Age | Commit message (Collapse) | Author |
|
Test-Information:
Builds on OS X 10.11.3.
Change-Id: I3177f158c959944c89a028ac0c4cc79a45ed1ac3
|
|
The jabber_org.crt was falsely modified in commit 0297fa1;
reverted the file to its previous version.
Fixed a syntax error in CertificateErrorTest.
Fixed compilation of TLS stack with external OpenSSL.
Test-Information:
Tested compilation ./scons test=system Swiften/QA/TLSTest
with OpenSSL on OS X 10.11.3.
Change-Id: I58caf94dded128d3ee725b1961e54ad2955d70aa
|
|
Test-Information:
Successfully built Swiften as C++11 with external Boost 1.60
on OS X 10.11.3.
Change-Id: I2c5a7c22f5f8c14ee7befcaeb84b7d1f093932f6
|
|
Building with Boost 1.60 showed a bug in
WindowsGSSAPIClientAuthenticator.cpp, passing NULL to a method
expecting a const boost::optional reference. Passing a default
constructed boost::optional here instead now.
Test-Information:
Compiles with VS 2015 and Windows 10 and externally built
Boost 1.60.
Change-Id: I5c67d706dade21c60b006b13d441355714a42ec2
|
|
The issue occurs with ProxiedConnection that started
connecting but do not have an external reference anymore.
As soon as the handlers of the ProxiedConnection are
disconnected from the signals of the connection_ object,
the remaining references to a shared ProxiedConnection
vanish and the ProxiedConnection is deleted, while it still
requires access to its members in
ProxiedConnection::handleConnectFinished().
Test-Information:
All tests pass on OS X 10.11.3. No TSAN reports on Debian 8
in a scenario with randomly connecting/disconnecting Client
instances that use a HTTP proxy.
Change-Id: I4d6d2c85013e066d9ed298aa9b913afc83949e35
|
|
ThreadSanitizer reported a data-race between Boost's socket
close() and async_read_some().
Test-Information:
Verified all tests still pass and that TSAN does not report
an error anymore in a scenario where a Client connects/dis-
connects randomly.
Tested on Debian 8 and OS X 10.11.3.
Change-Id: I5e705efb15bee767dd5a55539854b5e488b3bf64
|
|
Previously Jingle File Transfer in Swiften only used IBB
transport as fallback mechanism. With this patch Swiften will
use IBB transport candidates directly in the first
session-initate/session-accept message if the other party
only supports IBB.
Fixed a ASAN reported heap-use-after-free in
SOCKS5BytestreamServerManager.cpp while testing.
Test-Information:
./scons test=system passed without error.
Testing all sender/receiver file-transfer option configurations
with FileTransferTest resulting in expected behavior.
Successfully transferring a file between two Swift instances.
Change-Id: Ia0ffeaa1fd54fc0da23db75344c9e94f9d03a774
|
|
WriteBytestream::write(…) now returns a boolean indicating
its success state (false in case of an error). Adjusted
FileWriteBytestream accordingly.
The QtWebKitChatView will test if the file path selected by
the user is writable before accepting it and starting the
transfer. If it is not writable a red warning message will be
added to the file-transfer element in the chat view.
Test-Information:
Added an integration test that tests the new behavior for
the FileWriteBytestream class.
Tested two file transfers on OS X 10.11.3, one to a write
protected location and another to /tmp. The first is not accepted
by the UI, and without the UI sanity check it results in a
file-transfer error. The second succeeds as expected.
Change-Id: I5aa0c617423073feb371365a23a294c149c88036
|
|
Test-Information:
Tests pass locally (OS/X 10.11.3)
Change-Id: I223cdf213f87a4efd574bdd917556aec23e4fd4c
|
|
Test-Information:
./scons test=system Swiften/QA/TLSTest passes on Windows 8.
