summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)Author
2015-10-30Add support for OS X Secure Transport TLS backendTobias Markmann
Added integration tests for certificate validation and revocation behavior checking. Test-Information: Tested client login over TLS against Prosody and M-Link. Verified client certificate authentication works against M-Link. Change-Id: I6ad870f17adbf279f3bac913a3076909308a0021
2015-07-07Add hidden option to prevent disconnect when smartcard removedMili Verma
This patch adds an option 'disconnectOnCardRemoval' to system-settings.xml which when set to false allows the user's session to stay connected if the smartcard is removed. The default value of this option is true if it is not specified. Test-information: Tested on Windows using NIST smartcards. Tested true and false values set for this option in the file and also when option is not specified (true). Unit tests pass. Change-Id: I7e421b4153ff7d3000f41999add20d339076c96e
2015-06-10Add ability to limit SChannel to TLS 1.0Kevin Smith
Some servers have very restrictive TLS stacks that respond badly to a bug in the SChannel TLS implementation, meaning that TLS has to be limited to 1.0. Add ClientOptions.tlsOptions. This is a method of passing options into the TLS stack. It's currently only used for the TLS 1.0 workaround in SChannel, but we might reasonably expose other options in the future, such as limiting cypher suites. Disables use of SSLv3 for SChannel Also updates the coding style in SchannelContext a bit. Test-Information: Compiles on both OS X and Windows(SChannel). OS X doesn't show the new option. Windows shows it, and remembers it between logins. Not tested against a server requiring 1.0 only, but a previous hack with the same approach was tested. Change-Id: I1e7854d43811fd173f21f98d4dc3915fc7a4b322
2015-02-17Disable SSLv3Kim Alvefur
Change-Id: I25328f60e211387f5d3fbcd6de155b7b8956c0f9 License: This patch is BSD-licensed, see Documentation/Licenses/BSD-simplified.txt for details.
2014-12-15Update Copyright in SwiftenKevin Smith
Change-Id: I94ab4bbb68c603fe872abeb8090575de042f5cb4
2014-11-13Fix iOS build and add iOS build documentation.Tobias Markmann
Test-Information: Tested on OS X 10.9.5 with XCode 6.1. Change-Id: Ib223977192fce274e5585ef0768fd755b1fa734d
2014-06-22NULL-terminate PKCS12 password bufferRemko Tronçon
This fixes a bug with PCKS12 cert auth that only manifested itself on specific platforms (e.g. ARM) Test-Information: Patch was tested by reporter on a failing platform Change-Id: I4663363aadaf5f00c2092e2f58d45f5ba1b4229a
2014-02-02Sluift: Add new_certificateRemko Tronçon
Change-Id: If4e4ef98c00f15c0a88557860f0377843a8713c0
2014-01-11Allow TLS other than version 1Kevin Smith
Change-Id: I1ffb6d9eabfb36c0101ee19c0cd618736d8a8bb8
2013-01-13Fix more warnings.Remko Tronçon
Fix sign conversion warnings. Removing heavy unnecessary includes. Change-Id: I992f43065498823098a875badb020c7c84fc4797
2012-12-30Enable & fix pedantic CLang warnings.Remko Tronçon
Change-Id: I70109624b4bd7aab9ba679a3eaabc225dd64a03a
2012-12-22Silence deprecated warnings.Remko Tronçon
Change-Id: If349586fd131f1661485acdea573f97d1726c731
2012-10-13Added extra comment about OpenSSL on Mac OS X.Remko Tronçon
Change-Id: I339364406d92226203af876f558bc07686d75cbf
2012-10-12Always add system's certificate store to OpenSSL on Mac OS X.Tobias Markmann
It used to be disabled for Mac OS X 10.5 or greater but it turns out system's OpenSSL doesn't add those on Mac OS X 10.8. License: This patch is BSD-licensed, see http://www.opensource.org/licenses/bsd-license.php
2012-05-12Remove peer certificate from APIs.Remko Tronçon
The peer certificate chain contains the peer certificate, so this was redundant.
