Swiftdiff options
| author | Kevin Smith <git@kismith.co.uk> | 2014-08-27 14:16:15 (GMT) |
|---|---|---|
| committer | Kevin Smith <kevin.smith@isode.com> | 2015-06-10 20:29:05 (GMT) |
| commit | b2093a372874aefb4f56f66a70a96f78d6cbbaec (patch) | |
| tree | ab779a4cc7950339d2c2cb0261ae6a08df84c645 /Swiften/Session | |
| parent | b6b0695643f932827add43b9de0e09ed74eb6799 (diff) | |
| download | swift-b2093a372874aefb4f56f66a70a96f78d6cbbaec.zip swift-b2093a372874aefb4f56f66a70a96f78d6cbbaec.tar.bz2 | |
Add ability to limit SChannel to TLS 1.0
Some servers have very restrictive TLS stacks that respond badly
to a bug in the SChannel TLS implementation, meaning that TLS
has to be limited to 1.0.
Add ClientOptions.tlsOptions. This is a method of passing options into
the TLS stack. It's currently
only used for the TLS 1.0 workaround in SChannel, but we might reasonably
expose other options in the future, such as limiting cypher suites.
Disables use of SSLv3 for SChannel
Also updates the coding style in SchannelContext a bit.
Test-Information:
Compiles on both OS X and Windows(SChannel). OS X doesn't show the new
option. Windows shows it, and remembers it between logins. Not tested
against a server requiring 1.0 only, but a previous hack with the
same approach was tested.
Change-Id: I1e7854d43811fd173f21f98d4dc3915fc7a4b322
Diffstat (limited to 'Swiften/Session')
| -rw-r--r-- | Swiften/Session/BOSHSessionStream.cpp | 7 | ||||
| -rw-r--r-- | Swiften/Session/BOSHSessionStream.h | 11 | ||||
| -rw-r--r-- | Swiften/Session/BasicSessionStream.cpp | 10 | ||||
| -rw-r--r-- | Swiften/Session/BasicSessionStream.h | 5 |
4 files changed, 21 insertions, 12 deletions
diff --git a/Swiften/Session/BOSHSessionStream.cpp b/Swiften/Session/BOSHSessionStream.cpp index eac493e..62942b9 100644 --- a/Swiften/Session/BOSHSessionStream.cpp +++ b/Swiften/Session/BOSHSessionStream.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011-2014 Isode Limited. + * Copyright (c) 2011-2015 Isode Limited. * All rights reserved. * See the COPYING file for more information. */ @@ -39,7 +39,8 @@ BOSHSessionStream::BOSHSessionStream( const std::string& to, const URL& boshHTTPConnectProxyURL, const SafeString& boshHTTPConnectProxyAuthID, - const SafeString& boshHTTPConnectProxyAuthPassword) : + const SafeString& boshHTTPConnectProxyAuthPassword, + const TLSOptions& tlsOptions) : available(false), eventLoop(eventLoop), firstHeader(true) { @@ -49,7 +50,7 @@ BOSHSessionStream::BOSHSessionStream( random.seed(static_cast<unsigned int>(time(NULL))); unsigned long long initialRID = boost::variate_generator<boost::mt19937&, boost::uniform_int<unsigned long long> >(random, dist)(); - connectionPool = new BOSHConnectionPool(boshURL, resolver, connectionFactory, xmlParserFactory, tlsContextFactory, timerFactory, eventLoop, to, initialRID, boshHTTPConnectProxyURL, boshHTTPConnectProxyAuthID, boshHTTPConnectProxyAuthPassword); + connectionPool = new BOSHConnectionPool(boshURL, resolver, connectionFactory, xmlParserFactory, tlsContextFactory, timerFactory, eventLoop, to, initialRID, boshHTTPConnectProxyURL, boshHTTPConnectProxyAuthID, boshHTTPConnectProxyAuthPassword, tlsOptions); connectionPool->onSessionTerminated.connect(boost::bind(&BOSHSessionStream::handlePoolSessionTerminated, this, _1)); connectionPool->onSessionStarted.connect(boost::bind(&BOSHSessionStream::handlePoolSessionStarted, this)); connectionPool->onXMPPDataRead.connect(boost::bind(&BOSHSessionStream::handlePoolXMPPDataRead, this, _1)); diff --git