Swift
summaryrefslogtreecommitdiffstats
path: root/Swiften
diff options
context:
space:
mode:
Diffstat (limited to 'Swiften')
-rw-r--r--Swiften/TLS/OpenSSL/OpenSSLContextFactory.cpp10
-rw-r--r--Swiften/TLS/OpenSSL/OpenSSLContextFactory.h3
-rw-r--r--Swiften/TLS/Schannel/SchannelContext.cpp10
-rw-r--r--Swiften/TLS/Schannel/SchannelContext.h5
-rw-r--r--Swiften/TLS/Schannel/SchannelContextFactory.cpp6
-rw-r--r--Swiften/TLS/Schannel/SchannelContextFactory.h3
-rw-r--r--Swiften/TLS/TLSContextFactory.h1
7 files changed, 31 insertions, 7 deletions
diff --git a/Swiften/TLS/OpenSSL/OpenSSLContextFactory.cpp b/Swiften/TLS/OpenSSL/OpenSSLContextFactory.cpp
index 50f6731..4981170 100644
--- a/Swiften/TLS/OpenSSL/OpenSSLContextFactory.cpp
+++ b/Swiften/TLS/OpenSSL/OpenSSLContextFactory.cpp
@@ -1,8 +1,8 @@
/*
- * Copyright (c) 2010 Isode Limited.
+ * Copyright (c) 2010-2015 Isode Limited.
* All rights reserved.
* See the COPYING file for more information.
*/
#include <Swiften/TLS/OpenSSL/OpenSSLContextFactory.h>
#include <Swiften/TLS/OpenSSL/OpenSSLContext.h>
@@ -17,14 +17,20 @@ bool OpenSSLContextFactory::canCreate() const {
TLSContext* OpenSSLContextFactory::createTLSContext(const TLSOptions&) {
return new OpenSSLContext();
}
void OpenSSLContextFactory::setCheckCertificateRevocation(bool check) {
if (check) {
- assert(false);
SWIFT_LOG(warning) << "CRL Checking not supported for OpenSSL" << std::endl;
+ assert(false);
+ }
+}
+
+void OpenSSLContextFactory::setDisconnectOnCardRemoval(bool check) {
+ if (check) {
+ SWIFT_LOG(warning) << "Smart cards not supported for OpenSSL" << std::endl;
}
}
}
diff --git a/Swiften/TLS/OpenSSL/OpenSSLContextFactory.h b/Swiften/TLS/OpenSSL/OpenSSLContextFactory.h
index bf7f08a..89033ad 100644
--- a/Swiften/TLS/OpenSSL/OpenSSLContextFactory.h
+++ b/Swiften/TLS/OpenSSL/OpenSSLContextFactory.h
@@ -1,8 +1,8 @@
/*
- * Copyright (c) 2010 Isode Limited.
+ * Copyright (c) 2010-2015 Isode Limited.
* All rights reserved.
* See the COPYING file for more information.
*/
#pragma once
@@ -15,8 +15,9 @@ namespace Swift {
public:
bool canCreate() const;
virtual TLSContext* createTLSContext(const TLSOptions& tlsOptions);
// Not supported
virtual void setCheckCertificateRevocation(bool b);
+ virtual void setDisconnectOnCardRemoval(bool b);
};
}
diff --git a/Swiften/TLS/Schannel/SchannelContext.cpp b/Swiften/TLS/Schannel/SchannelContext.cpp
index 5f230ec..70ff7dd 100644
--- a/Swiften/TLS/Schannel/SchannelContext.cpp
+++ b/Swiften/TLS/Schannel/SchannelContext.cpp
@@ -18,13 +18,13 @@
#include <WinHTTP.h> /* For SECURITY_FLAG_IGNORE_CERT_CN_INVALID */
namespace Swift {
//------------------------------------------------------------------------
-SchannelContext::SchannelContext(bool tls1_0Workaround) : state_(Start), secContext_(0), myCertStore_(NULL), certStoreName_("MY"), certName_(), smartCardReader_(), checkCertificateRevocation_(true), tls1_0Workaround_(tls1_0Workaround) {
+SchannelContext::SchannelContext(bool tls1_0Workaround) : state_(Start), secContext_(0), myCertStore_(NULL), certStoreName_("MY"), certName_(), smartCardReader_(), checkCertificateRevocation_(true), tls1_0Workaround_(tls1_0Workaround), disconnectOnCardRemoval_(true) {
contextFlags_ = ISC_REQ_ALLOCATE_MEMORY |
ISC_REQ_CONFIDENTIALITY |
ISC_REQ_EXTENDED_ERROR |
ISC_REQ_INTEGRITY |
ISC_REQ_REPLAY_DETECT |
ISC_REQ_SEQUENCE_DETECT |
@@ -622,13 +622,15 @@ bool SchannelContext::setClientCertificate(CertificateWithKey::ref certificate)
return true;
}
//------------------------------------------------------------------------
void SchannelContext::handleCertificateCardRemoved() {
- indicateError(boost::make_shared<TLSError>(TLSError::CertificateCardRemoved));
+ if (disconnectOnCardRemoval_) {
+ indicateError(boost::make_shared<TLSError>(TLSError::CertificateCardRemoved));
+ }
}
//------------------------------------------------------------------------
std::vector<Certificate::ref> SchannelContext::getPeerCertificateChain() const {
std::vector<Certificate::ref> certificateChain;
@@ -677,8 +679,12 @@ ByteArray SchannelContext::getFinishMessage() const {
//------------------------------------------------------------------------
void SchannelContext::setCheckCertificateRevocation(bool b) {
checkCertificateRevocation_ = b;
}
+void SchannelContext::setDisconnectOnCardRemoval(bool b) {
+ disconnectOnCardRemoval_ = b;
+}
+
}
diff --git a/Swiften/TLS/Schannel/SchannelContext.h b/Swiften/TLS/Schannel/SchannelContext.h
index 19cc473..36a3f0c 100644
--- a/Swiften/TLS/Schannel/SchannelContext.h
+++ b/Swiften/TLS/Schannel/SchannelContext.h
@@ -2,13 +2,13 @@
* Copyright (c) 2011 Soren Dreijer
* Licensed under the simplified BSD license.
