t numCiphers = 0;
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   453
	
5692
7c54087cdcb6 This should be enabled, not supported. We want the ciphers that are enabled by default.
Thijs Alkemade <me@thijsalkema.de>
parents: 5687
diff changeset
   454
	err = SSLGetNumberEnabledCiphers(cdsa_data->ssl_ctx, &numCiphers);
5674
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   455
	
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   456
	if (err != noErr) {
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   457
		purple_debug_error("cdsa", "SSLGetNumberEnabledCiphers failed: %d\n", err);
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   458
        if (gsc->error_cb != NULL)
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   459
            gsc->error_cb(gsc, PURPLE_SSL_HANDSHAKE_FAILED,
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   460
                          gsc->connect_cb_data);
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   461
        
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   462
        purple_ssl_close(gsc);
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   463
        return;
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   464
	}
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   465
	
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   466
	SSLCipherSuite ciphers[numCiphers];
0
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   467
    
5692
7c54087cdcb6 This should be enabled, not supported. We want the ciphers that are enabled by default.
Thijs Alkemade <me@thijsalkema.de>
parents: 5687
diff changeset
   468
    err = SSLGetEnabledCiphers(cdsa_data->ssl_ctx, ciphers, &numCiphers);
5674
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   469
	if (err != noErr) {
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   470
		purple_debug_error("cdsa", "SSLGetSupportedCiphers failed: %d\n", err);
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   471
        if (gsc->error_cb != NULL)
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   472
            gsc->error_cb(gsc, PURPLE_SSL_HANDSHAKE_FAILED,
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   473
                          gsc->connect_cb_data);
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   474
        
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   475
        purple_ssl_close(gsc);
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   476
        return;
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   477
	}
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   478
	
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   479
	SSLCipherSuite enabledCiphers[numCiphers];
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   480
	size_t numEnabledCiphers = 0;
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   481
	int i;
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   482
	
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   483
	for (i = 0; i < numCiphers; i++) {
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   484
		if (ssl_cdsa_use_cipher(ciphers[i])) {
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   485
			enabledCiphers[numEnabledCiphers] = ciphers[i];
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   486
			numEnabledCiphers++;
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   487
		}
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   488
	}
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   489
	
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   490
    err = SSLSetEnabledCiphers(cdsa_data->ssl_ctx, enabledCiphers, numEnabledCiphers);
2735
a84d7da4ebde Remove elliptic curve ciphers from the cipher list as it causes a number of XMPP servers to break. This is the same cipher set that Mac OS X 10.5 used, and the same as 10.6 without the EC ciphers.
Andrew Wellington <proton@adium.im>
parents: 2634
diff changeset
   491
    if (err != noErr) {
5674
b505bbf8f879 Instead of using a bad, fixed list of ciphers, check what's supported and then enable only those we also want, similar to how Chromium used to work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5594
diff changeset
   492
        purple_debug_error("cdsa", "SSLSetEnabledCiphers failed: %d\n", err);
2735
a84d7da4ebde Remove elliptic curve ciphers from the cipher list as it causes a number of XMPP servers to break. This is the same cipher set that Mac OS X 10.5 used, and the same as 10.6 without the EC ciphers.
Andrew Wellington <proton@adium.im>
parents: 2634
diff changeset
   493
        if (gsc->error_cb != NULL)
a84d7da4ebde Remove elliptic curve ciphers from the cipher list as it causes a number of XMPP servers to break. This is the same cipher set that Mac OS X 10.5 used, and the same as 10.6 without the EC ciphers.
Andrew Wellington <proton@adium.im>
parents: 2634
diff changeset
   494
            gsc->error_cb(gsc, PURPLE_SSL_HANDSHAKE_FAILED,
5099
61f9ea4acc88 workaround to retry SSL handshake with buggy servers
Evan Kinney <emkinney@gmail.com>
parents: 3362
diff changeset
   495
                          gsc->connect_cb_data);
61f9ea4acc88 workaround to retry SSL handshake with buggy servers
Evan Kinney <emkinney@gmail.com>
parents: 3362
diff changeset
   496
        
2735
a84d7da4ebde Remove elliptic curve ciphers from the cipher list as it causes a number of XMPP servers to break. This is the same cipher set that Mac OS X 10.5 used, and the same as 10.6 without the EC ciphers.
Andrew Wellington <proton@adium.im>
parents: 2634
diff changeset
   497
        purple_ssl_close(gsc);
a84d7da4ebde Remove elliptic curve ciphers from the cipher list as it causes a number of XMPP servers to break. This is the same cipher set that Mac OS X 10.5 used, and the same as 10.6 without the EC ciphers.
Andrew Wellington <proton@adium.im>
parents: 2634
diff changeset
   498
        return;
a84d7da4ebde Remove elliptic curve ciphers from the cipher list as it causes a number of XMPP servers to break. This is the same cipher set that Mac OS X 10.5 used, and the same as 10.6 without the EC ciphers.
Andrew Wellington <proton@adium.im>
parents: 2634
diff changeset
   499
    }
a84d7da4ebde Remove elliptic curve ciphers from the cipher list as it causes a number of XMPP servers to break. This is the same cipher set that Mac OS X 10.5 used, and the same as 10.6 without the EC ciphers.
Andrew Wellington <proton@adium.im>
parents: 2634
diff changeset
   500
    
