AgeCommit message (Collapse)Author
2020-01-09Accept certs with upper case entriesHEADmasterKevin Smith
Although we were doing the right thing with punycode (as far as I can see) for the IDNA entries, we were forgetting that the comparisons needed to be case insensitive (checked the RFCs). Now they are. Test-Information: Added unit tests for the three flows that were modified. Change-Id: Ib17ae3df66159f38339996580dc85a5d99356274
2019-11-19Remove std::endl from SWIFT_LOG callsEdwin Mons
The std::endl is now added by ~Log, but only for output to stderr or a log file. Calls to the Android logging system or manually set callbacks will not include the newline in the logging output. JIRA: SWIFT-430 Test-Information: Unit tests pass on Debian 9 Checked that running Swift with logging to stderr still had a newline. Change-Id: I096fdba78a3b8f87db2097951c28c528592183e8
2019-11-14Remove extra semicolonsTobias Markmann
clang-trunk complained about them and ideally Swift would build without warnings. Test-Information: Builds find and tests pass. Change-Id: I1896befef0e65a980cc22f402e126aec8b56e71f
2019-11-13Re-enable logging in OpenSSLContextEdwin Mons
All logging in OpenSSLContext is now at debug level. Test-Information: Unit tests pass. Change-Id: I44d01ff23a05676a26ec547d6454dcb6883ebd88
2019-11-13Clear internal error state after cert chain parseTim Costen
When parsing a PEM string containing a chain of certificates, createCertificateChain calls PEM_read_bio_X509 until it returns NULL (end of chain). But this will have set OpenSSL's internal error chain. Creating a new OpenSSL context has the side effect of clearing this chain, but if you are using a context which has already been created, the context sees that the error chain is set and fails. All that is needed is for createCertificateChain to clear the OpenSSL error chain before returning. JIRA: LINK-1868 Change-Id: Ife2a3dabfeecff9e430648d63e4b4ba001e80a00
2019-11-05Handle xmpp-server SRV recordsTim Costen
Update ServerIdentityVerifier with new boolean parameter (defaulting to false) to its constructor. Use this to determine whether to check for SRV records which start with "_xmpp-client." (the default, for backwards compatibility), or "_xmpp-server.". JIRA: SWIFT-424 Bug: Release-notes: Manual: Test-information: Added a couple of new unit tests to check operation when this parameter is set true. All ServerIdentityVerifier unit tests run as before. Change-Id: Icb1fee31b436292cd6b5e61bc86482d700e40332
2019-10-29Comment out logging callsTim Costen
Swift OpenSSLContext and OpenSSLCertificate contain a number of error, warning and info logging calls which have the effect of writing to stderr. This patch comments them out for now - a proper interface with a logging object being passed in etc will be added at a later date. JIRA: SWIFT-426 Bug: Release-notes: Manual: Test-information: Compiles OK. TLSTest runs OK. Change-Id: I2bc09ff32277c2b669317fcf9748358b2934db7c
2019-10-29Allow use of system TAs to be disabled via TLSOptionsTim Costen
Add new boolean flag to TLSOptions which when set to true prevents system Trust Anchors being loaded into new TLS contexts created using OpenSSL. Add new test to Swiften QA with appropriate comment. JIRA: SWIFT-425 Test-information: Checked logic of change under debugger while running the tests in CertificateTest.cpp which create TLS contexts. Change-Id: I2d4a8410ce9cc752e6774e1d1cdb84dcd37b01d7
2019-10-18Extend getPeerCertificateChainTim Costen
Extend getPeerCertificateChain so that it uses the correct SSL methods for Server and Client mode contexts, i.e. SSL_get_peer_certificate as well as get_peer_cert_chain when this is a server-mode context. Tidy up error message logged on certificate verification failure. Always return "1" from verifyCallback; check result of certificate verification by a call to getPeerCertificateVerificationError() once the TLS session is established. JIRA: LINK-1814 Bug: Release-notes: Manual: Change-Id: Ica1d90998187ec5ce2584d48bd6fbfb8f9a667c9 Test-information:
2019-10-07Add ability to set external Trust Anchors to Swift OpenSSL contextTim Costen
Add a new (optional) field to TLSContext, which allows a vector of Trust Anchor certificates to be specified. Inside OpenSSLContext::configure, pass the X509 components of these certificates into the OpenSSL context: these are now available for client certificate verification in any callback method set via TLSOptions.verifyCertificateCallback. JIRA: LINK-1765 Test-information: Tested via MLink unit tests. No leaks reported. Change-Id: Ie9cc2051ee212249a12a4bc71b62306b5bce3013
2019-10-04Correct leaks in OpenSSL interfaceTim Costen
Remove increment of reference count on first certificate added to a new SSL context - the call to SSL_CTX_use_certificate does this internally. When adding extra certificates to the context via calls to SSL_CTX_add_extra_certificate, the explicit increment of the reference count is still required to prevent destruction of the certificates when the SSL context is freed. In OpenSSLContext::setPrivateKey, make sure the EVP_PKEY returned by PEM_read_bio_PrivateKey is tidied up, by wrapping it in a shared_ptr which calls EVP_PKEY_free. Add a new Unit test which creates an SSL context and inserts a multi-element certificate chain and a private key. JIRA: SWIFT-423 Bug: Release-notes: Manual: Change-Id: I82c66139a9dfe7a925eb39f73721200895a689e2 Test-information: Leak testing performed via ASAN-compiled MLink unit tests - now no leaks/errors reported associated with TLS Contexts and Certificates. Swiften unit test runs as expected.
2019-09-19Add support for use of shared certificate chain when setting up TLS contextTim Costen
Actual implementation is in OpenSSL subclass. This allows a permanent vector of shared certificates to be used when creating multiple OpenSSL contexts. This replaces the existing use of a vector of unique pointers to certificates which handed over responsibility for the underlying OpenSSL certs to the OpenSSL context. To enable this to work, a new method is added to the OpenSSLCertificate class which enables the reference count on the the contained OpenSSL certificate to be incremented - this stops the OpenSSL certificate being deleted when the OpenSSL context is freed. Use of conditional compilation was necessary to get the reference counting to build with the different versions of OpenSSL in use. Modify the method in OpenSSLCertificateFactory (and stub in CertificateFactory) which generates a vector of certificates, so that it generates a vector of shared_ptrs rather than unique_ptrs. Add test of CreateCertificateChain to Swiften CertificateTest class, together with sample certificate file in PEM form. JIRA: LINK-1763 Bug: Release-notes: Manual: Test-information: Tested via development version of Mystique - created multiple TLS sessions using single certificate chain. Swift unit tests now build and run again. New Swiften TLS unit test builds and runs. Change-Id: I7fa4888b640c94b68712a6bff1f7aa334a358df2
2019-09-17Fix casing of enums to avoid conflict on WindowsTobias Markmann
Test-Information: Tested on Windows with OpenSSL that this fixes the compilation issue. Change-Id: I01887c8eb758a6c1c208244cdae32aa9c0a99565
2019-09-03Add enhanced OpenSSL configurationTim Costen