a/Swiften/Session/BOSHSessionStream.h b/Swiften/Session/BOSHSessionStream.h index e97436c..436b941 100644 --- a/Swiften/Session/BOSHSessionStream.h +++ b/Swiften/Session/BOSHSessionStream.h @@ -9,12 +9,14 @@ #include <boost/shared_ptr.hpp> #include <Swiften/Base/API.h> -#include <Swiften/Base/SafeString.h> #include <Swiften/Base/SafeByteArray.h> -#include <Swiften/Network/BOSHConnectionPool.h> -#include <Swiften/Session/SessionStream.h> +#include <Swiften/Base/SafeString.h> #include <Swiften/Elements/StreamType.h> #include <Swiften/EventLoop/EventOwner.h> +#include <Swiften/Network/BOSHConnectionPool.h> +#include <Swiften/Session/SessionStream.h> +#include <Swiften/TLS/TLSOptions.h> + namespace Swift { class TimerFactory; @@ -43,7 +45,8 @@ namespace Swift { const std::string& to, const URL& boshHTTPConnectProxyURL, const SafeString& boshHTTPConnectProxyAuthID, - const SafeString& boshHTTPConnectProxyAuthPassword + const SafeString& boshHTTPConnectProxyAuthPassword, + const TLSOptions& tlsOptions ); ~BOSHSessionStream(); diff --git a/Swiften/Session/BasicSessionStream.cpp b/Swiften/Session/BasicSessionStream.cpp index 274d218..43f1c48 100644 --- a/Swiften/Session/BasicSessionStream.cpp +++ b/Swiften/Session/BasicSessionStream.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010-2014 Isode Limited. + * Copyright (c) 2010-2015 Isode Limited. * All rights reserved. * See the COPYING file for more information. */ @@ -27,14 +27,16 @@ BasicSessionStream::BasicSessionStream( PayloadSerializerCollection* payloadSerializers, TLSContextFactory* tlsContextFactory, TimerFactory* timerFactory, - XMLParserFactory* xmlParserFactory) : + XMLParserFactory* xmlParserFactory, + const TLSOptions& tlsOptions) : available(false), connection(connection), tlsContextFactory(tlsContextFactory), timerFactory(timerFactory), compressionLayer(NULL), tlsLayer(NULL), - whitespacePingLayer(NULL) { + whitespacePingLayer(NULL), + tlsOptions_(tlsOptions) { xmppLayer = new XMPPLayer(payloadParserFactories, payloadSerializers, xmlParserFactory, streamType); xmppLayer->onStreamStart.connect(boost::bind(&BasicSessionStream::handleStreamStartReceived, this, _1)); xmppLayer->onElement.connect(boost::bind(&BasicSessionStream::handleElementReceived, this, _1)); @@ -106,7 +108,7 @@ bool BasicSessionStream::supportsTLSEncryption() { void BasicSessionStream::addTLSEncryption() { assert(available); - tlsLayer = new TLSLayer(tlsContextFactory); + tlsLayer = new TLSLayer(tlsContextFactory, tlsOptions_); if (hasTLSCertificate() && !tlsLayer->setClientCertificate(getTLSCertificate())) { onClosed(boost::make_shared<SessionStreamError>(SessionStreamError::InvalidTLSCertificateError)); } diff --git a/Swiften/Session/BasicSessionStream.h b/Swiften/Session/BasicSessionStream.h index 7832e42..811374a 100644 --- a/Swiften/Session/BasicSessionStream.h +++ b/Swiften/Session/BasicSessionStream.h @@ -14,6 +14,7 @@ #include <Swiften/Session/SessionStream.h> #include <Swiften/Elements/StreamType.h> #include <Swiften/TLS/TLSError.h> +#include <Swiften/TLS/TLSOptions.h> namespace Swift { class TLSContextFactory; @@ -37,7 +38,8 @@ namespace Swift { PayloadSerializerCollection* payloadSerializers, TLSContextFactory* tlsContextFactory, TimerFactory* whitespacePingLayerFactory, - XMLParserFactory* xmlParserFactory + XMLParserFactory* xmlParserFactory, + const TLSOptions& tlsOptions ); ~BasicSessionStream(); @@ -86,6 +88,7 @@ namespace Swift { TLSLayer* tlsLayer; WhitespacePingLayer* whitespacePingLayer; StreamStack* streamStack; + TLSOptions tlsOptions_; }; } |