* See Documentation/Licenses/BSD-simplified.txt for more information.
*/
/*
- * Copyright (c) 2012 Isode Limited.
+ * Copyright (c) 2012-2015 Isode Limited.
* All rights reserved.
* See the COPYING file for more information.
*/
#pragma once
@@ -54,12 +54,14 @@ namespace Swift
virtual CertificateVerificationError::ref getPeerCertificateVerificationError() const;
virtual ByteArray getFinishMessage() const;
virtual void setCheckCertificateRevocation(bool b);
+ virtual void setDisconnectOnCardRemoval(bool b);
+
private:
void determineStreamSizes();
void continueHandshake(const SafeByteArray& data);
void indicateError(boost::shared_ptr<TLSError> error);
//FIXME: Remove
void indicateError() {indicateError(boost::make_shared<TLSError>());}
@@ -102,8 +104,9 @@ namespace Swift
std::string certName_;
////Not needed, most likely
std::string smartCardReader_; //Can be empty string for non SmartCard certificates
boost::shared_ptr<CAPICertificate> userCertificate_;
bool checkCertificateRevocation_;
bool tls1_0Workaround_;
+ bool disconnectOnCardRemoval_;
};
}
diff --git a/Swiften/TLS/Schannel/SchannelContextFactory.cpp b/Swiften/TLS/Schannel/SchannelContextFactory.cpp
index 6e83b0d..c2587c5 100644
--- a/Swiften/TLS/Schannel/SchannelContextFactory.cpp
+++ b/Swiften/TLS/Schannel/SchannelContextFactory.cpp
@@ -12,25 +12,29 @@
#include "Swiften/TLS/Schannel/SchannelContextFactory.h"
#include "Swiften/TLS/Schannel/SchannelContext.h"
namespace Swift {
-SchannelContextFactory::SchannelContextFactory() : checkCertificateRevocation(true) {
+SchannelContextFactory::SchannelContextFactory() : checkCertificateRevocation(true), disconnectOnCardRemoval(true) {
}
bool SchannelContextFactory::canCreate() const {
return true;
}
TLSContext* SchannelContextFactory::createTLSContext(const TLSOptions& tlsOptions) {
SchannelContext* context = new SchannelContext(tlsOptions.schannelTLS1_0Workaround);
context->setCheckCertificateRevocation(checkCertificateRevocation);
+ context->setDisconnectOnCardRemoval(disconnectOnCardRemoval);
return context;
}
void SchannelContextFactory::setCheckCertificateRevocation(bool b) {
checkCertificateRevocation = b;
}
+void SchannelContextFactory::setDisconnectOnCardRemoval(bool b) {
+ disconnectOnCardRemoval = b;
+}
}
diff --git a/Swiften/TLS/Schannel/SchannelContextFactory.h b/Swiften/TLS/Schannel/SchannelContextFactory.h
index 789d15f..27b7dc9 100644
--- a/Swiften/TLS/Schannel/SchannelContextFactory.h
+++ b/Swiften/TLS/Schannel/SchannelContextFactory.h
@@ -21,10 +21,13 @@ namespace Swift {
bool canCreate() const;
virtual TLSContext* createTLSContext(const TLSOptions& tlsOptions);
virtual void setCheckCertificateRevocation(bool b);
+ virtual void setDisconnectOnCardRemoval(bool b);
+
public:
bool checkCertificateRevocation;
+ bool disconnectOnCardRemoval;
};
}
diff --git a/Swiften/TLS/TLSContextFactory.h b/Swiften/TLS/TLSContextFactory.h
index 90da4a1..b67c34f 100644
--- a/Swiften/TLS/TLSContextFactory.h
+++ b/Swiften/TLS/TLSContextFactory.h
@@ -17,8 +17,9 @@ namespace Swift {
virtual ~TLSContextFactory();
virtual bool canCreate() const = 0;
virtual TLSContext* createTLSContext(const TLSOptions& tlsOptions) = 0;
virtual void setCheckCertificateRevocation(bool b) = 0;
+ virtual void setDisconnectOnCardRemoval(bool b) = 0;
};
}