static gboolean
plugin_load(PurplePlugin *plugin)
{
#ifdef HAVE_CDSA
if (!purple_ssl_get_ops())
purple_ssl_set_ops(&ssl_ops);
purple_plugin_ipc_register(plugin,
"register_certificate_ui_cb",
PURPLE_CALLBACK(register_certificate_ui_cb),
purple_marshal_BOOLEAN__POINTER,
purple_value_new(PURPLE_TYPE_BOOLEAN),
1, purple_value_new(PURPLE_TYPE_POINTER));
purple_plugin_ipc_register(plugin,
"copy_certificate_chain",
PURPLE_CALLBACK(copy_certificate_chain),
purple_marshal_BOOLEAN__POINTER_POINTER,
purple_value_new(PURPLE_TYPE_BOOLEAN),
2, purple_value_new(PURPLE_TYPE_POINTER), purple_value_new(PURPLE_TYPE_POINTER));
purple_plugin_ipc_register(plugin,
"get_cipher_details",
PURPLE_CALLBACK(get_cipher_details),
purple_marshal_BOOLEAN__POINTER_POINTER_POINTER_POINTER_POINTER,
purple_value_new(PURPLE_TYPE_BOOLEAN),
5, purple_value_new(PURPLE_TYPE_POINTER), purple_value_new(PURPLE_TYPE_POINTER),
purple_value_new(PURPLE_TYPE_POINTER), purple_value_new(PURPLE_TYPE_POINTER), purple_value_new(PURPLE_TYPE_POINTER));
return (TRUE);
#else
return (FALSE);
#endif
}
void
purple_ssl_close(PurpleSslConnection *gsc)
{
PurpleSslOps *ops;
g_return_if_fail(gsc != NULL);
purple_request_close_with_handle(gsc);
purple_notify_close_with_handle(gsc);
ops = purple_ssl_get_ops();
(ops->close)(gsc);
if (gsc->connect_data != NULL)
purple_proxy_connect_cancel(gsc->connect_data);
if (gsc->inpa > 0)
purple_input_remove(gsc->inpa);
if (gsc->fd >= 0)
close(gsc->fd);
g_free(gsc->host);
g_free(gsc);
}
static gboolean
plugin_unload(PurplePlugin *plugin)
{
if (purple_ssl_get_ops() == &ssl_ops)
purple_ssl_set_ops(NULL);
return (TRUE);
}
static gboolean
plugin_unload(PurplePlugin *plugin)
{
#ifdef HAVE_OPENSSL
if (purple_ssl_get_ops() == &ssl_ops)
purple_ssl_set_ops(NULL);
#endif
return (TRUE);
}
GList *
purple_ssl_get_peer_certificates(PurpleSslConnection *gsc)
{
PurpleSslOps *ops;
g_return_val_if_fail(gsc != NULL, NULL);
ops = purple_ssl_get_ops();
return (ops->get_peer_certificates)(gsc);
}
gboolean
purple_ssl_is_supported(void)
{
#ifdef HAVE_SSL
ssl_init();
return (purple_ssl_get_ops() != NULL);
#else
return FALSE;
#endif
}
static gboolean
plugin_load(PurplePlugin *plugin)
{
if (!purple_ssl_get_ops())
purple_ssl_set_ops(&ssl_ops);
/* Init OpenSSL now so others can use it even if sslconn never does */
ssl_openssl_init_openssl();
return (TRUE);
}
static gboolean
plugin_unload(PurplePlugin *plugin)
{
if(purple_ssl_get_ops() == &ssl_ops) {
purple_ssl_set_ops(NULL);
}
purple_certificate_unregister_scheme( &x509_gnutls );
return TRUE;
}
size_t
purple_ssl_write(PurpleSslConnection *gsc, const void *data, size_t len)
{
PurpleSslOps *ops;
g_return_val_if_fail(gsc != NULL, 0);
g_return_val_if_fail(data != NULL, 0);
g_return_val_if_fail(len > 0, 0);
ops = purple_ssl_get_ops();
return (ops->write)(gsc, data, len);
}
static gboolean
plugin_unload(PurplePlugin *plugin)
{
#ifdef HAVE_CDSA