Change-Id: I688ec5d0022c02879ff56029d724e6dd30b89a99
|
|
Our TLS backends need to tread TLS verification errors, e.g.
outdated certificate, untrusted CA, non-matching host, etc.,
as non-fatal, so the application can apply custom key
pinning verification or similar.
This patch changes the OS X SecureTransport backend to behave
accordingly and adjusts the CertificateErrorTest to mirror
this behavior.
This commit also fixes a double-free in
SecureTransportCertificate.
Test-Information:
Connected to a host with an untrusted CA and non-matching
domain in the certificate and was prompted with the Swift
certificate trust dialog on OS X 10.11.3.
Swiften/QA/TLSTest run successfully on OS X 10.11.3.
Change-Id: I4c8ce2178540d79a5f328e2e0558d4deb4295134
|
|
Changed MUCController to only handle message stanzas as
subject change if <subject/> is present and neither <body/>
nor <thread/> is present in the message stanza.
Test-Information:
Added unit tests verifying behavior described in XEP-0045
section 8.1.
Unit tests pass on OS X 10.11.2.
Change-Id: I1d22272da1675176be131ab360b214a98f20533f
|
|
Default to disabled certificate revocation checking for
SecureTransport TLS backend on OS X. SecureTransport internal
revocation checking machine is not very stable and sometimes
fails reporting a positive revocation check leading to bad
UX.
Test-Information:
Swift login still works and ./scons test=system pass on OS X
10.11.3.
Change-Id: I298ccca4ecab07af5517fe393fdb887d79d70bf1
|
|
Test-Information:
./scons test=system passes without any ASAN reports on OS X
10.11.3.
Change-Id: I6825414e2f3c5e5aec48289395f44ccdc14d8f95
|
|
The old event loop had this protection, however it is
missing in the new design. This adds this protection again
as some external event loop implementations, e.g. the Qt
event loop, directly process their event queue from an event
handler.
Test-Information:
Unit and system tests pass on OS X 10.11.3.
Change-Id: I10ce7160c3f201e2d5f53ab8289ddde1eb3262e8
|
|
This commit adds explicit code to stop timers which are
connected to objects that are about to be deleted from
memory.
Test-Information:
./scons test=system passes on OS X 10.11.3.
Change-Id: I139314f3a223e3dc63b78b96be17d3ae53cd3de3
|
|
Code review makes me think that if the timer fires at the same time as
stop() is called, it would be possible for the clearing of events from
the loop to happen before the event is put into the loop, leading to
the sort of crashes we've seen with timers firing and access exceptions.
I can't reproduce those to know if this fixes them, and I'm not even sure
I'm not being dense thinking this patch fixes a real issue.
Test-Information:
Unit tests pass
Change-Id: I76337d5556a9c3902d5c2f4da754ae657810d436
|
|
AddressSanitizer reported a heap-buffer-overflow in
WhitespacePingLayer::handleTimerTick() which happened during
multiple restarts of a XMPP server. Under the assumption
that it was caused by not correctly stopping the timer, the
timer is now explicitly stopped if still active at destruction.
Test-Information:
Unable to reproduce the ASAN report. Unit tests still pass.
Change-Id: Ia0b7c3b613688750c4ce0ad40d759a0db4a52791
|
|
FileTransferTest would attempt to remove files while the
file-transfer objects still have a file handle open to them
in form of FileReadBytestream and FileWriteBytestream
references.
Test-Information:
./scons test=system Swiften/QA/FileTransferTest passed
successfully on Windows 8.
Change-Id: Iba45fa5df7e6f55667dd76fee4624733bb363fe5
|
|
Adds missing virtual keyword to destructors of classes which
have a non-empty destructor and are inheriting from other
classes and implement virtual functions.
Test-Information:
Compiles and unit tests pass on Windows 8 with VS 2013.
Change-Id: I172b5de8eda63eb8057113fbc979444abde3e0a7
|
|
This should enable IPv4/IPv6 dual-stack support for Swift(-en)
Jingle file-transfer support.
