AgeCommit message (Collapse)Author
2020-01-09Accept certs with upper case entriesHEADmasterKevin Smith
Although we were doing the right thing with punycode (as far as I can see) for the IDNA entries, we were forgetting that the comparisons needed to be case insensitive (checked the RFCs). Now they are. Test-Information: Added unit tests for the three flows that were modified. Change-Id: Ib17ae3df66159f38339996580dc85a5d99356274
2020-01-09Add copy/move ctors for JIDsKevin Smith
Test-Information: Unit tests still pass. Change-Id: I4e5b63104e482a79a933f337082c579db7bb8cff
2019-11-19Remove std::endl from SWIFT_LOG callsEdwin Mons
The std::endl is now added by ~Log, but only for output to stderr or a log file. Calls to the Android logging system or manually set callbacks will not include the newline in the logging output. JIRA: SWIFT-430 Test-Information: Unit tests pass on Debian 9 Checked that running Swift with logging to stderr still had a newline. Change-Id: I096fdba78a3b8f87db2097951c28c528592183e8
2019-11-19Let handleNextEvent only handle a single eventEdwin Mons
A batching mechanism was added to EventLoop::handleNextEvent, which caused it to be renamed to handleNextEvents. The problem with the batching was that it breaks EventLoop::removeEventsFromOwner: events already grabbed off the events_ queue for invocation could be removed, leading to issues in cases where two events were grabbed off the queue that referred to the same entity, the second event was a timer event, and the first event caused the timer to be stopped. The timer event would in this case be executed, leading to unexpected behaviour or crashes, as shown by the added unit test. Test-Information: Unit tests pass on Debian 9 and macOS 10.14. Benchmarked the eventloop on Debian and macOS, and did not notice a performance degradation. Transferred files using S5B and IBB, and checked there were no UI hangs. Transfer speed before and after the change are roughly the same. Change-Id: Ife7312f533e8f0976c2e8077d16e0b63fbac6eb1
2019-11-15Update 3rdParty/CppUnit to version 1.14.0Tobias Markmann
This gets rid of std::auto_ptr usage and its deprecation warnings. Test-Information: Builds and tests pass on macOS. Change-Id: I299a0a8d9aa2ead15c933e83a2e3e53f84a4f5b7
2019-11-14Remove extra semicolonsTobias Markmann
clang-trunk complained about them and ideally Swift would build without warnings. Test-Information: Builds find and tests pass. Change-Id: I1896befef0e65a980cc22f402e126aec8b56e71f
2019-11-14Pass down SDKROOT environment variableTobias Markmann
This is needed on macOS so that the running compiler knows what SDK to build against. Test-Information: Builds with system and custom build clang on macOS 10.14.6. Change-Id: I80a76937834d681c322bf36bfcb034565be9b2f5
2019-11-13Re-enable logging in OpenSSLContextEdwin Mons
All logging in OpenSSLContext is now at debug level. Test-Information: Unit tests pass. Change-Id: I44d01ff23a05676a26ec547d6454dcb6883ebd88
2019-11-13Clear internal error state after cert chain parseTim Costen
When parsing a PEM string containing a chain of certificates, createCertificateChain calls PEM_read_bio_X509 until it returns NULL (end of chain). But this will have set OpenSSL's internal error chain. Creating a new OpenSSL context has the side effect of clearing this chain, but if you are using a context which has already been created, the context sees that the error chain is set and fails. All that is needed is for createCertificateChain to clear the OpenSSL error chain before returning. JIRA: LINK-1868 Change-Id: Ife2a3dabfeecff9e430648d63e4b4ba001e80a00
2019-11-13Support application-supplied loggingEdwin Mons
This adds a method to set a logging callback. If such a callback is set, all SWIFT_LOG calls will invoke this callback instead of writing to either stderr or the swift logging file. Test-Information: Updated unit tests pass. Checked that logs generated by Swift and Sluift (which do not set the callback) resulted in logging in the expected location. Change-Id: I0eb2a1057aa77839e1b8d5f320205eb9d5fdc253
2019-11-05Handle xmpp-server SRV recordsTim Costen
Update ServerIdentityVerifier with new boolean parameter (defaulting to false) to its constructor. Use this to determine whether to check for SRV records which start with "_xmpp-client." (the default, for backwards compatibility), or "_xmpp-server.". JIRA: SWIFT-424 Bug: Release-notes: Manual: Test-information: Added a couple of new unit tests to check operation when this parameter is set true. All ServerIdentityVerifier unit tests run as before. Change-Id: Icb1fee31b436292cd6b5e61bc86482d700e40332
