summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)Author
2015-11-10Add support for client certificate authentication in BOSHTobias Markmann
This allows to authenticate using SASL EXTERNAL over BOSH using a client TLS certificate for the HTTPS connection of the BOSH channel. The implementation also enforces the HTTPS server certificate of subsequent BOSH connections not to change. This commit also removes TLSConnection and TLSConnectionFactory as no code is using them. Test-Information: Tested against M-Link 16.3v6-0 on Debian 7.9 and Swift on OS X 10.10.5. Verified working client certificate authentication. Verified Swift not falling back to password-based authentication, in case EXTERNAL is not allowed by the server over BOSH or the client certificate is invalid. Change-Id: Ia96bcac27cac9fc9261ed847c82c6328307bfbd1
2015-11-04Fix swiften handling when client certificate is missingGurmeen Bindra
This patch prevents SWIFTEN from logging in if provided with a missing PKCS12 file. Before this patch, swiften would attempt a password based login using operator JID and pwd of the P12 file when the P12 file was missing. This patch fixes it by checking the certificate and not initialising session stream and connection if the certificate is empty. It emits a disconnect with client certificate load error. The string for certificate load error has been modified to indicate a file or password invalid. Test-information: Tested by doing a certificate based bind to an XMPP server. Removed the PKCS#12 file and checked that swift gave a certificate error instead of doing pwd connect Change-Id: I1869a13f1f7135b6606f7383cd4a0356ffd6931b
2015-10-30Fix issues with HTTPTrafficFilter for HTTP proxy / BOSH usageTobias Markmann
This patch fixes the code to handle HTTP/1.0 proxies which do not keep the connection alive after a single request. If a HTTPTrafficFilter returns a new header reply, the HTTP CONNECT proxy code will issue the request over a new connection. The final connection is kept alive, as it used for the persistent connection forwarding. In addition, the response status line is now passed to the HTTPTrafficFilter handling method to provide ability to act upon the response status code. Missing passthrough of the HTTPTrafficFilter object the down the stack to the HTTPConnectProxiedConnection is added. Test-Information: Added a unit test following an NTLM HTTP proxy authentication with a static HTTPTrafficFilter. This and other unit tests still pass. Change-Id: Ida0d1aec08a60f10c1480e1eecaecbd3f87b0dca
2015-07-08Use GSSAPI when SSO is usedMili Verma
This patch uses the GSSAPI authenticator on Windows if the server advertises it and the client requests it. (The user is not able to request it in the UI yet) Also sends the manual port to the GSSAPI authenticator to construct the SPN if a non-default port is used. Test-information: Tested on Windows using WIP code. Tested both on TLS & without. Unit tests pass. Change-Id: I9a9ad9604fe084d5fb2003b7a91174a9512e2eec
2015-06-29Pass an optional error codeMili Verma
This patch creates and passes on an optional boost::system::error_code variable which contains more error info which can be displayed in case of an error. Test-information: Tested using WIP code on Windows. Change-Id: I285b8aec5e9c00d3a8e0d8cc0d5e7b4c5d94c099
2015-06-10Add ability to limit SChannel to TLS 1.0Kevin Smith
Some servers have very restrictive TLS stacks that respond badly to a bug in the SChannel TLS implementation, meaning that TLS has to be limited to 1.0. Add ClientOptions.tlsOptions. This is a method of passing options into the TLS stack. It's currently only used for the TLS 1.0 workaround in SChannel, but we might reasonably expose other options in the future, such as limiting cypher suites. Disables use of SSLv3 for SChannel Also updates the coding style in SchannelContext a bit. Test-Information: Compiles on both OS X and Windows(SChannel). OS X doesn't show the new option. Windows shows it, and remembers it between logins. Not tested against a server requiring 1.0 only, but a previous hack with the same approach was tested. Change-Id: I1e7854d43811fd173f21f98d4dc3915fc7a4b322
2015-03-16Add ability to modify HTTP CONNECT proxy initializationTobias Markmann
This patch adds HTTPTrafficFilter and integrates it into HTTPConnectProxiedConnection. This allows the HTTP CONNECT proxy initialization process to be customized. Test-Information: Added a unit test that verifies the new functionality. Change-Id: I0b93c319fb205487b8be65717276cd0dd38851a3
2014-12-15Update Copyright in SwiftenKevin Smith
Change-Id: I94ab4bbb68c603fe872abeb8090575de042f5cb4
2014-05-18Replace accidental cerr with SWIFT_LOGKevin Smith
Change-Id: I1801265c1b65eacf97e1cd3c69bedeef63cca898
2014-05-18Fix copy paste errorRemko Tronçon
Change-Id: I4d9ecc462d90821d3232f583e2e3ebea6a9eed74
2014-03-22Move hardcoded XMPP SRV information from Connector into CoreClientNick Hudson
The Connector class had "_xmpp-client._tcp." hard-coded in it, which meant that it was not suitable for non-XMPP clients. This change means that the Connector can now be used by clients who are interested in arbitrary SRV records; the CoreClient class is updated accordingly. Test-information: Built and ran Swift - seems to work as expected Ran unit-tests ("scons test=unit") - reports OK Change-Id: I0fea9aa90f5d1d5e3a4b90f3362b663fe9d8e207
2013-04-27Removing third-party hash implementations.Remko Tronçon
Using library/platform implementation instead. Change-Id: I2457c2dad80e6fdda023a7f31c3906ff10fe09ed
2013-04-06Make IDN implementation abstract.Remko Tronçon
Change-Id: I4c64f954ddeca7147d729b8be07237baa15c1795
2012-09-15Added URL parser.Remko Tronçon
2012-08-13Set timeout on each connection attempt, instead of global connect timeout.Remko Tronçon
Resolves: #962
2012-06-20Fix proxy selectionThilo Cestonaro
License: This patch is BSD-licensed, see http://www.opensource.org/licenses/bsd-license.php
2012-06-17Allow different connection methods for Client.Remko Tronçon
2012-05-11Showing stream encryption status in the roster header. Provide native ↵Tobias Markmann
certificate viewers on click. Native viewers for Windows and Mac OS X are implemented. Added TODOs to OpenSSL based TLS interface related to CRL and OCSP. Resolves: #167 License: This patch is BSD-licensed, see http://www.opensource.org/licenses/bsd-license.php
2012-04-12Tidy up of assorted Schannel/CAPI stuffs.Kevin Smith
Makes Swift disconnect if a smartcard used for auth is removed. Fixes compilation. Changes code style in a few places.
