summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)Author
2019-10-29Allow use of system TAs to be disabled via TLSOptionsTim Costen
Add new boolean flag to TLSOptions which when set to true prevents system Trust Anchors being loaded into new TLS contexts created using OpenSSL. Add new test to Swiften QA with appropriate comment. JIRA: SWIFT-425 Test-information: Checked logic of change under debugger while running the tests in CertificateTest.cpp which create TLS contexts. Change-Id: I2d4a8410ce9cc752e6774e1d1cdb84dcd37b01d7
2019-10-04Correct leaks in OpenSSL interfaceTim Costen
Remove increment of reference count on first certificate added to a new SSL context - the call to SSL_CTX_use_certificate does this internally. When adding extra certificates to the context via calls to SSL_CTX_add_extra_certificate, the explicit increment of the reference count is still required to prevent destruction of the certificates when the SSL context is freed. In OpenSSLContext::setPrivateKey, make sure the EVP_PKEY returned by PEM_read_bio_PrivateKey is tidied up, by wrapping it in a shared_ptr which calls EVP_PKEY_free. Add a new Unit test which creates an SSL context and inserts a multi-element certificate chain and a private key. JIRA: SWIFT-423 Bug: Release-notes: Manual: Change-Id: I82c66139a9dfe7a925eb39f73721200895a689e2 Test-information: Leak testing performed via ASAN-compiled MLink unit tests - now no leaks/errors reported associated with TLS Contexts and Certificates. Swiften unit test runs as expected.
2019-09-19Add support for use of shared certificate chain when setting up TLS contextTim Costen
Actual implementation is in OpenSSL subclass. This allows a permanent vector of shared certificates to be used when creating multiple OpenSSL contexts. This replaces the existing use of a vector of unique pointers to certificates which handed over responsibility for the underlying OpenSSL certs to the OpenSSL context. To enable this to work, a new method is added to the OpenSSLCertificate class which enables the reference count on the the contained OpenSSL certificate to be incremented - this stops the OpenSSL certificate being deleted when the OpenSSL context is freed. Use of conditional compilation was necessary to get the reference counting to build with the different versions of OpenSSL in use. Modify the method in OpenSSLCertificateFactory (and stub in CertificateFactory) which generates a vector of certificates, so that it generates a vector of shared_ptrs rather than unique_ptrs. Add test of CreateCertificateChain to Swiften CertificateTest class, together with sample certificate file in PEM form. JIRA: LINK-1763 Bug: Release-notes: Manual: Test-information: Tested via development version of Mystique - created multiple TLS sessions using single certificate chain. Swift unit tests now build and run again. New Swiften TLS unit test builds and runs. Change-Id: I7fa4888b640c94b68712a6bff1f7aa334a358df2
2018-11-14Address bad_numeric_casts for filetransfersEdwin Mons
The filetransfer blockSize is now an unsigned integer, as 0 could be used to denote an invalid block size as well (and indeed, already indicated that better than -1 did). All use of numeric_cast in filetransfer code has been fixed to deal with the possibility of thrown exceptions. Test-Information: Unit tests pass on macOS and Debian Change-Id: I1833d553bae071238be20ebc386ef602effb78b0
2018-11-14Address LinkLocal issuesEdwin Mons
Generation of TXT records might fail if any of the fields is too long, so the result is now an optional (pending Expected). Callsites have been updated to deal with this. Three potentially uncaught exceptions in the Bonjour implementation have been addressed. Test-Information: Unit tests pass on macOS 10.14 and Debian 9 Change-Id: Iec02c4606a18eee855362fd3c3d15614a9e72547
