Age | Commit message (Collapse) | Author |
|
This allows to authenticate using SASL EXTERNAL over BOSH
using a client TLS certificate for the HTTPS connection of
the BOSH channel.
The implementation also enforces the HTTPS server certificate
of subsequent BOSH connections not to change.
This commit also removes TLSConnection and TLSConnectionFactory
as no code is using them.
Test-Information:
Tested against M-Link 16.3v6-0 on Debian 7.9 and Swift on
OS X 10.10.5. Verified working client certificate authentication.
Verified Swift not falling back to password-based authentication,
in case EXTERNAL is not allowed by the server over BOSH or
the client certificate is invalid.
Change-Id: Ia96bcac27cac9fc9261ed847c82c6328307bfbd1
|
|
This patch prevents SWIFTEN from logging in if provided with a missing PKCS12 file.
Before this patch, swiften would attempt a password based login using operator JID
and pwd of the P12 file when the P12 file was missing.
This patch fixes it by checking the certificate and not initialising session stream
and connection if the certificate is empty. It emits a disconnect with client
certificate load error. The string for certificate load error has been modified to
indicate a file or password invalid.
Test-information:
Tested by doing a certificate based bind to an XMPP server. Removed the PKCS#12
file and checked that swift gave a certificate error instead of doing pwd connect
Change-Id: I1869a13f1f7135b6606f7383cd4a0356ffd6931b
|
|
This patch fixes the code to handle HTTP/1.0 proxies which
do not keep the connection alive after a single request.
If a HTTPTrafficFilter returns a new header reply, the HTTP
CONNECT proxy code will issue the request over a new connection.
The final connection is kept alive, as it used for the
persistent connection forwarding.
In addition, the response status line is now passed to the
HTTPTrafficFilter handling method to provide ability to act
upon the response status code.
Missing passthrough of the HTTPTrafficFilter object the down
the stack to the HTTPConnectProxiedConnection is added.
Test-Information:
Added a unit test following an NTLM HTTP proxy authentication
with a static HTTPTrafficFilter. This and other unit tests
still pass.
Change-Id: Ida0d1aec08a60f10c1480e1eecaecbd3f87b0dca
|
|
This patch uses the GSSAPI authenticator on Windows if the server advertises it
and the client requests it. (The user is not able to request it in the UI yet)
Also sends the manual port to the GSSAPI authenticator to construct the SPN if
a non-default port is used.
Test-information:
Tested on Windows using WIP code. Tested both on TLS & without.
Unit tests pass.
Change-Id: I9a9ad9604fe084d5fb2003b7a91174a9512e2eec
|
|
This patch creates and passes on an optional boost::system::error_code variable
which contains more error info which can be displayed in case of an error.
Test-information:
Tested using WIP code on Windows.
Change-Id: I285b8aec5e9c00d3a8e0d8cc0d5e7b4c5d94c099
|
|
Some servers have very restrictive TLS stacks that respond badly
to a bug in the SChannel TLS implementation, meaning that TLS
has to be limited to 1.0.
Add ClientOptions.tlsOptions. This is a method of passing options into
the TLS stack. It's currently
only used for the TLS 1.0 workaround in SChannel, but we might reasonably
expose other options in the future, such as limiting cypher suites.
Disables use of SSLv3 for SChannel
Also updates the coding style in SchannelContext a bit.
Test-Information:
Compiles on both OS X and Windows(SChannel). OS X doesn't show the new
option. Windows shows it, and remembers it between logins. Not tested
against a server requiring 1.0 only, but a previous hack with the
same approach was tested.
Change-Id: I1e7854d43811fd173f21f98d4dc3915fc7a4b322
|
|
This patch adds HTTPTrafficFilter and integrates it into
HTTPConnectProxiedConnection. This allows the HTTP CONNECT proxy
initialization process to be customized.
Test-Information:
Added a unit test that verifies the new functionality.
Change-Id: I0b93c319fb205487b8be65717276cd0dd38851a3
|
|
Change-Id: I94ab4bbb68c603fe872abeb8090575de042f5cb4
|
|
Change-Id: I1801265c1b65eacf97e1cd3c69bedeef63cca898
|
|
Change-Id: I4d9ecc462d90821d3232f583e2e3ebea6a9eed74
|
|
The Connector class had "_xmpp-client._tcp." hard-coded in it, which meant
that it was not suitable for non-XMPP clients.
This change means that the Connector can now be used by clients who
are interested in arbitrary SRV records; the CoreClient class is updated
accordingly.
Test-information:
Built and ran Swift - seems to work as expected
Ran unit-tests ("scons test=unit") - reports OK
Change-Id: I0fea9aa90f5d1d5e3a4b90f3362b663fe9d8e207
|
|
Using library/platform implementation instead.
Change-Id: I2457c2dad80e6fdda023a7f31c3906ff10fe09ed
|
|
Change-Id: I4c64f954ddeca7147d729b8be07237baa15c1795
|
|
|
|
Resolves: #962
|
|
License: This patch is BSD-licensed, see http://www.opensource.org/licenses/bsd-license.php
|
|
|
|
certificate viewers on click.
Native viewers for Windows and Mac OS X are implemented.
Added TODOs to OpenSSL based TLS interface related to CRL and OCSP.
Resolves: #167
License: This patch is BSD-licensed, see http://www.opensource.org/licenses/bsd-license.php
|
|
Makes Swift disconnect if a smartcard used for auth is removed.
Fixes compilation.
Changes code style in a few places.
|
|
|
|
revocation.
License: This patch is BSD-licensed, see http://www.opensource.org/licenses/bsd-license.php
|
|
|
|
Now connects successfully with or without TLS(with cert)
|
|
Introduced a new parent class for all certificates with keys
(class CertificateWithKey is the new parent for PKCS12Certificate.)
Switched to using "CertificateWithKey *" instead of "const CertificateWithKey&"
Added calling of a Windows dialog for certificate selection when Schannel
TLS implementation is used.
This compiles, but is not tested.
License: This patch is BSD-licensed, see Documentation/Licenses/BSD-simplified.txt for details.
|
|
|
|
|
|
This adds support for BOSH to Swiften. It does not expose it to Swift.
Release-Notes: Swiften now allows connects over BOSH, if used appropriately.
|
|
License: This patch is BSD-licensed, see http://www.opensource.org/licenses/bsd-license.php
|
|
|
|
|
|
|
|
|
|
Resolves: #971
|
|
|
|
(XEP-0234), Jingle SOCKS5 Bytestreams Transport Method (XEP-0260), Jingle In-Band Bytestreams Transport Method (XEP-0261) and SOCKS5 Bytestreams (XEP-0065).
License: This patch is BSD-licensed, see http://www.opensource.org/licenses/bsd-license.php
|
|
|
|
* swift-1.x:
Remove relaxation of not checking JIDs if the IQRouter's JID isn't set.
Fixed Request::isAccountJID().
Check sender on incoming IQ responses.
|
|
Release-Notes: Fixed a bug whereby the sender of an iq wasn't being checked before matching it to a request.
|
|
License: This patch is BSD-licensed, see http://www.opensource.org/licenses/bsd-license.php
|
|
|
|
|
|
|
|
|
|
Disables password persistence.
|
|
|
|
|
|
|
|
|
|
|
|
automatic proxy settings detection;
SOCKS5 proxied connection;
HTTPConnect proxied connection;
License: This patch is BSD-licensed, see http://www.opensource.org/licenses/bsd-license.php
|