Add Connection::getRemoteAddress() method.
Test-Information:
Tested IPv6 file-transfer and IPv4 file-transfer between two
Swift instances.
Added integration test verifying IPv4 only, IPv6 only and
IPv4/IPv6 dual-stack support on the running platform.
Additionally added test to verify remote addresses on dual-stack
server.
Change-Id: Ie384a71833eacca554f69e6f12a1c8330d0d747f
|
|
Use values instead of define names for _WIN32_WINNT and
NTDDI_VERSION defined needed for Windows.h configuration.
Using the names boost fails to correctly detect getaddrinfo()
support on Windows.
Only run IPv6 related test cases in DomainNameResolverTest on
Windows, if test_ipv6=1 is passed to the scons arguments.
This is because on Windows getaddrinfo() will not return
IPv6 related results when called with the AF_UNSPEC hint,
unless the Windows host has global IPv6 connectivity.
Changed the BoostConnectionTest to time out and not endlessly
wait on a response from the remote host.
Test-Information:
Ran the following test configurations:
* (SUCCESS) On Windows 8 with HE.net IPv6 tunnel to provide
full IPv6 connectiviy:
scons.bat test=system test_ipv6=1 Swiften/QA/NetworkTest
* (SUCCESS) On Windows 8 with HE.net IPv6 tunnel to provide
full IPv6 connectiviy:
scons.bat test=system Swiften/QA/NetworkTest
* (EXPECTED FAIL) On Windows 8 with no IPv6 connectiviy:
scons.bat test=system test_ipv6=1 Swiften/QA/NetworkTest
* (SUCCESS) On Windows 8 with no IPv6 connectiviy:
scons.bat test=system Swiften/QA/NetworkTest
Change-Id: I5adcd28e09e22acf61f7cca40b614e71df75dd70
|
|
Test-Information:
Builds and unit and system tests succeed on OS X 10.11.2.
Change-Id: I9e4805f31c4ba63c64d73dbfc2ee6b6423d949a8
|
|
Test-Information:
Builds and tests pass.
Change-Id: I7c12036903ea535fe0a7ee7085b2268894c546bd
|
|
Test-Information:
Tested by transferring a file between two Swift instances.
Tested in WebKit chat views and in plain chat views.
Change-Id: Ie46cbd7bac8a36478f64b4557cf55926e6d4af37
|
|
Test-Information:
Unit and integration tests pass on OS X 10.10.5 and Debian 8.2.
UI remains responsive when transferring a file between two
Swift instances.
Change-Id: I7841347a5d6c55121e02e274a7087a2fc200f879
|
|
Test-Information:
Ran a file-transfer between two Swift instances and verified
no fe80:... addresses are included in the candidates.
Change-Id: I51dedb6aff95686764f74bf61ab2963e51ecbd1c
|
|
Test-Information:
Tested on OS X 10.11.1.
Change-Id: If63370404ac6586e2e48a19cbe7a0f0df9359c36
|
|
Canceling an IBB transfer in-flight caused an use-after-free
reported by ASAN. With this fix we keep a reference of the
current request around to be able to disconnect from its
signals on cancel.
Test-Information:
Transferred a file with Swift using the IBB method and canceled
the transfer. The previously error reported by ASAN is gone.
Change-Id: I240d3dbb59cddb6b91d49f268595a89ac8805f72
|
|
Test-Information:
Tested against a Swift instance which does not advertise the
DiscoInfo::JingleTransportsS5BFeature feature and verified
via debug console that only the IBB feature is listed in the
candidates.
Change-Id: I708c437f5c30c16c3478fd3448d7cb9592e68677
|
|
This allows execution of events inside an existing io_service
if an application is already using Boost ASIO for other things
and can share the io_service.
Test-Information:
Builds on OS X 10.11.2.
Change-Id: I092ed7a25b24ef95d4664bae98ed84cc0f149073
|
|
The new event loop design has a single event queue that is
synchronized to protect against data races.
