Age | Commit message (Collapse) | Author |
|
This patch adds some checks in the CoreClient class to avoid accessing
stanza and session channels to send data when they are not available.
The Sluift lua wrapper functions will throw an exception in these cases.
Test-Information
All unit test pass.
Timlx:
Test Suite ‘basic’: All tests Pass.
Test Suite ‘fmuc’: All tests except FmucChain Pass (Not related with the
changes)
Change-Id: I3d5894b3cfdafd0ea28c0fb33b6db8588f2a5c8f
|
|
If a server closes the XMPP stream, it sends a </stream:stream>
tag. The client is supposed to respond with the same tag and
then both parties can close the TLS/TCP socket.
Previously Swift(-en) would simply ignore </stream:stream>
tag if it was not directly followed by a shutdown of the TCP
connection.
In addition there is now a timeout timer started as soon as
Swiften or the server initiates a shutdown. It will close
the socket and cleanup the ClientSession if the server does
not respond in time or the network is faulty.
Refactored some code in ClientSession in the process. Moved
ClientSession::State to a C++11 strongly typed enum class.
This also fixes issues where duplicated </stream:stream>
tags would be send by Swift.
Test-Information:
Tested against Prosody ba782a093b14 and M-Link 16.3v6-0,
which provide ad-hoc commands to end a user session.
Previously this was ignored by Swift. Now it correctly responds
to the server, detects it as a disconnect and tries to
reconnect afterwards.
Added unit test for the case where the server closes the
session stream.
Change-Id: I59dfde3aa6b50dc117f340e5db6b9e58b54b3c60
|
|
Test-Information:
Build on macOS 10.12.1 and all tests pass.
Change-Id: Iedaa3fa7e7672c77909fd0568bf30e9393cb87e0
|
|
This change was done by applying the following 'gsed'
replacement calls to all source files:
's/\#include <boost\/shared_ptr\.hpp>/\#include <memory>/g'
's/\#include <boost\/enable_shared_from_this\.hpp>/\#include <memory>/g'
's/\#include <boost\/smart_ptr\/make_shared\.hpp>/\#include <memory>/g'
's/\#include <boost\/make_shared\.hpp>/\#include <memory>/g'
's/\#include <boost\/weak_ptr\.hpp>/\#include <memory>/g'
's/boost::make_shared/std::make_shared/g'
's/boost::dynamic_pointer_cast/std::dynamic_pointer_cast/g'
's/boost::shared_ptr/std::shared_ptr/g'
's/boost::weak_ptr/std::weak_ptr/g'
's/boost::enable_shared_from_this/std::enable_shared_from_this/g'
The remaining issues have been fixed manually.
Test-Information:
Code builds on OS X 10.11.4 and unit tests pass.
Change-Id: Ia7ae34eab869fb9ad6387a1348426b71ae4acd5f
|
|
Run 'clang-tidy -fix -checks=modernize-use-nullptr' on all
source code files on OS X. This does not modernize platform
specific code on Linux and Windows
Test-Information:
Code builds and unit tests pass on OS X 10.11.4.
Change-Id: Ic43ffeb1b76c1a933a55af03db3c54977f5f60dd
|
|
Removed trailing spaces and whitespace on empty lines
in the process.
Changed CheckTabs.py tool to disallow hard tabs in source
files.
Test-Information:
Manually checked 30 random files that the conversion worked
as expected.
Change-Id: I874f99d617bd3d2bb55f02d58f22f58f9b094480
|
|
This allows to authenticate using SASL EXTERNAL over BOSH
using a client TLS certificate for the HTTPS connection of
the BOSH channel.
The implementation also enforces the HTTPS server certificate
of subsequent BOSH connections not to change.
This commit also removes TLSConnection and TLSConnectionFactory
as no code is using them.
Test-Information:
Tested against M-Link 16.3v6-0 on Debian 7.9 and Swift on
OS X 10.10.5. Verified working client certificate authentication.
Verified Swift not falling back to password-based authentication,
in case EXTERNAL is not allowed by the server over BOSH or
the client certificate is invalid.
Change-Id: Ia96bcac27cac9fc9261ed847c82c6328307bfbd1
|
|
This patch prevents SWIFTEN from logging in if provided with a missing PKCS12 file.
Before this patch, swiften would attempt a password based login using operator JID
and pwd of the P12 file when the P12 file was missing.
This patch fixes it by checking the certificate and not initialising session stream
and connection if the certificate is empty. It emits a disconnect with client
certificate load error. The string for certificate load error has been modified to
indicate a file or password invalid.
Test-information:
Tested by doing a certificate based bind to an XMPP server. Removed the PKCS#12
file and checked that swift gave a certificate error instead of doing pwd connect
Change-Id: I1869a13f1f7135b6606f7383cd4a0356ffd6931b
|
|
This patch fixes the code to handle HTTP/1.0 proxies which
do not keep the connection alive after a single request.
If a HTTPTrafficFilter returns a new header reply, the HTTP
CONNECT proxy code will issue the request over a new connection.
The final connection is kept alive, as it used for the
persistent connection forwarding.
In addition, the response status line is now passed to the
HTTPTrafficFilter handling method to provide ability to act
upon the response status code.
Missing passthrough of the HTTPTrafficFilter object the down
the stack to the HTTPConnectProxiedConnection is added.
