diff options
author | Tobias Markmann <tm@ayena.de> | 2016-02-08 15:06:54 (GMT) |
---|---|---|
committer | Tobias Markmann <tm@ayena.de> | 2016-02-08 15:06:54 (GMT) |
commit | 27211ac2ca11c6ac259bc09bb81a7ed297a9d07d (patch) | |
tree | 6663eb8edcbc44f1c9af3777805404adc5d92a9b /Swiften/TLS/SecureTransport | |
parent | de378c0b47268aea03177165156627659e28dde3 (diff) | |
download | swift-27211ac2ca11c6ac259bc09bb81a7ed297a9d07d.zip swift-27211ac2ca11c6ac259bc09bb81a7ed297a9d07d.tar.bz2 |
Treat cert verify errors as non-fatal in OS X TLS backend
Our TLS backends need to tread TLS verification errors, e.g.
outdated certificate, untrusted CA, non-matching host, etc.,
as non-fatal, so the application can apply custom key
pinning verification or similar.
This patch changes the OS X SecureTransport backend to behave
accordingly and adjusts the CertificateErrorTest to mirror
this behavior.
This commit also fixes a double-free in
SecureTransportCertificate.
Test-Information:
Connected to a host with an untrusted CA and non-matching
domain in the certificate and was prompted with the Swift
certificate trust dialog on OS X 10.11.3.
Swiften/QA/TLSTest run successfully on OS X 10.11.3.
Change-Id: I4c8ce2178540d79a5f328e2e0558d4deb4295134
Diffstat (limited to 'Swiften/TLS/SecureTransport')
-rw-r--r-- | Swiften/TLS/SecureTransport/SecureTransportCertificate.mm | 6 | ||||
-rw-r--r-- | Swiften/TLS/SecureTransport/SecureTransportContext.mm | 17 |
2 files changed, 9 insertions, 14 deletions
diff --git a/Swiften/TLS/SecureTransport/SecureTransportCertificate.mm b/Swiften/TLS/SecureTransport/SecureTransportCertificate.mm index 4270a6f..ed409bd 100644 --- a/Swiften/TLS/SecureTransport/SecureTransportCertificate.mm +++ b/Swiften/TLS/SecureTransport/SecureTransportCertificate.mm @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015 Isode Limited. + * Copyright (c) 2015-2016 Isode Limited. * All rights reserved. * See the COPYING file for more information. */ @@ -36,9 +36,9 @@ SecureTransportCertificate::SecureTransportCertificate(SecCertificateRef certifi SecureTransportCertificate::SecureTransportCertificate(const ByteArray& der) { - CFDataRef derData = CFDataCreateWithBytesNoCopy(NULL, der.data(), static_cast<CFIndex>(der.size()), NULL); + CFDataRef derData = CFDataCreateWithBytesNoCopy(NULL, der.data(), static_cast<CFIndex>(der.size()), NULL); + // certificate will take ownership of derData and free it on its release. SecCertificateRef certificate = SecCertificateCreateWithData(NULL, derData); - CFRelease(derData); if (certificate) { certificateHandle_ = boost::shared_ptr<SecCertificate>(certificate, CFRelease); parse(); diff --git a/Swiften/TLS/SecureTransport/SecureTransportContext.mm b/Swiften/TLS/SecureTransport/SecureTransportContext.mm index 2357579..ca6c5bb 100644 --- a/Swiften/TLS/SecureTransport/SecureTransportContext.mm +++ b/Swiften/TLS/SecureTransport/SecureTransportContext.mm @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015 Isode Limited. + * Copyright (c) 2015-2016 Isode Limited. * All rights reserved. * See the COPYING file for more information. */ @@ -270,16 +270,11 @@ void SecureTransportContext::verifyServerCertificate() { break; } - if (verificationError_) { - setState(Error); - SSLClose(sslContext_.get()); - sslContext_.reset(); - onError(boost::make_shared<TLSError>()); - } - else { - // proceed with handshake - processHandshake(); - } + // We proceed with the TLS handshake here to give the application an opportunity + // to apply custom validation and trust management. The application is responsible + // to call \ref getPeerCertificateVerificationError directly after the \ref onConnected + // signal is called and before any application data is send to the context. + processHandshake(); } #pragma clang diagnostic pop |