Age | Commit message (Collapse) | Author |
|
Remove increment of reference count on first certificate added
to a new SSL context - the call to SSL_CTX_use_certificate does
this internally. When adding extra certificates to the context
via calls to SSL_CTX_add_extra_certificate, the explicit
increment of the reference count is still required to prevent
destruction of the certificates when the SSL context is freed.
In OpenSSLContext::setPrivateKey, make sure the EVP_PKEY returned
by PEM_read_bio_PrivateKey is tidied up, by wrapping it in a
shared_ptr which calls EVP_PKEY_free.
Add a new Unit test which creates an SSL context and inserts a
multi-element certificate chain and a private key.
JIRA: SWIFT-423
Bug:
Release-notes:
Manual:
Change-Id: I82c66139a9dfe7a925eb39f73721200895a689e2
Test-information:
Leak testing performed via ASAN-compiled MLink unit tests -
now no leaks/errors reported associated with TLS Contexts and
Certificates. Swiften unit test runs as expected.
|
|
Actual implementation is in OpenSSL subclass. This allows a permanent
vector of shared certificates to be used when creating multiple OpenSSL
contexts. This replaces the existing use of a vector of unique pointers
to certificates which handed over responsibility for the underlying
OpenSSL certs to the OpenSSL context. To enable this to work, a
new method is added to the OpenSSLCertificate class which enables
the reference count on the the contained OpenSSL certificate to
be incremented - this stops the OpenSSL certificate being deleted
when the OpenSSL context is freed.
Use of conditional compilation was necessary to get the reference
counting to build with the different versions of OpenSSL in use.
Modify the method in OpenSSLCertificateFactory (and stub in CertificateFactory)
which generates a vector of certificates, so that it generates a vector
of shared_ptrs rather than unique_ptrs.
Add test of CreateCertificateChain to Swiften CertificateTest
class, together with sample certificate file in PEM form.
JIRA: LINK-1763
Bug:
Release-notes:
Manual:
Test-information:
Tested via development version of Mystique - created multiple
TLS sessions using single certificate chain.
Swift unit tests now build and run again.
New Swiften TLS unit test builds and runs.
Change-Id: I7fa4888b640c94b68712a6bff1f7aa334a358df2
|
|
Test-Information:
Tested on Windows with OpenSSL that this fixes the
compilation issue.
Change-Id: I01887c8eb758a6c1c208244cdae32aa9c0a99565
|
|
Adds TLSOptions to the OpenSSLContext, which invokes a new private
'configure' method which allows various OpenSSL options to be set.
Also add standard verification callbacks and external (via a
std::function field in TLSOptions) to allow the user
to specify their own method which will perform client certificate
checking when a new TLS connection is accepted. Only set up
the internal verifyCertCallback if the user-supplied hook is set.
All callback hooks are set up in the 'configure' method, and only
then if TLSOptions.verifyMode is present (i.e. not defaulted
to boost::none), to preserve compatibility for users of
this class (e.g. Swift) which want to use OpenSSL's own
internal validation functions rather than setting the
callbacks.
Test-information:
Used new code under development in M-Link when setting up a TLSContext,
setting verify-mode=require, and set up verifyCertCallback with a local
method. Making a client TLS connection which includes a client
certificate results in the local verify callback being invoked.
Change-Id: Idbb7279e1711fca8123f430bfca0dcfb65bc8da6
|
|
The previous code only worked with 1.1.0j or older.
Now the code works with 1.1.0j and OpenSSL 1.1.1.
Adjusted ClientServerTest to be more graceful in case
of errors, i.e. failing tests instead of crashing.
Test-Information:
Tested that without the changes, the tests pass with
OpenSSL 1.1.0j and test fail or crash with OpenSSL
1.1.1 and OpenSSL 1.1.1a.
Tested that with the changes, the tests pass with OpenSSL
1.1.0j, OpenSSL 1.1.1, and OpenSSL 1.1.1a.
