summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)Author
2015-11-10Add support for client certificate authentication in BOSHTobias Markmann
This allows to authenticate using SASL EXTERNAL over BOSH using a client TLS certificate for the HTTPS connection of the BOSH channel. The implementation also enforces the HTTPS server certificate of subsequent BOSH connections not to change. This commit also removes TLSConnection and TLSConnectionFactory as no code is using them. Test-Information: Tested against M-Link 16.3v6-0 on Debian 7.9 and Swift on OS X 10.10.5. Verified working client certificate authentication. Verified Swift not falling back to password-based authentication, in case EXTERNAL is not allowed by the server over BOSH or the client certificate is invalid. Change-Id: Ia96bcac27cac9fc9261ed847c82c6328307bfbd1
2015-11-09Change virtual calls in ctors/dtors to be explicitTobias Markmann
Test-Information: Still builds and tests pass on OS X 10.10.5. Change-Id: Ic616e7b9de443ce34b46de63ac1bb0cca34b08ee
2015-10-30Fix issues with HTTPTrafficFilter for HTTP proxy / BOSH usageTobias Markmann
This patch fixes the code to handle HTTP/1.0 proxies which do not keep the connection alive after a single request. If a HTTPTrafficFilter returns a new header reply, the HTTP CONNECT proxy code will issue the request over a new connection. The final connection is kept alive, as it used for the persistent connection forwarding. In addition, the response status line is now passed to the HTTPTrafficFilter handling method to provide ability to act upon the response status code. Missing passthrough of the HTTPTrafficFilter object the down the stack to the HTTPConnectProxiedConnection is added. Test-Information: Added a unit test following an NTLM HTTP proxy authentication with a static HTTPTrafficFilter. This and other unit tests still pass. Change-Id: Ida0d1aec08a60f10c1480e1eecaecbd3f87b0dca
2015-06-10Add ability to limit SChannel to TLS 1.0Kevin Smith
Some servers have very restrictive TLS stacks that respond badly to a bug in the SChannel TLS implementation, meaning that TLS has to be limited to 1.0. Add ClientOptions.tlsOptions. This is a method of passing options into the TLS stack. It's currently only used for the TLS 1.0 workaround in SChannel, but we might reasonably expose other options in the future, such as limiting cypher suites. Disables use of SSLv3 for SChannel Also updates the coding style in SchannelContext a bit. Test-Information: Compiles on both OS X and Windows(SChannel). OS X doesn't show the new option. Windows shows it, and remembers it between logins. Not tested against a server requiring 1.0 only, but a previous hack with the same approach was tested. Change-Id: I1e7854d43811fd173f21f98d4dc3915fc7a4b322
2015-06-08Add missing SWIFTEN_API annotations to public Swiften APITobias Markmann
Test-Information: Tested build on Windows 8 with VS 2014 and ran unit tests. Change-Id: I3d8096df4801be6901f22564e36eecba0e7310c4
2014-12-15Update Copyright in SwiftenKevin Smith
Change-Id: I94ab4bbb68c603fe872abeb8090575de042f5cb4
2014-10-13Correctly set 'jabber:client' namespace on message/presence/IQ stanzas for ↵Tobias Markmann
BOSH connections. Test-Information: Tested with Swift and interoperability against Psi. Swift debug log now correctly shows the namespace being set. Previously Psi did not display the body of messages due to them being in the worng namespace. Now as they are in the correct namespace messages are displayed correctly by Psi. Change-Id: I547e335100abebfcf170cf7f41b86fd2dbb01692
2014-10-01Port many of Isode's local fixes upstreamKevin Smith
Includes fixes to: Build with new Visual Studio and Boost Avoid error caused when Avahi is present but Qt is not Make declaration of XMPPRosterImpl::addContact consistent with implementation Includes enhancements to: Allow user-configurable mt.exe Allow splitting openssl paths Allow disabling gconf lookup Make idn support optional Allow disabling various library detections Remove use of non-Python2.4 features in sconscripts Test-Information: Builds Change-Id: Iee91ee80291a8bdf87cc169c915e4dad1cc1055b
2014-04-28Create ToplevelElement to replace Element.Richard Maudsley
Change-Id: I3460f6f4a2ffa9b795080664f49d9138440de72d
2013-03-04Qt5 support & warning fixes.Remko Tronçon
Change-Id: I62c7d5ca44c915e36c797c798294b7c34b465514
2012-12-30Enable & fix pedantic CLang warnings.Remko Tronçon
Change-Id: I70109624b4bd7aab9ba679a3eaabc225dd64a03a
2012-09-17Support for building swiften as a DLLRemko Tronçon
Added missing SWIFTEN_API declarations. Changed test infrastructure to extend path before running tests.