Adds TLSOptions to the OpenSSLContext, which invokes a new private 'configure' method which allows various OpenSSL options to be set. Also add standard verification callbacks and external (via a std::function field in TLSOptions) to allow the user to specify their own method which will perform client certificate checking when a new TLS connection is accepted. Only set up the internal verifyCertCallback if the user-supplied hook is set. All callback hooks are set up in the 'configure' method, and only then if TLSOptions.verifyMode is present (i.e. not defaulted to boost::none), to preserve compatibility for users of this class (e.g. Swift) which want to use OpenSSL's own internal validation functions rather than setting the callbacks. Test-information: Used new code under development in M-Link when setting up a TLSContext, setting verify-mode=require, and set up verifyCertCallback with a local method. Making a client TLS connection which includes a client certificate results in the local verify callback being invoked. Change-Id: Idbb7279e1711fca8123f430bfca0dcfb65bc8da6
2019-01-21Fix OpenSSLContext to work correctly with OpenSSL 1.1.1Tobias Markmann
The previous code only worked with 1.1.0j or older. Now the code works with 1.1.0j and OpenSSL 1.1.1. Adjusted ClientServerTest to be more graceful in case of errors, i.e. failing tests instead of crashing. Test-Information: Tested that without the changes, the tests pass with OpenSSL 1.1.0j and test fail or crash with OpenSSL 1.1.1 and OpenSSL 1.1.1a. Tested that with the changes, the tests pass with OpenSSL 1.1.0j, OpenSSL 1.1.1, and OpenSSL 1.1.1a. Tested on macOS 10.14.2 with system clang. Change-Id: Ic63774049727f6d949153166f63a8545e9a24892
2019-01-18Allow ownership transfer of certificatesEdwin Mons
OpenSSL TLS contexts assume ownership of any additional certificate passed into it. The CertificateFactory now returns a vector of unique_ptrs, and OpenSSLContext will do the needful with releasing ownership at the right moment. A unit test has been added that uses a chained certificate in client/server context. Before the fix, this test would either fail, or result in a segmentation fault, depending on the mood of OpenSSL. Test-Information: Unit tests pass on Debian 9 Ran manual tests with server test code, tested both chained and single certificates, and no longer observed crashes when accepting a connection. Change-Id: I21814969e45c7d77e9a1af14f2c958c4c0311cd0
2019-01-14Add optional message to TLSErrorEdwin Mons
TLSError now takes an optional error message. OpenSSLContext has been updated to send out one, and calls to SWIFT_LOG have been removed from it for anything but setCertificateChain. OpenSSLContext::handleDataFromApplication misinterpreted the return code of SSL_write, triggering an onError in cases where more network I/O was required. Test-Information: Unit tests pass on Debian 9 Server test code no longer emits undesirable warnings to stderr on macOS 10.14. Change-Id: If0f932693361ef9738ae50d5445bfb4d3ed9b28f
2018-07-30Use std::unique_ptr to have TLS classes own the TLSContextTobias Markmann
TLSLayer and TLSConnection now own the TLSContext they use. The TLSContextFactory interface is adjusted to use std::unique_ptr. Test-Information: Builds and all tests pass on macOS with clang-7-master. Change-Id: I14e33c98b48445094f404b73ea41af0a51d2dde6
2018-03-20Merge branch 'swift-4.x'swift-5.0alpha2Tobias Markmann
* swift-4.x: (44 commits) Test-Information: Builds on macOS 10.13.3 with clang trunk. Change-Id: If50381f103b0ad18d038b920d3d43537642141cb
2018-03-14Fix building with OpenSSL on WindowsTobias Markmann
Define NOMINMAX when building OpenSSL backend on Windows and otherwise you cannot use std::numeric_limits<T>::max. Test-Information: Swiften builds on Windows 10 with VS2015 with the OpenSSL TLS backend. Change-Id: I9621c14426a0af2280cef7ee973abcff2fd0a48d
2018-03-12Ability to set Diffie-Hellman parameters for OpenSSLContextTobias Markmann
Test-Information: Unit tests pass on macOS 10.13.3 with ASAN and Clang 7.0. Change-Id: Ifc2bf2c1b63fca7f3ee43ef61c79a96b8e5ced5f
2018-03-12Add getPeerFinishMessage() method and OpenSSL TLS backendTobias Markmann
This method allows to calculate the TLS finish message of the peer of a TLS connection. It can be used to provide SASL channel binding for TLS servers. Test-Information: Added unit test that verifies the finish messages of a server TLS context with the finish messages of a client TLS context. Tests pass on macOS 10.13.3 with OpenSSL. Change-Id: Ia5ba539e1fb6d1bef6b4436bb59c7384b57a69b0