5118
9c2f63e75aca Work around buggy TLS implementations in certain older XMPP servers by disabling TLS 1.1 and above on reconnect.
Evan Kinney <emkinney@gmail.com>
parents: 5106
diff changeset
   501
    if (purple_account_get_bool(account, PURPLE_SSL_CDSA_BUGGY_TLS_WORKAROUND, false)) {
9c2f63e75aca Work around buggy TLS implementations in certain older XMPP servers by disabling TLS 1.1 and above on reconnect.
Evan Kinney <emkinney@gmail.com>
parents: 5106
diff changeset
   502
        purple_debug_info("cdsa", "Explicitly disabling TLS 1.1 and above to try and work around buggy TLS stacks\n");
9c2f63e75aca Work around buggy TLS implementations in certain older XMPP servers by disabling TLS 1.1 and above on reconnect.
Evan Kinney <emkinney@gmail.com>
parents: 5106
diff changeset
   503
        
9c2f63e75aca Work around buggy TLS implementations in certain older XMPP servers by disabling TLS 1.1 and above on reconnect.
Evan Kinney <emkinney@gmail.com>
parents: 5106
diff changeset
   504
        OSStatus protoErr;
9c2f63e75aca Work around buggy TLS implementations in certain older XMPP servers by disabling TLS 1.1 and above on reconnect.
Evan Kinney <emkinney@gmail.com>
parents: 5106
diff changeset
   505
        protoErr = SSLSetProtocolVersionEnabled(cdsa_data->ssl_ctx, kSSLProtocolAll, false);
9c2f63e75aca Work around buggy TLS implementations in certain older XMPP servers by disabling TLS 1.1 and above on reconnect.
Evan Kinney <emkinney@gmail.com>
parents: 5106
diff changeset
   506
        if (protoErr != noErr) {
9c2f63e75aca Work around buggy TLS implementations in certain older XMPP servers by disabling TLS 1.1 and above on reconnect.
Evan Kinney <emkinney@gmail.com>
parents: 5106
diff changeset
   507
            purple_debug_error("cdsa", "SSLSetProtocolVersionEnabled failed to disable protocols\n");
9c2f63e75aca Work around buggy TLS implementations in certain older XMPP servers by disabling TLS 1.1 and above on reconnect.
Evan Kinney <emkinney@gmail.com>
parents: 5106
diff changeset
   508
            if (gsc->error_cb != NULL)
9c2f63e75aca Work around buggy TLS implementations in certain older XMPP servers by disabling TLS 1.1 and above on reconnect.
Evan Kinney <emkinney@gmail.com>
parents: 5106
diff changeset
   509
                gsc->error_cb(gsc, PURPLE_SSL_HANDSHAKE_FAILED, gsc->connect_cb_data);
9c2f63e75aca Work around buggy TLS implementations in certain older XMPP servers by disabling TLS 1.1 and above on reconnect.
Evan Kinney <emkinney@gmail.com>
parents: 5106
diff changeset
   510
            purple_ssl_close(gsc);
9c2f63e75aca Work around buggy TLS implementations in certain older XMPP servers by disabling TLS 1.1 and above on reconnect.
Evan Kinney <emkinney@gmail.com>
parents: 5106
diff changeset
   511
            return;
9c2f63e75aca Work around buggy TLS implementations in certain older XMPP servers by disabling TLS 1.1 and above on reconnect.
Evan Kinney <emkinney@gmail.com>
parents: 5106
diff changeset
   512
        }
9c2f63e75aca Work around buggy TLS implementations in certain older XMPP servers by disabling TLS 1.1 and above on reconnect.
Evan Kinney <emkinney@gmail.com>
parents: 5106
diff changeset
   513
        
9c2f63e75aca Work around buggy TLS implementations in certain older XMPP servers by disabling TLS 1.1 and above on reconnect.
Evan Kinney <emkinney@gmail.com>
parents: 5106
diff changeset
   514
        protoErr = SSLSetProtocolVersionEnabled(cdsa_data->ssl_ctx, kSSLProtocol3, true);
9c2f63e75aca Work around buggy TLS implementations in certain older XMPP servers by disabling TLS 1.1 and above on reconnect.
Evan Kinney <emkinney@gmail.com>
parents: 5106
diff changeset
   515
        protoErr = SSLSetProtocolVersionEnabled(cdsa_data->ssl_ctx, kTLSProtocol1, true);
9c2f63e75aca Work around buggy TLS implementations in certain older XMPP servers by disabling TLS 1.1 and above on reconnect.
Evan Kinney <emkinney@gmail.com>
parents: 5106
diff changeset
   516
    }
9c2f63e75aca Work around buggy TLS implementations in certain older XMPP servers by disabling TLS 1.1 and above on reconnect.
Evan Kinney <emkinney@gmail.com>
parents: 5106
diff changeset
   517
    
