Swiftdiff options
| author | Tobias Markmann <tm@ayena.de> | 2012-05-04 21:39:30 (GMT) |
|---|---|---|
| committer | Remko Tronçon <git@el-tramo.be> | 2012-05-11 19:29:38 (GMT) |
| commit | 0f91f88ac69644fb7e7bdbf601b7e098194490fa (patch) | |
| tree | e66ca4acbf869c82bba607ca9c394a47615c6e6e /Swiften/TLS/OpenSSL/OpenSSLContext.cpp | |
| parent | 15ed4a079a8bbe3cc9ee2ca47233be7b890464ec (diff) | |
| download | swift-contrib-0f91f88ac69644fb7e7bdbf601b7e098194490fa.zip swift-contrib-0f91f88ac69644fb7e7bdbf601b7e098194490fa.tar.bz2 | |
Showing stream encryption status in the roster header. Provide native certificate viewers on click.
Native viewers for Windows and Mac OS X are implemented.
Added TODOs to OpenSSL based TLS interface related to CRL and OCSP.
Resolves: #167
License: This patch is BSD-licensed, see http://www.opensource.org/licenses/bsd-license.php
Diffstat (limited to 'Swiften/TLS/OpenSSL/OpenSSLContext.cpp')
| -rw-r--r-- | Swiften/TLS/OpenSSL/OpenSSLContext.cpp | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/Swiften/TLS/OpenSSL/OpenSSLContext.cpp b/Swiften/TLS/OpenSSL/OpenSSLContext.cpp index 8c03052..58a8d05 100644 --- a/Swiften/TLS/OpenSSL/OpenSSLContext.cpp +++ b/Swiften/TLS/OpenSSL/OpenSSLContext.cpp @@ -33,18 +33,24 @@ static const int SSL_READ_BUFFERSIZE = 8192; void freeX509Stack(STACK_OF(X509)* stack) { sk_X509_free(stack); } OpenSSLContext::OpenSSLContext() : state_(Start), context_(0), handle_(0), readBIO_(0), writeBIO_(0) { ensureLibraryInitialized(); context_ = SSL_CTX_new(TLSv1_client_method()); + // TODO: implement CRL checking + // TODO: download CRL (HTTP transport) + // TODO: cache CRL downloads for configurable time period + + // TODO: implement OCSP support + // TODO: handle OCSP stapling see https://www.rfc-editor.org/rfc/rfc4366.txt // Load system certs #if defined(SWIFTEN_PLATFORM_WINDOWS) X509_STORE* store = SSL_CTX_get_cert_store(context_); HCERTSTORE systemStore = CertOpenSystemStore(0, "ROOT"); if (systemStore) { PCCERT_CONTEXT certContext = NULL; while (true) { certContext = CertFindCertificateInStore(systemStore, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0, CERT_FIND_ANY, NULL, certContext); if (!certContext) { @@ -230,18 +236,30 @@ Certificate::ref OpenSSLContext::getPeerCertificate() const { boost::shared_ptr<X509> x509Cert(SSL_get_peer_certificate(handle_), X509_free); if (x509Cert) { return boost::make_shared<OpenSSLCertificate>(x509Cert); } else { return Certificate::ref(); } } +std::vector<Certificate::ref> OpenSSLContext::getPeerCertificateChain() const { + std::vector<Certificate::ref> result; + STACK_OF(X509)* chain = SSL_get_peer_cert_chain(handle_); + for (int i = 0; i < sk_X509_num(chain); ++i) { + boost::shared_ptr<X509> x509Cert(X509_dup(sk_X509_value(chain, i)), X509_free); + + Certificate::ref cert = boost::make_shared<OpenSSLCertificate>(x509Cert); + result.push_back(cert); + } + return result; +} + boost::shared_ptr<CertificateVerificationError> OpenSSLContext::getPeerCertificateVerificationError() const { int verifyResult = SSL_get_verify_result(handle_); if (verifyResult != X509_V_OK) { return boost::make_shared<CertificateVerificationError>(getVerificationErrorTypeForResult(verifyResult)); } else { return boost::shared_ptr<CertificateVerificationError>(); } } |