Initial implementation of using CAPI certificates with Schannel.

Introduced a new parent class for all certificates with keys (class CertificateWithKey is the new parent for PKCS12Certificate.) Switched to using "CertificateWithKey *" instead of "const CertificateWithKey&" Added calling of a Windows dialog for certificate selection when Schannel TLS implementation is used. This compiles, but is not tested. License: This patch is BSD-licensed, see Documentation/Licenses/BSD-simplified.txt for details.
author: Alexey Melnikov <alexey.melnikov@isode.com> 2012-02-13 17:54:23 (GMT)
committer: Kevin Smith <git@kismith.co.uk> 2012-02-22 14:08:13 (GMT)
commit: 110eb87e848b85dd74a6f19413c775520a75ea35 (patch)
tree: b10236387180fca676a29f24c747c9d0fd94d8dd /Swiften/TLS
parent: 64fc103d0d5d1d523d00dcc5b231715160475f7e (diff)
download: swift-contrib-110eb87e848b85dd74a6f19413c775520a75ea35.zip
swift-contrib-110eb87e848b85dd74a6f19413c775520a75ea35.tar.bz2
8 files changed, 351 insertions, 19 deletions
diff --git a/Swiften/TLS/CAPICertificate.h b/Swiften/TLS/CAPICertificate.h
new file mode 100644
index 0000000..fcdb4c2
--- /dev/null
+++ b/Swiften/TLS/CAPICertificate.h
@@ -0,0 +1,196 @@
+/*
+ * Copyright (c) 2012 Isode Limited, London, England.
+ * Licensed under the simplified BSD license.
+ * See Documentation/Licenses/BSD-simplified.txt for more information.
+ */
+
+#pragma once
+
+#include <Swiften/Base/SafeByteArray.h>
+#include <Swiften/TLS/CertificateWithKey.h>
+
+#include <boost/algorithm/string/predicate.hpp>
+
+#define SECURITY_WIN32
+#include <WinCrypt.h>
+
+namespace Swift {
+	class CAPICertificate : public Swift::CertificateWithKey {
+		public:
+			CAPICertificate(const std::string& capiUri)
+			    : valid_(false), uri_(capiUri), cert_store_handle_(0), cert_store_(NULL), cert_name_(NULL) {
+				setUri(capiUri);
+			}
+
+			virtual ~CAPICertificate() {
+				if (cert_store_handle_ != NULL)
+				{
+					CertCloseStore(cert_store_handle_, 0);
+				}
+			}
+
+			virtual bool isNull() const {
+				return uri_.empty() || !valid_;
+			}
+
+			virtual bool isPrivateKeyExportable() const {
+				/* We can check with CAPI, but for now the answer is "no" */
+				return false;
+			}
+
+			virtual const std::string& getCertStoreName() const {
+			    return cert_store_;
+			}
+
+			virtual const std::string& getCertName() const {
+			    return cert_name_;
+			}
+
+			const ByteArray& getData() const {
+////Might need to throw an exception here, or really generate PKCS12 blob from CAPI data?
+				assert(0);
+			}
+
+			void setData(const ByteArray& data) {
+				assert(0);
+			}
+
+			const SafeByteArray& getPassword() const {
+/////Can't pass NULL to createSafeByteArray!
+/////Should this throw an exception instead?
+				return createSafeByteArray("");
+			}
+
+		protected:
+			void setUri (const std::string& capiUri) {
+
+				valid_ = false;
+
+				/* Syntax: "certstore:" [<cert_store> ":"] <cert_id> */
+
+				if (!boost::iequals(capiUri.substr(0, 10), "certstore:")) {
+					return;
+				}
+
+				/* Substring of subject: uses "storename" */
+				std::string capi_identity = capiUri.substr(10);
+				std::string new_cert_store_name;
+				size_t pos = capi_identity.find_first_of (':');
+
+				if (pos == std::string::npos) {
+					/* Using the default certificate store */
+					new_cert_store_name = "MY";
+					cert_name_ = capi_identity;
+				} else {
+					new_cert_store_name = capi_identity.substr(0, pos);
+					cert_name_ = capi_identity.substr(pos + 1);
+				}
+
+				PCCERT_CONTEXT pCertContext = NULL;
+
+				if (cert_store_handle_ != NULL)
+				{
+					if (new_cert_store_name != cert_store_) {