Tested on macOS 10.14.2 with system clang.
Change-Id: Ic63774049727f6d949153166f63a8545e9a24892
|
|
OpenSSL TLS contexts assume ownership of any additional certificate
passed into it. The CertificateFactory now returns a vector of
unique_ptrs, and OpenSSLContext will do the needful with releasing
ownership at the right moment.
A unit test has been added that uses a chained certificate in
client/server context. Before the fix, this test would either fail, or
result in a segmentation fault, depending on the mood of OpenSSL.
Test-Information:
Unit tests pass on Debian 9
Ran manual tests with server test code, tested both chained and single
certificates, and no longer observed crashes when accepting a
connection.
Change-Id: I21814969e45c7d77e9a1af14f2c958c4c0311cd0
|
|
TLSError now takes an optional error message. OpenSSLContext has been
updated to send out one, and calls to SWIFT_LOG have been removed from
it for anything but setCertificateChain.
OpenSSLContext::handleDataFromApplication misinterpreted the return code
of SSL_write, triggering an onError in cases where more network I/O was
required.
Test-Information:
Unit tests pass on Debian 9
Server test code no longer emits undesirable warnings to stderr on macOS
10.14.
Change-Id: If0f932693361ef9738ae50d5445bfb4d3ed9b28f
|
|
TLSLayer and TLSConnection now own the TLSContext they use.
The TLSContextFactory interface is adjusted to use
std::unique_ptr.
Test-Information:
Builds and all tests pass on macOS with clang-7-master.
Change-Id: I14e33c98b48445094f404b73ea41af0a51d2dde6
|
|
* swift-4.x: (44 commits)
Test-Information:
Builds on macOS 10.13.3 with clang trunk.
Change-Id: If50381f103b0ad18d038b920d3d43537642141cb
|
|
Define NOMINMAX when building OpenSSL backend on Windows
and otherwise you cannot use std::numeric_limits<T>::max.
Test-Information:
Swiften builds on Windows 10 with VS2015 with the OpenSSL TLS
backend.
Change-Id: I9621c14426a0af2280cef7ee973abcff2fd0a48d
|
|
Test-Information:
Unit tests pass on macOS 10.13.3 with ASAN and Clang 7.0.
Change-Id: Ifc2bf2c1b63fca7f3ee43ef61c79a96b8e5ced5f
|
|
This method allows to calculate the TLS finish message of the
peer of a TLS connection. It can be used to provide SASL
channel binding for TLS servers.
Test-Information:
Added unit test that verifies the finish messages of a server
TLS context with the finish messages of a client TLS context.
Tests pass on macOS 10.13.3 with OpenSSL.
Change-Id: Ia5ba539e1fb6d1bef6b4436bb59c7384b57a69b0
|
|
Test-Information:
Builds and unit tests pass on macOS 10.13.3 with OpenSSL TLS
backend.
Change-Id: Ie8f4578c867a2e4bf84484cde4a7cff048566ca4
|
|
This also extends the TLSContext interface with methods required
for server mode.
Test-Information:
Added unit tests that test new functionality in TLSContex.
This includes test certificates in the source file that are
not for public use. This new ClientServerTest is only enabled
for OpenSSL, as other TLS backends do not support the new
functionality yet.
Tested on macOS 10.13.3 with clang-trunk.
Change-Id: I8e43476057608067eb3b9852328aa21cd22974a0
|
|
Add PrivateKey class to simply encapsulate arbitrary private
key data and the corresponding password.
This enables easy unit testing by loading the certificate and
key from within a test case.
Test-Information:
Added unit tests for certificate and key generated by OpenSSL.
Tested on macOS 10.13.2 with OpenSSL.
Change-Id: I1c9ffc3c70f61af65c4f1c48670badaf74b672b7
|
|
* use std::unique_ptr for memory management of dynamic OpenSSL
objects
* use an initializer class and static instance of it to correctly
initialize/finalize OpenSSL on first use
* use enum class instead of simple enum for state
* use nullptr instead of NULL
Test-Information:
Builds and tests pass on macOS 10.13.2 with clang-trunk and
ASAN.