if (purple_ssl_get_ops() == &ssl_ops)
purple_ssl_set_ops(NULL);
purple_plugin_ipc_unregister_all(plugin);
#endif
return (TRUE);
}
void
purple_ssl_uninit(void)
{
PurpleSslOps *ops;
if (!_ssl_initialized)
return;
ops = purple_ssl_get_ops();
ops->uninit();
_ssl_initialized = FALSE;
}
static gboolean
plugin_load(PurplePlugin *plugin)
{
#ifdef HAVE_OPENSSL
if (!purple_ssl_get_ops())
purple_ssl_set_ops(&ssl_ops);
/* Init OpenSSL now so others can use it even if sslconn never does */
ssl_openssl_init_openssl();
return (TRUE);
#else
return (FALSE);
#endif
}
static gboolean
plugin_load(PurplePlugin *plugin)
{
if(!purple_ssl_get_ops()) {
purple_ssl_set_ops(&ssl_ops);
}
/* Init GNUTLS now so others can use it even if sslconn never does */
ssl_gnutls_init_gnutls();
/* Register that we're providing an X.509 CertScheme */
purple_certificate_register_scheme( &x509_gnutls );
return TRUE;
}
PurpleSslConnection *
purple_ssl_connect_with_host_fd(PurpleAccount *account, int fd,
PurpleSslInputFunction func,
PurpleSslErrorFunction error_func,
const char *host,
void *data)
{
PurpleSslConnection *gsc;
PurpleSslOps *ops;
g_return_val_if_fail(fd != -1, NULL);
g_return_val_if_fail(func != NULL, NULL);
g_return_val_if_fail(purple_ssl_is_supported(), NULL);
if (!_ssl_initialized)
{
if (!ssl_init())
return NULL;
}
gsc = g_new0(PurpleSslConnection, 1);
gsc->connect_cb_data = data;
gsc->connect_cb = func;
gsc->error_cb = error_func;
gsc->fd = fd;
if(host)
gsc->host = g_strdup(host);
/* TODO: Move this elsewhere */
gsc->verifier = purple_certificate_find_verifier("x509","tls_cached");
ops = purple_ssl_get_ops();
ops->connectfunc(gsc);
return (PurpleSslConnection *)gsc;
}
static void
purple_ssl_connect_cb(gpointer data, gint source, const gchar *error_message)
{
PurpleSslConnection *gsc;
PurpleSslOps *ops;
gsc = data;
gsc->connect_data = NULL;
if (source < 0)
{
if (gsc->error_cb != NULL)
gsc->error_cb(gsc, PURPLE_SSL_CONNECT_FAILED, gsc->connect_cb_data);
purple_ssl_close(gsc);
return;
}
gsc->fd = source;
ops = purple_ssl_get_ops();
ops->connectfunc(gsc);
}
static gboolean
ssl_init(void)
{
PurplePlugin *plugin;
PurpleSslOps *ops;
if (_ssl_initialized)
return FALSE;
plugin = purple_plugins_find_with_id("core-ssl");
if (plugin != NULL && !purple_plugin_is_loaded(plugin))
purple_plugin_load(plugin);
ops = purple_ssl_get_ops();
if ((ops == NULL) || (ops->init == NULL) || (ops->uninit == NULL) ||
(ops->connectfunc == NULL) || (ops->close == NULL) ||
(ops->read == NULL) || (ops->write == NULL))
{
return FALSE;
}
return (_ssl_initialized = ops->init());
}
static void ssl_gnutls_handshake_cb(gpointer data, gint source,
PurpleInputCondition cond)
{
PurpleSslConnection *gsc = data;
PurpleSslGnutlsData *gnutls_data = PURPLE_SSL_GNUTLS_DATA(gsc);
ssize_t ret;
/*purple_debug_info("gnutls", "Handshaking with %s\n", gsc->host);*/
ret = gnutls_handshake(gnutls_data->session);
