summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)Author
2016-02-08Fix and adjust TLSTest to Windows SChannel backendTobias Markmann
Test-Information: ./scons test=system Swiften/QA/TLSTest passes on Windows 8. Change-Id: I688ec5d0022c02879ff56029d724e6dd30b89a99
2016-02-08Treat cert verify errors as non-fatal in OS X TLS backendTobias Markmann
Our TLS backends need to tread TLS verification errors, e.g. outdated certificate, untrusted CA, non-matching host, etc., as non-fatal, so the application can apply custom key pinning verification or similar. This patch changes the OS X SecureTransport backend to behave accordingly and adjusts the CertificateErrorTest to mirror this behavior. This commit also fixes a double-free in SecureTransportCertificate. Test-Information: Connected to a host with an untrusted CA and non-matching domain in the certificate and was prompted with the Swift certificate trust dialog on OS X 10.11.3. Swiften/QA/TLSTest run successfully on OS X 10.11.3. Change-Id: I4c8ce2178540d79a5f328e2e0558d4deb4295134
2015-11-10Add support for client certificate authentication in BOSHTobias Markmann
This allows to authenticate using SASL EXTERNAL over BOSH using a client TLS certificate for the HTTPS connection of the BOSH channel. The implementation also enforces the HTTPS server certificate of subsequent BOSH connections not to change. This commit also removes TLSConnection and TLSConnectionFactory as no code is using them. Test-Information: Tested against M-Link 16.3v6-0 on Debian 7.9 and Swift on OS X 10.10.5. Verified working client certificate authentication. Verified Swift not falling back to password-based authentication, in case EXTERNAL is not allowed by the server over BOSH or the client certificate is invalid. Change-Id: Ia96bcac27cac9fc9261ed847c82c6328307bfbd1
2015-10-30Add support for OS X Secure Transport TLS backendTobias Markmann
Added integration tests for certificate validation and revocation behavior checking. Test-Information: Tested client login over TLS against Prosody and M-Link. Verified client certificate authentication works against M-Link. Change-Id: I6ad870f17adbf279f3bac913a3076909308a0021
2014-12-15Update Copyright in SwiftenKevin Smith
Change-Id: I94ab4bbb68c603fe872abeb8090575de042f5cb4
2014-02-02Sluift: Add new_certificateRemko Tronçon
Change-Id: If4e4ef98c00f15c0a88557860f0377843a8713c0
2013-05-17Fixed unicode path handling.Remko Tronçon
- Use boost::filesystem::path consistently for referring to files. - Use boost::filesystem streams for I/O, such that paths are always handled correctly. - Use stringToPath and pathToString for conversion between strings and boost::filesystem::path, to ensure we have consistent unicode handling across platforms and environments. The default constructor and string conversion uses platform-dependent encoding, depending on the global locale set in the application, which causes problems. So, unless you are in platform dependent code, the default constructor and string() function should not be used. When constructing paths from other paths (e.g. using operator/), also use stringToPath (instead of string arguments) if the path can contain unicode characters. Change-Id: If286bd9e71c8414afc0b24ba67e26ab7608ef6ea
2012-06-05Added ICU support.Remko Tronçon
2012-04-17Fixing some clang warnings.Tobias Markmann
License: This patch is BSD-licensed, see http://www.opensource.org/licenses/bsd-license.php
2011-05-05Replace ByteArray by typedef.Remko Tronçon
2011-04-30Replace #icnlude "" by #include <> in Swiften.Remko Tronçon
2011-02-14Removed Swift::String.Remko Tronçon
2011-01-27Fixed CLang warnings.Remko Tronçon
2010-11-11Commenting getSubjectName test.Remko Tronçon
2010-11-10Refactored TLS tests.Remko Tronçon
2010-03-28Removing submodules.Remko Tronçon
2010-03-28Moved Swiften to a separate module.Remko Tronçon