+						CertCloseStore(cert_store_handle_, 0);
+						cert_store_handle_ = NULL;
+					}
+				}
+
+				if (cert_store_handle_ == NULL)
+				{
+					cert_store_handle_ = CertOpenSystemStore(0, cert_store_.c_str());
+					if (!cert_store_handle_)
+					{
+						return;
+					}
+				}
+
+				cert_store_ = new_cert_store_name;
+
+				/* NB: This might have to change, depending on how we locate certificates */
+
+				// Find client certificate. Note that this sample just searches for a 
+				// certificate that contains the user name somewhere in the subject name.
+				pCertContext = CertFindCertificateInStore(cert_store_handle_,
+					X509_ASN_ENCODING,
+					0,				// dwFindFlags
+					CERT_FIND_SUBJECT_STR_A,
+					cert_name_.c_str(),		// *pvFindPara
+					NULL );				// pPrevCertContext
+
+				if (pCertContext == NULL)
+				{
+					return;
+				}
+
+
+				/* Now verify that we can have access to the corresponding private key */
+
+				DWORD len;
+				CRYPT_KEY_PROV_INFO *pinfo;
+				HCRYPTPROV hprov;
+				HCRYPTKEY key;
+
+				if (!CertGetCertificateContextProperty(pCertContext,
+								       CERT_KEY_PROV_INFO_PROP_ID,
+								       NULL,
+								       &len))
+				{
+					CertFreeCertificateContext(pCertContext);
+					return;
+				}
+
+				pinfo = static_cast<CRYPT_KEY_PROV_INFO *>(malloc(len));
+				if (!pinfo) {
+					CertFreeCertificateContext(pCertContext);
+					return;
+				}
+
+				if (!CertGetCertificateContextProperty(pCertContext,
+								       CERT_KEY_PROV_INFO_PROP_ID,
+								       pinfo,
+								       &len))
+				{
+					CertFreeCertificateContext(pCertContext);
+					free(pinfo);
+					return;
+				}
+
+				CertFreeCertificateContext(pCertContext);
+
+				// Now verify if we have access to the private key
+				if (!CryptAcquireContextW(&hprov,
+							  pinfo->pwszContainerName,
+							  pinfo->pwszProvName,
+							  pinfo->dwProvType,
+							  0))
+				{
+					free(pinfo);
+					return;
+				}
+
+				if (!CryptGetUserKey(hprov, pinfo->dwKeySpec, &key))
+				{
+					CryptReleaseContext(hprov, 0);
+					free(pinfo);
+					return;
+				}
+
+				CryptDestroyKey(key);
+				CryptReleaseContext(hprov, 0);
+				free(pinfo);
+
+				valid_ = true;
+			}
+
+		private:
+			bool valid_;
+			std::string uri_;
+
+			HCERTSTORE cert_store_handle_;
+
+			/* Parsed components of the uri_ */
+			std::string cert_store_;
+			std::string cert_name_;
+	};
+}
diff --git a/Swiften/TLS/CertificateWithKey.h b/Swiften/TLS/CertificateWithKey.h
new file mode 100644
index 0000000..6f6ea39
--- /dev/null
+++ b/Swiften/TLS/CertificateWithKey.h
@@ -0,0 +1,32 @@
+/*
+ * Copyright (c) 2010-2012 Remko Tronçon
+ * Licensed under the GNU General Public License v3.
+ * See Documentation/Licenses/GPLv3.txt for more information.
+ */
+
+#pragma once
+
+#include <Swiften/Base/SafeByteArray.h>
+
+namespace Swift {
+	class CertificateWithKey {
+		public:
+			CertificateWithKey() {}
+
+			virtual ~CertificateWithKey() {}
+
+			virtual bool isNull() const = 0;
+
+			virtual bool isPrivateKeyExportable() const = 0;
+
+			virtual const std::string& getCertStoreName() const = 0;
+
+			virtual const std::string& getCertName() const = 0;
+
+			virtual const ByteArray& getData() const = 0;
+
+			virtual void setData(const ByteArray& data) = 0;
+
+			virtual const SafeByteArray& getPassword() const = 0;
+	};
+}
diff --git a/Swiften/TLS/OpenSSL/OpenSSLContext.cpp b/Swiften/TLS/OpenSSL/OpenSSLContext.cpp
index 220e7f9..dd3462f 100644
--- a/Swiften/TLS/OpenSSL/OpenSSLContext.cpp
+++ b/Swiften/TLS/OpenSSL/OpenSSLContext.cpp
@@ -15,19 +15,19 @@
 #include <openssl/pkcs12.h>
 #include <boost/smart_ptr/make_shared.hpp>
 
