cpw.darkrain42.oscar.ssl: eb596ee0: Part 2 of the continuing effort to get O...
paul at darkrain42.org
paul at darkrain42.org
Wed Jan 14 01:56:54 EST 2009
-----------------------------------------------------------------
Revision: eb596ee076e75db65b184556fede70fb3b02530d
Ancestor: c2ffc4d3ef01a72a347f4310b92502b9d06c5eb4
Author: paul at darkrain42.org
Date: 2008-12-11T07:14:50
Branch: im.pidgin.cpw.darkrain42.oscar.ssl
URL: http://d.pidgin.im/viewmtn/revision/info/eb596ee076e75db65b184556fede70fb3b02530d
Modified files:
libpurple/protocols/oscar/family_oservice.c
libpurple/protocols/oscar/oscar.c
libpurple/protocols/oscar/oscar.h
libpurple/protocols/oscar/snactypes.h
ChangeLog:
Part 2 of the continuing effort to get OSCAR over SSL working.
* Request SSL when getting new FLAP connections and parse the returned
attributes (regarding what to use as the SSL common name).
* Work around what is apparently weird buginess with FLAP connections
to SNAC families ADMIN and BART (they don't like SSL).
SSL connections still pop up certificate warnings.
-------------- next part --------------
============================================================
--- libpurple/protocols/oscar/family_oservice.c 003c29a7b63376dbe6ab054d1aaf1f018d3f8abe
+++ libpurple/protocols/oscar/family_oservice.c a60f6fe7bfc7c10db3f092258d94537080969662
@@ -103,12 +103,31 @@ aim_srv_requestnew(OscarData *od, guint1
aim_srv_requestnew(OscarData *od, guint16 serviceid)
{
FlapConnection *conn;
+ ByteStream bs;
+ aim_snacid_t snacid;
+ GSList *tlvlist = NULL;
conn = flap_connection_findbygroup(od, SNAC_FAMILY_BOS);
if(!conn)
return;
- aim_genericreq_s(od, conn, SNAC_FAMILY_OSERVICE, 0x0004, &serviceid);
+ byte_stream_new(&bs, 6);
+
+ byte_stream_put16(&bs, serviceid);
+
+ /*
+ * Request SSL Connection
+ */
+ if (od->use_ssl)
+ aim_tlvlist_add_noval(&tlvlist, 0x008c);
+
+ aim_tlvlist_write(&bs, &tlvlist);
+ aim_tlvlist_free(tlvlist);
+
+ snacid = aim_cachesnac(od, SNAC_FAMILY_OSERVICE, 0x0004, 0x0000, NULL, 0);
+ flap_connection_send_snac(od, conn, SNAC_FAMILY_OSERVICE, 0x0004, 0x0000, snacid, &bs);
+
+ byte_stream_destroy(&bs);
}
/*
@@ -127,10 +146,10 @@ aim_chat_join(OscarData *od, guint16 exc
struct chatsnacinfo csi;
conn = flap_connection_findbygroup(od, SNAC_FAMILY_BOS);
- if (!conn || !roomname || !strlen(roomname))
+ if (!conn || !roomname || roomname[0] == '\0')
return -EINVAL;
- byte_stream_new(&bs, 502);
+ byte_stream_new(&bs, 506);
memset(&csi, 0, sizeof(csi));
csi.exchange = exchange;
@@ -143,6 +162,13 @@ aim_chat_join(OscarData *od, guint16 exc
byte_stream_put16(&bs, 0x000e);
aim_tlvlist_add_chatroom(&tlvlist, 0x0001, exchange, roomname, instance);
+
+ /*
+ * Request SSL Connection
+ */
+ if (od->use_ssl)
+ aim_tlvlist_add_noval(&tlvlist, 0x008c);
+
aim_tlvlist_write(&bs, &tlvlist);
aim_tlvlist_free(tlvlist);
@@ -179,6 +205,8 @@ redirect(OscarData *od, FlapConnection *
redir.ip = aim_tlv_getstr(tlvlist, 0x0005, 1);
redir.cookielen = aim_tlv_gettlv(tlvlist, 0x0006, 1)->length;
redir.cookie = (guchar *)aim_tlv_getstr(tlvlist, 0x0006, 1);
+ redir.ssl_cert_cn = aim_tlv_getstr(tlvlist, 0x008d, 1);
+ redir.use_ssl = aim_tlv_get8(tlvlist, 0x008e, 1);
/* Fetch original SNAC so we can get csi if needed */
origsnac = aim_remsnac(od, snac->id);
@@ -196,6 +224,7 @@ redirect(OscarData *od, FlapConnection *
g_free((void *)redir.ip);
g_free((void *)redir.cookie);
+ g_free((void *)redir.ssl_cert_cn);
if (origsnac)
g_free(origsnac->data);
============================================================
--- libpurple/protocols/oscar/oscar.c e25a1b43101fe903bcfdc41d1e089d66d0246b21
+++ libpurple/protocols/oscar/oscar.c 12c8d37264fc3fa3b4824ca89b1c8d56a1c50c0f
@@ -1956,8 +1956,22 @@ purple_handle_redirect(OscarData *od, Fl
else
host = g_strdup(redir->ip);
- purple_debug_info("oscar", "Connecting to FLAP server %s:%d of type 0x%04hx\n",
- host, port, redir->group);
+ /*
+ * These FLAP servers advertise SSL (type "0x02"), but SSL connections to these hosts
+ * die a painful death. iChat and Miranda, when using SSL, still do these in plaintext.