2019-10-30Bring StreamError enum to specEdwin Mons
RFC 6120 no longer defines invalid-id, and adds unsupported-feature. The StreamError enum was derived from the schema in section A.2, which erroneously had these two deviations from 4.9.3. Test-Information: Unit tests pass on Debian 9 Change-Id: I2bb3d0b09448877bbd4618fa852baab87bfa1abc
2019-10-30Fix libxml2 crash on certain invalid inputEdwin Mons
When the libxml2 parser is fed data with an odd combination of invalid input (triggering the parser to assume 2 or 4 byte encodings were in play), I/O errors might occur. In that case, the parser context will not have its internal error set, but the call to xmlParseChunk will return the right error. The parse() method now uses the output of xmlParseChunk directly instead of trying to obtain the error from the parser context afterwards. Encoding errors during parsing were emitted to stderr because the default error handlers were still in place. These have been replaced with custom handlers that suppress the output. Test-Information: Unit tests pass on Debian 9 Change-Id: Ie01db4be467e5197203c9d07d3356f5d44d8b9b4
2019-10-29Comment out logging callsTim Costen
Swift OpenSSLContext and OpenSSLCertificate contain a number of error, warning and info logging calls which have the effect of writing to stderr. This patch comments them out for now - a proper interface with a logging object being passed in etc will be added at a later date. JIRA: SWIFT-426 Bug: Release-notes: Manual: Test-information: Compiles OK. TLSTest runs OK. Change-Id: I2bc09ff32277c2b669317fcf9748358b2934db7c
2019-10-29Allow use of system TAs to be disabled via TLSOptionsTim Costen
Add new boolean flag to TLSOptions which when set to true prevents system Trust Anchors being loaded into new TLS contexts created using OpenSSL. Add new test to Swiften QA with appropriate comment. JIRA: SWIFT-425 Test-information: Checked logic of change under debugger while running the tests in CertificateTest.cpp which create TLS contexts. Change-Id: I2d4a8410ce9cc752e6774e1d1cdb84dcd37b01d7
2019-10-18Extend getPeerCertificateChainTim Costen
Extend getPeerCertificateChain so that it uses the correct SSL methods for Server and Client mode contexts, i.e. SSL_get_peer_certificate as well as get_peer_cert_chain when this is a server-mode context. Tidy up error message logged on certificate verification failure. Always return "1" from verifyCallback; check result of certificate verification by a call to getPeerCertificateVerificationError() once the TLS session is established. JIRA: LINK-1814 Bug: Release-notes: Manual: Change-Id: Ica1d90998187ec5ce2584d48bd6fbfb8f9a667c9 Test-information:
2019-10-18Return unique_ptr in PlatformIDNConverter::create()Tobias Markmann
There are cases where users of this method forget to free the pointer. This is now avoided by returning a unique_ptr. Test-Information: All existing unit and integration tests, i.e. `./scons test=all` pass. Change-Id: I10a88c3361823074d81db7af8cec1bd70c409995
2019-10-07Add ability to set external Trust Anchors to Swift OpenSSL contextTim Costen
Add a new (optional) field to TLSContext, which allows a vector of Trust Anchor certificates to be specified. Inside OpenSSLContext::configure, pass the X509 components of these certificates into the OpenSSL context: these are now available for client certificate verification in any callback method set via TLSOptions.verifyCertificateCallback. JIRA: LINK-1765 Test-information: Tested via MLink unit tests. No leaks reported. Change-Id: Ie9cc2051ee212249a12a4bc71b62306b5bce3013
2019-10-04Correct leaks in OpenSSL interfaceTim Costen
Remove increment of reference count on first certificate added to a new SSL context - the call to SSL_CTX_use_certificate does this internally. When adding extra certificates to the context via calls to SSL_CTX_add_extra_certificate, the explicit increment of the reference count is still required to prevent destruction of the certificates when the SSL context is freed. In OpenSSLContext::setPrivateKey, make sure the EVP_PKEY returned by PEM_read_bio_PrivateKey is tidied up, by wrapping it in a shared_ptr which calls EVP_PKEY_free. Add a new Unit test which creates an SSL context and inserts a multi-element certificate chain and a private key. JIRA: SWIFT-423 Bug: Release-notes: Manual: Change-Id: I82c66139a9dfe7a925eb39f73721200895a689e2 Test-information: Leak testing performed via ASAN-compiled MLink unit tests - now no leaks/errors reported associated with TLS Contexts and Certificates. Swiften unit test runs as expected.
