Age | Commit message (Collapse) | Author |
|
Swift OpenSSLContext and OpenSSLCertificate contain a number
of error, warning and info logging calls which have the effect
of writing to stderr. This patch comments them out for now -
a proper interface with a logging object being passed in etc
will be added at a later date.
JIRA: SWIFT-426
Bug:
Release-notes:
Manual:
Test-information:
Compiles OK.
TLSTest runs OK.
Change-Id: I2bc09ff32277c2b669317fcf9748358b2934db7c
|
|
Add new boolean flag to TLSOptions which when
set to true prevents system Trust Anchors being loaded into
new TLS contexts created using OpenSSL.
Add new test to Swiften QA with appropriate comment.
JIRA: SWIFT-425
Test-information:
Checked logic of change under debugger while running the
tests in CertificateTest.cpp which create TLS contexts.
Change-Id: I2d4a8410ce9cc752e6774e1d1cdb84dcd37b01d7
|
|
Extend getPeerCertificateChain so that it uses the correct SSL
methods for Server and Client mode contexts, i.e.
SSL_get_peer_certificate as well as get_peer_cert_chain
when this is a server-mode context.
Tidy up error message logged on certificate verification
failure.
Always return "1" from verifyCallback; check result
of certificate verification by a call to
getPeerCertificateVerificationError() once the
TLS session is established.
JIRA: LINK-1814
Bug:
Release-notes:
Manual:
Change-Id: Ica1d90998187ec5ce2584d48bd6fbfb8f9a667c9
Test-information:
|
|
There are cases where users of this method forget to
free the pointer. This is now avoided by returning a
unique_ptr.
Test-Information:
All existing unit and integration tests, i.e. `./scons
test=all` pass.
Change-Id: I10a88c3361823074d81db7af8cec1bd70c409995
|
|
Add a new (optional) field to TLSContext, which allows a vector
of Trust Anchor certificates to be specified.
Inside OpenSSLContext::configure, pass the X509 components of
these certificates into the OpenSSL context: these are now
available for client certificate verification in any callback
method set via TLSOptions.verifyCertificateCallback.
JIRA: LINK-1765
Test-information:
Tested via MLink unit tests. No leaks reported.
Change-Id: Ie9cc2051ee212249a12a4bc71b62306b5bce3013
|
|
Remove increment of reference count on first certificate added
to a new SSL context - the call to SSL_CTX_use_certificate does
this internally. When adding extra certificates to the context
via calls to SSL_CTX_add_extra_certificate, the explicit
increment of the reference count is still required to prevent
destruction of the certificates when the SSL context is freed.
In OpenSSLContext::setPrivateKey, make sure the EVP_PKEY returned
by PEM_read_bio_PrivateKey is tidied up, by wrapping it in a
shared_ptr which calls EVP_PKEY_free.
Add a new Unit test which creates an SSL context and inserts a
multi-element certificate chain and a private key.
JIRA: SWIFT-423
Bug:
Release-notes:
Manual:
Change-Id: I82c66139a9dfe7a925eb39f73721200895a689e2
Test-information:
Leak testing performed via ASAN-compiled MLink unit tests -
now no leaks/errors reported associated with TLS Contexts and
Certificates. Swiften unit test runs as expected.
|
|
DomainJID consisting of only numbers is not treated as valid.
Test-information:
Unit tests pass on Windows 10 and Ubuntu 18.04.1 LTS.
Change-Id: If23ba8b8ea2a3c72d6f6e3acec4f587166c14e61
|
|
Test-information:
Unit tests pass on Windows 10 and Ubuntu 18.04.1 LTS.
Change-Id: Icea837d91f28f47f7b0a90bc620b26c5567c8421
|
|
XML (Expat/LibXML) parsing modified to process prefix information.
Prefixes for attributes stored within attributes.
Prefixes for elements passed in additional callback
(only if prefix present).
Test-information:
Unit tests pass on Windows 10 and Ubuntu 18.04.1 LTS.