 #if defined(SWIFTEN_PLATFORM_MACOSX) && OPENSSL_VERSION_NUMBER < 0x00908000
 #include <Security/Security.h>
 #endif
 
 #include <Swiften/TLS/OpenSSL/OpenSSLContext.h>
 #include <Swiften/TLS/OpenSSL/OpenSSLCertificate.h>
-#include <Swiften/TLS/PKCS12Certificate.h>
+#include <Swiften/TLS/CertificateWithKey.h>
 
 #pragma GCC diagnostic ignored "-Wold-style-cast"
 
 namespace Swift {
 
 static const int MAX_FINISHED_SIZE = 4096;
 static const int SSL_READ_BUFFERSIZE = 8192;
 
 void freeX509Stack(STACK_OF(X509)* stack) {
@@ -179,37 +179,41 @@ void OpenSSLContext::sendPendingDataToApplication() {
 		data.resize(SSL_READ_BUFFERSIZE);
 		ret = SSL_read(handle_, vecptr(data), data.size());
 	}
 	if (ret < 0 && SSL_get_error(handle_, ret) != SSL_ERROR_WANT_READ) {
 		state_ = Error;
 		onError();
 	}
 }
 
-bool OpenSSLContext::setClientCertificate(const PKCS12Certificate& certificate) {
-	if (certificate.isNull()) {
+bool OpenSSLContext::setClientCertificate(CertificateWithKey * certificate) {
+	if (!certificate || certificate->isNull()) {
+		return false;
+	}
+
+	if (!certificate->isPrivateKeyExportable()) {
 		return false;
 	}
 
 	// Create a PKCS12 structure
 	BIO* bio = BIO_new(BIO_s_mem());
-	BIO_write(bio, vecptr(certificate.getData()), certificate.getData().size());
+	BIO_write(bio, vecptr(certificate->getData()), certificate->getData().size());
 	boost::shared_ptr<PKCS12> pkcs12(d2i_PKCS12_bio(bio, NULL), PKCS12_free);
 	BIO_free(bio);
 	if (!pkcs12) {
 		return false;
 	}
 
 	// Parse PKCS12
 	X509 *certPtr = 0;
 	EVP_PKEY* privateKeyPtr = 0;
 	STACK_OF(X509)* caCertsPtr = 0;
-	int result = PKCS12_parse(pkcs12.get(), reinterpret_cast<const char*>(vecptr(certificate.getPassword())), &privateKeyPtr, &certPtr, &caCertsPtr);
+	int result = PKCS12_parse(pkcs12.get(), reinterpret_cast<const char*>(vecptr(certificate->getPassword())), &privateKeyPtr, &certPtr, &caCertsPtr);
 	if (result != 1) { 
 		return false;
 	}
 	boost::shared_ptr<X509> cert(certPtr, X509_free);
 	boost::shared_ptr<EVP_PKEY> privateKey(privateKeyPtr, EVP_PKEY_free);
 	boost::shared_ptr<STACK_OF(X509)> caCerts(caCertsPtr, freeX509Stack);
 
 	// Use the key & certificates
 	if (SSL_CTX_use_certificate(context_, cert.get()) != 1) {
diff --git a/Swiften/TLS/OpenSSL/OpenSSLContext.h b/Swiften/TLS/OpenSSL/OpenSSLContext.h
index 04693a3..b53e715 100644
--- a/Swiften/TLS/OpenSSL/OpenSSLContext.h
+++ b/Swiften/TLS/OpenSSL/OpenSSLContext.h
@@ -8,27 +8,27 @@
 
 #include <openssl/ssl.h>
 #include <Swiften/Base/boost_bsignals.h>
 #include <boost/noncopyable.hpp>
 
 #include <Swiften/TLS/TLSContext.h>
 #include <Swiften/Base/ByteArray.h>
 
 namespace Swift {
-	class PKCS12Certificate;
+	class CertificateWithKey;
 
 	class OpenSSLContext : public TLSContext, boost::noncopyable {
 		public:
 			OpenSSLContext();
 			~OpenSSLContext();
 
 			void connect();
-			bool setClientCertificate(const PKCS12Certificate& cert);
+			bool setClientCertificate(CertificateWithKey * cert);
 
 			void handleDataFromNetwork(const SafeByteArray&);
 			void handleDataFromApplication(const SafeByteArray&);
 