2019-10-03Treat numeric domain JID as invalidJoanna Hulboj
DomainJID consisting of only numbers is not treated as valid. Test-information: Unit tests pass on Windows 10 and Ubuntu 18.04.1 LTS. Change-Id: If23ba8b8ea2a3c72d6f6e3acec4f587166c14e61
2019-09-25Remove duplicated argumentsJoanna Hulboj
Test-information: Unit tests pass on Windows 10 and Ubuntu 18.04.1 LTS. Change-Id: Icea837d91f28f47f7b0a90bc620b26c5567c8421
2019-09-24Process attribute and element prefixesJoanna Hulboj
XML (Expat/LibXML) parsing modified to process prefix information. Prefixes for attributes stored within attributes. Prefixes for elements passed in additional callback (only if prefix present). Test-information: Unit tests pass on Windows 10 and Ubuntu 18.04.1 LTS. Change-Id: Ib6b5087feed758c31895f426df6a3c7ea975f248
2019-09-19Add support for use of shared certificate chain when setting up TLS contextTim Costen
Actual implementation is in OpenSSL subclass. This allows a permanent vector of shared certificates to be used when creating multiple OpenSSL contexts. This replaces the existing use of a vector of unique pointers to certificates which handed over responsibility for the underlying OpenSSL certs to the OpenSSL context. To enable this to work, a new method is added to the OpenSSLCertificate class which enables the reference count on the the contained OpenSSL certificate to be incremented - this stops the OpenSSL certificate being deleted when the OpenSSL context is freed. Use of conditional compilation was necessary to get the reference counting to build with the different versions of OpenSSL in use. Modify the method in OpenSSLCertificateFactory (and stub in CertificateFactory) which generates a vector of certificates, so that it generates a vector of shared_ptrs rather than unique_ptrs. Add test of CreateCertificateChain to Swiften CertificateTest class, together with sample certificate file in PEM form. JIRA: LINK-1763 Bug: Release-notes: Manual: Test-information: Tested via development version of Mystique - created multiple TLS sessions using single certificate chain. Swift unit tests now build and run again. New Swiften TLS unit test builds and runs. Change-Id: I7fa4888b640c94b68712a6bff1f7aa334a358df2
2019-09-17Set DEBIAN_FRONTEND=noninteractive for Dockerfile.package.inTobias Markmann
Test-Information: Tested that it does not request input from user anymore. Change-Id: I85d231dab20e124f4ee8a9575a1b0422d216abe0
2019-09-17Fix casing of enums to avoid conflict on WindowsTobias Markmann
Test-Information: Tested on Windows with OpenSSL that this fixes the compilation issue. Change-Id: I01887c8eb758a6c1c208244cdae32aa9c0a99565
2019-09-16Close the stream for disallowed XML featuresJoanna Hulboj
According to RFC 6120 if any disallowed XML feature is encountered, we should close the stream with a <restricted-xml/>. The following features of XML are prohibited in XMPP: - processing instructions - internal or external DTD subsets - internal or external entity references - comments Test-information: Unit tests pass on Windows 10 and Ubuntu 18.04.1 LTS Change-Id: I475920c91b7f9da51ab37c106a4783a52f6e3cae
2019-09-03Add enhanced OpenSSL configurationTim Costen
Adds TLSOptions to the OpenSSLContext, which invokes a new private 'configure' method which allows various OpenSSL options to be set. Also add standard verification callbacks and external (via a std::function field in TLSOptions) to allow the user to specify their own method which will perform client certificate checking when a new TLS connection is accepted. Only set up the internal verifyCertCallback if the user-supplied hook is set. All callback hooks are set up in the 'configure' method, and only then if TLSOptions.verifyMode is present (i.e. not defaulted to boost::none), to preserve compatibility for users of this class (e.g. Swift) which want to use OpenSSL's own internal validation functions rather than setting the callbacks. Test-information: Used new code under development in M-Link when setting up a TLSContext, setting verify-mode=require, and set up verifyCertCallback with a local method. Making a client TLS connection which includes a client certificate results in the local verify callback being invoked. Change-Id: Idbb7279e1711fca8123f430bfca0dcfb65bc8da6
