summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTobias Markmann <tm@ayena.de>2016-02-08 15:06:54 (GMT)
committerTobias Markmann <tm@ayena.de>2016-02-08 15:06:54 (GMT)
commit27211ac2ca11c6ac259bc09bb81a7ed297a9d07d (patch)
tree6663eb8edcbc44f1c9af3777805404adc5d92a9b /Swiften/TLS
parentde378c0b47268aea03177165156627659e28dde3 (diff)
downloadswift-27211ac2ca11c6ac259bc09bb81a7ed297a9d07d.zip
swift-27211ac2ca11c6ac259bc09bb81a7ed297a9d07d.tar.bz2
Treat cert verify errors as non-fatal in OS X TLS backend
Our TLS backends need to tread TLS verification errors, e.g. outdated certificate, untrusted CA, non-matching host, etc., as non-fatal, so the application can apply custom key pinning verification or similar. This patch changes the OS X SecureTransport backend to behave accordingly and adjusts the CertificateErrorTest to mirror this behavior. This commit also fixes a double-free in SecureTransportCertificate. Test-Information: Connected to a host with an untrusted CA and non-matching domain in the certificate and was prompted with the Swift certificate trust dialog on OS X 10.11.3. Swiften/QA/TLSTest run successfully on OS X 10.11.3. Change-Id: I4c8ce2178540d79a5f328e2e0558d4deb4295134
Diffstat (limited to 'Swiften/TLS')
-rw-r--r--Swiften/TLS/SecureTransport/SecureTransportCertificate.mm6
-rw-r--r--Swiften/TLS/SecureTransport/SecureTransportContext.mm17
2 files changed, 9 insertions, 14 deletions
diff --git a/Swiften/TLS/SecureTransport/SecureTransportCertificate.mm b/Swiften/TLS/SecureTransport/SecureTransportCertificate.mm
index 4270a6f..ed409bd 100644
--- a/Swiften/TLS/SecureTransport/SecureTransportCertificate.mm
+++ b/Swiften/TLS/SecureTransport/SecureTransportCertificate.mm
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015 Isode Limited.
+ * Copyright (c) 2015-2016 Isode Limited.
* All rights reserved.
* See the COPYING file for more information.
*/
@@ -36,9 +36,9 @@ SecureTransportCertificate::SecureTransportCertificate(SecCertificateRef certifi
SecureTransportCertificate::SecureTransportCertificate(const ByteArray& der) {
- CFDataRef derData = CFDataCreateWithBytesNoCopy(NULL, der.data(), static_cast<CFIndex>(der.size()), NULL);
+ CFDataRef derData = CFDataCreateWithBytesNoCopy(NULL, der.data(), static_cast<CFIndex>(der.size()), NULL);
+ // certificate will take ownership of derData and free it on its release.
SecCertificateRef certificate = SecCertificateCreateWithData(NULL, derData);
- CFRelease(derData);
if (certificate) {
certificateHandle_ = boost::shared_ptr<SecCertificate>(certificate, CFRelease);
parse();
diff --git a/Swiften/TLS/SecureTransport/SecureTransportContext.mm b/Swiften/TLS/SecureTransport/SecureTransportContext.mm
index 2357579..ca6c5bb 100644
--- a/Swiften/TLS/SecureTransport/SecureTransportContext.mm
+++ b/Swiften/TLS/SecureTransport/SecureTransportContext.mm
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015 Isode Limited.
+ * Copyright (c) 2015-2016 Isode Limited.
* All rights reserved.
* See the COPYING file for more information.
*/
@@ -270,16 +270,11 @@ void SecureTransportContext::verifyServerCertificate() {
break;
}
- if (verificationError_) {
- setState(Error);
- SSLClose(sslContext_.get());
- sslContext_.reset();
- onError(boost::make_shared<TLSError>());
- }
- else {
- // proceed with handshake
- processHandshake();
- }
+ // We proceed with the TLS handshake here to give the application an opportunity
+ // to apply custom validation and trust management. The application is responsible
+ // to call \ref getPeerCertificateVerificationError directly after the \ref onConnected
+ // signal is called and before any application data is send to the context.
+ processHandshake();
}
#pragma clang diagnostic pop