 			Certificate::ref getPeerCertificate() const;
 			boost::shared_ptr<CertificateVerificationError> getPeerCertificateVerificationError() const;
 
 			virtual ByteArray getFinishMessage() const;
 
diff --git a/Swiften/TLS/PKCS12Certificate.h b/Swiften/TLS/PKCS12Certificate.h
index c0e01d0..2f70456 100644
--- a/Swiften/TLS/PKCS12Certificate.h
+++ b/Swiften/TLS/PKCS12Certificate.h
@@ -1,40 +1,59 @@
 /*
  * Copyright (c) 2010 Remko Tronçon
  * Licensed under the GNU General Public License v3.
  * See Documentation/Licenses/GPLv3.txt for more information.
  */
 
 #pragma once
 
 #include <Swiften/Base/SafeByteArray.h>
+#include <Swiften/TLS/CertificateWithKey.h>
 
 namespace Swift {
-	class PKCS12Certificate {
+	class PKCS12Certificate : public Swift::CertificateWithKey {
 		public:
 			PKCS12Certificate() {}
 
 			PKCS12Certificate(const std::string& filename, const SafeByteArray& password) : password_(password) {
 				readByteArrayFromFile(data_, filename);
 			}
 
-			bool isNull() const {
+			virtual ~PKCS12Certificate() {}
+
+			virtual bool isNull() const {
 				return data_.empty();
 			}
 
-			const ByteArray& getData() const {
+			virtual bool isPrivateKeyExportable() const {
+/////Hopefully a PKCS12 is never missing a private key
+				return true;
+			}
+
+			virtual const std::string& getCertStoreName() const {
+/////				assert(0);
+				throw std::exception();
+			}
+
+			virtual const std::string& getCertName() const {
+				/* We can return the original filename instead, if we care */
+/////				assert(0);
+				throw std::exception();
+			}
+
+			virtual const ByteArray& getData() const {
 				return data_;
 			}
 
 			void setData(const ByteArray& data) {
 				data_ = data;
 			}
 
-			const SafeByteArray& getPassword() const {
+			virtual const SafeByteArray& getPassword() const {
 				return password_;
 			}
 
 		private:
 			ByteArray data_;
 			SafeByteArray password_;
 	};
 }
diff --git a/Swiften/TLS/Schannel/SchannelContext.cpp b/Swiften/TLS/Schannel/SchannelContext.cpp
index 6771d4a..6f50b3a 100644
--- a/Swiften/TLS/Schannel/SchannelContext.cpp
+++ b/Swiften/TLS/Schannel/SchannelContext.cpp
@@ -9,68 +9,129 @@
 
 namespace Swift {
 
 //------------------------------------------------------------------------
 
 SchannelContext::SchannelContext() 
 : m_state(Start)
 , m_secContext(0)
 , m_verificationError(CertificateVerificationError::UnknownError)
+, m_my_cert_store(NULL)
+, m_cert_store_name("MY")
+, m_cert_name(NULL)
 {
 	m_ctxtFlags = ISC_REQ_ALLOCATE_MEMORY | 
 				  ISC_REQ_CONFIDENTIALITY |
 				  ISC_REQ_EXTENDED_ERROR  |
 				  ISC_REQ_INTEGRITY		  |
 				  ISC_REQ_REPLAY_DETECT   |	
 				  ISC_REQ_SEQUENCE_DETECT |
 				  ISC_REQ_USE_SUPPLIED_CREDS |
 				  ISC_REQ_STREAM;
 
 	ZeroMemory(&m_streamSizes, sizeof(m_streamSizes));
 }
 
 //------------------------------------------------------------------------
 
+SchannelContext::~SchannelContext()
+{
+	if (m_my_cert_store) CertCloseStore(m_my_cert_store, 0);
+}
+
+//------------------------------------------------------------------------
+
 void SchannelContext::determineStreamSizes()
 {
 	QueryContextAttributes(m_ctxtHandle, SECPKG_ATTR_STREAM_SIZES, &m_streamSizes);
 }
 
 //------------------------------------------------------------------------
 
 void SchannelContext::connect() 
 {
+	PCCERT_CONTEXT   pCertContext = NULL;
+
 	m_state = Connecting;
 
