summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)Author
2016-03-04Fix small issues around Swiften/QA/TLSTestTobias Markmann
The jabber_org.crt was falsely modified in commit 0297fa1; reverted the file to its previous version. Fixed a syntax error in CertificateErrorTest. Fixed compilation of TLS stack with external OpenSSL. Test-Information: Tested compilation ./scons test=system Swiften/QA/TLSTest with OpenSSL on OS X 10.11.3. Change-Id: I58caf94dded128d3ee725b1961e54ad2955d70aa
2016-02-08Fix and adjust TLSTest to Windows SChannel backendTobias Markmann
Test-Information: ./scons test=system Swiften/QA/TLSTest passes on Windows 8. Change-Id: I688ec5d0022c02879ff56029d724e6dd30b89a99
2016-02-08Treat cert verify errors as non-fatal in OS X TLS backendTobias Markmann
Our TLS backends need to tread TLS verification errors, e.g. outdated certificate, untrusted CA, non-matching host, etc., as non-fatal, so the application can apply custom key pinning verification or similar. This patch changes the OS X SecureTransport backend to behave accordingly and adjusts the CertificateErrorTest to mirror this behavior. This commit also fixes a double-free in SecureTransportCertificate. Test-Information: Connected to a host with an untrusted CA and non-matching domain in the certificate and was prompted with the Swift certificate trust dialog on OS X 10.11.3. Swiften/QA/TLSTest run successfully on OS X 10.11.3. Change-Id: I4c8ce2178540d79a5f328e2e0558d4deb4295134
2015-11-10Add support for client certificate authentication in BOSHTobias Markmann
This allows to authenticate using SASL EXTERNAL over BOSH using a client TLS certificate for the HTTPS connection of the BOSH channel. The implementation also enforces the HTTPS server certificate of subsequent BOSH connections not to change. This commit also removes TLSConnection and TLSConnectionFactory as no code is using them. Test-Information: Tested against M-Link 16.3v6-0 on Debian 7.9 and Swift on OS X 10.10.5. Verified working client certificate authentication. Verified Swift not falling back to password-based authentication, in case EXTERNAL is not allowed by the server over BOSH or the client certificate is invalid. Change-Id: Ia96bcac27cac9fc9261ed847c82c6328307bfbd1
2015-10-30Add support for OS X Secure Transport TLS backendTobias Markmann
Added integration tests for certificate validation and revocation behavior checking. Test-Information: Tested client login over TLS against Prosody and M-Link. Verified client certificate authentication works against M-Link. Change-Id: I6ad870f17adbf279f3bac913a3076909308a0021
2010-03-28Removing submodules.Remko Tronçon
2010-03-28Moved Swiften to a separate module.Remko Tronçon