2019-08-20Fix building 3rdParty/Expat on non-WindowsTobias Markmann
Test-Information: Tested successfully on macOS 10.14.6 and Debian 9. Change-Id: I341589b6e92e9d16b53ea247d0b91ac1a0639f66
2019-07-29Add KDE Neon support to InstallSwiftDependencies.shTobias Markmann
Thanks Miroslaw Stein. Test-Information: After running BuildTools/ Swift builds fine on KDE Neon User Edition 5.16. Change-Id: I05c074051aaecfdaf2352308285bcfaeaa4d8c2c
2019-07-26Update 3rdParty/Expat to 2.2.7Tobias Markmann
Test-Information: None yet. Change-Id: Ia5b570c918b8059561b52062e8d43496f188ee4a
2019-07-22Signal namespace declarations to ParserClientsEdwin Mons
Prior to calling handleStartElement, the ParserClient handleNamespaceDeclaration will fire for each namespace declared on the element. Test-Information: Unit tests pass on Debian 9 for both expat and libxml2 Change-Id: Ic42e83aee83edfbb2aa5c971997808eb6e133223
2019-05-28Add check if IPv4, IPv6 are valid JID domain partJoanna Hulboj
When creating a JID we were not checking if a domain part is a valid IPv4, IPv6 addresses. We were only checking if the domain is correct according to internationalized domain name rules which was failing for IPv6 addresses. Test-Information: Unit tests pass on Windows 10 and Ubuntu 18.04.1 LTS Change-Id: Ia1b67089f6edfdc6a0ebf2d26a7eaab9ce8171c0
2019-05-13Add flag to signal final XML dataEdwin Mons
XML parse now takes an optional boolean that will signal that with the data that is fed into the parser, the document should now be complete. This will allow the parser to reject partial documents. Test-Information: Updated unit tests pass. Checked that default behaviour wasn't changed. Tested with various partial and complete documents. Change-Id: Ide7c2e47c49d5667f1febcb23da366e96d0dbc21
2019-03-19Replace use of Cocoa API deprecated in 10.14 in SlimberTobias Markmann
macOS 10.14 started to deprecate some old Cocoa API. This replaces use of the deprecated API with newer Cocoa API. Test-Information: Still builds fine on macOS 10.14.3. Verified that Slimber still works as expected. Change-Id: Id772af58b3fd233ecf829b80eca59815184a6113
2019-03-18Remove non-library code from 3rdParty LibNATPMP SConscriptTobias Markmann
libSwiften should not ship with any main symbol. While it is not harmful directly it bloats the library and prevents a main symbol free library, which is useful in some cases. Test-Information: All unit and integration tests pass on macOS 10.14.3. Change-Id: Idf2294ebef04acacc8f1f95d2be58b3f96409ebb
2019-03-12Remove duplicated sources in DockerJohnny Sheppard
Change-Id: I4ee9b2e6d9c8c224e428f9fa06a74315872603ef
2019-02-28Create Debian packages using DockerThanos Doukoudakis
This patch will setup Docker containers to build the source and Debian packages. The script will use the private key under gpg-keys folder to sign the Debian packages. If the folder is not there or doesn’t exist then the build will fail. Keys are expected to be in .asc format, unencrypted and not password protected. Added .dockerignore file to avoid copying the cache files to the container. The output is stored in out/ folder and the folder structure is ready for script. SWIFT_PACKAGE_PLATFORMS defines the platforms that it will be build for. Default values are: ubuntu:bionic ubuntu:cosmic debian:stretch debian:sid. DOCKERRUNEXTRAFLAGS variable can set additional flags for Docker builders. Currently is set to --privileged to avoid an issue during build with Qt5.11.1 Updated the Debian repo scripts to new distributions and Docker changes. Test-Information: Run the script and created source & binaries for all the distributions. Verified that changelog, compact, control, copyright, rules and source/format exist under the Debian folder when building the Debian package. Created tags and generated dev builds, rc builds, and release builds to test the output of the different release channels. Created a container, tested the Swift and Swiften packages, and the installations: Tested the following debs with piuparts in a docker container of the system they are build for. No errors raised and a few warnings related with chroot (which fails within a docker