pidgin: d219834c: Add purple_ssl_connect_with_ssl_cn, whic...

darkrain42 at pidgin.im darkrain42 at pidgin.im
Wed Jul 15 22:26:15 EDT 2009 

-----------------------------------------------------------------
Revision: d219834c1a9d4b3c1ab767efaafa50c5cf6cb875
Ancestor: 5f9f1739bd36559df35014883896a45bab292f3b
Author: darkrain42 at pidgin.im
Date: 2009-07-15T16:57:33
Branch: im.pidgin.pidgin
URL: http://d.pidgin.im/viewmtn/revision/info/d219834c1a9d4b3c1ab767efaafa50c5cf6cb875

Modified files:
        ChangeLog.API libpurple/protocols/oscar/flap_connection.c
        libpurple/protocols/oscar/oscar.c
        libpurple/protocols/oscar/oscar.h libpurple/sslconn.c
        libpurple/sslconn.h

ChangeLog: 

Add purple_ssl_connect_with_ssl_cn, which takes a host to connect to
in addition to a string with which to validate the SSL certificate.
Useful for OSCAR (and XMPP BOSH soon), where we have an IP to connect
to, but need to validate the SSL cert.

-------------- next part --------------
============================================================
--- ChangeLog.API	84ae5cf6009f85260133c88d4e57f2f203550ee7
+++ ChangeLog.API	db8bdb5f7ea76c04c6e738e5693f1d0638a638c4
@@ -56,6 +56,7 @@ version 2.6.0 (??/??/2009):
 		* purple_request_field_get_group
 		* purple_request_field_get_ui_data
 		* purple_request_field_set_ui_data
+		* purple_ssl_connect_with_ssl_cn
 		* purple_strequal
 		* purple_utf8_strip_unprintables
 		* purple_util_fetch_url_request_len_with_account
============================================================
--- libpurple/protocols/oscar/flap_connection.c	fd894ef00a84d9acd64d7479072e1c86947f90e6
+++ libpurple/protocols/oscar/flap_connection.c	19709b97801d98fd480c6acc2f4b78aeab14d750
@@ -505,7 +505,6 @@ flap_connection_destroy_cb(gpointer data
 
 	g_free(conn->error_message);
 	g_free(conn->cookie);
-	g_free(conn->ssl_cert_cn);
 
 	/*
 	 * Free conn->internal, if necessary
============================================================
--- libpurple/protocols/oscar/oscar.c	d159f2ff3548e56990252f1a86a3a7ead79d3b62
+++ libpurple/protocols/oscar/oscar.c	1175725276226d66c8d2fa2d489eee441adf0cc2
@@ -1246,32 +1246,6 @@ static void
 }
 
 static void
-ssl_proxy_conn_established_cb(gpointer data, gint source, const gchar *error_message)
-{
-	OscarData *od;
-	PurpleConnection *gc;
-	PurpleAccount *account;
-	FlapConnection *conn;
-
-	conn = data;
-	od = conn->od;
-	gc = od->gc;
-	account = purple_connection_get_account(gc);
-
-	conn->connect_data = NULL;
-
-	if (source < 0)
-	{
-		connection_common_error_cb(conn, error_message);
-		return;
-	}
-
-	conn->gsc = purple_ssl_connect_with_host_fd(account, source,
-			ssl_connection_established_cb, ssl_connection_error_cb,
-			conn->ssl_cert_cn, conn);
-}
-
-static void
 flap_connection_established_bos(OscarData *od, FlapConnection *conn)
 {
 	PurpleConnection *gc = od->gc;
@@ -1943,12 +1917,13 @@ purple_parse_auth_resp(OscarData *od, Fl
 	if (od->use_ssl)
 	{
 		/*
-		 * This shouldn't be hardcoded except that the server isn't sending
-		 * us a name to use for comparing the certificate common name.
+		 * This shouldn't be hardcoded to "bos.oscar.aol.com" except that
+		 * the server isn't sending us a name to use for comparing the
+		 * certificate common name.
 		 */
-		newconn->ssl_cert_cn = g_strdup("bos.oscar.aol.com");
-		newconn->connect_data = purple_proxy_connect(NULL, account, host, port,
-				ssl_proxy_conn_established_cb, newconn);
+		newconn->gsc = purple_ssl_connect_with_ssl_cn(account, host, port,
+				ssl_connection_established_cb, ssl_connection_error_cb,
+				"bos.oscar.aol.com", newconn);
 	}
 	else
 	{
@@ -1957,7 +1932,7 @@ purple_parse_auth_resp(OscarData *od, Fl
 	}
 