2018-02-21Add support for Server Name Indication to OpenSSLContextTobias Markmann
Test-Information: Builds and unit tests pass on macOS 10.13.3 with OpenSSL TLS backend. Change-Id: Ie8f4578c867a2e4bf84484cde4a7cff048566ca4
2018-02-02Add basic TLS server support in OpenTLSContextTobias Markmann
This also extends the TLSContext interface with methods required for server mode. Test-Information: Added unit tests that test new functionality in TLSContex. This includes test certificates in the source file that are not for public use. This new ClientServerTest is only enabled for OpenSSL, as other TLS backends do not support the new functionality yet. Tested on macOS 10.13.3 with clang-trunk. Change-Id: I8e43476057608067eb3b9852328aa21cd22974a0
2018-02-02Add support for extracting certificate chain from PEM stringTobias Markmann
Add PrivateKey class to simply encapsulate arbitrary private key data and the corresponding password. This enables easy unit testing by loading the certificate and key from within a test case. Test-Information: Added unit tests for certificate and key generated by OpenSSL. Tested on macOS 10.13.2 with OpenSSL. Change-Id: I1c9ffc3c70f61af65c4f1c48670badaf74b672b7
2018-01-30Modernize OpenSSL crypto backendTobias Markmann
* use std::unique_ptr for memory management of dynamic OpenSSL objects * use an initializer class and static instance of it to correctly initialize/finalize OpenSSL on first use * use enum class instead of simple enum for state * use nullptr instead of NULL Test-Information: Builds and tests pass on macOS 10.13.2 with clang-trunk and ASAN. Change-Id: I346f14e21c34871c1900a8e1ac000450770a0bbe
2017-10-02Fix Code According to New clang warning (-Wobjc-messaging-id)Tobias Markmann
Test-Information: Builds and test pass on macOS 10.13 with clang-trunk. Change-Id: I7a515a003602a983681f85374a8a77dc953f533d
2017-08-15Improve Swift’s interactions with Smart CardsThanos Doukoudakis
This patch improves logging and refactors SchannelContext and CAPICertificate classes, to improve logging and how Swift interacts with smart cards. Test-Information: Tested on Windows 10 (Qt 5.7) Change-Id: Ic4d306beafb9e5d253731769f222e6949995d5e7
2017-06-19Don't crash when SSL_new failsAlexey Melnikov
NULL pointer dereference was happening in OpenSSL code (inside SSL_set_bio) when SSL_new returned NULL due to lack of Isode HGE license. Change-Id: Iebd78be7eb6c7978de0bff225915dc393a516f08
2016-11-23Migrate remaining Swiften/Base/foreach.h use to range-based for loopTobias Markmann
Test-Information: Build on macOS 10.12.1 and all tests pass. Change-Id: Iedaa3fa7e7672c77909fd0568bf30e9393cb87e0
2016-09-29Explicitly handle all possible SecTrustResultType enum valuesTobias Markmann
Test-Information: Unit tests pass on macOS 10.12. Change-Id: I32f884e2525b6200e5fb3f04d58f77304d16daa0
2016-08-24Use SSL_CTX_set_default_verify_paths to set trusted CAs for OpenSSLTobias Markmann
This fixes setup of trusted CAs on Fedora. Test-Information: Tested successful login to two different hosts with different CAs. Previously the there was no certificate warning on Debian 8 and a certificate warning on Fedora 24. With this patch there is no certificate warning anymore on Debian 8 and Fedora 24. Change-Id: I70e71eb9734f2012bcd5c4b784bab47917b44234
2016-04-25Convert hard tabs to four spaces in all our SConscript/*.py filesTobias Markmann
Test-Information: Test that it still builds and unit test pass on OS X 10.11.4. Change-Id: I2eb4a0b707991aee553db36a8cd1ae28b813acab
2016-04-05Migrate to Boost.Signals2 from Boost.SignalsTobias Markmann
