summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)Author
2016-03-30Apply consistent #include grouping and sorting styleTobias Markmann
Changed "" style includes to <> style. Test-Information: Build with Clang 3.9.0 and ran all tests on OS X 10.11.4. Change-Id: Ic05e53f2e5dba39cc1307b116fc5f17b62ab9eb8
2016-02-08Fix and adjust TLSTest to Windows SChannel backendTobias Markmann
Test-Information: ./scons test=system Swiften/QA/TLSTest passes on Windows 8. Change-Id: I688ec5d0022c02879ff56029d724e6dd30b89a99
2015-10-30Add support for OS X Secure Transport TLS backendTobias Markmann
Added integration tests for certificate validation and revocation behavior checking. Test-Information: Tested client login over TLS against Prosody and M-Link. Verified client certificate authentication works against M-Link. Change-Id: I6ad870f17adbf279f3bac913a3076909308a0021
2015-07-07Add hidden option to prevent disconnect when smartcard removedMili Verma
This patch adds an option 'disconnectOnCardRemoval' to system-settings.xml which when set to false allows the user's session to stay connected if the smartcard is removed. The default value of this option is true if it is not specified. Test-information: Tested on Windows using NIST smartcards. Tested true and false values set for this option in the file and also when option is not specified (true). Unit tests pass. Change-Id: I7e421b4153ff7d3000f41999add20d339076c96e
2015-06-10Add ability to limit SChannel to TLS 1.0Kevin Smith
Some servers have very restrictive TLS stacks that respond badly to a bug in the SChannel TLS implementation, meaning that TLS has to be limited to 1.0. Add ClientOptions.tlsOptions. This is a method of passing options into the TLS stack. It's currently only used for the TLS 1.0 workaround in SChannel, but we might reasonably expose other options in the future, such as limiting cypher suites. Disables use of SSLv3 for SChannel Also updates the coding style in SchannelContext a bit. Test-Information: Compiles on both OS X and Windows(SChannel). OS X doesn't show the new option. Windows shows it, and remembers it between logins. Not tested against a server requiring 1.0 only, but a previous hack with the same approach was tested. Change-Id: I1e7854d43811fd173f21f98d4dc3915fc7a4b322
2014-12-15Update Copyright in SwiftenKevin Smith
Change-Id: I94ab4bbb68c603fe872abeb8090575de042f5cb4
2014-02-02Sluift: Add new_certificateRemko Tronçon
Change-Id: If4e4ef98c00f15c0a88557860f0377843a8713c0
2012-05-12Remove peer certificate from APIs.Remko Tronçon
The peer certificate chain contains the peer certificate, so this was redundant.
2012-05-11Showing stream encryption status in the roster header. Provide native ↵Tobias Markmann
certificate viewers on click. Native viewers for Windows and Mac OS X are implemented. Added TODOs to OpenSSL based TLS interface related to CRL and OCSP. Resolves: #167 License: This patch is BSD-licensed, see http://www.opensource.org/licenses/bsd-license.php
2012-05-05Windows compilation fixes.Remko Tronçon
2012-05-05Re-enable revocation check.Remko Tronçon
2012-05-05* Added additional cert store to chain validation. * Turned off revocation ↵dreijer
checking. License: This patch is BSD-licensed, see http://www.opensource.org/licenses/bsd-license.php
2012-05-05Revert "* Added additional cert store to chain validation. * Turned off ↵Remko Tronçon
revocation checking." This reverts commit e33b7a309e0424450ab00bc6180df95c6c049195.
2012-05-05Revert "Re-enable revocation check."Remko Tronçon
This reverts commit 856f970d14c5c32b80fc5ea359d4e567b51578a0.
2012-04-25Support channel binding with Schannel.Remko Tronçon
Resolves: #1012
2012-04-24Fixed compilation problems on windows.Remko Tronçon
2012-04-24Re-enable revocation check.Remko Tronçon
Added a method on TLSContextFactory to disable revocation checks if wanted.
2012-04-24* Added additional cert store to chain validation. * Turned off revocation ↵dreijer
checking.
2012-04-12Tidy up of assorted Schannel/CAPI stuffs.Kevin Smith
Makes Swift disconnect if a smartcard used for auth is removed. Fixes compilation. Changes code style in a few places.
2012-04-11Added support for determining SmartCard Reader associated with a certificate ↵Alexey Melnikov
(if any) This patch implements monitoring for SmartCard ejection. This is done by periodically (currently every second) polling smart card reader for the smart card status. If the smart card status becomes "absent" or "unknown" (an error to query the smartcard), the TLS session is aborted. This usually results in an attempt to reestablish TLS which will pop up "please insert the smart card" dialog. License: This patch is BSD-licensed, see Documentation/Licenses/BSD-simplified.txt for details.
2012-03-23Allow TLS errors to bubble further up the stackKevin Smith
2012-03-22Manual certificate verification. Added two additional TLS errors related to ↵dreijer
revocation. License: This patch is BSD-licensed, see http://www.opensource.org/licenses/bsd-license.php
2012-03-08Fixed several bugs in CAPI/Schannel code on WindowsAlexey Melnikov
This patch includes the following fixes: 1) Correctly hex encode SHA1 hashes when generating certstore: URIs 2) Use the newly parsed certificate store reference, not the old value 3) Need to call findCertificateInStore() when finding the selected TLS certificate in Schannel code. Without that "sha1:XXXX" URIs don't work Also minor optimization of string operations. License: This patch is BSD-licensed, see Documentation/Licenses/BSD-simplified.txt for details.
2012-02-22Fix up for previous CAPI patchKevin Smith
Now connects successfully with or without TLS(with cert)
2012-02-22Initial implementation of using CAPI certificates with Schannel.Alexey Melnikov
Introduced a new parent class for all certificates with keys (class CertificateWithKey is the new parent for PKCS12Certificate.) Switched to using "CertificateWithKey *" instead of "const CertificateWithKey&" Added calling of a Windows dialog for certificate selection when Schannel TLS implementation is used. This compiles, but is not tested. License: This patch is BSD-licensed, see Documentation/Licenses/BSD-simplified.txt for details.
2011-11-03* Added Schannel support.dreijer
License: This patch is BSD-licensed, see http://www.opensource.org/licenses/bsd-license.php
2010-03-28Removing submodules.Remko Tronçon
2010-03-28Moved Swiften to a separate module.Remko Tronçon