2018-11-08Consistently use unsigned short for network portsEdwin Mons
Network ports are now consistently stored as unsigned shorts, apart from the options and user interface, where -1 is still used to denote the use of default ports. Test-Information: Unit tests pass on macOS 10.13 and Debian 9 On macOS: tested the UI with various proxy and manual ports, behaviour as expected. Change-Id: I7a65f40083022887aa30ed7b21eadc56d0c52be1
2018-10-24Honour JID part length in ICUConverterEdwin Mons
ICUConverter allowed jidparts greater than 1023 bytes during stringprep. The SConscript of StorageTest did not work when libidn had been disabled, which prevented test=unit from completing. Test-Information: Unit tests pass on Debian 9 in a build with ICU and ASan enabled. Change-Id: I791a09457c6b852e61ce1281871e0f3ca0ce645c
2018-03-27Add new ReferencePayload element class, parser and serializerPeter Burgess
Added a new element object ReferencePayload, and created the parser and serializer to handle this element. Currently no functionality to send references directly in swift, nor to render their contents. Test-Information: Unit tests written and passed for serializer and parser, testing various types of valid and invalid references, and testing references with embedded payloads. Change-Id: I81fd5d9e020fac1729640f297705806af97f6388
2017-07-07Make std:: make_unique available in gcc with c++11Joanna Hulboj
Test-Information: Unit tests pass OK on Windows 10 and CentOS 7.3. Change-Id: I33c9eb6b3e6409727350a44e6d5c88c5e8907275
2017-06-26Fix FileWriteBytestreamTest under WindowsVitaly Takmazov
License: This patch is BSD-licensed, see Documentation/Licenses/BSD-simplified.txt for details. Test-Information: Fixes FileWriteBytestreamTest by closing WriteStream before file deletion which passes. Tests performed under Windows 10 1703 Change-Id: I0be891af652138af23f8db9e5526d927d39c9856
2017-03-31Use std::random instead of boost::randomJoanna Hulboj
Test-Infotmation: Unit tests pass OK. Change-Id: I1b6d3711d97daa86cccbb44aecb1b4025f2fcc8a
2017-01-11Integrate googletest and googlemock libraries to 3rdPartyTobias Markmann
googletest and googlemock from release 1.8.0 have been copied to the 3rdParty folder. With this commit tests for Swift project can also written using googletest and googlemock APIs. The test runners will execute test suites written to either test library. Passing —-xml to a test runner will now create two test report XML files, namely $programName-report.cppunit.xml and $programName-report.gtest.xml. The ByteArrayTest has been converted to use googletest instead of googlemock to serve as an example and test the integration. Test-Information: Build all tests via ‘./scons test=all’ and verified all tests are run. Build all tests via ‘./scons test=all checker_report=1’ and verified that two report XML files are generated per test runner executed. Change-Id: I81a9fb2c7ea5612fc1b34eef70ed7e711bfeea81
2016-11-23Migrate remaining Swiften/Base/foreach.h use to range-based for loopTobias Markmann
Test-Information: Build on macOS 10.12.1 and all tests pass. Change-Id: Iedaa3fa7e7672c77909fd0568bf30e9393cb87e0
2016-11-18Improve string to HostAddress conversion APITobias Markmann
Previously HostAddress had a constructor which allowed initialisation via a std::string. This initialisation can fail and this is heavily used for checking whether a string is a valid IP address. This constructor is removed in this commit and replaced by a static method HostAddress::fromString, taking a string and returning an optional HostAddress. This clearly communicates that the conversion can fail. Test-Information: ./scons test=all passes on macOS 10.12.1. Change-Id: Idaafee6f84010ce541c55f267ac77ad6ac8f02b4