5782
93fcae96bc78 Okay, the previous check failed. Maybe this does work.
Thijs Alkemade <me@thijsalkema.de>
parents: 5780
diff changeset
   518
#ifndef MAC_OS_X_VERSION_10_9
5779
0867cdb71afd Fix this check to properly notice when it's not building on 10.9.
Thijs Alkemade <me@thijsalkema.de>
parents: 5777
diff changeset
   519
	#define kSSLSessionOptionSendOneByteRecord 4 /* Appears in 10.9 */
5777
78db6a0ed1c7 Patch from mlamb: Add a way for protocols to disable 1/n-1 record splitting on TLS (which is used to counter the BEAST attack) for protocols that might want it.
Thijs Alkemade <me@thijsalkema.de>
parents: 5692
diff changeset
   520
#endif
78db6a0ed1c7 Patch from mlamb: Add a way for protocols to disable 1/n-1 record splitting on TLS (which is used to counter the BEAST attack) for protocols that might want it.
Thijs Alkemade <me@thijsalkema.de>
parents: 5692
diff changeset
   521
    
78db6a0ed1c7 Patch from mlamb: Add a way for protocols to disable 1/n-1 record splitting on TLS (which is used to counter the BEAST attack) for protocols that might want it.
Thijs Alkemade <me@thijsalkema.de>
parents: 5692
diff changeset
   522
    if (purple_account_get_bool(account, PURPLE_SSL_CDSA_BEAST_TLS_WORKAROUND, false)) {
78db6a0ed1c7 Patch from mlamb: Add a way for protocols to disable 1/n-1 record splitting on TLS (which is used to counter the BEAST attack) for protocols that might want it.
Thijs Alkemade <me@thijsalkema.de>
parents: 5692
diff changeset
   523
        purple_debug_info("cdsa", "Explicitly disabling SSL BEAST mitigation for broken server implementations\n");
78db6a0ed1c7 Patch from mlamb: Add a way for protocols to disable 1/n-1 record splitting on TLS (which is used to counter the BEAST attack) for protocols that might want it.
Thijs Alkemade <me@thijsalkema.de>
parents: 5692
diff changeset
   524
        
78db6a0ed1c7 Patch from mlamb: Add a way for protocols to disable 1/n-1 record splitting on TLS (which is used to counter the BEAST attack) for protocols that might want it.
Thijs Alkemade <me@thijsalkema.de>
parents: 5692
diff changeset
   525
        OSStatus protoErr;
78db6a0ed1c7 Patch from mlamb: Add a way for protocols to disable 1/n-1 record splitting on TLS (which is used to counter the BEAST attack) for protocols that might want it.
Thijs Alkemade <me@thijsalkema.de>
parents: 5692
diff changeset
   526
        protoErr = SSLSetSessionOption(cdsa_data->ssl_ctx, kSSLSessionOptionSendOneByteRecord, false);
78db6a0ed1c7 Patch from mlamb: Add a way for protocols to disable 1/n-1 record splitting on TLS (which is used to counter the BEAST attack) for protocols that might want it.
Thijs Alkemade <me@thijsalkema.de>
parents: 5692
diff changeset
   527
        if (protoErr != noErr) {
78db6a0ed1c7 Patch from mlamb: Add a way for protocols to disable 1/n-1 record splitting on TLS (which is used to counter the BEAST attack) for protocols that might want it.
Thijs Alkemade <me@thijsalkema.de>
parents: 5692
diff changeset
   528
            purple_debug_info("cdsa", "SSLSetSessionOption failed to disable SSL BEAST mitigation\n");
78db6a0ed1c7 Patch from mlamb: Add a way for protocols to disable 1/n-1 record splitting on TLS (which is used to counter the BEAST attack) for protocols that might want it.
Thijs Alkemade <me@thijsalkema.de>
parents: 5692
diff changeset
   529
        }
78db6a0ed1c7 Patch from mlamb: Add a way for protocols to disable 1/n-1 record splitting on TLS (which is used to counter the BEAST attack) for protocols that might want it.
Thijs Alkemade <me@thijsalkema.de>
parents: 5692
diff changeset
   530
    }
78db6a0ed1c7 Patch from mlamb: Add a way for protocols to disable 1/n-1 record splitting on TLS (which is used to counter the BEAST attack) for protocols that might want it.
Thijs Alkemade <me@thijsalkema.de>
parents: 5692
diff changeset
   531
    
78db6a0ed1c7 Patch from mlamb: Add a way for protocols to disable 1/n-1 record splitting on TLS (which is used to counter the BEAST attack) for protocols that might want it.
Thijs Alkemade <me@thijsalkema.de>
parents: 5692
diff changeset
   532
    
0
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   533
    if(gsc->host) {
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   534
        /*
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   535
         * Set the peer's domain name so CDSA can check the certificate's CN
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   536
         */
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   537
        err = SSLSetPeerDomainName(cdsa_data->ssl_ctx, gsc->host, strlen(gsc->host));
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   538
        if (err != noErr) {
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   539
            purple_debug_error("cdsa", "SSLSetPeerDomainName failed\n");
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   540
            if (gsc->error_cb != NULL)
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   541
                gsc->error_cb(gsc, PURPLE_SSL_HANDSHAKE_FAILED,
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   542
                              gsc->connect_cb_data);
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   543
            
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   544
            purple_ssl_close(gsc);
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   545
            return;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   546
        }
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   547
    }
5099
61f9ea4acc88 workaround to retry SSL handshake with buggy servers
Evan Kinney <emkinney@gmail.com>
parents: 3362
diff changeset
   548
    
