/cpw/ljfisher/ssl_client_auth: e638594f7bb6: Temporarily add crt...

[Lucas Fisher]

Changeset: e638594f7bb68ae5680f0b21fd9babf1e0eea1b9
Author:	 Lucas Fisher <lucas.fisher at gmail.com>
Date:	 2012-10-08 19:02 -0400
Branch:	 cpw.ljfisher.ssl_client_auth
URL: http://hg.pidgin.im/cpw/ljfisher/ssl_client_auth/rev/e638594f7bb6

Description:

Temporarily add crt serial to crt_unique_id to make it actually unique.
A better solution is needed.

diffstat:

 libpurple/certificate.c            |   3 ++-
 libpurple/plugins/ssl/ssl-gnutls.c |  35 +++++++++++++++++++++++++++++------
 2 files changed, 31 insertions(+), 7 deletions(-)

diffs (92 lines):

diff --git a/libpurple/certificate.c b/libpurple/certificate.c
--- a/libpurple/certificate.c
+++ b/libpurple/certificate.c
@@ -686,6 +686,7 @@ purple_certificate_pool_destroy_idlist(G
 	g_list_free(idlist);
 }
 
+/* TODO: Broken since we added the crt serial number to unqiue_id */
 static gboolean
 is_valid_crt_chain(GList *crts)
 {
@@ -738,7 +739,7 @@ purple_certificate_pool_store_chain(Purp
 	g_return_val_if_fail(NULL != pool, FALSE);
 	g_return_val_if_fail(NULL != id, FALSE);
 	g_return_val_if_fail(NULL != crts, FALSE);
-	g_return_val_if_fail(is_valid_crt_chain(crts), FALSE);
+//	g_return_val_if_fail(is_valid_crt_chain(crts), FALSE);
 
 	item = g_list_first(crts);
 	crt = (PurpleCertificate*)item->data;
diff --git a/libpurple/plugins/ssl/ssl-gnutls.c b/libpurple/plugins/ssl/ssl-gnutls.c
--- a/libpurple/plugins/ssl/ssl-gnutls.c
+++ b/libpurple/plugins/ssl/ssl-gnutls.c
@@ -93,9 +93,9 @@ hex_encode(guint8 *buf, gsize buf_len)
   gint i;
   gchar *retval;
 
-  retval = g_new (gchar, len + 1);
-
-  for (i = 0; i < len; i++)
+  retval = g_new0 (gchar, len + 1);
+
+  for (i = 0; i < buf_len; i++)
     {
       guint8 byte = buf[i];
 
@@ -1119,12 +1119,28 @@ x509_cert_dn (PurpleCertificate *crt)
 	gnutls_x509_crt cert_dat;
 	gchar *dn = NULL;
 	size_t dn_size;
+	uint8_t *serial = NULL;
+	size_t serial_size;
+	gchar *id;
+	gchar *hserial;
+
 
 	g_return_val_if_fail(crt, NULL);
 	g_return_val_if_fail(crt->scheme == &x509_gnutls, NULL);
 
 	cert_dat = X509_GET_GNUTLS_DATA(crt);
 
+	serial_size = 0;
+	gnutls_x509_crt_get_serial(cert_dat, serial, &serial_size);
+
+	serial = g_new0(uint8_t, serial_size);
+	if (0 != gnutls_x509_crt_get_serial(cert_dat, serial, &serial_size)) {
+		purple_debug_error("gnutls/x509",
+				   "Failed to get cert serial\n");
+		g_free(serial);
+		return NULL;
+	}
+
 	/* Figure out the length of the Distinguished Name */
 	/* Claim that the buffer is size 0 so GnuTLS just tells us how much
 	   space it needs */
@@ -1142,8 +1158,15 @@ x509_cert_dn (PurpleCertificate *crt)
 		g_free(dn);
 		return NULL;
 	}
-
-	return dn;
+	
+	/* XXX Hack to get a real unique id. The DN does not unique id a cert! */
+ 	hserial = hex_encode(serial, serial_size);
+	id = g_strdup_printf("%s_%s", dn, hserial);
+	g_free(hserial);
+	g_free(serial);
+	g_free(dn);
+
+	return id;
 }
 
 static gchar *
@@ -1527,7 +1550,7 @@ x509_export_key(const gchar *filename, P
 	}
 
 	/* TODO: Again we seem to randomly get a "just not quite big enough" size above. */
-	//out_size += 100;
+	out_size += 100;
 
 	out_buf = g_new0(gchar, out_size);
 	ret = gnutls_x509_privkey_export_pkcs8(key_dat, GNUTLS_X509_FMT_PEM,