2012-03-23Allow TLS errors to bubble further up the stackKevin Smith
2012-03-22Manual certificate verification. Added two additional TLS errors related to ↵dreijer
revocation. License: This patch is BSD-licensed, see http://www.opensource.org/licenses/bsd-license.php
2012-03-04Pass along errors about DNS resolution.Kevin Smith
2012-02-22Fix up for previous CAPI patchKevin Smith
Now connects successfully with or without TLS(with cert)
2012-02-22Initial implementation of using CAPI certificates with Schannel.Alexey Melnikov
Introduced a new parent class for all certificates with keys (class CertificateWithKey is the new parent for PKCS12Certificate.) Switched to using "CertificateWithKey *" instead of "const CertificateWithKey&" Added calling of a Windows dialog for certificate selection when Schannel TLS implementation is used. This compiles, but is not tested. License: This patch is BSD-licensed, see Documentation/Licenses/BSD-simplified.txt for details.
2012-01-17Allow specifying BOSH and BOSH proxy URLs with names (rather than IPs)Kevin Smith
2011-12-22BOSH Refactoring.Remko Tronçon
2011-12-13BOSH Support for SwiftenKevin Smith
This adds support for BOSH to Swiften. It does not expose it to Swift. Release-Notes: Swiften now allows connects over BOSH, if used appropriately.
2011-12-13BOSH implementation startedThilo Cestonaro
License: This patch is BSD-licensed, see http://www.opensource.org/licenses/bsd-license.php
2011-10-16Hoist ProxyProvider creation out of Client.Remko Tronçon
2011-10-16Hoist TLSContextFactory creation out of Client.Remko Tronçon
2011-10-10Force disconnect signals when calling connect() shortly after disconnect().Remko Tronçon
2011-10-07Hoist XML parser factory creation out of Swiften.Remko Tronçon
2011-10-01Update IQRouter JID after session was authenticated.Remko Tronçon
Resolves: #971
2011-09-26Allow disabling of 198-acks in SwiftenKevin Smith
2011-09-25Google Summer of Code 2011 Project: Adding support for Jingle File Transfers ↵Tobias Markmann
(XEP-0234), Jingle SOCKS5 Bytestreams Transport Method (XEP-0260), Jingle In-Band Bytestreams Transport Method (XEP-0261) and SOCKS5 Bytestreams (XEP-0065). License: This patch is BSD-licensed, see http://www.opensource.org/licenses/bsd-license.php
2011-09-20Swiften support for requiring TLSKevin Smith
2011-08-28Merge branch 'swift-1.x'Remko Tronçon
* swift-1.x: Remove relaxation of not checking JIDs if the IQRouter's JID isn't set. Fixed Request::isAccountJID(). Check sender on incoming IQ responses.
2011-08-28Check sender on incoming IQ responses.Remko Tronçon
Release-Notes: Fixed a bug whereby the sender of an iq wasn't being checked before matching it to a request.
2011-07-03Fix for a SIGABRT when reconnectingThilo Cestonaro
License: This patch is BSD-licensed, see http://www.opensource.org/licenses/bsd-license.php
2011-06-08Added AllowPlainOverNONTLS option to ClientOptions.Remko Tronçon
2011-06-03Limit the use of the SafeString type.Remko Tronçon
2011-06-03Ensure safety on onDataRead and onDataWritten signals.Remko Tronçon
2011-05-22Removing unnecessary purgePassword() calls in CoreClient.Remko Tronçon
2011-05-22Eagle mode.Kevin Smith
Disables password persistence.
2011-05-18Introduce safe containers for storing passwords.Remko Tronçon
2011-05-13Removed some explicit new's.Remko Tronçon
2011-04-30Replace #icnlude "" by #include <> in Swiften.Remko Tronçon
2011-04-20Introduce ClientOptions struct.Remko Tronçon
2011-04-18Use fallback mechanism for proxies.Remko Tronçon
2011-04-18Support for SOCKS5 and HTTPConnect proxies.Thilo Cestonaro
automatic proxy settings detection; SOCKS5 proxied connection; HTTPConnect proxied connection; License: This patch is BSD-licensed, see http://www.opensource.org/licenses/bsd-license.php