 	g_free(host);
-	if (newconn->connect_data == NULL)
+	if (newconn->gsc == NULL && newconn->connect_data == NULL)
 	{
 		purple_connection_error_reason(gc, PURPLE_CONNECTION_ERROR_NETWORK_ERROR, _("Unable to connect"));
 		return 0;
@@ -2114,15 +2089,9 @@ purple_handle_redirect(OscarData *od, Fl
 
 	if (redir->use_ssl)
 	{
-		/*
-		 * TODO: It should be possible to specify a certificate common name
-		 * distinct from the host we're passing to purple_ssl_connect. The
-		 * way to work around that is to use purple_proxy_connect +
-		 * purple_ssl_connect_with_host_fd
-		 */
-		newconn->ssl_cert_cn = g_strdup(redir->ssl_cert_cn);
-		newconn->connect_data = purple_proxy_connect(NULL, account, host, port,
-				ssl_proxy_conn_established_cb, newconn);
+		newconn->gsc = purple_ssl_connect_with_ssl_cn(account, host, port,
+				ssl_connection_established_cb, ssl_connection_error_cb,
+				redir->ssl_cert_cn, newconn);
 	}
 	else
 	{
============================================================
--- libpurple/protocols/oscar/oscar.h	7dfc12db119944b628dacaaa186f33b82be48332
+++ libpurple/protocols/oscar/oscar.h	afc493b61c08bb96f0ef1727db094427be0eb964
@@ -429,7 +429,6 @@ struct _FlapConnection
 	guint16 cookielen;
 	guint8 *cookie;
 	gpointer new_conn_data;
-	gchar *ssl_cert_cn;
 
 	int fd;
 	PurpleSslConnection *gsc;
============================================================
--- libpurple/sslconn.c	f3d04c0f5aba8a0f9e2289512032cc4573d4de53
+++ libpurple/sslconn.c	31b8e25e3ce31929d3f6941674a74187fbf20dee
@@ -100,6 +100,15 @@ purple_ssl_connect(PurpleAccount *accoun
 				 PurpleSslInputFunction func, PurpleSslErrorFunction error_func,
 				 void *data)
 {
+	return purple_ssl_connect_with_ssl_cn(account, host, port, func, error_func,
+	                                  NULL, data);
+}
+
+PurpleSslConnection *
+purple_ssl_connect_with_ssl_cn(PurpleAccount *account, const char *host, int port,
+				 PurpleSslInputFunction func, PurpleSslErrorFunction error_func,
+				 const char *ssl_cn, void *data)
+{
 	PurpleSslConnection *gsc;
 
 	g_return_val_if_fail(host != NULL,            NULL);
@@ -116,7 +125,7 @@ purple_ssl_connect(PurpleAccount *accoun
 	gsc = g_new0(PurpleSslConnection, 1);
 
 	gsc->fd              = -1;
-	gsc->host            = g_strdup(host);
+	gsc->host            = ssl_cn ? g_strdup(ssl_cn) : g_strdup(host);
 	gsc->port            = port;
 	gsc->connect_cb_data = data;
 	gsc->connect_cb      = func;
============================================================
--- libpurple/sslconn.h	65e29bd44479e3af7fcff15f99f162f116b31d84
+++ libpurple/sslconn.h	a1a95bbbed9e7767260156739896a0734cbb5c9a
@@ -186,6 +186,30 @@ PurpleSslConnection *purple_ssl_connect(
 									PurpleSslErrorFunction error_func,
 									void *data);
 
+/**
+ * Makes a SSL connection to the specified host and port, using the separate
+ * name to verify with the certificate.  The caller should keep track of the
+ * returned value and use it to cancel the connection, if needed.
+ *
+ * @param account    The account making the connection.
+ * @param host       The destination host.
+ * @param port       The destination port.
+ * @param func       The SSL input handler function.
+ * @param error_func The SSL error handler function.  This function
+ *                   should <strong>NOT</strong> call purple_ssl_close().  In
+ *                   the event of an error the #PurpleSslConnection will be
+ *                   destroyed for you.
+ * @param ssl_host   The hostname of the other peer (to verify the CN)
+ * @param data       User-defined data.
+ *
+ * @return The SSL connection handle.
+ */
+PurpleSslConnection *purple_ssl_connect_with_ssl_cn(PurpleAccount *account, const char *host,
+									int port, PurpleSslInputFunction func,
+									PurpleSslErrorFunction error_func,
+									const char *ssl_host,
+									void *data);
+
 #if !(defined PURPLE_DISABLE_DEPRECATED) || (defined _PURPLE_SSLCONN_C_)
 /**
  * Makes a SSL connection using an already open file descriptor.

More information about the Commits mailing list