Change-Id: I346f14e21c34871c1900a8e1ac000450770a0bbe
|
|
Test-Information:
Builds and test pass on macOS 10.13 with clang-trunk.
Change-Id: I7a515a003602a983681f85374a8a77dc953f533d
|
|
This patch improves logging and refactors SchannelContext and
CAPICertificate classes, to improve logging and how Swift interacts with
smart cards.
Test-Information:
Tested on Windows 10 (Qt 5.7)
Change-Id: Ic4d306beafb9e5d253731769f222e6949995d5e7
|
|
NULL pointer dereference was happening in OpenSSL code (inside
SSL_set_bio) when SSL_new returned NULL due to lack of Isode HGE license.
Change-Id: Iebd78be7eb6c7978de0bff225915dc393a516f08
|
|
Test-Information:
Build on macOS 10.12.1 and all tests pass.
Change-Id: Iedaa3fa7e7672c77909fd0568bf30e9393cb87e0
|
|
Test-Information:
Unit tests pass on macOS 10.12.
Change-Id: I32f884e2525b6200e5fb3f04d58f77304d16daa0
|
|
This fixes setup of trusted CAs on Fedora.
Test-Information:
Tested successful login to two different hosts with different
CAs. Previously the there was no certificate warning on
Debian 8 and a certificate warning on Fedora 24. With this
patch there is no certificate warning anymore on Debian 8
and Fedora 24.
Change-Id: I70e71eb9734f2012bcd5c4b784bab47917b44234
|
|
Test-Information:
Test that it still builds and unit test pass on OS X 10.11.4.
Change-Id: I2eb4a0b707991aee553db36a8cd1ae28b813acab
|
|
Boost.Signals was deprecated and is not improved further.
This patch removes Boost.Signals from 3rdParty and adds
Boost.Signals2 and its dependencies.
Also removed the Qt signals compatibility file
Swiften/Base/boost_bsignals.h.
Test-Information:
Build and ran unit tests on OS X 10.11.4. Confirmed successful
login using Swift client.
Change-Id: Ie6e3b2d15aac2462cda95401582f5287a479fb54
|
|
This change was done by applying the following 'gsed'
replacement calls to all source files:
's/\#include <boost\/shared_ptr\.hpp>/\#include <memory>/g'
's/\#include <boost\/enable_shared_from_this\.hpp>/\#include <memory>/g'
's/\#include <boost\/smart_ptr\/make_shared\.hpp>/\#include <memory>/g'
's/\#include <boost\/make_shared\.hpp>/\#include <memory>/g'
's/\#include <boost\/weak_ptr\.hpp>/\#include <memory>/g'
's/boost::make_shared/std::make_shared/g'
's/boost::dynamic_pointer_cast/std::dynamic_pointer_cast/g'
's/boost::shared_ptr/std::shared_ptr/g'
's/boost::weak_ptr/std::weak_ptr/g'
's/boost::enable_shared_from_this/std::enable_shared_from_this/g'
The remaining issues have been fixed manually.
Test-Information:
Code builds on OS X 10.11.4 and unit tests pass.
Change-Id: Ia7ae34eab869fb9ad6387a1348426b71ae4acd5f
|
|
Run 'clang-tidy -fix -checks=modernize-use-nullptr' on all
source code files on OS X. This does not modernize platform
specific code on Linux and Windows
Test-Information:
Code builds and unit tests pass on OS X 10.11.4.
Change-Id: Ic43ffeb1b76c1a933a55af03db3c54977f5f60dd
|
|
Removed trailing spaces and whitespace on empty lines
in the process.
Changed CheckTabs.py tool to disallow hard tabs in source
files.
Test-Information:
Manually checked 30 random files that the conversion worked
as expected.