2016-09-29Fix uninitialised class membersTobias Markmann
Initialised previously uninitialised class members. Changed some raw pointers to std::unique_ptr for clearer and automatically initialised code. Test-Information: Builds on macOS 10.12 and unit tests pass in ASAN-enabled build. Change-Id: I7900fe6131119c228ca92c79c0ee8125137f2e48
2016-06-22Temporarily disable CertificateErrorTestTobias Markmann
The tests are based on the http://www.tls-o-matic.com/ service, which is currently dysfunctional. Disabling the test so running all system tests does not fail anymore. Test-Information: ./scons test=all passes on OS X 10.11.5. Change-Id: I8df2e15efa6787e01dfebd78b61e07d1d1eed5c0
2016-04-28Change remaining std::auto_ptr usage to std::unique_ptrTobias Markmann
Test-Information: Builds and tests pass on Ubuntu 16.04. Change-Id: If8da50619b0e029437b3b9d6b146f2ed49b5bf60
2016-04-25Convert hard tabs to four spaces in all our SConscript/*.py filesTobias Markmann
Test-Information: Test that it still builds and unit test pass on OS X 10.11.4. Change-Id: I2eb4a0b707991aee553db36a8cd1ae28b813acab
2016-04-12Use C++11 threading library instead of Boost.ThreadTobias Markmann
This cuts down our dependency on Boost further. Another benefit is that mutex classes of C++11 standard library are recognized by TSAN. Test-Information: Unit and integration tests pass on OS X 10.11.4. Change-Id: Id4dcdb42e3d5155e107ce1d7618acbf26f913b6f
2016-04-05Migrate to Boost.Signals2 from Boost.SignalsTobias Markmann
Boost.Signals was deprecated and is not improved further. This patch removes Boost.Signals from 3rdParty and adds Boost.Signals2 and its dependencies. Also removed the Qt signals compatibility file Swiften/Base/boost_bsignals.h. Test-Information: Build and ran unit tests on OS X 10.11.4. Confirmed successful login using Swift client. Change-Id: Ie6e3b2d15aac2462cda95401582f5287a479fb54
2016-04-04Modernize code to use range based for loops using clang-tidyTobias Markmann
Run 'clang-tidy -fix -checks=modernize-loop-convert' on all source code files on OS X. This does not modernize platform specific code on Linux and Windows Test-Information: Code builds and unit tests pass on OS X 10.11.4. Change-Id: I65b99e0978cfab8ca6de2a3e5342e7a81416c12c
2016-04-04Modernize code to use C++11 shared_ptr instead of Boost'sTobias Markmann
This change was done by applying the following 'gsed' replacement calls to all source files: 's/\#include <boost\/shared_ptr\.hpp>/\#include <memory>/g' 's/\#include <boost\/enable_shared_from_this\.hpp>/\#include <memory>/g' 's/\#include <boost\/smart_ptr\/make_shared\.hpp>/\#include <memory>/g' 's/\#include <boost\/make_shared\.hpp>/\#include <memory>/g' 's/\#include <boost\/weak_ptr\.hpp>/\#include <memory>/g' 's/boost::make_shared/std::make_shared/g' 's/boost::dynamic_pointer_cast/std::dynamic_pointer_cast/g' 's/boost::shared_ptr/std::shared_ptr/g' 's/boost::weak_ptr/std::weak_ptr/g' 's/boost::enable_shared_from_this/std::enable_shared_from_this/g' The remaining issues have been fixed manually. Test-Information: Code builds on OS X 10.11.4 and unit tests pass. Change-Id: Ia7ae34eab869fb9ad6387a1348426b71ae4acd5f
2016-04-01Modernize code to use C++11 nullptr using clang-tidyTobias Markmann
Run 'clang-tidy -fix -checks=modernize-use-nullptr' on all source code files on OS X. This does not modernize platform specific code on Linux and Windows Test-Information: Code builds and unit tests pass on OS X 10.11.4. Change-Id: Ic43ffeb1b76c1a933a55af03db3c54977f5f60dd
2016-03-31Convert tabs to 4 spaces for all source filesTobias Markmann