Test-Information:
Added a unit test following an NTLM HTTP proxy authentication
with a static HTTPTrafficFilter. This and other unit tests
still pass.
Change-Id: Ida0d1aec08a60f10c1480e1eecaecbd3f87b0dca
|
|
This patch uses the GSSAPI authenticator on Windows if the server advertises it
and the client requests it. (The user is not able to request it in the UI yet)
Also sends the manual port to the GSSAPI authenticator to construct the SPN if
a non-default port is used.
Test-information:
Tested on Windows using WIP code. Tested both on TLS & without.
Unit tests pass.
Change-Id: I9a9ad9604fe084d5fb2003b7a91174a9512e2eec
|
|
This patch creates and passes on an optional boost::system::error_code variable
which contains more error info which can be displayed in case of an error.
Test-information:
Tested using WIP code on Windows.
Change-Id: I285b8aec5e9c00d3a8e0d8cc0d5e7b4c5d94c099
|
|
Some servers have very restrictive TLS stacks that respond badly
to a bug in the SChannel TLS implementation, meaning that TLS
has to be limited to 1.0.
Add ClientOptions.tlsOptions. This is a method of passing options into
the TLS stack. It's currently
only used for the TLS 1.0 workaround in SChannel, but we might reasonably
expose other options in the future, such as limiting cypher suites.
Disables use of SSLv3 for SChannel
Also updates the coding style in SchannelContext a bit.
Test-Information:
Compiles on both OS X and Windows(SChannel). OS X doesn't show the new
option. Windows shows it, and remembers it between logins. Not tested
against a server requiring 1.0 only, but a previous hack with the
same approach was tested.
Change-Id: I1e7854d43811fd173f21f98d4dc3915fc7a4b322
|
|
This patch adds HTTPTrafficFilter and integrates it into
HTTPConnectProxiedConnection. This allows the HTTP CONNECT proxy
initialization process to be customized.
Test-Information:
Added a unit test that verifies the new functionality.
Change-Id: I0b93c319fb205487b8be65717276cd0dd38851a3
|
|
Change-Id: I94ab4bbb68c603fe872abeb8090575de042f5cb4
|
|
Change-Id: I1801265c1b65eacf97e1cd3c69bedeef63cca898
|
|
Change-Id: I4d9ecc462d90821d3232f583e2e3ebea6a9eed74
|
|
The Connector class had "_xmpp-client._tcp." hard-coded in it, which meant
that it was not suitable for non-XMPP clients.
This change means that the Connector can now be used by clients who
are interested in arbitrary SRV records; the CoreClient class is updated
accordingly.
Test-information:
Built and ran Swift - seems to work as expected
Ran unit-tests ("scons test=unit") - reports OK
Change-Id: I0fea9aa90f5d1d5e3a4b90f3362b663fe9d8e207
|
|
Using library/platform implementation instead.
Change-Id: I2457c2dad80e6fdda023a7f31c3906ff10fe09ed
|
|
Change-Id: I4c64f954ddeca7147d729b8be07237baa15c1795
|
|
|
|
Resolves: #962
|
|
License: This patch is BSD-licensed, see http://www.opensource.org/licenses/bsd-license.php
|
|
|
|
certificate viewers on click.
Native viewers for Windows and Mac OS X are implemented.
Added TODOs to OpenSSL based TLS interface related to CRL and OCSP.
Resolves: #167
License: This patch is BSD-licensed, see http://www.opensource.org/licenses/bsd-license.php
|
|
Makes Swift disconnect if a smartcard used for auth is removed.
Fixes compilation.
Changes code style in a few places.
|
|
|
|
revocation.
License: This patch is BSD-licensed, see http://www.opensource.org/licenses/bsd-license.php
|
|
|
|
Now connects successfully with or without TLS(with cert)
|
|
Introduced a new parent class for all certificates with keys
(class CertificateWithKey is the new parent for PKCS12Certificate.)
Switched to using "CertificateWithKey *" instead of "const CertificateWithKey&"
Added calling of a Windows dialog for certificate selection when Schannel
TLS implementation is used.
This compiles, but is not tested.
License: This patch is BSD-licensed, see Documentation/Licenses/BSD-simplified.txt for details.
|
|
|
|
|
|
This adds support for BOSH to Swiften. It does not expose it to Swift.
Release-Notes: Swiften now allows connects over BOSH, if used appropriately.
|
|
License: This patch is BSD-licensed, see http://www.opensource.org/licenses/bsd-license.php
|
|
|
|
|
|
|
|
|
|
Resolves: #971
|
|
|
|
(XEP-0234), Jingle SOCKS5 Bytestreams Transport Method (XEP-0260), Jingle In-Band Bytestreams Transport Method (XEP-0261) and SOCKS5 Bytestreams (XEP-0065).
License: This patch is BSD-licensed, see http://www.opensource.org/licenses/bsd-license.php
|
|
|
|
* swift-1.x:
Remove relaxation of not checking JIDs if the IQRouter's JID isn't set.
Fixed Request::isAccountJID().
Check sender on incoming IQ responses.
|
|
Release-Notes: Fixed a bug whereby the sender of an iq wasn't being checked before matching it to a request.
|
|
License: This patch is BSD-licensed, see http://www.opensource.org/licenses/bsd-license.php
|
|
|
|
|
|
|
|
|
|
Disables password persistence.
|