Swiftdiff options
| -rw-r--r-- | BuildTools/SCons/SConstruct | 1 | ||||
| -rw-r--r-- | README | 7 | ||||
| -rw-r--r-- | Swift/SConscript | 2 | ||||
| -rw-r--r-- | Swiften/Client/ClientSession.cpp | 12 | ||||
| -rw-r--r-- | Swiften/TLS/OpenSSL/OpenSSLCertificate.cpp | 6 | ||||
| -rw-r--r-- | Swiften/TLS/PlatformTLSFactories.cpp | 8 | ||||
| -rw-r--r-- | Swiften/TLS/SConscript | 3 |
7 files changed, 24 insertions, 15 deletions
diff --git a/BuildTools/SCons/SConstruct b/BuildTools/SCons/SConstruct index 6f4354f..b3d3c8f 100644 --- a/BuildTools/SCons/SConstruct +++ b/BuildTools/SCons/SConstruct @@ -380,70 +380,71 @@ conf.Finish() # Qt if env["qt"] : env["QTDIR"] = env["qt"] # OpenSSL openssl_env = conf_env.Clone() use_openssl = bool(env["openssl"]) openssl_prefix = env["openssl"] if isinstance(env["openssl"], str) else "" openssl_flags = {} if openssl_prefix : openssl_flags = { "CPPPATH": [os.path.join(openssl_prefix, "include")] } if env["PLATFORM"] == "win32" : openssl_flags["LIBPATH"] = [os.path.join(openssl_prefix, "lib", "VC")] env["OPENSSL_DIR"] = openssl_prefix else : openssl_flags["LIBPATH"] = [os.path.join(openssl_prefix, "lib")] openssl_env.MergeFlags(openssl_flags) openssl_conf = Configure(openssl_env) if use_openssl and openssl_conf.CheckCHeader("openssl/ssl.h") : env["HAVE_OPENSSL"] = 1 env["OPENSSL_FLAGS"] = openssl_flags if env["PLATFORM"] == "win32" : env["OPENSSL_FLAGS"]["LIBS"] = ["libeay32MD", "ssleay32MD"] else: env["OPENSSL_FLAGS"]["LIBS"] = ["ssl", "crypto"] if env["PLATFORM"] == "darwin" : if platform.mac_ver()[0].startswith("10.5") : env["OPENSSL_FLAGS"]["FRAMEWORKS"] = ["Security"] elif env["target"] in ("iphone-device", "iphone-simulator", "xcode") : env["OPENSSL_BUNDLED"] = True env["HAVE_OPENSSL"] = True else : env["OPENSSL_FLAGS"] = "" if env["PLATFORM"] == "win32" : + env["HAVE_SCHANNEL"] = True # If we're compiling for Windows and OpenSSL isn't being used, use Schannel env.Append(LIBS = ["secur32"]) openssl_conf.Finish() # Bonjour if env["PLATFORM"] == "darwin" : env["HAVE_BONJOUR"] = 1 elif env.get("bonjour", False) : bonjour_env = conf_env.Clone() bonjour_conf = Configure(bonjour_env) bonjour_flags = {} if env.get("bonjour") != True : bonjour_prefix = env["bonjour"] bonjour_flags["CPPPATH"] = [os.path.join(bonjour_prefix, "include")] bonjour_flags["LIBPATH"] = [os.path.join(bonjour_prefix, "lib", "win32")] bonjour_env.MergeFlags(bonjour_flags) if bonjour_conf.CheckCHeader("dns_sd.h") and bonjour_conf.CheckLib("dnssd") : env["HAVE_BONJOUR"] = 1 env["BONJOUR_FLAGS"] = bonjour_flags env["BONJOUR_FLAGS"]["LIBS"] = ["dnssd"] bonjour_conf.Finish() # Cocoa & IOKit if env["PLATFORM"] == "darwin" : cocoa_conf = Configure(conf_env) if cocoa_conf.CheckCHeader("IOKit/IOKitLib.h") : env["HAVE_IOKIT"] = True cocoa_conf.Finish() # Qt try : myenv = env.Clone() myenv.Tool("qt4", toolpath = ["#/BuildTools/SCons/Tools"]) env["HAVE_QT"] = True @@ -1,7 +0,0 @@ - -We have moved the Swift Git repositories to http://swift.im/git -This site also hosts the contributors' repositories. - -This Gitorious mirror will no longer be used for Swift development. - - -- The Swift team diff --git a/Swift/SConscript b/Swift/SConscript index a1ee3ae..b66058b 100644 --- a/Swift/SConscript +++ b/Swift/SConscript @@ -1,16 +1,16 @@ import datetime Import("env") SConscript("Controllers/SConscript") if env["SCONS_STAGE"] == "build" : - if not GetOption("help") and not env.get("HAVE_OPENSSL", 0) : + if not GetOption("help") and not env.get("HAVE_OPENSSL", 0) and not env.get("HAVE_SCHANNEL", 0) : print "Error: Swift requires OpenSSL support, and OpenSSL was not found." if "Swift" in env["PROJECTS"] : env["PROJECTS"].remove("Swift") elif not GetOption("help") and not env.get("HAVE_QT", 0) : print "Error: Swift requires Qt. Not building Swift." env["PROJECTS"].remove("Swift") elif env["target"] == "native": SConscript("QtUI/SConscript") diff --git a/Swiften/Client/ClientSession.cpp b/Swiften/Client/ClientSession.cpp index fd001a1..55e0bc2 100644 --- a/Swiften/Client/ClientSession.cpp +++ b/Swiften/Client/ClientSession.cpp @@ -169,74 +169,80 @@ void ClientSession::handleElement(boost::shared_ptr<Element> element) { onStanzaReceived(stanza); } } else if (StreamFeatures* streamFeatures = dynamic_cast<StreamFeatures*>(element.get())) { if (!checkState(Negotiating)) { return; } if (streamFeatures->hasStartTLS() && stream->supportsTLSEncryption() && useTLS != NeverUseTLS) { state = WaitingForEncrypt; stream->writeElement(boost::make_shared<StartTLSRequest>()); } else if (useTLS == RequireTLS && !stream->isTLSEncrypted()) { finishSession(Error::NoSupportedAuthMechanismsError); } else if (useStreamCompression && streamFeatures->hasCompressionMethod("zlib")) { state = Compressing; stream->writeElement(boost::make_shared<CompressRequest>("zlib")); } else if (streamFeatures->hasAuthenticationMechanisms()) { if (stream->hasTLSCertificate()) { if (streamFeatures->hasAuthenticationMechanism("EXTERNAL")) { state = Authenticating; stream->writeElement(boost::make_shared<AuthRequest>("EXTERNAL", createSafeByteArray(""))); } else { finishSession(Error::TLSClientCertificateError); } } else if (streamFeatures->hasAuthenticationMechanism("EXTERNAL")) { state = Authenticating; stream->writeElement(boost::make_shared<AuthRequest>("EXTERNAL", createSafeByteArray(""))); } else if (streamFeatures->hasAuthenticationMechanism("SCRAM-SHA-1") || streamFeatures->hasAuthenticationMechanism("SCRAM-SHA-1-PLUS")) { std::ostringstream s; + ByteArray finishMessage; + bool plus = stream->isTLSEncrypted() && streamFeatures->hasAuthenticationMechanism("SCRAM-SHA-1-PLUS"); + if (plus) { + finishMessage = stream->getTLSFinishMessage(); + plus &= !finishMessage.empty(); + } s << boost::uuids::random_generator()(); - SCRAMSHA1ClientAuthenticator* scramAuthenticator = new SCRAMSHA1ClientAuthenticator(s.str(), streamFeatures->hasAuthenticationMechanism("SCRAM-SHA-1-PLUS")); - if (stream->isTLSEncrypted()) { - scramAuthenticator->setTLSChannelBindingData(stream->getTLSFinishMessage()); + SCRAMSHA1ClientAuthenticator* scramAuthenticator = new SCRAMSHA1ClientAuthenticator(s.str(), plus); + if (plus) { + scramAuthenticator->setTLSChannelBindingData(finishMessage); } authenticator = scramAuthenticator; state = WaitingForCredentials; onNeedCredentials(); } else if ((stream->isTLSEncrypted() || allowPLAINOverNonTLS) && streamFeatures->hasAuthenticationMechanism("PLAIN")) { authenticator = new PLAINClientAuthenticator(); state = WaitingForCredentials; onNeedCredentials(); } else if (streamFeatures->hasAuthenticationMechanism("DIGEST-MD5")) { std::ostringstream s; s << boost::uuids::random_generator()(); // FIXME: Host should probably be the actual host authenticator = new DIGESTMD5ClientAuthenticator(localJID.getDomain(), s.str()); state = WaitingForCredentials; onNeedCredentials(); } else { finishSession(Error::NoSupportedAuthMechanismsError); } } else { // Start the session rosterVersioningSupported = streamFeatures->hasRosterVersioning(); stream->setWhitespacePingEnabled(true); needSessionStart = streamFeatures->hasSession(); needResourceBind = streamFeatures->hasResourceBind(); needAcking = streamFeatures->hasStreamManagement() && useAcks; if (!needResourceBind) { // Resource binding is a MUST finishSession(Error::ResourceBindError); } else { continueSessionInitialization(); diff --git a/Swiften/TLS/OpenSSL/OpenSSLCertificate.cpp b/Swiften/TLS/OpenSSL/OpenSSLCertificate.cpp index ac36f4f..76b8bb9 100644 --- a/Swiften/TLS/OpenSSL/OpenSSLCertificate.cpp +++ b/Swiften/TLS/OpenSSL/OpenSSLCertificate.cpp @@ -4,77 +4,83 @@ * See Documentation/Licenses/GPLv3.txt for more information. */ #include <Swiften/TLS/OpenSSL/OpenSSLCertificate.h> #include <Swiften/Base/ByteArray.h> #include <Swiften/Base/Log.h> #undef X509_NAME // Windows.h defines this, and for some reason, it doesn't get undeffed properly in x509.h #include <openssl/x509v3.h> #pragma GCC diagnostic ignored "-Wold-style-cast" namespace Swift { OpenSSLCertificate::OpenSSLCertificate(boost::shared_ptr<X509> cert) : cert(cert) { parse(); } OpenSSLCertificate::OpenSSLCertificate(const ByteArray& der) { #if OPENSSL_VERSION_NUMBER <= 0x009070cfL unsigned char* p = const_cast<unsigned char*>(vecptr(der)); #else const unsigned char* p = vecptr(der); #endif cert = boost::shared_ptr<X509>(d2i_X509(NULL, &p, der.size()), X509_free); if (!cert) { SWIFT_LOG(warning) << "Error creating certificate from DER data" << std::endl; } parse(); } ByteArray OpenSSLCertificate::toDER() const { ByteArray result; + if (!cert) { + return result; + } result.resize(i2d_X509(cert.get(), NULL)); unsigned char* p = vecptr(result); i2d_X509(cert.get(), &p); return result; } void OpenSSLCertificate::parse() { + if (!cert) { + return; + } // Subject name X509_NAME* subjectName = X509_get_subject_name(cert.get()); if (subjectName) { // Subject name ByteArray subjectNameData; subjectNameData.resize(256); X509_NAME_oneline(X509_get_subject_name(cert.get()), reinterpret_cast<char*>(vecptr(subjectNameData)), subjectNameData.size()); this->subjectName = byteArrayToString(subjectNameData); // Common name int cnLoc = X509_NAME_get_index_by_NID(subjectName, NID_commonName, -1); while (cnLoc != -1) { X509_NAME_ENTRY* cnEntry = X509_NAME_get_entry(subjectName, cnLoc); ASN1_STRING* cnData = X509_NAME_ENTRY_get_data(cnEntry); commonNames.push_back(byteArrayToString(createByteArray(reinterpret_cast<const char*>(cnData->data), cnData->length))); cnLoc = X509_NAME_get_index_by_NID(subjectName, NID_commonName, cnLoc); } } // subjectAltNames int subjectAltNameLoc = X509_get_ext_by_NID(cert.get(), NID_subject_alt_name, -1); if(subjectAltNameLoc != -1) { X509_EXTENSION* extension = X509_get_ext(cert.get(), subjectAltNameLoc); boost::shared_ptr<GENERAL_NAMES> generalNames(reinterpret_cast<GENERAL_NAMES*>(X509V3_EXT_d2i(extension)), GENERAL_NAMES_free); boost::shared_ptr<ASN1_OBJECT> xmppAddrObject(OBJ_txt2obj(ID_ON_XMPPADDR_OID, 1), ASN1_OBJECT_free); boost::shared_ptr<ASN1_OBJECT> dnsSRVObject(OBJ_txt2obj(ID_ON_DNSSRV_OID, 1), ASN1_OBJECT_free); for (int i = 0; i < sk_GENERAL_NAME_num(generalNames.get()); ++i) { GENERAL_NAME* generalName = sk_GENERAL_NAME_value(generalNames.get(), i); if (generalName->type == GEN_OTHERNAME) { OTHERNAME* otherName = generalName->d.otherName; if (OBJ_cmp(otherName->type_id, xmppAddrObject.get()) == 0) { // XmppAddr if (otherName->value->type != V_ASN1_UTF8STRING) { continue; } diff --git a/Swiften/TLS/PlatformTLSFactories.cpp b/Swiften/TLS/PlatformTLSFactories.cpp index 5f57793..64a5ab3 100644 --- a/Swiften/TLS/PlatformTLSFactories.cpp +++ b/Swiften/TLS/PlatformTLSFactories.cpp @@ -1,46 +1,48 @@ /* * Copyright (c) 2010 Remko Tronçon * Licensed under the GNU General Public License v3. * See Documentation/Licenses/GPLv3.txt for more information. */ #include <Swiften/Base/Platform.h> #include <Swiften/TLS/PlatformTLSFactories.h> #include <cstring> #include <cassert> #ifdef HAVE_OPENSSL #include "Swiften/TLS/OpenSSL/OpenSSLContextFactory.h" #include "Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.h" -#elif defined SWIFTEN_PLATFORM_WINDOWS +#endif +#ifdef HAVE_SCHANNEL #include "Swiften/TLS/Schannel/SchannelContextFactory.h" -#include "Swiften/TLS/Schannel/SchannelCertificateFactory.h" + #include "Swiften/TLS/Schannel/SchannelCertificateFactory.h" #endif namespace Swift { PlatformTLSFactories::PlatformTLSFactories() : contextFactory(NULL), certificateFactory(NULL) { #ifdef HAVE_OPENSSL contextFactory = new OpenSSLContextFactory(); certificateFactory = new OpenSSLCertificateFactory(); -#elif defined SWIFTEN_PLATFORM_WINDOWS +#endif +#ifdef HAVE_SCHANNEL contextFactory = new SchannelContextFactory(); certificateFactory = new SchannelCertificateFactory(); #endif } PlatformTLSFactories::~PlatformTLSFactories() { delete contextFactory; delete certificateFactory; } TLSContextFactory* PlatformTLSFactories::getTLSContextFactory() const { return contextFactory; } CertificateFactory* PlatformTLSFactories::getCertificateFactory() const { return certificateFactory; } } diff --git a/Swiften/TLS/SConscript b/Swiften/TLS/SConscript index 225aa0a..a71a446 100644 --- a/Swiften/TLS/SConscript +++ b/Swiften/TLS/SConscript @@ -1,32 +1,33 @@ Import("swiften_env") objects = swiften_env.SwiftenObject([ "Certificate.cpp", "CertificateFactory.cpp", "CertificateTrustChecker.cpp", "ServerIdentityVerifier.cpp", "TLSContext.cpp", "TLSContextFactory.cpp", ]) myenv = swiften_env.Clone() if myenv.get("HAVE_OPENSSL", 0) : myenv.MergeFlags(myenv["OPENSSL_FLAGS"]) objects += myenv.SwiftenObject([ "OpenSSL/OpenSSLContext.cpp", "OpenSSL/OpenSSLCertificate.cpp", "OpenSSL/OpenSSLContextFactory.cpp", ]) myenv.Append(CPPDEFINES = "HAVE_OPENSSL") -elif myenv["PLATFORM"] == "win32" : +elif myenv.get("HAVE_SCHANNEL", 0) : objects += myenv.StaticObject([ "Schannel/SchannelContext.cpp", "Schannel/SchannelCertificate.cpp", "Schannel/SchannelContextFactory.cpp", ]) + myenv.Append(CPPDEFINES = "HAVE_SCHANNEL") objects += myenv.SwiftenObject(["PlatformTLSFactories.cpp"]) swiften_env.Append(SWIFTEN_OBJECTS = [objects]) |