The removal of events in the queue by EventOwner is
deterministic.
Test-Information:
All unit and integration tests with TSAN and
cxxflags=-DBOOST_SP_USE_PTHREADS on Debian 8.2 pass without
reports.
Multiple Swiften/QA/ClientTest/ClientTest runs under
different CPU stress caused no TSAN reports on Debian 8.2.
Swift itself only causes TSAN reports related to Qt itself,
out of our control, and most likely false positives, i.e.
TSAN not detecting the synchronization method inside Qt
correctly.
Unit tests pass without errors and successfully connected
to Slimber on OS X 10.10.5.
Change-Id: Ia1ed32ac2e758c5b9f86e0dac21362818740881e
|
|
Test-Information:
Unit tests pass on OS X 10.10.5.
Change-Id: I7b505513b4342001596ee8518bfdcf9e77c91479
|
|
This allows to authenticate using SASL EXTERNAL over BOSH
using a client TLS certificate for the HTTPS connection of
the BOSH channel.
The implementation also enforces the HTTPS server certificate
of subsequent BOSH connections not to change.
This commit also removes TLSConnection and TLSConnectionFactory
as no code is using them.
Test-Information:
Tested against M-Link 16.3v6-0 on Debian 7.9 and Swift on
OS X 10.10.5. Verified working client certificate authentication.
Verified Swift not falling back to password-based authentication,
in case EXTERNAL is not allowed by the server over BOSH or
the client certificate is invalid.
Change-Id: Ia96bcac27cac9fc9261ed847c82c6328307bfbd1
|
|
The code was calling CFRelease on a null pointer, which runs
into an assert inside CFRelease.
Test-Information:
The crash happened during client certificate authentication
using the Secure Transport backend. With this patch the crash
is gone.
Change-Id: If389dcb8b8a20fdc5cf77219d6c5afb86c9c3634
|
|
Test-Information:
Still builds and tests pass on OS X 10.10.5.
Change-Id: Ic616e7b9de443ce34b46de63ac1bb0cca34b08ee
|
|
Test-Information:
Still builds and tests pass.
Change-Id: I040423ab6f6934610e336f3af22d174a685af66a
|
|
These errors were reported by Clang Analyzer.
Test-Information:
Verified that behavior is still as expected and Clang
Analyzer does not report the warnings anymore.
Change-Id: I149d75241f7680a6d2f2b6b710dd38d1ed81a209
|
|
This patch prevents SWIFTEN from logging in if provided with a missing PKCS12 file.
Before this patch, swiften would attempt a password based login using operator JID
and pwd of the P12 file when the P12 file was missing.
This patch fixes it by checking the certificate and not initialising session stream
and connection if the certificate is empty. It emits a disconnect with client
certificate load error. The string for certificate load error has been modified to
indicate a file or password invalid.
Test-information:
Tested by doing a certificate based bind to an XMPP server. Removed the PKCS#12
file and checked that swift gave a certificate error instead of doing pwd connect
Change-Id: I1869a13f1f7135b6606f7383cd4a0356ffd6931b
|
|
This patch fixes the code to handle HTTP/1.0 proxies which
do not keep the connection alive after a single request.
If a HTTPTrafficFilter returns a new header reply, the HTTP
CONNECT proxy code will issue the request over a new connection.
The final connection is kept alive, as it used for the
persistent connection forwarding.
In addition, the response status line is now passed to the
HTTPTrafficFilter handling method to provide ability to act
upon the response status code.
Missing passthrough of the HTTPTrafficFilter object the down
the stack to the HTTPConnectProxiedConnection is added.
Test-Information:
Added a unit test following an NTLM HTTP proxy authentication
with a static HTTPTrafficFilter. This and other unit tests
still pass.
Change-Id: Ida0d1aec08a60f10c1480e1eecaecbd3f87b0dca
|
|
Added integration tests for certificate validation and
revocation behavior checking.