0
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   549
	/*
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   550
     * Disable verifying the certificate chain.
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   551
	 * We have to do that manually later on! This is the only way to be able to continue with a connection, even though the user
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   552
	 * had to manually accept the certificate.
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   553
     */
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   554
	err = SSLSetEnableCertVerify(cdsa_data->ssl_ctx, false);
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   555
    if (err != noErr) {
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   556
		purple_debug_error("cdsa", "SSLSetEnableCertVerify failed\n");
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   557
        /* error is not fatal */
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   558
    }
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   559
	
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   560
	cdsa_data->handshake_handler = purple_input_add(gsc->fd, PURPLE_INPUT_READ, ssl_cdsa_handshake_cb, gsc);
5099
61f9ea4acc88 workaround to retry SSL handshake with buggy servers
Evan Kinney <emkinney@gmail.com>
parents: 3362
diff changeset
   561
}
0
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   562
5099
61f9ea4acc88 workaround to retry SSL handshake with buggy servers
Evan Kinney <emkinney@gmail.com>
parents: 3362
diff changeset
   563
/*
61f9ea4acc88 workaround to retry SSL handshake with buggy servers
Evan Kinney <emkinney@gmail.com>
parents: 3362
diff changeset
   564
 * ssl_cdsa_connect
61f9ea4acc88 workaround to retry SSL handshake with buggy servers
Evan Kinney <emkinney@gmail.com>
parents: 3362
diff changeset
   565
 *
61f9ea4acc88 workaround to retry SSL handshake with buggy servers
Evan Kinney <emkinney@gmail.com>
parents: 3362
diff changeset
   566
 * given a socket, put an cdsa connection around it.
61f9ea4acc88 workaround to retry SSL handshake with buggy servers
Evan Kinney <emkinney@gmail.com>
parents: 3362
diff changeset
   567
 */
61f9ea4acc88 workaround to retry SSL handshake with buggy servers
Evan Kinney <emkinney@gmail.com>
parents: 3362
diff changeset
   568
static void
61f9ea4acc88 workaround to retry SSL handshake with buggy servers
Evan Kinney <emkinney@gmail.com>
parents: 3362
diff changeset
   569
ssl_cdsa_connect(PurpleSslConnection *gsc) {
61f9ea4acc88 workaround to retry SSL handshake with buggy servers
Evan Kinney <emkinney@gmail.com>
parents: 3362
diff changeset
   570
	
61f9ea4acc88 workaround to retry SSL handshake with buggy servers
Evan Kinney <emkinney@gmail.com>
parents: 3362
diff changeset
   571
    ssl_cdsa_create_context(gsc);
61f9ea4acc88 workaround to retry SSL handshake with buggy servers
Evan Kinney <emkinney@gmail.com>
parents: 3362
diff changeset
   572
    
0
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   573
	// calling this here relys on the fact that SSLHandshake has to be called at least twice
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   574
	// to get an actual connection (first time returning errSSLWouldBlock).
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   575
	// I guess this is always the case because SSLHandshake has to send the initial greeting first, and then wait
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   576
	// for a reply from the server, which would block the connection. SSLHandshake is called again when the server
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   577
	// has sent its reply (this is achieved by the second line below)
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   578
    ssl_cdsa_handshake_cb(gsc, gsc->fd, PURPLE_INPUT_READ);
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   579
}
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   580
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   581
static void
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   582
ssl_cdsa_close(PurpleSslConnection *gsc)
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   583
{
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   584
	PurpleSslCDSAData *cdsa_data = PURPLE_SSL_CDSA_DATA(gsc);
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   585
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   586
#ifdef CDSA_DEBUG
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   587
	purple_debug_info("cdsa", "Closing PurpleSslConnection %p", cdsa_data);
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   588
#endif
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   589
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   590
	if (cdsa_data == NULL)
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   591
		return;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   592
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   593
	if (cdsa_data->handshake_handler)
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   594
		purple_input_remove(cdsa_data->handshake_handler);
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   595
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   596
	if (cdsa_data->ssl_ctx != NULL) {
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   597
        OSStatus err;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   598
        SSLSessionState state;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   599
        
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   600
        err = SSLGetSessionState(cdsa_data->ssl_ctx, &state);
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   601
        if(err != noErr)
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   602
            purple_debug_error("cdsa", "SSLGetSessionState failed\n");
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   603
        else if(state == kSSLConnected) {
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   604
            err = SSLClose(cdsa_data->ssl_ctx);
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   605
            if(err != noErr)
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   606
                purple_debug_error("cdsa", "SSLClose failed\n");
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   607
        }
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   608
		