+ */
+ if (redir->use_ssl && (redir->group == SNAC_FAMILY_ADMIN ||
+ redir->group == SNAC_FAMILY_BART))
+ {
+ purple_debug_info("oscar", "Ignoring broken SSL for FLAP type 0x%04hx.\n",
+ redir->group);
+ redir->use_ssl = 0;
+ }
+
+ purple_debug_info("oscar", "Connecting to FLAP server %s:%d of type 0x%04hx%s\n",
+ host, port, redir->group,
+ od->use_ssl && !redir->use_ssl ? " without SSL, despite main stream encryption" : "");
+
newconn = flap_connection_new(od, redir->group);
newconn->cookielen = redir->cookielen;
newconn->cookie = g_memdup(redir->cookie, redir->cookielen);
@@ -1975,7 +1989,8 @@ purple_handle_redirect(OscarData *od, Fl
purple_debug_info("oscar", "Connecting to chat room %s exchange %hu\n", cc->name, cc->exchange);
}
- if (od->use_ssl)
+
+ if (redir->use_ssl)
{
newconn->gsc = purple_ssl_connect(account, host, port,
ssl_connection_established_cb, ssl_connection_error_cb,
============================================================
--- libpurple/protocols/oscar/oscar.h 38e6a7647ba753df4071c6c842ef9948c37637aa
+++ libpurple/protocols/oscar/oscar.h 5a4f908ea3d62011c26fc9fa1d9650f6d395397e
@@ -595,6 +595,8 @@ struct aim_redirect_data
const char *ip;
guint16 cookielen;
const guint8 *cookie;
+ const char *ssl_cert_cn;
+ guint8 use_ssl;
struct { /* group == SNAC_FAMILY_CHAT */
guint16 exchange;
const char *room;
============================================================
--- libpurple/protocols/oscar/snactypes.h 6d0dd0df40c3043a233a04efca2f1db885110a04
+++ libpurple/protocols/oscar/snactypes.h 95debb6dc8f2364878d461651b2bef9648cece5c
@@ -40,14 +40,14 @@
#define SNAC_FAMILY_USERLOOKUP 0x000a
#define SNAC_FAMILY_STATS 0x000b
#define SNAC_FAMILY_TRANSLATE 0x000c
-#define SNAC_FAMILY_CHATNAV 0x000d /* XXX "provides info, searching and creating" */
+#define SNAC_FAMILY_CHATNAV 0x000d
#define SNAC_FAMILY_CHAT 0x000e
#define SNAC_FAMILY_ODIR 0x000f
-#define SNAC_FAMILY_BART 0x0010 /* XXX user avatars */
+#define SNAC_FAMILY_BART 0x0010
#define SNAC_FAMILY_FEEDBAG 0x0013
#define SNAC_FAMILY_ICQ 0x0015
#define SNAC_FAMILY_AUTH 0x0017
-#define SNAC_FAMILY_ALERT 0x0018 /* XXX email notification */
+#define SNAC_FAMILY_ALERT 0x0018
#define AIM_CB_FAM_SPECIAL 0xffff /* Internal libfaim use */
More information about the Commits
mailing list