Change-Id: Ib6b5087feed758c31895f426df6a3c7ea975f248
|
|
Actual implementation is in OpenSSL subclass. This allows a permanent
vector of shared certificates to be used when creating multiple OpenSSL
contexts. This replaces the existing use of a vector of unique pointers
to certificates which handed over responsibility for the underlying
OpenSSL certs to the OpenSSL context. To enable this to work, a
new method is added to the OpenSSLCertificate class which enables
the reference count on the the contained OpenSSL certificate to
be incremented - this stops the OpenSSL certificate being deleted
when the OpenSSL context is freed.
Use of conditional compilation was necessary to get the reference
counting to build with the different versions of OpenSSL in use.
Modify the method in OpenSSLCertificateFactory (and stub in CertificateFactory)
which generates a vector of certificates, so that it generates a vector
of shared_ptrs rather than unique_ptrs.
Add test of CreateCertificateChain to Swiften CertificateTest
class, together with sample certificate file in PEM form.
JIRA: LINK-1763
Bug:
Release-notes:
Manual:
Test-information:
Tested via development version of Mystique - created multiple
TLS sessions using single certificate chain.
Swift unit tests now build and run again.
New Swiften TLS unit test builds and runs.
Change-Id: I7fa4888b640c94b68712a6bff1f7aa334a358df2
|
|
Test-Information:
Tested on Windows with OpenSSL that this fixes the
compilation issue.
Change-Id: I01887c8eb758a6c1c208244cdae32aa9c0a99565
|
|
According to RFC 6120 if any disallowed XML feature is encountered,
we should close the stream with a <restricted-xml/>. The following
features of XML are prohibited in XMPP:
- processing instructions
- internal or external DTD subsets
- internal or external entity references
- comments
Test-information:
Unit tests pass on Windows 10 and Ubuntu 18.04.1 LTS
Change-Id: I475920c91b7f9da51ab37c106a4783a52f6e3cae
|
|
Adds TLSOptions to the OpenSSLContext, which invokes a new private
'configure' method which allows various OpenSSL options to be set.
Also add standard verification callbacks and external (via a
std::function field in TLSOptions) to allow the user
to specify their own method which will perform client certificate
checking when a new TLS connection is accepted. Only set up
the internal verifyCertCallback if the user-supplied hook is set.
All callback hooks are set up in the 'configure' method, and only
then if TLSOptions.verifyMode is present (i.e. not defaulted
to boost::none), to preserve compatibility for users of
this class (e.g. Swift) which want to use OpenSSL's own
internal validation functions rather than setting the
callbacks.
Test-information:
Used new code under development in M-Link when setting up a TLSContext,
setting verify-mode=require, and set up verifyCertCallback with a local
method. Making a client TLS connection which includes a client
certificate results in the local verify callback being invoked.
Change-Id: Idbb7279e1711fca8123f430bfca0dcfb65bc8da6
|
|
Prior to calling handleStartElement, the ParserClient
handleNamespaceDeclaration will fire for each namespace declared on the
element.
Test-Information:
Unit tests pass on Debian 9 for both expat and libxml2
Change-Id: Ic42e83aee83edfbb2aa5c971997808eb6e133223
|
|
When creating a JID we were not checking if a
domain part is a valid IPv4, IPv6 addresses. We were
only checking if the domain is correct according to
internationalized domain name rules which was failing
for IPv6 addresses.
Test-Information:
Unit tests pass on Windows 10 and Ubuntu 18.04.1 LTS
Change-Id: Ia1b67089f6edfdc6a0ebf2d26a7eaab9ce8171c0
|
|
XML parse now takes an optional boolean that will signal that with the
data that is fed into the parser, the document should now be complete.
This will allow the parser to reject partial documents.
Test-Information:
Updated unit tests pass.
Checked that default behaviour wasn't changed.
Tested with various partial and complete documents.
Change-Id: Ide7c2e47c49d5667f1febcb23da366e96d0dbc21
|
|
Test-Information:
Unit tests pass on Debian 9
Change-Id: I60f95816cfa48a619f83daac1d88e229bbe228ed
|
|
As of Boost 1.69.0, boost/detail/endian.h is deprecated in favour of
boost/predef/other/endian.h, and BOOST_(LITTLE|BIG)_ENDIAN by
BOOST_ENDIAN_(LITTLE|BIG)_BYTE.
