Age | Commit message (Collapse) | Author |
|
Test-Information:
Unit tests pass on OS X 10.10.5.
Change-Id: I7b505513b4342001596ee8518bfdcf9e77c91479
|
|
This allows to authenticate using SASL EXTERNAL over BOSH
using a client TLS certificate for the HTTPS connection of
the BOSH channel.
The implementation also enforces the HTTPS server certificate
of subsequent BOSH connections not to change.
This commit also removes TLSConnection and TLSConnectionFactory
as no code is using them.
Test-Information:
Tested against M-Link 16.3v6-0 on Debian 7.9 and Swift on
OS X 10.10.5. Verified working client certificate authentication.
Verified Swift not falling back to password-based authentication,
in case EXTERNAL is not allowed by the server over BOSH or
the client certificate is invalid.
Change-Id: Ia96bcac27cac9fc9261ed847c82c6328307bfbd1
|
|
Some servers have very restrictive TLS stacks that respond badly
to a bug in the SChannel TLS implementation, meaning that TLS
has to be limited to 1.0.
Add ClientOptions.tlsOptions. This is a method of passing options into
the TLS stack. It's currently
only used for the TLS 1.0 workaround in SChannel, but we might reasonably
expose other options in the future, such as limiting cypher suites.
Disables use of SSLv3 for SChannel
Also updates the coding style in SchannelContext a bit.
Test-Information:
Compiles on both OS X and Windows(SChannel). OS X doesn't show the new
option. Windows shows it, and remembers it between logins. Not tested
against a server requiring 1.0 only, but a previous hack with the
same approach was tested.
Change-Id: I1e7854d43811fd173f21f98d4dc3915fc7a4b322
|
|
Test-Information:
Tested build on Windows 8 with VS 2014 and ran unit tests.
Change-Id: I3d8096df4801be6901f22564e36eecba0e7310c4
|
|
Change-Id: I94ab4bbb68c603fe872abeb8090575de042f5cb4
|
|
Test-Information:
No testing required.
Change-Id: I1411ba4dd555613beed43d864f025dde41f940db
|
|
BOSH connections.
Test-Information:
Tested with Swift and interoperability against Psi. Swift debug log now correctly
shows the namespace being set. Previously Psi did not display the body of messages
due to them being in the worng namespace. Now as they are in the correct namespace
messages are displayed correctly by Psi.
Change-Id: I547e335100abebfcf170cf7f41b86fd2dbb01692
|
|
Change-Id: I3460f6f4a2ffa9b795080664f49d9138440de72d
|
|
Added missing SWIFTEN_API declarations.
Changed test infrastructure to extend path before running
tests.
|
|
All applications succesfully link against Swiften.dll.
|
|
certificate viewers on click.
Native viewers for Windows and Mac OS X are implemented.
Added TODOs to OpenSSL based TLS interface related to CRL and OCSP.
Resolves: #167
License: This patch is BSD-licensed, see http://www.opensource.org/licenses/bsd-license.php
|
|
|
|
transformation where possible.
License: This patch is BSD-licensed, see http://www.opensource.org/licenses/bsd-license.php
|
|
Now connects successfully with or without TLS(with cert)
|
|
Introduced a new parent class for all certificates with keys
(class CertificateWithKey is the new parent for PKCS12Certificate.)
Switched to using "CertificateWithKey *" instead of "const CertificateWithKey&"
Added calling of a Windows dialog for certificate selection when Schannel
TLS implementation is used.
This compiles, but is not tested.
License: This patch is BSD-licensed, see Documentation/Licenses/BSD-simplified.txt for details.
|
|
|
|
This adds support for BOSH to Swiften. It does not expose it to Swift.
Release-Notes: Swiften now allows connects over BOSH, if used appropriately.
|
|
|
|
This should avoid unnecessary copying of the received data
while being processed by the event loop.
|
|
|
|
License: This patch is BSD-licensed, see http://www.opensource.org/licenses/bsd-license.php
|
|
|
|
|
|
|
|
|
|
|
|
Resolves: #798
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Release-Notes: Swift now supports SCRAM-SHA-1-PLUS authentication.
|
|
|
|
|
|
TLSLayer is now independent of TLS implementation. The implementation-specifics are now in TLSContext and TLSContextFactory.
|
|
|
|
|
|
|
|
|
|
|
|
This should allow us to link against system boost versions.
|
|
|
|
|
|
|
|
|
|
|
|
|