Age | Commit message (Collapse) | Author |
|
This patch corresponds with the Swiften commit
5f1cb0d768265347bc80862c33f5967f07759b10 whose comment reads
Release-Notes: Fixed a bug whereby the sender of an iq wasn't being
checked before matching it to a request.
Note that since the Swiften change, other modifications have been made
to the affected files, and these modifications are not reflected in
this patch.
Test-information:
Code builds. Ran with MLC to make sure things all seem to work OK.
Change-Id: Ife96925d4d728bc0fe749d6b5b849fbe4e866315
|
|
This change moves responsibility for creating the TLSContextFactory
from CoreClient into NetworkFactories, which is in line with the
Swiften implementation.
This means that a caller may now provide his own concrete
TLSContextFactory using code of the form:
NetworkFactories myNetworkFactories;
.
.
myNetworkFactories = new JavaNetworkFactories(eventLoop()) {
@Override
public TLSContextFactory getTLSContextFactory() {
return new MyTLSContextFactory();
}
};
Test-information:
I implemented separate TLSContextFactory and TLSContext classes that
used OpenSSL via JNI) to provide SSL functionality. I was able to
switch to using these with the mechanism that this patch provides.
I also verified that existing code which doesn't try to provide its
own NetworkFactories subclass still works as before (i.e. this patch
doesn't break existing applications).
Change-Id: Ibf07ddbbb4a4d39e4bb30a28be9aa0c43afe005f
Signed-off-by: Nick Hudson <nick.hudson@isode.com>
|
|
Change-Id: Id2710c674abc19cdf2b37f97fe53288b86c7f367
|
|
|
|
|
|
Makes ClientOptions do more.
|
|
|
|
The javadoc for the method was not in line with its behaviour, so you
could get a NullPointerException if you asked for a session
certificate when the session wasn't TLS.
This patch makes the code do what the javadoc says (and what clients
most likely want)
Test-information:
Returns null rather than crashing when I ask for a certificate on a
non-TLS stream.
|
|
Corresponding with change in Swiften (assuming that is approved; it's
not yet been integrated at the time of writing)
Test-information:
Works as expected in my test applications
|
|
This change
- renames the "onError" signal to be "onDisconnected" (as per change
59be74ec6 in Swiften)
- adds "setCertificateTrustChecker()" method and uses the supplied checker
when configuring TLS
Test-information:
My applications still work.
When I configure my server with a certificate that doesn't correspond
to the requirements in RFC 6120, my CertificateTrustChecker gets
called, and the session is either dropped or maintained depending on
what my checker returns.
|
|
This change provides the functionality to allow clients to specify a
PKCS#12 file containing client certificate/key for use when starting
TLS sessions.
The PKCS12Certificate class now subclasses "CertificateWithKey"
(matching the Swiften implementation).
Swiften also has "CAPICertificate", which is another subclass of
CertificateWithKey. This has not been provided in this patch.
From a client's point of view, all that's necessary to specify a
certificate to be used for TLS is to do something like
CertificateWithKey myCert = new PKCS12Certificate(
"/home/fred/myp12file.p12",
"secret".toCharArray());
coreClient.setCertificate(myCert);
before calling "CoreClient.connect".
Matching the Swiften functionality, constructing a new
PKCS12Certificate does not actually perform validation of the P12
file/passphrase; that takes place when the p12 file is used.
There is limited scope for returning to the caller errors describing
possible problems, but JSSEContext uses the "emitError" method which
does maintain error information, which is available in a debugger, or
from the JSSEContext.toString() method.
Test-information:
Set up an M-Link server with TLS verified that
- when I specify a client certificate with suitable SAN, the client
sends it and the server reports authentication using the certificate
- when I specify a client certificate without a suitable SAN, the
client sends it but the server rejects it
|
|
|
|
Also made "Stanza" be an abstract class and had its ".toString()" include
the name of the subclass which is involved, so that the subclasses don't
have to do that themselves.
Also added null check to existing HostAddress.toString() method
Also fixed Remko copyright in Connector class
Test-information:
Stuff is displayed as expected in debugger.
|
|
Test-information:
Looks okay.
|
|
|
|
|