Test-Information:
Unit tests pass on Debian 9
Change-Id: If7076c559a4e35219ff97603f50b80cfbe05b29b
|
|
In boost 1.68.0 the conversion is implicit, but in 1.69.0 it's
explicit and we must explicitly call it.
Change-Id: I24eb78be7510c89b88342d28c539cad4977f99fd
|
|
The merge of 4.x changes onto master introduced changes to Pyhon scripts
that weren't compatible with Python 3.
The Version.py script is now compatible with both Python 2 and Python 3,
and a slightly underimplemented test has been expanded to actually live
up to its name. getGitBuildVersion has been refactored completely. It
has been simplified to require only one invocation of git describe, unit
tests for the parsing have been added, and a way to call
getGitBuildVersion from the commandline has been added to Version.py (to
avoid adding a unit test that would call out to an external tool).
DocBook.py has been made compatible with Python3, and some additional
logic to prevent emitting b'path/to/docbook/xml' instead of the desired
'path/to/docbook/xml' has been added.
Generation of COPYING in Swift/QtUI now uses the upstream version
provided with SCons 3, and our custom version has been removed.
Unused code in the SwiftenDevelopersGuide SConscript with invalid
regular expressions has been removed, and the remaining regular
expressions in SConscripts have been fixed.
Test-Information
Code has been tested on macOS 10.14.
Scons now completes a build on a clean tree using either Python 2 or
Python 3. Running it on a previouly built tree works with either, as
well, mixing versions between invocations is not an issue.
Swift unit tests pass with Python 3.7.0.
Version.py unit tests pass with Python 2.7.15 and 3.7.0.
Running with doc=1 works with both Python 2 and Python 3, even
if the docbook points to a path with unicode characters in it.
Resulting COPYING file has been verified both visually and against a
Python2 generated one on master.
Resulting XML files for documentation have been inspected.
Resulting manual HTML and PDF files have been inspected.
Change-Id: I54de909d80b8e35a8c351261ae10ce3537729c84
|
|
The previous code only worked with 1.1.0j or older.
Now the code works with 1.1.0j and OpenSSL 1.1.1.
Adjusted ClientServerTest to be more graceful in case
of errors, i.e. failing tests instead of crashing.
Test-Information:
Tested that without the changes, the tests pass with
OpenSSL 1.1.0j and test fail or crash with OpenSSL
1.1.1 and OpenSSL 1.1.1a.
Tested that with the changes, the tests pass with OpenSSL
1.1.0j, OpenSSL 1.1.1, and OpenSSL 1.1.1a.
Tested on macOS 10.14.2 with system clang.
Change-Id: Ic63774049727f6d949153166f63a8545e9a24892
|
|
OpenSSL TLS contexts assume ownership of any additional certificate
passed into it. The CertificateFactory now returns a vector of
unique_ptrs, and OpenSSLContext will do the needful with releasing
ownership at the right moment.
A unit test has been added that uses a chained certificate in
client/server context. Before the fix, this test would either fail, or
result in a segmentation fault, depending on the mood of OpenSSL.
Test-Information:
Unit tests pass on Debian 9
Ran manual tests with server test code, tested both chained and single
certificates, and no longer observed crashes when accepting a
connection.
Change-Id: I21814969e45c7d77e9a1af14f2c958c4c0311cd0
|
|
* branch 'swift-4.x':
Update for Debian
Don't crash on missing bookmark result
Add missing include for QAbstractItemModel
Update Debian changelog
Fix convertToWindowsVersion() function to handle more RCs
Fix error response handling when requesting VCards
Test-Information:
./scons test=all succeeded on macOS 10.14.2.
Change-Id: I99d20a8b0e1b0be501fbbe95adebbff15f510184
|
|
TLSError now takes an optional error message. OpenSSLContext has been
updated to send out one, and calls to SWIFT_LOG have been removed from
it for anything but setCertificateChain.
OpenSSLContext::handleDataFromApplication misinterpreted the return code
of SSL_write, triggering an onError in cases where more network I/O was
required.
Test-Information:
Unit tests pass on Debian 9
Server test code no longer emits undesirable warnings to stderr on macOS
10.14.
Change-Id: If0f932693361ef9738ae50d5445bfb4d3ed9b28f
|
|
Test-Information:
Before the patch, boom, after the patch, no boom.