2012-07-14Initial DLL support for Swiften.Remko Tronçon
All applications succesfully link against Swiften.dll.
2012-06-17Remove some unused private variables.Remko Tronçon
2012-05-11Showing stream encryption status in the roster header. Provide native ↵Tobias Markmann
certificate viewers on click. Native viewers for Windows and Mac OS X are implemented. Added TODOs to OpenSSL based TLS interface related to CRL and OCSP. Resolves: #167 License: This patch is BSD-licensed, see http://www.opensource.org/licenses/bsd-license.php
2012-04-17Fixing some clang warnings.Tobias Markmann
License: This patch is BSD-licensed, see http://www.opensource.org/licenses/bsd-license.php
2012-03-23Allow TLS errors to bubble further up the stackKevin Smith
2012-03-20boost::shared_ptr<?>(new ?(...)) -> boost::make_shared<?>(...) ↵Tobias Markmann
transformation where possible. License: This patch is BSD-licensed, see http://www.opensource.org/licenses/bsd-license.php
2012-02-22Fix up for previous CAPI patchKevin Smith
Now connects successfully with or without TLS(with cert)
2012-02-22Initial implementation of using CAPI certificates with Schannel.Alexey Melnikov
Introduced a new parent class for all certificates with keys (class CertificateWithKey is the new parent for PKCS12Certificate.) Switched to using "CertificateWithKey *" instead of "const CertificateWithKey&" Added calling of a Windows dialog for certificate selection when Schannel TLS implementation is used. This compiles, but is not tested. License: This patch is BSD-licensed, see Documentation/Licenses/BSD-simplified.txt for details.
2012-01-17Allow specifying BOSH and BOSH proxy URLs with names (rather than IPs)Kevin Smith
2011-12-22BOSH Refactoring.Remko Tronçon
2011-12-13Fix use of int randoms for populating longKevin Smith
2011-12-13BOSH Support for SwiftenKevin Smith
This adds support for BOSH to Swiften. It does not expose it to Swift. Release-Notes: Swiften now allows connects over BOSH, if used appropriately.
2011-11-18Emit onSessionFinished only in Session::handleDisconnected.HanzZ
Copyright (c) 2011 Jan Kaluza Licensed under the Simplified BSD license. See Documentation/Licenses/BSD-simplified.txt for more information.
2011-10-07Hoist XML parser factory creation out of Swiften.Remko Tronçon
2011-06-19Merge branch 'swift-1.x'Remko Tronçon
* swift-1.x: Small tweak to previous patch. Send footer when finishing session
2011-06-19Small tweak to previous patch.Remko Tronçon
2011-06-19Send footer when finishing sessionHanzZ
License: This patch is BSD-licensed, see http://www.opensource.org/licenses/bsd-license.php
2011-06-03Ensure safety on onDataRead and onDataWritten signals.Remko Tronçon
2011-05-18Propagate use of SafeByteArray down to the connection.Remko Tronçon
2011-05-05Replace ByteArray by typedef.Remko Tronçon
2011-04-30Replace #icnlude "" by #include <> in Swiften.Remko Tronçon
2011-04-18Cleaned up includes.swift-2.0alphaRemko Tronçon
2011-03-12Make ByteArray an std::vector<unsigned char>.Remko Tronçon
2011-03-01Some more Sluift enhancements.Remko Tronçon
2011-02-14Removed Swift::String.Remko Tronçon
2011-02-14String refactoring.Remko Tronçon
Removed String::getLength(). Rewrote String::removeAll().
2011-01-22Close connection properly before quitting.Remko Tronçon
2011-01-22Renaming SessionStream::onError to SessionStream::onClosed.Remko Tronçon
2010-12-27Avoid leaking connection on exit.Remko Tronçon
2010-12-19Refactoring streamstack to not use signal/slots.Remko Tronçon
2010-12-11Added SCRAM-SHA-1-PLUS support.Remko Tronçon
Release-Notes: Swift now supports SCRAM-SHA-1-PLUS authentication.
2010-11-07Refactoring certificates & certificate checking.Remko Tronçon
2010-11-07Added security error handling to Swiften.Remko Tronçon
2010-11-07Refactored TLS handling.Remko Tronçon
TLSLayer is now independent of TLS implementation. The implementation-specifics are now in TLSContext and TLSContextFactory.
2010-10-15Added Component parser, serializer, element, and connector.Remko Tronçon
2010-06-02Rename boost_signalslib.h to boost_bsignals.Remko Tronçon
2010-06-02Using Boost workaround for Qt signals keyword clash.Remko Tronçon
This should allow us to link against system boost versions.
2010-05-08Don't allow PLAIN over Non-TLS.Remko Tronçon