Removed trailing spaces and whitespace on empty lines in the process. Changed CheckTabs.py tool to disallow hard tabs in source files. Test-Information: Manually checked 30 random files that the conversion worked as expected. Change-Id: I874f99d617bd3d2bb55f02d58f22f58f9b094480
2016-03-30Apply consistent #include grouping and sorting styleTobias Markmann
Changed "" style includes to <> style. Test-Information: Build with Clang 3.9.0 and ran all tests on OS X 10.11.4. Change-Id: Ic05e53f2e5dba39cc1307b116fc5f17b62ab9eb8
2016-03-04Fix small issues around Swiften/QA/TLSTestTobias Markmann
The jabber_org.crt was falsely modified in commit 0297fa1; reverted the file to its previous version. Fixed a syntax error in CertificateErrorTest. Fixed compilation of TLS stack with external OpenSSL. Test-Information: Tested compilation ./scons test=system Swiften/QA/TLSTest with OpenSSL on OS X 10.11.3. Change-Id: I58caf94dded128d3ee725b1961e54ad2955d70aa
2016-02-15Support early IBB use in Jingle File TransferTobias Markmann
Previously Jingle File Transfer in Swiften only used IBB transport as fallback mechanism. With this patch Swiften will use IBB transport candidates directly in the first session-initate/session-accept message if the other party only supports IBB. Fixed a ASAN reported heap-use-after-free in SOCKS5BytestreamServerManager.cpp while testing. Test-Information: ./scons test=system passed without error. Testing all sender/receiver file-transfer option configurations with FileTransferTest resulting in expected behavior. Successfully transferring a file between two Swift instances. Change-Id: Ia0ffeaa1fd54fc0da23db75344c9e94f9d03a774
2016-02-15Fix crash when saving a received file to non-writable locationTobias Markmann
WriteBytestream::write(…) now returns a boolean indicating its success state (false in case of an error). Adjusted FileWriteBytestream accordingly. The QtWebKitChatView will test if the file path selected by the user is writable before accepting it and starting the transfer. If it is not writable a red warning message will be added to the file-transfer element in the chat view. Test-Information: Added an integration test that tests the new behavior for the FileWriteBytestream class. Tested two file transfers on OS X 10.11.3, one to a write protected location and another to /tmp. The first is not accepted by the UI, and without the UI sanity check it results in a file-transfer error. The second succeeds as expected. Change-Id: I5aa0c617423073feb371365a23a294c149c88036
2016-02-08Fix and adjust TLSTest to Windows SChannel backendTobias Markmann
Test-Information: ./scons test=system Swiften/QA/TLSTest passes on Windows 8. Change-Id: I688ec5d0022c02879ff56029d724e6dd30b89a99
2016-02-08Treat cert verify errors as non-fatal in OS X TLS backendTobias Markmann
Our TLS backends need to tread TLS verification errors, e.g. outdated certificate, untrusted CA, non-matching host, etc., as non-fatal, so the application can apply custom key pinning verification or similar. This patch changes the OS X SecureTransport backend to behave accordingly and adjusts the CertificateErrorTest to mirror this behavior. This commit also fixes a double-free in SecureTransportCertificate. Test-Information: Connected to a host with an untrusted CA and non-matching domain in the certificate and was prompted with the Swift certificate trust dialog on OS X 10.11.3. Swiften/QA/TLSTest run successfully on OS X 10.11.3. Change-Id: I4c8ce2178540d79a5f328e2e0558d4deb4295134
2016-01-26Fix ASAN reported heap-use-after-free in FileTransferTestTobias Markmann
Test-Information: ./scons test=system passes without any ASAN reports on OS X 10.11.3. Change-Id: I6825414e2f3c5e5aec48289395f44ccdc14d8f95
2016-01-15Free file-transfer objects before removing files in QA toolTobias Markmann