Change-Id: I874f99d617bd3d2bb55f02d58f22f58f9b094480
|
|
Thanks to Manfred Urban for reporting that dynamic libraries weren't working.
Test-Information:
Swiften Builds on OS X with swiften_dll=True
Change-Id: I31e40ac118b9be6b43803a2bbcbfef3a9f9f9d21
|
|
Changed "" style includes to <> style.
Test-Information:
Build with Clang 3.9.0 and ran all tests on OS X 10.11.4.
Change-Id: Ic05e53f2e5dba39cc1307b116fc5f17b62ab9eb8
|
|
Clang was complaining about implicit conversions between
nullable and non-nullable NSString pointers. Adjusted our
std::string -> NSString* conversion utilities to check for
nil and return an empty std::string in that case.
Replaced uses of [NSString stringWithUTF8String] with our
STD2NSSTRING macro.
Turned std::string <-> NSString* conversion macros into
functions.
Test-Information:
Builds without the warning on OS X 10.11.3 and Swift runs
without issues.
Change-Id: I949f2f3332018391aead58ef362764f4b7955b01
|
|
Test-Information:
./scons test=system Swiften/QA/TLSTest passes on Windows 8.
Change-Id: I688ec5d0022c02879ff56029d724e6dd30b89a99
|
|
Our TLS backends need to tread TLS verification errors, e.g.
outdated certificate, untrusted CA, non-matching host, etc.,
as non-fatal, so the application can apply custom key
pinning verification or similar.
This patch changes the OS X SecureTransport backend to behave
accordingly and adjusts the CertificateErrorTest to mirror
this behavior.
This commit also fixes a double-free in
SecureTransportCertificate.
Test-Information:
Connected to a host with an untrusted CA and non-matching
domain in the certificate and was prompted with the Swift
certificate trust dialog on OS X 10.11.3.
Swiften/QA/TLSTest run successfully on OS X 10.11.3.
Change-Id: I4c8ce2178540d79a5f328e2e0558d4deb4295134
|
|
Default to disabled certificate revocation checking for
SecureTransport TLS backend on OS X. SecureTransport internal
revocation checking machine is not very stable and sometimes
fails reporting a positive revocation check leading to bad
UX.
Test-Information:
Swift login still works and ./scons test=system pass on OS X
10.11.3.
Change-Id: I298ccca4ecab07af5517fe393fdb887d79d70bf1
|
|
The code was calling CFRelease on a null pointer, which runs
into an assert inside CFRelease.
Test-Information:
The crash happened during client certificate authentication
using the Secure Transport backend. With this patch the crash
is gone.
Change-Id: If389dcb8b8a20fdc5cf77219d6c5afb86c9c3634
|
|
These errors were reported by Clang Analyzer.
Test-Information:
Verified that behavior is still as expected and Clang
Analyzer does not report the warnings anymore.
Change-Id: I149d75241f7680a6d2f2b6b710dd38d1ed81a209
|
|
Added integration tests for certificate validation and
revocation behavior checking.
Test-Information:
Tested client login over TLS against Prosody and M-Link.
Verified client certificate authentication works against
M-Link.
Change-Id: I6ad870f17adbf279f3bac913a3076909308a0021
|
|
Furthermore removed unneeded includes.
Test-Information:
Still builds and unit tests pass.
Change-Id: Ic7272e754c488f427b5ee6834f1d892028ea285d
|
|
This patch adds an option 'disconnectOnCardRemoval' to system-settings.xml which
when set to false allows the user's session to stay connected if the smartcard
is removed. The default value of this option is true if it is not specified.
Test-information:
Tested on Windows using NIST smartcards.
Tested true and false values set for this option in the file and also when
option is not specified (true).
Unit tests pass.
Change-Id: I7e421b4153ff7d3000f41999add20d339076c96e
|
|
When the card is reset in shared mode (which is the mode we use), an application
trying to access certain commands will be returned the value SCARD_W_RESET_CARD.
