Age | Commit message (Collapse) | Author |
|
* swift-4.x: (44 commits)
Test-Information:
Builds on macOS 10.13.3 with clang trunk.
Change-Id: If50381f103b0ad18d038b920d3d43537642141cb
|
|
This also extends the TLSContext interface with methods required
for server mode.
Test-Information:
Added unit tests that test new functionality in TLSContex.
This includes test certificates in the source file that are
not for public use. This new ClientServerTest is only enabled
for OpenSSL, as other TLS backends do not support the new
functionality yet.
Tested on macOS 10.13.3 with clang-trunk.
Change-Id: I8e43476057608067eb3b9852328aa21cd22974a0
|
|
This patch improves logging and refactors SchannelContext and
CAPICertificate classes, to improve logging and how Swift interacts with
smart cards.
Test-Information:
Tested on Windows 10 (Qt 5.7)
Change-Id: Ic4d306beafb9e5d253731769f222e6949995d5e7
|
|
Boost.Signals was deprecated and is not improved further.
This patch removes Boost.Signals from 3rdParty and adds
Boost.Signals2 and its dependencies.
Also removed the Qt signals compatibility file
Swiften/Base/boost_bsignals.h.
Test-Information:
Build and ran unit tests on OS X 10.11.4. Confirmed successful
login using Swift client.
Change-Id: Ie6e3b2d15aac2462cda95401582f5287a479fb54
|
|
This change was done by applying the following 'gsed'
replacement calls to all source files:
's/\#include <boost\/shared_ptr\.hpp>/\#include <memory>/g'
's/\#include <boost\/enable_shared_from_this\.hpp>/\#include <memory>/g'
's/\#include <boost\/smart_ptr\/make_shared\.hpp>/\#include <memory>/g'
's/\#include <boost\/make_shared\.hpp>/\#include <memory>/g'
's/\#include <boost\/weak_ptr\.hpp>/\#include <memory>/g'
's/boost::make_shared/std::make_shared/g'
's/boost::dynamic_pointer_cast/std::dynamic_pointer_cast/g'
's/boost::shared_ptr/std::shared_ptr/g'
's/boost::weak_ptr/std::weak_ptr/g'
's/boost::enable_shared_from_this/std::enable_shared_from_this/g'
The remaining issues have been fixed manually.
Test-Information:
Code builds on OS X 10.11.4 and unit tests pass.
Change-Id: Ia7ae34eab869fb9ad6387a1348426b71ae4acd5f
|
|
Removed trailing spaces and whitespace on empty lines
in the process.
Changed CheckTabs.py tool to disallow hard tabs in source
files.
Test-Information:
Manually checked 30 random files that the conversion worked
as expected.
Change-Id: I874f99d617bd3d2bb55f02d58f22f58f9b094480
|
|
Changed "" style includes to <> style.
Test-Information:
Build with Clang 3.9.0 and ran all tests on OS X 10.11.4.
Change-Id: Ic05e53f2e5dba39cc1307b116fc5f17b62ab9eb8
|
|
Test-Information:
./scons test=system Swiften/QA/TLSTest passes on Windows 8.
Change-Id: I688ec5d0022c02879ff56029d724e6dd30b89a99
|
|
Added integration tests for certificate validation and
revocation behavior checking.
Test-Information:
Tested client login over TLS against Prosody and M-Link.
Verified client certificate authentication works against
M-Link.
Change-Id: I6ad870f17adbf279f3bac913a3076909308a0021
|
|
This patch adds an option 'disconnectOnCardRemoval' to system-settings.xml which
when set to false allows the user's session to stay connected if the smartcard
is removed. The default value of this option is true if it is not specified.
Test-information:
Tested on Windows using NIST smartcards.
Tested true and false values set for this option in the file and also when
option is not specified (true).
Unit tests pass.
Change-Id: I7e421b4153ff7d3000f41999add20d339076c96e
|
|
Some servers have very restrictive TLS stacks that respond badly
to a bug in the SChannel TLS implementation, meaning that TLS
has to be limited to 1.0.
Add ClientOptions.tlsOptions. This is a method of passing options into
the TLS stack. It's currently
only used for the TLS 1.0 workaround in SChannel, but we might reasonably
expose other options in the future, such as limiting cypher suites.
Disables use of SSLv3 for SChannel
Also updates the coding style in SchannelContext a bit.
Test-Information:
Compiles on both OS X and Windows(SChannel). OS X doesn't show the new
option. Windows shows it, and remembers it between logins. Not tested
against a server requiring 1.0 only, but a previous hack with the
same approach was tested.
Change-Id: I1e7854d43811fd173f21f98d4dc3915fc7a4b322
|
|
Change-Id: I94ab4bbb68c603fe872abeb8090575de042f5cb4
|
|
Change-Id: If4e4ef98c00f15c0a88557860f0377843a8713c0
|
|
The peer certificate chain contains the peer certificate, so this was
redundant.
|
|
certificate viewers on click.
Native viewers for Windows and Mac OS X are implemented.
Added TODOs to OpenSSL based TLS interface related to CRL and OCSP.
Resolves: #167
License: This patch is BSD-licensed, see http://www.opensource.org/licenses/bsd-license.php
|
|
|
|
|
|
checking.
License: This patch is BSD-licensed, see http://www.opensource.org/licenses/bsd-license.php
|
|
revocation checking."
This reverts commit e33b7a309e0424450ab00bc6180df95c6c049195.
|
|
This reverts commit 856f970d14c5c32b80fc5ea359d4e567b51578a0.
|
|
Resolves: #1012
|
|
|
|
Added a method on TLSContextFactory to disable revocation checks if
wanted.
|
|
checking.
|
|
Makes Swift disconnect if a smartcard used for auth is removed.
Fixes compilation.
Changes code style in a few places.
|
|
(if any)
This patch implements monitoring for SmartCard ejection. This is done by
periodically (currently every second) polling smart card reader for
the smart card status. If the smart card status becomes "absent" or "unknown"
(an error to query the smartcard), the TLS session is aborted.
This usually results in an attempt to reestablish TLS which will pop up
"please insert the smart card" dialog.
License: This patch is BSD-licensed, see Documentation/Licenses/BSD-simplified.txt for details.
|
|
|
|
revocation.
License: This patch is BSD-licensed, see http://www.opensource.org/licenses/bsd-license.php
|
|
This patch includes the following fixes:
1) Correctly hex encode SHA1 hashes when generating certstore: URIs
2) Use the newly parsed certificate store reference, not the old value
3) Need to call findCertificateInStore() when finding the selected TLS
certificate in Schannel code. Without that "sha1:XXXX" URIs don't
work
Also minor optimization of string operations.
License: This patch is BSD-licensed, see Documentation/Licenses/BSD-simplified.txt for details.
|
|
Now connects successfully with or without TLS(with cert)
|
|
Introduced a new parent class for all certificates with keys
(class CertificateWithKey is the new parent for PKCS12Certificate.)
Switched to using "CertificateWithKey *" instead of "const CertificateWithKey&"
Added calling of a Windows dialog for certificate selection when Schannel
TLS implementation is used.
This compiles, but is not tested.
License: This patch is BSD-licensed, see Documentation/Licenses/BSD-simplified.txt for details.
|
|
License: This patch is BSD-licensed, see http://www.opensource.org/licenses/bsd-license.php
|
|
|
|
|