diff options
author | Kevin Smith <git@kismith.co.uk> | 2012-02-22 11:00:19 (GMT) |
---|---|---|
committer | Kevin Smith <git@kismith.co.uk> | 2012-02-28 16:02:29 (GMT) |
commit | 0e4f068273ecaa2be24a046812893698a06481bc (patch) | |
tree | 9c3b7dbd3609a866c2123ea0c5a539b5c49d67dd /Swiften/Client | |
parent | eca0f020873f7620c5125101113e2c1eb25b273e (diff) | |
download | swift-0e4f068273ecaa2be24a046812893698a06481bc.zip swift-0e4f068273ecaa2be24a046812893698a06481bc.tar.bz2 |
Make Swift more usable in a FIPS-140 environment
Don't allow DIGEST-MD5 when Windows is set to FIPS mode. Use
platform-provided hashing for SHA1.
Diffstat (limited to 'Swiften/Client')
-rw-r--r-- | Swiften/Client/ClientSession.cpp | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/Swiften/Client/ClientSession.cpp b/Swiften/Client/ClientSession.cpp index bfc9313..81fcf57 100644 --- a/Swiften/Client/ClientSession.cpp +++ b/Swiften/Client/ClientSession.cpp @@ -12,6 +12,8 @@ #include <boost/uuid/uuid_generators.hpp> #include <boost/smart_ptr/make_shared.hpp> +#include <Swiften/Base/Platform.h> +#include <Swiften/Base/Log.h> #include <Swiften/Elements/ProtocolHeader.h> #include <Swiften/Elements/StreamFeatures.h> #include <Swiften/Elements/StreamError.h> @@ -41,6 +43,10 @@ #include <Swiften/TLS/CertificateTrustChecker.h> #include <Swiften/TLS/ServerIdentityVerifier.h> +#ifdef SWIFTEN_PLATFORM_WIN32 +#include <Swiften/Base/WindowsRegistry.h> +#endif + namespace Swift { ClientSession::ClientSession( @@ -59,6 +65,11 @@ ClientSession::ClientSession( rosterVersioningSupported(false), authenticator(NULL), certificateTrustChecker(NULL) { +#ifdef SWIFTEN_PLATFORM_WIN32 +if (WindowsRegistry::isFIPSEnabled()) { + SWIFT_LOG("info") << "Windows is running in FIPS-140 mode. Some authentication methods will be unavailable." << std::endl; +} +#endif } ClientSession::~ClientSession() { @@ -221,7 +232,7 @@ void ClientSession::handleElement(boost::shared_ptr<Element> element) { state = WaitingForCredentials; onNeedCredentials(); } - else if (streamFeatures->hasAuthenticationMechanism("DIGEST-MD5")) { + else if (streamFeatures->hasAuthenticationMechanism("DIGEST-MD5") && DIGESTMD5ClientAuthenticator::canBeUsed()) { std::ostringstream s; s << boost::uuids::random_generator()(); // FIXME: Host should probably be the actual host |