+	// If a user name is specified, then attempt to find a client
+	// certificate. Otherwise, just create a NULL credential.
+	if (!m_cert_name.empty())
+	{
+		if (m_my_cert_store == NULL)
+		{
+			m_my_cert_store = CertOpenSystemStore(0, m_cert_store_name.c_str());
+			if (!m_my_cert_store)
+			{
+/////			printf( "**** Error 0x%x returned by CertOpenSystemStore\n", GetLastError() );
+				indicateError();
+				return;
+			}
+		}
+
+		// Find client certificate. Note that this sample just searches for a 
+		// certificate that contains the user name somewhere in the subject name.
+		pCertContext = CertFindCertificateInStore( m_my_cert_store,
+			X509_ASN_ENCODING,
+			0,				// dwFindFlags
+			CERT_FIND_SUBJECT_STR_A,
+			m_cert_name.c_str(),		// *pvFindPara
+			NULL );				// pPrevCertContext
+
+		if (pCertContext == NULL)
+		{
+/////		printf("**** Error 0x%x returned by CertFindCertificateInStore\n", GetLastError());
+			indicateError();
+			return;
+		}
+	}
+
 	// We use an empty list for client certificates
 	PCCERT_CONTEXT clientCerts[1] = {0};
 
 	SCHANNEL_CRED sc = {0};
 	sc.dwVersion = SCHANNEL_CRED_VERSION;
-	sc.cCreds = 0; // Let Crypto API find the appropriate certificate for us
-	sc.paCred = clientCerts;
+
+/////SSL3?
 	sc.grbitEnabledProtocols = SP_PROT_SSL3_CLIENT | SP_PROT_TLS1_CLIENT | SP_PROT_TLS1_1_CLIENT | SP_PROT_TLS1_2_CLIENT;
-	sc.dwFlags = SCH_CRED_AUTO_CRED_VALIDATION | /*SCH_CRED_NO_DEFAULT_CREDS*/ SCH_CRED_USE_DEFAULT_CREDS | SCH_CRED_REVOCATION_CHECK_CHAIN;
+/////Check SCH_CRED_REVOCATION_CHECK_CHAIN
+	sc.dwFlags = SCH_CRED_AUTO_CRED_VALIDATION | SCH_CRED_REVOCATION_CHECK_CHAIN;
+
+	if (pCertContext)
+	{
+		sc.cCreds = 1;
+		sc.paCred = &pCertContext;
+		sc.dwFlags |= SCH_CRED_NO_DEFAULT_CREDS;
+	}
+	else
+	{
+		sc.cCreds = 0; // Let Crypto API find the appropriate certificate for us
+		sc.paCred = clientCerts;
+		sc.dwFlags |= SCH_CRED_USE_DEFAULT_CREDS;
+	}
 
 	// Swiften performs the server name check for us
 	sc.dwFlags |= SCH_CRED_NO_SERVERNAME_CHECK;
 
 	SECURITY_STATUS status = AcquireCredentialsHandle(
 		NULL,
 		UNISP_NAME,
 		SECPKG_CRED_OUTBOUND,
 		NULL,
 		&sc,
 		NULL,
 		NULL,
 		m_credHandle.Reset(),
 		NULL);
 
+	// cleanup: Free the certificate context. Schannel has already made its own copy.
+	if (pCertContext) CertFreeCertificateContext(pCertContext);
+
 	if (status != SEC_E_OK) 
 	{
 		// We failed to obtain the credentials handle
 		indicateError();
 		return;
 	}
 
 	SecBuffer outBuffers[2];
 
@@ -450,20 +511,33 @@ void SchannelContext::encryptAndSendData(const SafeByteArray& data)
 
 		sendDataOnNetwork(&sendBuffer[0], outBuffers[0].cbBuffer + outBuffers[1].cbBuffer + outBuffers[2].cbBuffer);
 		bytesSent += bytesToSend;
 
 	} while (bytesSent < data.size());
 }
 
 //------------------------------------------------------------------------
 
-bool SchannelContext::setClientCertificate(const PKCS12Certificate& certificate) 
+bool SchannelContext::setClientCertificate(CertificateWithKey * certificate)
 {
+	if (!certificate || certificate->isNull()) {
+		return false;
+	}
+
+	if (!certificate->isPrivateKeyExportable()) {
+		// We assume that the Certificate Store Name/Certificate Name
+		// are valid at this point
+		m_cert_store_name = certificate->getCertStoreName();
+		m_cert_name = certificate->getCertName();
+
+		return true;
+	}
+
 	return false;
 }
 