When this occurs SCardReconnect() must be called. This wasn't done before so
this patch fixes it.
Also provides more logging for SCard function returns.
Test-information:
Tested on Windows using NIST smart cards.
Before the fix, the Card Removed Error was seen often even after the initial
connection was established. After the fix, the reconnect attempt is done so the
error is not seen.
Also verified that if a card is removed deliberately, then the user is logged
out.
Change-Id: I94748ab9ff944a79de655646e1e06a8b61776f4b
|
|
Some servers have very restrictive TLS stacks that respond badly
to a bug in the SChannel TLS implementation, meaning that TLS
has to be limited to 1.0.
Add ClientOptions.tlsOptions. This is a method of passing options into
the TLS stack. It's currently
only used for the TLS 1.0 workaround in SChannel, but we might reasonably
expose other options in the future, such as limiting cypher suites.
Disables use of SSLv3 for SChannel
Also updates the coding style in SchannelContext a bit.
Test-Information:
Compiles on both OS X and Windows(SChannel). OS X doesn't show the new
option. Windows shows it, and remembers it between logins. Not tested
against a server requiring 1.0 only, but a previous hack with the
same approach was tested.
Change-Id: I1e7854d43811fd173f21f98d4dc3915fc7a4b322
|
|
Test-Information:
Tested build on Windows 8 with VS 2014 and ran unit tests.
Change-Id: I3d8096df4801be6901f22564e36eecba0e7310c4
|
|
Change-Id: I25328f60e211387f5d3fbcd6de155b7b8956c0f9
License: This patch is BSD-licensed, see Documentation/Licenses/BSD-simplified.txt for details.
|
|
Change-Id: I94ab4bbb68c603fe872abeb8090575de042f5cb4
|
|
Test-Information:
Tested on OS X 10.9.5 with XCode 6.1.
Change-Id: Ib223977192fce274e5585ef0768fd755b1fa734d
|
|
Test-Information:
Prepare valid and invalid JIDs and make sure that isValid() is reported correctly. Added unit tests.
Change-Id: Ic4d86f8b6ea9defc517ada2f8e3cc54979237cf4
|
|
This fixes a bug with PCKS12 cert auth that only manifested itself on
specific platforms (e.g. ARM)
Test-Information:
Patch was tested by reporter on a failing platform
Change-Id: I4663363aadaf5f00c2092e2f58d45f5ba1b4229a
|
|
Change-Id: If4e4ef98c00f15c0a88557860f0377843a8713c0
|
|
Change-Id: I1ffb6d9eabfb36c0101ee19c0cd618736d8a8bb8
|
|
This patch reflects a change to Stroke, which is described as follows:
If a TLS connection results in the server choosing an anonymous cipher
suite, then no server certificate will be returned by the server.
This ought not to happen, since XMPP clients are expected only to
propose non-anonymous cipher suites, but it could be that a client is
coded to propose anonymous suites, or that a bug in the server means
that it fails to return a server certificate.
This change updates the ServerIdentityVerifier to make it resilient
against these situations, treating this situation as equivalent to
"certificate presented by server does not verify".
Test-information:
Tested in Stroke. Untested in Swiften
Change-Id: Iec815b09b6be675edad1d479d1a0a9d6b0b91bf3
|
|
- Use boost::filesystem::path consistently for referring to files.
- Use boost::filesystem streams for I/O, such that paths are always handled
correctly.
- Use stringToPath and pathToString for conversion between strings and
boost::filesystem::path, to ensure we have consistent unicode handling
across platforms and environments. The default constructor and string
conversion uses platform-dependent encoding, depending on the global
locale set in the application, which causes problems. So, unless you are
in platform dependent code, the default constructor and string() function
should not be used. When constructing paths from other paths (e.g. using
operator/), also use stringToPath (instead of string arguments) if the path
can contain unicode characters.
Change-Id: If286bd9e71c8414afc0b24ba67e26ab7608ef6ea
|