container) *libswiften-dev-dbgsym*.deb, *libswiften-dev_*.deb *libswiften5-dbgsym_*.deb *libswiften5_*.deb *swift-im-dbgsym_*.deb *swift-im_*.deb Installed the above packages and verified the install with swift-im –version, headers exist in /usr/include/Swiften/ and under /usr/lib/. Verified the gpg signatures on the .changes and .buildinfo files. Tested the output with the and the import was successful. Verified the .changes and .buildinfo files with lintion which reported the following errors and warnings (there are differences between different channels release, beta, development): E: swift-im changes: bad-distribution-in-changes-file development E: swift-im changes: multiple-distributions-in-changes-file beta development W: libswiften5: new-package-should-close-itp-bug W: libswiften-dev: new-package-should-close-itp-bug W: swift-im: new-package-should-close-itp-bug Tested that the man page exists after installing in a docker container (ubuntu xenial, debian stetch, debian sid). Change-Id: Ic28d2731bbca34716645e76e7e7e7e8183dea4f8
2019-02-26Fix library search path for man page generationThanos Doukoudakis
This patch will fix an issue that occurs when generating the man pages for swift-im. The man page is generated from the Swiften library using help2man. The issue occurs when the library cannot be found during build time and help2man is generating a man page with the output of that error, ignoring the return error code from swift-im. To avoid this happening in future builds, swift-im --help is run before generating the page and checked if the execution was successful. If yes we proceed with the generation, if not we stop the build and throw an error. swiften-config man page generation was not affected by this issue. Test-Information: Build with ubuntu 18.04 on a machine that hasn’t got Swift or Swiften installed. Build the Debian package for Debian stretch with pbuilder, and installed on a clean docker container (Debian stretch). Repeated the test with Debian sid but with packages build from docker containers. Change-Id: Icf8a84ba7f4810c87e5835e5ac1a91d1324ddac8
2019-02-20Fix Python 3 Unicode issues related to Windows packagingTobias Markmann
Test-Information: Without these fixes, the build of a Windows MSI package is not possible on Windows Server 2012. This is due to the fact that on Windows you must force UTF8 coding on file open as it defaults to Windows specific codec for everything. Tested by building a Windows MSI package on Windows Server 2012. Change-Id: I32664824188775f5ba27d9644fbbf33bf7094dfa
2019-02-12Force tool output encoding to UTF-8Tobias Markmann
On Windows the preferred encoding is cp1252, which makes zero sense for text files. This change will force it to UTF-8, which is a sensible choice that works best. Test-Information: Build now works on Windows 2012 with MSVC 2015 32bit, with test=unit. Change-Id: I3324d41fe33df98cdd5b90e0712f741f401176c3
2019-02-07Split out attribute escape routineEdwin Mons
Test-Information: Unit tests pass on Debian 9 Change-Id: I60f95816cfa48a619f83daac1d88e229bbe228ed
2019-01-25Allow Sluift to set stanza IDsKevin Smith
Test-Information: Compiles Change-Id: I5bfbf270524a1a31c9105f108f47f64eb95276d1
2019-01-22Avoid deprecated boost endianess includeMiroslaw Stein
As of Boost 1.69.0, boost/detail/endian.h is deprecated in favour of boost/predef/other/endian.h, and BOOST_(LITTLE|BIG)_ENDIAN by BOOST_ENDIAN_(LITTLE|BIG)_BYTE. Test-Information: Unit tests pass on Debian 9 Change-Id: If7076c559a4e35219ff97603f50b80cfbe05b29b
2019-01-22Don't assume that tribool has an implicit bool conversionBruce Stephens
In boost 1.68.0 the conversion is implicit, but in 1.69.0 it's explicit and we must explicitly call it. Change-Id: I24eb78be7510c89b88342d28c539cad4977f99fd
2019-01-21Make compatible with both Py2 and Py3Edwin Mons