(No boom today. Boom tomorrow. There's always a boom tomorrow)
Change-Id: Id454d7b0d0cd05774d0f1ee0b3cb77057371c459
|
|
A numeric cast was added to the call to HMAC that doesn't belong there,
this commit reverts that.
Test-Information:
Unit tests pass on macOS 10.14 and Debian 9
Change-Id: I8deb568f7bff4d401fc6dd6de21edf7f061ebd59
|
|
Test-Information:
Added unit tests
Change-Id: I405d9e9c2b64c4953ca0cec8f6481b695c15e30f
|
|
The filetransfer blockSize is now an unsigned integer, as 0 could be
used to denote an invalid block size as well (and indeed, already
indicated that better than -1 did).
All use of numeric_cast in filetransfer code has been fixed to deal with
the possibility of thrown exceptions.
Test-Information:
Unit tests pass on macOS and Debian
Change-Id: I1833d553bae071238be20ebc386ef602effb78b0
|
|
The two uses of numeric_casts have been rewritten as static casts, with
asserts to guarantee (and inform the developer) that the number is never
negative (code inspection showed that this should never be the case).
Test-Information:
Unit tests pass on macOS and Debian
Change-Id: I3ca63724721ecd8e351d9017e0975b6ae326f85f
|
|
Generation of TXT records might fail if any of the fields is too long,
so the result is now an optional (pending Expected). Callsites have been
updated to deal with this.
Three potentially uncaught exceptions in the Bonjour implementation have
been addressed.
Test-Information:
Unit tests pass on macOS 10.14 and Debian 9
Change-Id: Iec02c4606a18eee855362fd3c3d15614a9e72547
|
|
Exceptions thrown by boost::numeric_cast are now caught and an assert
explicitly triggered.
Test-Information:
Unit tests pass on macOS 10.13
Change-Id: I9a1cbe5ae2765e4275bf35473a871ef8468fd729
|
|
Apart from QtUI bits, this addresses use of uncaught numeric cast
exceptions in message count handling, the spell parser and the MacOS
idle querier.
The WindowsServicePrincipalName logic previously had an issue where
using ports from 32768 onwards would result in a bad_numeric_cast
exception to be thrown. This has been addressed at the same time as the
uncaught exceptions, and all ports should work now.
The tags file has been extended to ignore more files.
Change-Id: I73ced35f06517bee5c58f990d20fa437b40ac84e
|
|
The stanza ack code now uses a constexpr without numeric cast to
calculate the maximum, and test code uses the constant UINT32_MAX from
limits, both of which should result in the same number.
Test-Information:
Unit tests pass on macOS 10.14
Change-Id: Iba8fc779e52699d480d1ce458df0c6581a16ad06
|
|
Test-Information:
Unit tests pass on Debian 9 and macOS 10.14
Change-Id: I7881249c68a294679a6a9d0f6bef65cad5034687
|
|
The code has been updated to use asserts where a sensible recovery path
was deemed impossible, and a conditional return for parse. In general,
our XML parsing will fail for any single parse of a document over
roughly 2 2GiB, which is probably not going to be a practical issue soon.
Test-Information:
Unit tests pass on macOS 10.13 using Expat and Debian 9 using LibXML
Change-Id: I3a8da802860028ea278b322af081c2b22b55a442
|
|
The NAT-PMP RFC specifies lifetime as an unsigned, 32 bit integer, so
using this internally makes sense. This also removes the need for casts
in interface code.
A slight bug in the NATPMPInterface implementation to remove a mapping
has been addressed.
Test-Information:
Unit tests pass on macOS 10.13
Change-Id: I06687fd2735a8706f339f85d6c957ad7aadaaf02
|
|
LibIDNConverter was fixed to handle these restrictions
correctly.
Test-Information:
Added unit tests for RFC 1035 length restrictions for labels
and domain names.
The libidn and ICU backends pass the new test.
Change-Id: Ie570b0ee4c5c6381f7769f6178ec2a5824074221
|
|
Network ports are now consistently stored as unsigned shorts, apart from
the options and user interface, where -1 is still used to denote the use
of default ports.
Test-Information:
Unit tests pass on macOS 10.13 and Debian 9
On macOS: tested the UI with various proxy and manual ports, behaviour
as expected.