if(ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED)
return;
purple_input_remove(gnutls_data->handshake_handler);
gnutls_data->handshake_handler = 0;
if(ret != 0) {
purple_debug_error("gnutls", "Handshake failed. Error %s\n",
gnutls_strerror(ret));
if(gsc->error_cb != NULL)
gsc->error_cb(gsc, PURPLE_SSL_HANDSHAKE_FAILED,
gsc->connect_cb_data);
purple_ssl_close(gsc);
} else {
/* Now we are cooking with gas! */
PurpleSslOps *ops = purple_ssl_get_ops();
GList * peers = ops->get_peer_certificates(gsc);
PurpleCertificateScheme *x509 =
purple_certificate_find_scheme("x509");
GList * l;
/* TODO: Remove all this debugging babble */
purple_debug_info("gnutls", "Handshake complete\n");
for (l=peers; l; l = l->next) {
PurpleCertificate *crt = l->data;
GByteArray *z =
x509->get_fingerprint_sha1(crt);
gchar * fpr =
purple_base16_encode_chunked(z->data,
z->len);
purple_debug_info("gnutls/x509",
"Key print: %s\n",
fpr);
/* Kill the cert! */
x509->destroy_certificate(crt);
g_free(fpr);
g_byte_array_free(z, TRUE);
}
g_list_free(peers);
{
const gnutls_datum_t *cert_list;
unsigned int cert_list_size = 0;
gnutls_session_t session=gnutls_data->session;
guint i;
cert_list =
gnutls_certificate_get_peers(session, &cert_list_size);
purple_debug_info("gnutls",
"Peer provided %d certs\n",
cert_list_size);
for (i=0; i<cert_list_size; i++)
{
gchar fpr_bin[256];
gsize fpr_bin_sz = sizeof(fpr_bin);
gchar * fpr_asc = NULL;
gchar tbuf[256];
gsize tsz=sizeof(tbuf);
gchar * tasc = NULL;
gnutls_x509_crt_t cert;
gnutls_x509_crt_init(&cert);
gnutls_x509_crt_import (cert, &cert_list[i],
GNUTLS_X509_FMT_DER);
gnutls_x509_crt_get_fingerprint(cert, GNUTLS_DIG_SHA,
fpr_bin, &fpr_bin_sz);
fpr_asc =
purple_base16_encode_chunked((const guchar *)fpr_bin, fpr_bin_sz);
purple_debug_info("gnutls",
"Lvl %d SHA1 fingerprint: %s\n",
i, fpr_asc);
tsz=sizeof(tbuf);
gnutls_x509_crt_get_serial(cert,tbuf,&tsz);
tasc=purple_base16_encode_chunked((const guchar *)tbuf, tsz);
purple_debug_info("gnutls",
"Serial: %s\n",
tasc);
g_free(tasc);
tsz=sizeof(tbuf);
gnutls_x509_crt_get_dn (cert, tbuf, &tsz);
purple_debug_info("gnutls",
"Cert DN: %s\n",
tbuf);
tsz=sizeof(tbuf);
gnutls_x509_crt_get_issuer_dn (cert, tbuf, &tsz);
purple_debug_info("gnutls",
"Cert Issuer DN: %s\n",
tbuf);
g_free(fpr_asc);
fpr_asc = NULL;
gnutls_x509_crt_deinit(cert);
}
}
/* TODO: The following logic should really be in libpurple */
/* If a Verifier was given, hand control over to it */
if (gsc->verifier) {
GList *peers;
/* First, get the peer cert chain */
peers = purple_ssl_get_peer_certificates(gsc);
/* Now kick off the verification process */
purple_certificate_verify(gsc->verifier,
gsc->host,
peers,
ssl_gnutls_verified_cb,
gsc);
purple_certificate_destroy_list(peers);
} else {
/* Otherwise, just call the "connection complete"
callback */
gsc->connect_cb(gsc->connect_cb_data, gsc, cond);
}
}
}