The merge of 4.x changes onto master introduced changes to Pyhon scripts that weren't compatible with Python 3. The script is now compatible with both Python 2 and Python 3, and a slightly underimplemented test has been expanded to actually live up to its name. getGitBuildVersion has been refactored completely. It has been simplified to require only one invocation of git describe, unit tests for the parsing have been added, and a way to call getGitBuildVersion from the commandline has been added to (to avoid adding a unit test that would call out to an external tool). has been made compatible with Python3, and some additional logic to prevent emitting b'path/to/docbook/xml' instead of the desired 'path/to/docbook/xml' has been added. Generation of COPYING in Swift/QtUI now uses the upstream version provided with SCons 3, and our custom version has been removed. Unused code in the SwiftenDevelopersGuide SConscript with invalid regular expressions has been removed, and the remaining regular expressions in SConscripts have been fixed. Test-Information Code has been tested on macOS 10.14. Scons now completes a build on a clean tree using either Python 2 or Python 3. Running it on a previouly built tree works with either, as well, mixing versions between invocations is not an issue. Swift unit tests pass with Python 3.7.0. unit tests pass with Python 2.7.15 and 3.7.0. Running with doc=1 works with both Python 2 and Python 3, even if the docbook points to a path with unicode characters in it. Resulting COPYING file has been verified both visually and against a Python2 generated one on master. Resulting XML files for documentation have been inspected. Resulting manual HTML and PDF files have been inspected. Change-Id: I54de909d80b8e35a8c351261ae10ce3537729c84
2019-01-21Fix OpenSSLContext to work correctly with OpenSSL 1.1.1Tobias Markmann
The previous code only worked with 1.1.0j or older. Now the code works with 1.1.0j and OpenSSL 1.1.1. Adjusted ClientServerTest to be more graceful in case of errors, i.e. failing tests instead of crashing. Test-Information: Tested that without the changes, the tests pass with OpenSSL 1.1.0j and test fail or crash with OpenSSL 1.1.1 and OpenSSL 1.1.1a. Tested that with the changes, the tests pass with OpenSSL 1.1.0j, OpenSSL 1.1.1, and OpenSSL 1.1.1a. Tested on macOS 10.14.2 with system clang. Change-Id: Ic63774049727f6d949153166f63a8545e9a24892
2019-01-18Allow ownership transfer of certificatesEdwin Mons
OpenSSL TLS contexts assume ownership of any additional certificate passed into it. The CertificateFactory now returns a vector of unique_ptrs, and OpenSSLContext will do the needful with releasing ownership at the right moment. A unit test has been added that uses a chained certificate in client/server context. Before the fix, this test would either fail, or result in a segmentation fault, depending on the mood of OpenSSL. Test-Information: Unit tests pass on Debian 9 Ran manual tests with server test code, tested both chained and single certificates, and no longer observed crashes when accepting a connection. Change-Id: I21814969e45c7d77e9a1af14f2c958c4c0311cd0
2019-01-18Have checker tool not use '--.*' arguments as test namesTobias Markmann
Without this you could not pass through Google Test flags down, because they would be used as CppUnit test names and exit the tool early as the test do not exit. Test-Information: Verified that flags are passed along. This allows to filter specific Google Test test cases. Running checker without parameters still works. Tested that things build on Debian 9.6. Change-Id: I4d4b97a84e2baf81a25cc2f9641c6e49594c0044
2019-01-15Merge tag 'swift-4.x' into masterTobias Markmann
* branch 'swift-4.x': Update for Debian Don't crash on missing bookmark result Add missing include for QAbstractItemModel Update Debian changelog Fix convertToWindowsVersion() function to handle more RCs Fix error response handling when requesting VCards Test-Information: ./scons test=all succeeded on macOS 10.14.2. Change-Id: I99d20a8b0e1b0be501fbbe95adebbff15f510184
2019-01-14Add optional message to TLSErrorEdwin Mons
TLSError now takes an optional error message. OpenSSLContext has been updated to send out one, and calls to SWIFT_LOG have been removed from it for anything but setCertificateChain. OpenSSLContext::handleDataFromApplication misinterpreted the return code of SSL_write, triggering an onError in cases where more network I/O was required. Test-Information: Unit tests pass on Debian 9 Server test code no longer emits undesirable warnings to stderr on macOS 10.14. Change-Id: If0f932693361ef9738ae50d5445bfb4d3ed9b28f