 //------------------------------------------------------------------------
 
 Certificate::ref SchannelContext::getPeerCertificate() const 
 {
 	SchannelCertificate::ref pCertificate;
 
diff --git a/Swiften/TLS/Schannel/SchannelContext.h b/Swiften/TLS/Schannel/SchannelContext.h
index 66467fe..0cdb3d7 100644
--- a/Swiften/TLS/Schannel/SchannelContext.h
+++ b/Swiften/TLS/Schannel/SchannelContext.h
@@ -4,43 +4,46 @@
  * See Documentation/Licenses/BSD-simplified.txt for more information.
  */
 
 #pragma once
 
 #include "Swiften/Base/boost_bsignals.h"
 
 #include "Swiften/TLS/TLSContext.h"
 #include "Swiften/TLS/Schannel/SchannelUtil.h"
+#include <Swiften/TLS/CertificateWithKey.h>
 #include "Swiften/Base/ByteArray.h"
 
 #define SECURITY_WIN32
 #include <Windows.h>
 #include <Schannel.h>
 #include <security.h>
 #include <schnlsp.h>
 
 #include <boost/noncopyable.hpp>
 
 namespace Swift 
 {	
 	class SchannelContext : public TLSContext, boost::noncopyable 
 	{
 	public:
 		typedef boost::shared_ptr<SchannelContext> sp_t;
 
 	public:
-						SchannelContext();
+		SchannelContext();
+
+		~SchannelContext();
 
 		//
 		// TLSContext
 		//
 		virtual void	connect();
-		virtual bool	setClientCertificate(const PKCS12Certificate&);
+		virtual bool	setClientCertificate(CertificateWithKey * cert);
 
 		virtual void	handleDataFromNetwork(const SafeByteArray& data);
 		virtual void	handleDataFromApplication(const SafeByteArray& data);
 
 		virtual Certificate::ref getPeerCertificate() const;
 		virtual CertificateVerificationError::ref getPeerCertificateVerificationError() const;
 
 		virtual ByteArray getFinishMessage() const;
 
@@ -71,11 +74,15 @@ namespace Swift
 		CertificateVerificationError m_verificationError;
 
 		ULONG				m_secContext;
 		ScopedCredHandle	m_credHandle;
 		ScopedCtxtHandle	m_ctxtHandle;
 		DWORD				m_ctxtFlags;
 		SecPkgContext_StreamSizes m_streamSizes;
 
 		std::vector<char>	m_receivedData;
+
+		HCERTSTORE		m_my_cert_store;
+		std::string		m_cert_store_name;
+		std::string		m_cert_name;
 	};
 }
diff --git a/Swiften/TLS/TLSContext.h b/Swiften/TLS/TLSContext.h
index 1538863..ada813a 100644
--- a/Swiften/TLS/TLSContext.h
+++ b/Swiften/TLS/TLSContext.h
@@ -8,27 +8,27 @@
 
 #include <Swiften/Base/boost_bsignals.h>
 #include <boost/shared_ptr.hpp>
 
 #include <Swiften/Base/SafeByteArray.h>
 #include <Swiften/TLS/Certificate.h>
 #include <Swiften/TLS/CertificateVerificationError.h>
 
 namespace Swift {
-	class PKCS12Certificate;
+	class CertificateWithKey;
 
 	class TLSContext {
 		public:
 			virtual ~TLSContext();
 
 			virtual void connect() = 0;
 
-			virtual bool setClientCertificate(const PKCS12Certificate& cert) = 0;
+			virtual bool setClientCertificate(CertificateWithKey * cert) = 0;
 
 			virtual void handleDataFromNetwork(const SafeByteArray&) = 0;
 			virtual void handleDataFromApplication(const SafeByteArray&) = 0;
 
 			virtual Certificate::ref getPeerCertificate() const = 0;
 			virtual CertificateVerificationError::ref getPeerCertificateVerificationError() const = 0;
 
 			virtual ByteArray getFinishMessage() const = 0;
author	Alexey Melnikov <alexey.melnikov@isode.com>	2012-02-13 17:54:23 (GMT)
committer	Kevin Smith <git@kismith.co.uk>	2012-02-22 14:08:13 (GMT)
commit	110eb87e848b85dd74a6f19413c775520a75ea35 (patch)
tree	b10236387180fca676a29f24c747c9d0fd94d8dd /Swiften/TLS
parent	64fc103d0d5d1d523d00dcc5b231715160475f7e (diff)
download	swift-contrib-110eb87e848b85dd74a6f19413c775520a75ea35.zip swift-contrib-110eb87e848b85dd74a6f19413c775520a75ea35.tar.bz2