2012-05-11Showing stream encryption status in the roster header. Provide native ↵Tobias Markmann
certificate viewers on click. Native viewers for Windows and Mac OS X are implemented. Added TODOs to OpenSSL based TLS interface related to CRL and OCSP. Resolves: #167 License: This patch is BSD-licensed, see http://www.opensource.org/licenses/bsd-license.php
2012-05-07Only assert when requesting CRL checking on OpenSSL.Remko Tronçon
2012-05-05Re-enable revocation check.Remko Tronçon
2012-05-05Revert "Re-enable revocation check."Remko Tronçon
This reverts commit 856f970d14c5c32b80fc5ea359d4e567b51578a0.
2012-04-24Re-enable revocation check.Remko Tronçon
Added a method on TLSContextFactory to disable revocation checks if wanted.
2012-03-23Allow TLS errors to bubble further up the stackKevin Smith
2012-02-23Compile when non-SChannelKevin Smith
2012-02-22Fix up for previous CAPI patchKevin Smith
Now connects successfully with or without TLS(with cert)
2012-02-22Initial implementation of using CAPI certificates with Schannel.Alexey Melnikov
Introduced a new parent class for all certificates with keys (class CertificateWithKey is the new parent for PKCS12Certificate.) Switched to using "CertificateWithKey *" instead of "const CertificateWithKey&" Added calling of a Windows dialog for certificate selection when Schannel TLS implementation is used. This compiles, but is not tested. License: This patch is BSD-licensed, see Documentation/Licenses/BSD-simplified.txt for details.
2011-11-03Quick brush up after previous patch.Kevin Smith
Includes: Initial cleanup of SChannel code; compiling on non-Windows Be willing to compile Swift with SChannel Undo some (presumably accidental) OpenSSL changes Where TLS doesn't support finish messages (SChannel), don't try -PLUS
2011-11-03* Added Schannel support.dreijer
License: This patch is BSD-licensed, see http://www.opensource.org/licenses/bsd-license.php
2011-06-03Limit the use of the SafeString type.Remko Tronçon
2011-05-18Propagate use of SafeByteArray down to the connection.Remko Tronçon
2011-05-13Removed some explicit new's.Remko Tronçon
2011-05-05Replace ByteArray by typedef.Remko Tronçon
2011-04-30Replace #icnlude "" by #include <> in Swiften.Remko Tronçon
2011-04-18Explicitly add system store trust anchors on Mac OS X 10.5.swift-1.0Remko Tronçon
2011-03-12Fixed OpenSSL compilation.Remko Tronçon
2011-03-12Make ByteArray an std::vector<unsigned char>.Remko Tronçon
2011-02-14Removed Swift::String.Remko Tronçon
2010-12-27Avoid more valgrind warnings.Remko Tronçon
2010-12-19Disabling timer in BenchTool.Remko Tronçon
2010-12-13Load ssl certificate store on Un*x.Remko Tronçon
2010-12-11Added SCRAM-SHA-1-PLUS support.Remko Tronçon
Release-Notes: Swift now supports SCRAM-SHA-1-PLUS authentication.
2010-12-05Added plumbing for persistent certificate trust checking.Remko Tronçon
2010-11-15Fixed OpenSSL compilation.Remko Tronçon
2010-11-15Fix compilation on OS XKevin Smith
2010-11-12Add Windows trust anchors to OpenSSL context.Remko Tronçon
2010-11-11Handle null OpenSSL X509 cert pointers better.Remko Tronçon
2010-11-09Certificate::getCommonName -> getCommonNames.Remko Tronçon
2010-11-09Created CertificateFactory.Remko Tronçon
2010-11-09Implement DER conversion to/from certificates.Remko Tronçon
2010-11-09Fixed windows compilation.Remko Tronçon
2010-11-07Refactoring certificates & certificate checking.Remko Tronçon
2010-11-07Added security error handling to Swiften.Remko Tronçon