Boost.Signals was deprecated and is not improved further. This patch removes Boost.Signals from 3rdParty and adds Boost.Signals2 and its dependencies. Also removed the Qt signals compatibility file Swiften/Base/boost_bsignals.h. Test-Information: Build and ran unit tests on OS X 10.11.4. Confirmed successful login using Swift client. Change-Id: Ie6e3b2d15aac2462cda95401582f5287a479fb54
2016-04-04Modernize code to use C++11 shared_ptr instead of Boost'sTobias Markmann
This change was done by applying the following 'gsed' replacement calls to all source files: 's/\#include <boost\/shared_ptr\.hpp>/\#include <memory>/g' 's/\#include <boost\/enable_shared_from_this\.hpp>/\#include <memory>/g' 's/\#include <boost\/smart_ptr\/make_shared\.hpp>/\#include <memory>/g' 's/\#include <boost\/make_shared\.hpp>/\#include <memory>/g' 's/\#include <boost\/weak_ptr\.hpp>/\#include <memory>/g' 's/boost::make_shared/std::make_shared/g' 's/boost::dynamic_pointer_cast/std::dynamic_pointer_cast/g' 's/boost::shared_ptr/std::shared_ptr/g' 's/boost::weak_ptr/std::weak_ptr/g' 's/boost::enable_shared_from_this/std::enable_shared_from_this/g' The remaining issues have been fixed manually. Test-Information: Code builds on OS X 10.11.4 and unit tests pass. Change-Id: Ia7ae34eab869fb9ad6387a1348426b71ae4acd5f
2016-04-01Modernize code to use C++11 nullptr using clang-tidyTobias Markmann
Run 'clang-tidy -fix -checks=modernize-use-nullptr' on all source code files on OS X. This does not modernize platform specific code on Linux and Windows Test-Information: Code builds and unit tests pass on OS X 10.11.4. Change-Id: Ic43ffeb1b76c1a933a55af03db3c54977f5f60dd
2016-03-31Convert tabs to 4 spaces for all source filesTobias Markmann
Removed trailing spaces and whitespace on empty lines in the process. Changed tool to disallow hard tabs in source files. Test-Information: Manually checked 30 random files that the conversion worked as expected. Change-Id: I874f99d617bd3d2bb55f02d58f22f58f9b094480
2016-03-31Stop building some TLS providers as always staticKevin Smith
Thanks to Manfred Urban for reporting that dynamic libraries weren't working. Test-Information: Swiften Builds on OS X with swiften_dll=True Change-Id: I31e40ac118b9be6b43803a2bbcbfef3a9f9f9d21
2016-03-30Apply consistent #include grouping and sorting styleTobias Markmann
Changed "" style includes to <> style. Test-Information: Build with Clang 3.9.0 and ran all tests on OS X 10.11.4. Change-Id: Ic05e53f2e5dba39cc1307b116fc5f17b62ab9eb8
2016-03-15Explicitly convert between nullable and non-nullable on OS XTobias Markmann
Clang was complaining about implicit conversions between nullable and non-nullable NSString pointers. Adjusted our std::string -> NSString* conversion utilities to check for nil and return an empty std::string in that case. Replaced uses of [NSString stringWithUTF8String] with our STD2NSSTRING macro. Turned std::string <-> NSString* conversion macros into functions. Test-Information: Builds without the warning on OS X 10.11.3 and Swift runs without issues. Change-Id: I949f2f3332018391aead58ef362764f4b7955b01
2016-02-08Fix and adjust TLSTest to Windows SChannel backendTobias Markmann
Test-Information: ./scons test=system Swiften/QA/TLSTest passes on Windows 8. Change-Id: I688ec5d0022c02879ff56029d724e6dd30b89a99
2016-02-08Treat cert verify errors as non-fatal in OS X TLS backendTobias Markmann
Our TLS backends need to tread TLS verification errors, e.g. outdated certificate, untrusted CA, non-matching host, etc., as non-fatal, so the application can apply custom key pinning verification or similar. This patch changes the OS X SecureTransport backend to behave accordingly and adjusts the CertificateErrorTest to mirror this behavior. This commit also fixes a double-free in SecureTransportCertificate. Test-Information: Connected to a host with an untrusted CA and non-matching domain in the certificate and was prompted with the Swift certificate trust dialog on OS X 10.11.3. Swiften/QA/TLSTest run successfully on OS X 10.11.3. Change-Id: I4c8ce2178540d79a5f328e2e0558d4deb4295134