FileTransferTest would attempt to remove files while the file-transfer objects still have a file handle open to them in form of FileReadBytestream and FileWriteBytestream references. Test-Information: ./scons test=system Swiften/QA/FileTransferTest passed successfully on Windows 8. Change-Id: Iba45fa5df7e6f55667dd76fee4624733bb363fe5
2016-01-12Listen to IPv6 any address instead of only IPv4Tobias Markmann
This should enable IPv4/IPv6 dual-stack support for Swift(-en) Jingle file-transfer support. Add Connection::getRemoteAddress() method. Test-Information: Tested IPv6 file-transfer and IPv4 file-transfer between two Swift instances. Added integration test verifying IPv4 only, IPv6 only and IPv4/IPv6 dual-stack support on the running platform. Additionally added test to verify remote addresses on dual-stack server. Change-Id: Ie384a71833eacca554f69e6f12a1c8330d0d747f
2016-01-11Fix IPv6 DNS resolution issues on WindowsTobias Markmann
Use values instead of define names for _WIN32_WINNT and NTDDI_VERSION defined needed for Windows.h configuration. Using the names boost fails to correctly detect getaddrinfo() support on Windows. Only run IPv6 related test cases in DomainNameResolverTest on Windows, if test_ipv6=1 is passed to the scons arguments. This is because on Windows getaddrinfo() will not return IPv6 related results when called with the AF_UNSPEC hint, unless the Windows host has global IPv6 connectivity. Changed the BoostConnectionTest to time out and not endlessly wait on a response from the remote host. Test-Information: Ran the following test configurations: * (SUCCESS) On Windows 8 with HE.net IPv6 tunnel to provide full IPv6 connectiviy: scons.bat test=system test_ipv6=1 Swiften/QA/NetworkTest * (SUCCESS) On Windows 8 with HE.net IPv6 tunnel to provide full IPv6 connectiviy: scons.bat test=system Swiften/QA/NetworkTest * (EXPECTED FAIL) On Windows 8 with no IPv6 connectiviy: scons.bat test=system test_ipv6=1 Swiften/QA/NetworkTest * (SUCCESS) On Windows 8 with no IPv6 connectiviy: scons.bat test=system Swiften/QA/NetworkTest Change-Id: I5adcd28e09e22acf61f7cca40b614e71df75dd70
2015-12-17Add test verifying Boost ASIO IPv4/IPv6 dual-stack socket supportTobias Markmann
Test-Information: Tested on OS X 10.11.1. Change-Id: If63370404ac6586e2e48a19cbe7a0f0df9359c36
2015-11-10Add support for client certificate authentication in BOSHTobias Markmann
This allows to authenticate using SASL EXTERNAL over BOSH using a client TLS certificate for the HTTPS connection of the BOSH channel. The implementation also enforces the HTTPS server certificate of subsequent BOSH connections not to change. This commit also removes TLSConnection and TLSConnectionFactory as no code is using them. Test-Information: Tested against M-Link 16.3v6-0 on Debian 7.9 and Swift on OS X 10.10.5. Verified working client certificate authentication. Verified Swift not falling back to password-based authentication, in case EXTERNAL is not allowed by the server over BOSH or the client certificate is invalid. Change-Id: Ia96bcac27cac9fc9261ed847c82c6328307bfbd1
2015-10-30Add support for OS X Secure Transport TLS backendTobias Markmann
Added integration tests for certificate validation and revocation behavior checking. Test-Information: Tested client login over TLS against Prosody and M-Link. Verified client certificate authentication works against M-Link. Change-Id: I6ad870f17adbf279f3bac913a3076909308a0021
2015-10-30Fix code in response to clang compiler warningsTobias Markmann
Test-Information: Code builds without warnings, unit tests still pass on OS X 10.10.5. Change-Id: I9108b53fb00b0fc85a8dd4e2a347e21d0e6008ab
2015-10-14Fix memory leak warnings by Valgrind/LSANTobias Markmann
