summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGurmeen Bindra <gurmeen.bindra@isode.com>2015-09-09 10:17:12 (GMT)
committerGurmeen Bindra <gurmeen.bindra@isode.com>2015-11-04 11:29:29 (GMT)
commit8405fa16b738b6ef6a5920cd9d0f5735f8b62369 (patch)
tree4f028e3c4d12c45d2a88d0372145a0dad1f57ffe /Swiften
parent87ff0cf5d0efcda674bbeb0aec306e92c7527ac5 (diff)
downloadswift-8405fa16b738b6ef6a5920cd9d0f5735f8b62369.zip
swift-8405fa16b738b6ef6a5920cd9d0f5735f8b62369.tar.bz2
Fix swiften handling when client certificate is missing
This patch prevents SWIFTEN from logging in if provided with a missing PKCS12 file. Before this patch, swiften would attempt a password based login using operator JID and pwd of the P12 file when the P12 file was missing. This patch fixes it by checking the certificate and not initialising session stream and connection if the certificate is empty. It emits a disconnect with client certificate load error. The string for certificate load error has been modified to indicate a file or password invalid. Test-information: Tested by doing a certificate based bind to an XMPP server. Removed the PKCS#12 file and checked that swift gave a certificate error instead of doing pwd connect Change-Id: I1869a13f1f7135b6606f7383cd4a0356ffd6931b
Diffstat (limited to 'Swiften')
-rw-r--r--Swiften/Client/CoreClient.cpp11
1 files changed, 9 insertions, 2 deletions
diff --git a/Swiften/Client/CoreClient.cpp b/Swiften/Client/CoreClient.cpp
index fa9bd33..af64577 100644
--- a/Swiften/Client/CoreClient.cpp
+++ b/Swiften/Client/CoreClient.cpp
@@ -190,11 +190,18 @@ void CoreClient::handleConnectorFinished(boost::shared_ptr<Connection> connectio
}
else {
assert(!connection_);
+ assert(!sessionStream_);
+
+ if (certificate_ && certificate_->isNull()) {
+ //certificate cannot be read so do not initailise session
+ onDisconnected(boost::optional<ClientError>(ClientError::ClientCertificateLoadError));
+ return;
+ }
+
connection_ = connection;
- assert(!sessionStream_);
sessionStream_ = boost::make_shared<BasicSessionStream>(ClientStreamType, connection_, getPayloadParserFactories(), getPayloadSerializers(), networkFactories->getTLSContextFactory(), networkFactories->getTimerFactory(), networkFactories->getXMLParserFactory(), options.tlsOptions);
- if (certificate_ && !certificate_->isNull()) {
+ if (certificate_) {
sessionStream_->setTLSCertificate(certificate_);
}
sessionStream_->onDataRead.connect(boost::bind(&CoreClient::handleDataRead, this, _1));