Test-Information:
Tested client login over TLS against Prosody and M-Link.
Verified client certificate authentication works against
M-Link.
Change-Id: I6ad870f17adbf279f3bac913a3076909308a0021
|
|
With this commit
SOCKS5BytestreamProxiesManager::onDiscoveredProxiesChanged
will be emitted even if no proxies are found.
Move signal emission out of if/else scopes as it was present
in both cases.
Test-Information:
Tested file-transfer with the sender located at a server
without a S5B proxy.
Change-Id: Ic79928e539a6f39f23bfda370d701bf6d9ca9cbf
|
|
Test-Information:
Code builds without warnings, unit tests still pass on OS X
10.10.5.
Change-Id: I9108b53fb00b0fc85a8dd4e2a347e21d0e6008ab
|
|
Test-Information:
Build and tests pass successfully on OS X 10.10.5.
Change-Id: I614586660796f9ef043156d09d998d39934a6eca
|
|
In addition, this adds the file-transfer classes to the
Doxygen documentation.
Test-Information:
Unit and integration tests still pass.
Change-Id: Ib6c16078c90ed56fae835cb2abfea8a564c3afa3
|
|
Before presence handling code was handled by both, the
ContactRosterItem in Swift and the PresenceOracle in Swiften.
The ContactRosterItem also considered the presence priority
for deciding what presence to show for a bare JID.
With this code all full or bare JID presence requests are
finally handled by the PresenceOracle. For bare JIDs it is
looked up to a presence of one of the available resources of
that JID regardless of the priorities.
Test-Information:
Adjusted tests according to above description and documentation
in PresenceOracle.
Change-Id: I972a4574f476cdf4d4b5593a035eb1c25ef2f8ba
|
|
When removing a contact, a XMPP client will not receive an explicit
unavailable presence stanza for the contact from the server. Because
of that Swift used to show removed contacts still with their old
presence in the Chats tab or the chat view.
With this patch, the PresenceOracle will flush all known presence
of a contact as soon as the JID is removed from the roster. An
unavailable presence will stored under the removed bare JID and
is emitted via the PresenceOracle::onPresenceChange signal.
Test-Information:
Added a unit test verifying this behavior. Tested the behavior with
two scenarios:
a) Account A and B adding each other and accepting the subscription
request. Starting a chat between A and B. After removing B in A's
account, B used to be shown as available in the chat view and the
Chats tab. With this patch B is shown as unavailable.
b) Account A and B adding each other and accepting the subscription
request. A removing B, and B removing A. After A adds B again,
B used to be shown with the old presence even before B accepted
the subscription request. This behavior is also fixed with this
patch, not showing B as online until B accepted the subscription
request.
Change-Id: Iba97d3bedd0ac962ea00b25a0d2ed6106ed55a55
|
|
This is required to protect against the CVE-2015-2059 vulnerability in
libIDN.
Test-Information:
Added unit tests for UTF-8 validation and tested that existing unit
tests still pass.
Change-Id: I0a94136894c6e0004081456c59155a78a3dabf5f
|
|
With this commit a ChatController is only bound to a full JID
of a contact, if the incoming message of the contact has a
non-empty body or is a 'typing' chat state notification.
This avoids random binding to an arbitrary resource of a contact,
that has multiple online resources and responds with delivery
receipts.
Test-Information:
Tested with a conversation of a one resource account (A) to a
two resource account (B). Sending two messages to B, the first
used to go to both resources, then A would bind to the full
JID and the second message would only go to one resource.
With this fix all messages go to both resources, i.e. are
send to the bare JID, until one resource of B replies. This
binds the controller at A to the full JID of the reply of B.
Change-Id: I8d9321a4226ab798e1196351ad087990d5dff8c3
|
|
Test-Informations:
Code compiles without warnings and tests still pass.
Change-Id: If74c615706b8125c3c5186f0d940c103749ddb80
|