Swift
summaryrefslogtreecommitdiffstats
path: root/Swift/Controllers
diff options
context:
space:
mode:
authorKevin Smith <git@kismith.co.uk>2014-08-27 14:16:15 (GMT)
committerKevin Smith <kevin.smith@isode.com>2015-06-10 20:29:05 (GMT)
commitb2093a372874aefb4f56f66a70a96f78d6cbbaec (patch)
treeab779a4cc7950339d2c2cb0261ae6a08df84c645 /Swift/Controllers
parentb6b0695643f932827add43b9de0e09ed74eb6799 (diff)
downloadswift-b2093a372874aefb4f56f66a70a96f78d6cbbaec.zip
swift-b2093a372874aefb4f56f66a70a96f78d6cbbaec.tar.bz2
Add ability to limit SChannel to TLS 1.0
Some servers have very restrictive TLS stacks that respond badly to a bug in the SChannel TLS implementation, meaning that TLS has to be limited to 1.0. Add ClientOptions.tlsOptions. This is a method of passing options into the TLS stack. It's currently only used for the TLS 1.0 workaround in SChannel, but we might reasonably expose other options in the future, such as limiting cypher suites. Disables use of SSLv3 for SChannel Also updates the coding style in SchannelContext a bit. Test-Information: Compiles on both OS X and Windows(SChannel). OS X doesn't show the new option. Windows shows it, and remembers it between logins. Not tested against a server requiring 1.0 only, but a previous hack with the same approach was tested. Change-Id: I1e7854d43811fd173f21f98d4dc3915fc7a4b322
Diffstat (limited to 'Swift/Controllers')
-rw-r--r--Swift/Controllers/MainController.cpp8
1 files changed, 5 insertions, 3 deletions
diff --git a/Swift/Controllers/MainController.cpp b/Swift/Controllers/MainController.cpp
index 328d837..c6b6dfc 100644
--- a/Swift/Controllers/MainController.cpp
+++ b/Swift/Controllers/MainController.cpp
@@ -398,7 +398,7 @@ void MainController::handleConnected() {
398 userSearchControllerChat_ = new UserSearchController(UserSearchController::StartChat, jid_, uiEventStream_, client_->getVCardManager(), uiFactory_, client_->getIQRouter(), rosterController_, contactSuggesterWithRoster_, client_->getAvatarManager(), client_->getPresenceOracle()); 398 userSearchControllerChat_ = new UserSearchController(UserSearchController::StartChat, jid_, uiEventStream_, client_->getVCardManager(), uiFactory_, client_->getIQRouter(), rosterController_, contactSuggesterWithRoster_, client_->getAvatarManager(), client_->getPresenceOracle());
399 userSearchControllerAdd_ = new UserSearchController(UserSearchController::AddContact, jid_, uiEventStream_, client_->getVCardManager(), uiFactory_, client_->getIQRouter(), rosterController_, contactSuggesterWithoutRoster_, client_->getAvatarManager(), client_->getPresenceOracle()); 399 userSearchControllerAdd_ = new UserSearchController(UserSearchController::AddContact, jid_, uiEventStream_, client_->getVCardManager(), uiFactory_, client_->getIQRouter(), rosterController_, contactSuggesterWithoutRoster_, client_->getAvatarManager(), client_->getPresenceOracle());
400 adHocManager_ = new AdHocManager(JID(boundJID_.getDomain()), uiFactory_, client_->getIQRouter(), uiEventStream_, rosterController_->getWindow()); 400 adHocManager_ = new AdHocManager(JID(boundJID_.getDomain()), uiFactory_, client_->getIQRouter(), uiEventStream_, rosterController_->getWindow());
401 401
402 chatsManager_->onImpromptuMUCServiceDiscovered.connect(boost::bind(&UserSearchController::setCanInitiateImpromptuMUC, userSearchControllerChat_, _1)); 402 chatsManager_->onImpromptuMUCServiceDiscovered.connect(boost::bind(&UserSearchController::setCanInitiateImpromptuMUC, userSearchControllerChat_, _1));
403 } 403 }
404 loginWindow_->setIsLoggingIn(false); 404 loginWindow_->setIsLoggingIn(false);
@@ -410,7 +410,7 @@ void MainController::handleConnected() {
410 discoInfoRequest->send(); 410 discoInfoRequest->send();
411 411
412 client_->getVCardManager()->requestOwnVCard(); 412 client_->getVCardManager()->requestOwnVCard();
413 413
414 rosterController_->setJID(boundJID_); 414 rosterController_->setJID(boundJID_);
415 rosterController_->setEnabled(true); 415 rosterController_->setEnabled(true);
416 rosterController_->getWindow()->setStreamEncryptionStatus(client_->isStreamEncrypted()); 416 rosterController_->getWindow()->setStreamEncryptionStatus(client_->isStreamEncrypted());
@@ -841,10 +841,11 @@ std::string MainController::serializeClientOptions(const ClientOptions& options)
841 SERIALIZE_URL(boshHTTPConnectProxyURL); 841 SERIALIZE_URL(boshHTTPConnectProxyURL);
842 SERIALIZE_SAFE_STRING(boshHTTPConnectProxyAuthID); 842 SERIALIZE_SAFE_STRING(boshHTTPConnectProxyAuthID);
843 SERIALIZE_SAFE_STRING(boshHTTPConnectProxyAuthPassword); 843 SERIALIZE_SAFE_STRING(boshHTTPConnectProxyAuthPassword);
844 SERIALIZE_BOOL(tlsOptions.schannelTLS1_0Workaround);
844 return result; 845 return result;
845} 846}
846 847
847#define CHECK_PARSE_LENGTH if (i >= segments.size()) {return result;} 848#define CHECK_PARSE_LENGTH if (i >= segments.size()) {return result;}
848#define PARSE_INT_RAW(defaultValue) CHECK_PARSE_LENGTH intVal = defaultValue; try {intVal = boost::lexical_cast<int>(segments[i]);} catch(const boost::bad_lexical_cast&) {};i++; 849#define PARSE_INT_RAW(defaultValue) CHECK_PARSE_LENGTH intVal = defaultValue; try {intVal = boost::lexical_cast<int>(segments[i]);} catch(const boost::bad_lexical_cast&) {};i++;
849#define PARSE_STRING_RAW CHECK_PARSE_LENGTH stringVal = byteArrayToString(Base64::decode(segments[i]));i++; 850#define PARSE_STRING_RAW CHECK_PARSE_LENGTH stringVal = byteArrayToString(Base64::decode(segments[i]));i++;
850 851
@@ -888,6 +889,7 @@ ClientOptions MainController::parseClientOptions(const std::string& optionString
888 PARSE_URL(boshHTTPConnectProxyURL); 889 PARSE_URL(boshHTTPConnectProxyURL);
889 PARSE_SAFE_STRING(boshHTTPConnectProxyAuthID); 890 PARSE_SAFE_STRING(boshHTTPConnectProxyAuthID);
890 PARSE_SAFE_STRING(boshHTTPConnectProxyAuthPassword); 891 PARSE_SAFE_STRING(boshHTTPConnectProxyAuthPassword);
892 PARSE_BOOL(tlsOptions.schannelTLS1_0Workaround, false);
891 893
892 return result; 894 return result;
893} 895}