Change-Id: I7a65f40083022887aa30ed7b21eadc56d0c52be1
|
|
RFC 6122 specifies that if a domainpart ends in a dot, it must be
stripped off before any other canonicalisation steps are taken.
Unit tests have been added to check that various JID scenarios with a
domain ending in a dot pass or are rejected as expected.
Test-Information:
Unit tests pass on macOS 10.13.
Manual tests in sluift show expected behaviour.
Change-Id: Id6813aaa4422a81bff0a4559eacd6855ef104dc3
|
|
ICUConverter allowed jidparts greater than 1023 bytes during
stringprep.
The SConscript of StorageTest did not work when libidn had been
disabled, which prevented test=unit from completing.
Test-Information:
Unit tests pass on Debian 9 in a build with ICU and ASan enabled.
Change-Id: I791a09457c6b852e61ce1281871e0f3ca0ce645c
|
|
When Swift::LibIDNConverter::getStringPrepared was called with an input
of 1024 or more characters, stringprep would be called on a memory
region that wasn't NUL-terminated. It also blindly trimmed the input to
1024 bytes, even though there may be input longer than that that still
results in a valid 1023 byte prepped string.
IDNConverterTest has been converted to gtest, as cppunit cannot deal
with testing for std::exceptions being thrown on at least macOS
Test-Information:
Unit tests pass on macOS 10.13 and Debian 9
Before fix, the newly added unit tests triggered an ASan abort due to a
buffer overrun.
After fix, all unit tests pass, even with ASan enabled.
Change-Id: Ia3e51a39f5db1de32b8f8bb388f81ca041136df7
|
|
Ran a flamegraph diff on Swift login to an account with a
moderate number of JIDs in roster and more than 10 rooms
in auto join. It showed a difference less that 0.1% on the
changed method. As it does not make much of a difference for
Swift at least, caching is removed.
Test-Information:
Unit tests passes, Swift still logins fine on macOS.
Change-Id: Id33d6d1a655580e06e1364df717fd6f34cce5327
|
|
Test-Information:
Builds and compiler warnings in not emitted by clang 8.0.0
anymore.
Change-Id: I118552b3b058acd15cdb9579e3695d9bf3d6b2fe
|
|
Connect should not be called twice on clients or compoments without
disconnecting first. While this worked in some cases, mixing connect
options, specifically first trying without, and then with a bosh_url,
would lead to asserts being triggered.
The connect logic now checks whether there's already a connection in
progress or established, and raises a Lua exception early if there is.
Test-Information:
Tested on macOS 10.13
Connected components and clients with invalid and valid hosts, and with
valid and invalid bosh_urls, all with and without disconnecting in
between attempts. No asserts were triggered, and appropriate Lua
exceptions were thrown.
Change-Id: I6b91b57945844bce7fce0073e5d0fe199ab815d5
|
|
When BoostConnectionServer tries to set up a listener, it casts an int
to an unsigned short, which may throw an uncaught exception if the cast
fails.
Test-Information:
Unit tests pass on Debian 9
Test server code no longer crashes when it tries to set up a listener on
an invalid port.
Change-Id: If6b920e54481ce6bf174df01d14ad12eff90e3f4
|
|
This also has our scons patch in 3rdParty/SCons applied.
Test-Information:
Builds with unit tests on macOS 10.13.6.
Change-Id: I25d3662eeec27a76dab10d501ba46dc16f0bef4b
|
|
Test-Information:
Builds, unit tests and integration tests pass on macOS with
clang 7.0 master.
Change-Id: I0db411e49339ccb2301edd1a16612cb1ad2c927c
|
|
Test-Information:
Builds, unit and integration tests pass on macOS with
clang 7.0 master
Change-Id: Idb9648c1293adbe6f4b79af3ad619ebb0630e48d
|
|
Test-Information:
Builds and unit tests pass on macOS with clang 7 master.
Change-Id: I0bf2828db49dfb6a7e99c78f1d2f7e76e87f8ca1
|
|
Test-Information:
`./scons test=all` passes with no errors on macOS with clang
7 master.
Change-Id: I31765ac15750dc5af7b70d1a85171dc8e3590181
|