2016-02-01Disable certificate revocation checking in OS X TLS backendTobias Markmann
Default to disabled certificate revocation checking for SecureTransport TLS backend on OS X. SecureTransport internal revocation checking machine is not very stable and sometimes fails reporting a positive revocation check leading to bad UX. Test-Information: Swift login still works and ./scons test=system pass on OS X 10.11.3. Change-Id: I298ccca4ecab07af5517fe393fdb887d79d70bf1
2015-11-10Fix Cocoa memory management error in Secure Transport backendTobias Markmann
The code was calling CFRelease on a null pointer, which runs into an assert inside CFRelease. Test-Information: The crash happened during client certificate authentication using the Secure Transport backend. With this patch the crash is gone. Change-Id: If389dcb8b8a20fdc5cf77219d6c5afb86c9c3634
2015-11-06Fix potential memory leaks in Cocoa API usageTobias Markmann
These errors were reported by Clang Analyzer. Test-Information: Verified that behavior is still as expected and Clang Analyzer does not report the warnings anymore. Change-Id: I149d75241f7680a6d2f2b6b710dd38d1ed81a209
2015-10-30Add support for OS X Secure Transport TLS backendTobias Markmann
Added integration tests for certificate validation and revocation behavior checking. Test-Information: Tested client login over TLS against Prosody and M-Link. Verified client certificate authentication works against M-Link. Change-Id: I6ad870f17adbf279f3bac913a3076909308a0021
2015-09-22Add explicit includes for classes used in PlatformTLSFactoriesTobias Markmann
Furthermore removed unneeded includes. Test-Information: Still builds and unit tests pass. Change-Id: Ic7272e754c488f427b5ee6834f1d892028ea285d
2015-07-07Add hidden option to prevent disconnect when smartcard removedMili Verma
This patch adds an option 'disconnectOnCardRemoval' to system-settings.xml which when set to false allows the user's session to stay connected if the smartcard is removed. The default value of this option is true if it is not specified. Test-information: Tested on Windows using NIST smartcards. Tested true and false values set for this option in the file and also when option is not specified (true). Unit tests pass. Change-Id: I7e421b4153ff7d3000f41999add20d339076c96e
2015-07-02Reestablish connection with smart cardMili Verma
When the card is reset in shared mode (which is the mode we use), an application trying to access certain commands will be returned the value SCARD_W_RESET_CARD. When this occurs SCardReconnect() must be called. This wasn't done before so this patch fixes it. Also provides more logging for SCard function returns. Test-information: Tested on Windows using NIST smart cards. Before the fix, the Card Removed Error was seen often even after the initial connection was established. After the fix, the reconnect attempt is done so the error is not seen. Also verified that if a card is removed deliberately, then the user is logged out. Change-Id: I94748ab9ff944a79de655646e1e06a8b61776f4b
2015-06-10Add ability to limit SChannel to TLS 1.0Kevin Smith
Some servers have very restrictive TLS stacks that respond badly to a bug in the SChannel TLS implementation, meaning that TLS has to be limited to 1.0. Add ClientOptions.tlsOptions. This is a method of passing options into the TLS stack. It's currently only used for the TLS 1.0 workaround in SChannel, but we might reasonably expose other options in the future, such as limiting cypher suites. Disables use of SSLv3 for SChannel Also updates the coding style in SchannelContext a bit. Test-Information: Compiles on both OS X and Windows(SChannel). OS X doesn't show the new option. Windows shows it, and remembers it between logins. Not tested against a server requiring 1.0 only, but a previous hack with the same approach was tested. Change-Id: I1e7854d43811fd173f21f98d4dc3915fc7a4b322