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   609
#ifdef CDSA_DEBUG
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   610
		purple_debug_info("cdsa", "SSLDisposeContext(%p)", cdsa_data->ssl_ctx);
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   611
#endif
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   612
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   613
        err = SSLDisposeContext(cdsa_data->ssl_ctx);
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   614
        if(err != noErr)
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   615
            purple_debug_error("cdsa", "SSLDisposeContext failed\n");
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   616
        cdsa_data->ssl_ctx = NULL;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   617
    }
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   618
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   619
	connections = g_list_remove(connections, gsc);
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   620
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   621
	g_free(cdsa_data);
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   622
	gsc->private_data = NULL;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   623
}
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   624
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   625
static size_t
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   626
ssl_cdsa_read(PurpleSslConnection *gsc, void *data, size_t len)
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   627
{
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   628
	PurpleSslCDSAData *cdsa_data = PURPLE_SSL_CDSA_DATA(gsc);
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   629
	OSStatus	err;			/* Error info */
5880
5a28350c3d82 Really fix #16356: After calling SSLRead, first check if any bytes have actually been processed. If that's true, then ignore any error that might have been returned. This actually matches the semantics of read. It feels weird to ignore errors, especially when dealing with TLS, but this seems to match the implementation of SSLRead.
Thijs Alkemade <me@thijsalkema.de>
parents: 5877
diff changeset
   630
	size_t		processed = 0;		/* Number of bytes processed */
0
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   631
	size_t		result;			/* Return value */
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   632
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   633
    errno = 0;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   634
    err = SSLRead(cdsa_data->ssl_ctx, data, len, &processed);
5880
5a28350c3d82 Really fix #16356: After calling SSLRead, first check if any bytes have actually been processed. If that's true, then ignore any error that might have been returned. This actually matches the semantics of read. It feels weird to ignore errors, especially when dealing with TLS, but this seems to match the implementation of SSLRead.
Thijs Alkemade <me@thijsalkema.de>
parents: 5877
diff changeset
   635
	if (processed <= 0) {
5a28350c3d82 Really fix #16356: After calling SSLRead, first check if any bytes have actually been processed. If that's true, then ignore any error that might have been returned. This actually matches the semantics of read. It feels weird to ignore errors, especially when dealing with TLS, but this seems to match the implementation of SSLRead.
Thijs Alkemade <me@thijsalkema.de>
parents: 5877
diff changeset
   636
		switch (err) {
5a28350c3d82 Really fix #16356: After calling SSLRead, first check if any bytes have actually been processed. If that's true, then ignore any error that might have been returned. This actually matches the semantics of read. It feels weird to ignore errors, especially when dealing with TLS, but this seems to match the implementation of SSLRead.
Thijs Alkemade <me@thijsalkema.de>
parents: 5877
diff changeset
   637
			case noErr:
5a28350c3d82 Really fix #16356: After calling SSLRead, first check if any bytes have actually been processed. If that's true, then ignore any error that might have been returned. This actually matches the semantics of read. It feels weird to ignore errors, especially when dealing with TLS, but this seems to match the implementation of SSLRead.
Thijs Alkemade <me@thijsalkema.de>
parents: 5877
diff changeset
   638
				result = processed;
5a28350c3d82 Really fix #16356: After calling SSLRead, first check if any bytes have actually been processed. If that's true, then ignore any error that might have been returned. This actually matches the semantics of read. It feels weird to ignore errors, especially when dealing with TLS, but this seems to match the implementation of SSLRead.
Thijs Alkemade <me@thijsalkema.de>
parents: 5877
diff changeset
   639
				break;
5a28350c3d82 Really fix #16356: After calling SSLRead, first check if any bytes have actually been processed. If that's true, then ignore any error that might have been returned. This actually matches the semantics of read. It feels weird to ignore errors, especially when dealing with TLS, but this seems to match the implementation of SSLRead.
Thijs Alkemade <me@thijsalkema.de>
parents: 5877
diff changeset
   640
			case errSSLWouldBlock:
5a28350c3d82 Really fix #16356: After calling SSLRead, first check if any bytes have actually been processed. If that's true, then ignore any error that might have been returned. This actually matches the semantics of read. It feels weird to ignore errors, especially when dealing with TLS, but this seems to match the implementation of SSLRead.
Thijs Alkemade <me@thijsalkema.de>
parents: 5877
diff changeset
   641
				errno = EAGAIN;
5a28350c3d82 Really fix #16356: After calling SSLRead, first check if any bytes have actually been processed. If that's true, then ignore any error that might have been returned. This actually matches the semantics of read. It feels weird to ignore errors, especially when dealing with TLS, but this seems to match the implementation of SSLRead.
Thijs Alkemade <me@thijsalkema.de>
parents: 5877
diff changeset
   642
				result = ((processed > 0) ? processed : -1);
5a28350c3d82 Really fix #16356: After calling SSLRead, first check if any bytes have actually been processed. If that's true, then ignore any error that might have been returned. This actually matches the semantics of read. It feels weird to ignore errors, especially when dealing with TLS, but this seems to match the implementation of SSLRead.
Thijs Alkemade <me@thijsalkema.de>
parents: 5877
diff changeset
   643
				break;
5a28350c3d82 Really fix #16356: After calling SSLRead, first check if any bytes have actually been processed. If that's true, then ignore any error that might have been returned. This actually matches the semantics of read. It feels weird to ignore errors, especially when dealing with TLS, but this seems to match the implementation of SSLRead.
Thijs Alkemade <me@thijsalkema.de>
parents: 5877
diff changeset
   644
			case errSSLClosedGraceful:
5a28350c3d82 Really fix #16356: After calling SSLRead, first check if any bytes have actually been processed. If that's true, then ignore any error that might have been returned. This actually matches the semantics of read. It feels weird to ignore errors, especially when dealing with TLS, but this seems to match the implementation of SSLRead.
Thijs Alkemade <me@thijsalkema.de>
parents: 5877
diff changeset
   645
				result = 0;
5a28350c3d82 Really fix #16356: After calling SSLRead, first check if any bytes have actually been processed. If that's true, then ignore any error that might have been returned. This actually matches the semantics of read. It feels weird to ignore errors, especially when dealing with TLS, but this seems to match the implementation of SSLRead.
Thijs Alkemade <me@thijsalkema.de>
parents: 5877
diff changeset
   646
				break;
5894
60d7d05396d7 Workaround for Yahoo's https server closing the connection without sending close_notify first. Thanks to reanimus for the patch. Fixes #16678. r=kbotc
mathuaerknedam <adium@ei8ht.us>
parents: 5881
diff changeset
   647
			case errSSLClosedNoNotify:
60d7d05396d7 Workaround for Yahoo's https server closing the connection without sending close_notify first. Thanks to reanimus for the patch. Fixes #16678. r=kbotc
mathuaerknedam <adium@ei8ht.us>
parents: 5881
diff changeset
   648
				result = ((processed > 0) ? processed : 0);
60d7d05396d7 Workaround for Yahoo's https server closing the connection without sending close_notify first. Thanks to reanimus for the patch. Fixes #16678. r=kbotc
mathuaerknedam <adium@ei8ht.us>
parents: 5881
diff changeset
   649
				purple_debug_info("cdsa", "receive got a premature termination" );
60d7d05396d7 Workaround for Yahoo's https server closing the connection without sending close_notify first. Thanks to reanimus for the patch. Fixes #16678. r=kbotc
mathuaerknedam <adium@ei8ht.us>
parents: 5881
diff changeset
   650
				break;
60d7d05396d7 Workaround for Yahoo's https server closing the connection without sending close_notify first. Thanks to reanimus for the patch. Fixes #16678. r=kbotc
mathuaerknedam <adium@ei8ht.us>
parents: 5881
diff changeset
   651
			case errSSLClosedAbort:
60d7d05396d7 Workaround for Yahoo's https server closing the connection without sending close_notify first. Thanks to reanimus for the patch. Fixes #16678. r=kbotc
mathuaerknedam <adium@ei8ht.us>
parents: 5881
diff changeset
   652
				result = ((processed > 0) ? processed : 0);
60d7d05396d7 Workaround for Yahoo's https server closing the connection without sending close_notify first. Thanks to reanimus for the patch. Fixes #16678. r=kbotc
mathuaerknedam <adium@ei8ht.us>
parents: 5881
diff changeset
   653
				purple_debug_info("cdsa", "receive got a premature termination" );
60d7d05396d7 Workaround for Yahoo's https server closing the connection without sending close_notify first. Thanks to reanimus for the patch. Fixes #16678. r=kbotc
mathuaerknedam <adium@ei8ht.us>
parents: 5881
diff changeset
   654
				break;
5880
5a28350c3d82 Really fix #16356: After calling SSLRead, first check if any bytes have actually been processed. If that's true, then ignore any error that might have been returned. This actually matches the semantics of read. It feels weird to ignore errors, especially when dealing with TLS, but this seems to match the implementation of SSLRead.
Thijs Alkemade <me@thijsalkema.de>
parents: 5877
diff changeset
   655
			default:
5a28350c3d82 Really fix #16356: After calling SSLRead, first check if any bytes have actually been processed. If that's true, then ignore any error that might have been returned. This actually matches the semantics of read. It feels weird to ignore errors, especially when dealing with TLS, but this seems to match the implementation of SSLRead.
Thijs Alkemade <me@thijsalkema.de>
parents: 5877
diff changeset
   656
				result = -1;
5a28350c3d82 Really fix #16356: After calling SSLRead, first check if any bytes have actually been processed. If that's true, then ignore any error that might have been returned. This actually matches the semantics of read. It feels weird to ignore errors, especially when dealing with TLS, but this seems to match the implementation of SSLRead.
Thijs Alkemade <me@thijsalkema.de>
parents: 5877
diff changeset
   657
				purple_debug_error("cdsa", "receive failed (%d): %s\n", (int)err, strerror(errno));
5a28350c3d82 Really fix #16356: After calling SSLRead, first check if any bytes have actually been processed. If that's true, then ignore any error that might have been returned. This actually matches the semantics of read. It feels weird to ignore errors, especially when dealing with TLS, but this seems to match the implementation of SSLRead.
Thijs Alkemade <me@thijsalkema.de>
parents: 5877
diff changeset
   658
				break;
5a28350c3d82 Really fix #16356: After calling SSLRead, first check if any bytes have actually been processed. If that's true, then ignore any error that might have been returned. This actually matches the semantics of read. It feels weird to ignore errors, especially when dealing with TLS, but this seems to match the implementation of SSLRead.
Thijs Alkemade <me@thijsalkema.de>
parents: 5877
diff changeset
   659
		}
5a28350c3d82 Really fix #16356: After calling SSLRead, first check if any bytes have actually been processed. If that's true, then ignore any error that might have been returned. This actually matches the semantics of read. It feels weird to ignore errors, especially when dealing with TLS, but this seems to match the implementation of SSLRead.
Thijs Alkemade <me@thijsalkema.de>
parents: 5877
diff changeset
   660
	} else {
5a28350c3d82 Really fix #16356: After calling SSLRead, first check if any bytes have actually been processed. If that's true, then ignore any error that might have been returned. This actually matches the semantics of read. It feels weird to ignore errors, especially when dealing with TLS, but this seems to match the implementation of SSLRead.
Thijs Alkemade <me@thijsalkema.de>
parents: 5877
diff changeset
   661
		result = processed;
0
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   662
	}
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   663
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   664
    return result;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   665
}
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   666
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   667
static size_t
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   668
ssl_cdsa_write(PurpleSslConnection *gsc, const void *data, size_t len)
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   669
{
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   670
	PurpleSslCDSAData *cdsa_data = PURPLE_SSL_CDSA_DATA(gsc);
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   671
	OSStatus	err;			/* Error info */
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   672
	size_t		processed;		/* Number of bytes processed */
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   673
	size_t		result;			/* Return value */
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   674
	