Test-Information: Both Valgrind and clang's leak sanitizer report a lot leaks on the FileTransferTest. With this commit it the stack traces related to the fixed leaks are gone. Change-Id: Idae9a81bcd8d97576d3f1469bf64490e0bfa7d55
2015-07-07Use environment variables for addresses used in NetworkTestTobias Markmann
Introducing SWIFT_NETWORK_TEST_IPV4 and SWIFT_NETWORK_TEST_IPV6 for the host addresses used in BoostConnectionTest.cpp. Passing these variables and ASAN/LSAN_OPTIONS for memory leak detection when calling the test from SCons. Test-Information: Tested on Elementary OS with correct available hosts and unavailable hosts. In both cases the behavior is the same as before. Change-Id: I24128c766642c5a2ee273f7c11624525ae33e270
2015-02-20Add elements/parsers/serializers/tests for Message Carbons (XEP-0280)Tobias Markmann
In addition this patch adds an element, a parser and a serializer for the <thread/> element from XMPP IM. Test-Information: Implemented unit tests pass as expected. Change-Id: I0a14c778c2c0bf65f4b405c9878c741449bfe142
2015-02-16Run FileTransferTest correctly as part of the system integration testsTobias Markmann
If Scons is configured to run system unit tests, it will run FileTransferTest and test for working IBB transfer, direct S5B transfer and proxied S5B transfer. Test-Information: Tested ./scons test=all is working on Linux and OS X. Change-Id: Id70c9e1e9db9c897d9bfc7dd03b874afe5262207
2015-02-11Fix program output of Swiften/QA/ClientTestTobias Markmann
Test-Information: Tried to connect to BOSH service setting the boshPath to "http-bind" while "/http-bind" would have been correct. Change-Id: Ifc9bb574361c9eaa3baeffc2938d06a257275f2a
2015-02-11Add debugging helper and FileTransferTest.Tobias Markmann
FileTransferTests tests file-transfer interoperability with Swiften itself. It can test all combinations of FileTransferOptions or a specific combination when given. Test-Information: Inspected XML logs to ensure it does what it is supposed to do. Change-Id: I06215b60419dd23b367d01a2f038245a6c977720
2015-02-09Fix data race in DummyEventLoop and BoostConnection(Server)Test reported by TSANTobias Markmann
The data race is on the events_ member in DummyEventLoop. A BoostIOServerThread can post events to the DummyEventLoop and thereby access its events_ data member while the test's main code processes events of the loop. To prevent access to the DummyEventLoop by the BoostIOServiceThread after the DummyEventLoop is deleted, the BoostIOServiceThread is deleted before the DummyEventLoop. Process remaining events in BoostConnectionTest::tearDown like we do in BoostConnectionServerTest::tearDown. Test-Information: Run multiple times on NetworkTest as TSAN enabled build on Linux. Without the patch it reports a data race for the events_ deque member. Change-Id: I3c85535338fc0ce0263dbfc3534aceb1dd09c137
2014-12-15Update Copyright in SwiftenKevin Smith
Change-Id: I94ab4bbb68c603fe872abeb8090575de042f5cb4
2014-10-21Fix libunbound support in Swiften which was broken since API change in 8ec22a9.Tobias Markmann
Test-Information: Build for Android 4.3 (arm) and successfully ran checker in emulator VM. Change-Id: Iedaae5df367ee86bfe2375879b0e0981deef9b0a
2014-09-16Fix boost::optional abuses that stop compilation with latest boostKevin Smith
Test-Information: Compiles and unit tests pass with boost 1.56 Change-Id: I6525399babc5f6c88fb499af80e9f07c1c4d0cdb
2014-08-10Fix invalid characters being allowed in JID domainsRichard Maudsley
Test-Information: Prepare valid and invalid JIDs and make sure that isValid() is reported correctly. Added unit tests. Change-Id: Ic4d86f8b6ea9defc517ada2f8e3cc54979237cf4
2014-02-02Sluift: Add new_certificateRemko Tronçon
Change-Id: If4e4ef98c00f15c0a88557860f0377843a8713c0