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   675
	if (cdsa_data != NULL) {
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   676
#ifdef CDSA_DEBUG
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   677
		purple_debug_info("cdsa", "SSLWrite(%p, %p %i)", cdsa_data->ssl_ctx, data, len);
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   678
#endif
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   679
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   680
        err = SSLWrite(cdsa_data->ssl_ctx, data, len, &processed);
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   681
        
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   682
		switch (err) {
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   683
			case noErr:
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   684
				result = processed;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   685
				break;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   686
			case errSSLWouldBlock:
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   687
				errno = EAGAIN;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   688
				result = ((processed > 0) ? processed : -1);
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   689
				break;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   690
			case errSSLClosedGraceful:
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   691
				result = 0;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   692
				break;
5894
60d7d05396d7 Workaround for Yahoo's https server closing the connection without sending close_notify first. Thanks to reanimus for the patch. Fixes #16678. r=kbotc
mathuaerknedam <adium@ei8ht.us>
parents: 5881
diff changeset
   693
			case errSSLClosedNoNotify:
60d7d05396d7 Workaround for Yahoo's https server closing the connection without sending close_notify first. Thanks to reanimus for the patch. Fixes #16678. r=kbotc
mathuaerknedam <adium@ei8ht.us>
parents: 5881
diff changeset
   694
				result = ((processed > 0) ? processed : 0);
60d7d05396d7 Workaround for Yahoo's https server closing the connection without sending close_notify first. Thanks to reanimus for the patch. Fixes #16678. r=kbotc
mathuaerknedam <adium@ei8ht.us>
parents: 5881
diff changeset
   695
				purple_debug_info("cdsa", "send got a premature termination" );
60d7d05396d7 Workaround for Yahoo's https server closing the connection without sending close_notify first. Thanks to reanimus for the patch. Fixes #16678. r=kbotc
mathuaerknedam <adium@ei8ht.us>
parents: 5881
diff changeset
   696
				break;
60d7d05396d7 Workaround for Yahoo's https server closing the connection without sending close_notify first. Thanks to reanimus for the patch. Fixes #16678. r=kbotc
mathuaerknedam <adium@ei8ht.us>
parents: 5881
diff changeset
   697
			case errSSLClosedAbort:
60d7d05396d7 Workaround for Yahoo's https server closing the connection without sending close_notify first. Thanks to reanimus for the patch. Fixes #16678. r=kbotc
mathuaerknedam <adium@ei8ht.us>
parents: 5881
diff changeset
   698
				result = ((processed > 0) ? processed : 0);
60d7d05396d7 Workaround for Yahoo's https server closing the connection without sending close_notify first. Thanks to reanimus for the patch. Fixes #16678. r=kbotc
mathuaerknedam <adium@ei8ht.us>
parents: 5881
diff changeset
   699
				purple_debug_info("cdsa", "send got a premature termination" );
60d7d05396d7 Workaround for Yahoo's https server closing the connection without sending close_notify first. Thanks to reanimus for the patch. Fixes #16678. r=kbotc
mathuaerknedam <adium@ei8ht.us>
parents: 5881
diff changeset
   700
				break;
0
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   701
			default:
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   702
				result = -1;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   703
				purple_debug_error("cdsa", "send failed (%d): %s\n", (int)err, strerror(errno));
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   704
				break;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   705
		}
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   706
		
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   707
		return result;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   708
    } else {
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   709
		return -1;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   710
	}
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   711
}
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   712
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   713
static gboolean register_certificate_ui_cb(query_cert_chain cb) {
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   714
	certificate_ui_cb = cb;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   715
	
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   716
	return true;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   717
}
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   718
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   719
static gboolean copy_certificate_chain(PurpleSslConnection *gsc /* IN */, CFArrayRef *result /* OUT */) {
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   720
	PurpleSslCDSAData *cdsa_data = PURPLE_SSL_CDSA_DATA(gsc);
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   721
#if MAC_OS_X_VERSION_10_5 > MAC_OS_X_VERSION_MAX_ALLOWED
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   722
	// this function was declared deprecated in 10.5
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   723
	return SSLGetPeerCertificates(cdsa_data->ssl_ctx, result) == noErr;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   724
#else
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   725
	return SSLCopyPeerCertificates(cdsa_data->ssl_ctx, result) == noErr;
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   726
#endif
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   727
}
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   728
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   729
static PurpleSslOps ssl_ops = {
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   730
	ssl_cdsa_init,
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   731
	ssl_cdsa_uninit,
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   732
	ssl_cdsa_connect,
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   733
	ssl_cdsa_close,
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   734
	ssl_cdsa_read,
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   735
	ssl_cdsa_write,
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   736
	NULL, /* get_peer_certificates */
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   737
	NULL, /* reserved2 */
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   738
	NULL, /* reserved3 */
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   739
	NULL  /* reserved4 */
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   740
};
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   741
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   742
#endif /* HAVE_CDSA */
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   743
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   744
static gboolean
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   745
plugin_load(PurplePlugin *plugin)
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   746
{
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   747
#ifdef HAVE_CDSA
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   748
	if (!purple_ssl_get_ops())
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   749
		purple_ssl_set_ops(&ssl_ops);
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   750
	
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   751
	purple_plugin_ipc_register(plugin,
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   752
							   "register_certificate_ui_cb",
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   753
							   PURPLE_CALLBACK(register_certificate_ui_cb),
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   754
							   purple_marshal_BOOLEAN__POINTER,
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   755
							   purple_value_new(PURPLE_TYPE_BOOLEAN),
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   756
							   1, purple_value_new(PURPLE_TYPE_POINTER));
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   757
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   758
	purple_plugin_ipc_register(plugin,
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   759
							   "copy_certificate_chain",
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   760
							   PURPLE_CALLBACK(copy_certificate_chain),
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   761
							   purple_marshal_BOOLEAN__POINTER_POINTER,
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   762
							   purple_value_new(PURPLE_TYPE_BOOLEAN),
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   763
							   2, purple_value_new(PURPLE_TYPE_POINTER), purple_value_new(PURPLE_TYPE_POINTER));
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   764
	
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   765
	return (TRUE);
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   766
#else
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   767
	return (FALSE);
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   768
#endif
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   769
}
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   770
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   771
static gboolean
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   772
plugin_unload(PurplePlugin *plugin)
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   773
{
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   774
#ifdef HAVE_CDSA
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   775
	if (purple_ssl_get_ops() == &ssl_ops)
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   776
		purple_ssl_set_ops(NULL);
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   777
	
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   778
	purple_plugin_ipc_unregister_all(plugin);
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   779
#endif
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   780
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   781
	return (TRUE);
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   782
}
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   783
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   784
static PurplePluginInfo info = {
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   785
	PURPLE_PLUGIN_MAGIC,
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   786
	PURPLE_MAJOR_VERSION,
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   787
	PURPLE_MINOR_VERSION,
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   788
	PURPLE_PLUGIN_STANDARD,				/* type */
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   789
	NULL,						/* ui_requirement */
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   790
	PURPLE_PLUGIN_FLAG_INVISIBLE,			/* flags */
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   791
	NULL,						/* dependencies */
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   792
	PURPLE_PRIORITY_DEFAULT,				/* priority */
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   793
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   794
	SSL_CDSA_PLUGIN_ID,				/* id */
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   795
	N_("CDSA"),					/* name */
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   796
	"0.1",					/* version */
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   797
3362
ecd5bd357b36 Cleanup
Evan Schoenberg
parents: 3094
diff changeset
   798
	N_("Provides SSL support through CDSA."),	/* summary */
0
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   799
	N_("Provides SSL support through CDSA."),	/* description */
3362
ecd5bd357b36 Cleanup
Evan Schoenberg
parents: 3094
diff changeset
   800
	"CDSA",										/* author */
0
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   801
	"http://www.opengroup.org/security/l2-cdsa.htm",						/* homepage */
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   802
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   803
	plugin_load,					/* load */
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   804
	plugin_unload,					/* unload */
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   805
	NULL,						/* destroy */
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   806
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   807
	NULL,						/* ui_info */
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   808
	NULL,						/* extra_info */
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   809
	NULL,						/* prefs_info */
3081
6388b2768ef1 Complete libpurple uiops struct initializers in AdiumLibpurple.framework
Stephen Holt <sholt@adium.im>
parents: 3078
diff changeset
   810
	NULL,						/* actions */
6388b2768ef1 Complete libpurple uiops struct initializers in AdiumLibpurple.framework
Stephen Holt <sholt@adium.im>
parents: 3078
diff changeset
   811
	/* _purple_reserved 1-4 */
6388b2768ef1 Complete libpurple uiops struct initializers in AdiumLibpurple.framework
Stephen Holt <sholt@adium.im>
parents: 3078
diff changeset
   812
	NULL, NULL, NULL, NULL
0
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   813
};
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   814
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   815
static void
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   816
init_plugin(PurplePlugin *plugin)
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   817
{
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   818
}
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   819
e22ad6bc8b46 svn 1.5 merge tracking is terrible. This is a manual merge of the Sparkle 1.5 branch into trunk
David Smith
parents:
diff changeset
   820
PURPLE_INIT_PLUGIN(ssl_cdsa, init_plugin, info)