/soc/2013/ankitkv/gobjectification: dfe5c47d56a9: Merged default...

Ankit Vani a at nevitus.org
Sat Jan 4 12:50:22 EST 2014


Changeset: dfe5c47d56a935355b58fa45757f799c9057cab7
Author:	 Ankit Vani <a at nevitus.org>
Date:	 2014-01-04 23:00 +0530
Branch:	 soc.2013.gobjectification.plugins
URL: https://hg.pidgin.im/soc/2013/ankitkv/gobjectification/rev/dfe5c47d56a9

Description:

Merged default branch

diffstat:

 ChangeLog                       |  14 ++++-
 libpurple/connection.c          |   7 ++-
 libpurple/core.c                |   2 +-
 libpurple/plugins/ssl/ssl-nss.c |  96 +++++++++-------------------------------
 pidgin/gtkconv.c                |  19 ++-----
 5 files changed, 47 insertions(+), 91 deletions(-)

diffs (270 lines):

diff --git a/ChangeLog b/ChangeLog
--- a/ChangeLog
+++ b/ChangeLog
@@ -12,7 +12,6 @@ version 3.0.0 (??/??/????):
 	  the docklet notification. (Momchil) (#12598)
 	* Complete support for receiving a limited amount of history when
 	  joining a room. (Kha) (#15458)
-	* Add Unity integration plugin.
 
 	Finch:
 	* Support the conversation-extended signal for extending the
@@ -72,7 +71,6 @@ version 3.0.0 (??/??/????):
 	* A single yahoo plugin provides both Yahoo and Yahoo JAPAN protocols.
 
 	General:
-	* Add support for Python3 in build scripts. (Ashish Gupta) (#15624)
 	* Various core components of libpurple are now GObjects.
 	* Ciphers are now built from the libpurple directory.
 	* Added dependency GPlugin, which is now required to build libpurple with
@@ -81,13 +79,23 @@ version 3.0.0 (??/??/????):
 	  non-native plugin support.
 	* Doxygen has been replaced by gtk-doc for generating documentation.
 
+version 2.10.8:
+	Stock market:
+	* Ludicrous increases on mediocre worldwide economic data.
+
+	General:
+	* Add support for Python3 in build scripts. (Ashish Gupta) (#15624)
+
+	Pidgin:
+	* Add a Unity integration plugin.
+
 	Gadu-Gadu:
 	* Disabled buddy list import/export from/to server (it didn't worked
 	  anymore). Buddy list synchronization will be implemented in 3.0.0.
 
 	Windows-Specific Changes:
 	* Updates to dependencies:
-		* NSS 3.15.2 and NSPR 4.10.1
+		* NSS 3.15.3 and NSPR 4.10.2
 
 version 2.10.7 (02/13/2013):
 	Alien hatchery:
diff --git a/libpurple/connection.c b/libpurple/connection.c
--- a/libpurple/connection.c
+++ b/libpurple/connection.c
@@ -81,6 +81,8 @@ struct _PurpleConnectionPrivate
 	 */
 	gboolean wants_to_die;
 
+	gboolean is_finalizing;    /**< The object is being destroyed. */
+
 	/** The connection error and its description if an error occured */
 	PurpleConnectionErrorInfo *error_info;
 
@@ -252,7 +254,8 @@ purple_connection_set_state(PurpleConnec
 			ops->disconnected(gc);
 	}
 
-	g_object_notify_by_pspec(G_OBJECT(gc), properties[PROP_STATE]);
+	if (!priv->is_finalizing)
+		g_object_notify_by_pspec(G_OBJECT(gc), properties[PROP_STATE]);
 }
 
 void
@@ -730,6 +733,8 @@ purple_connection_finalize(GObject *obje
 	GSList *buddies;
 	gboolean remove = FALSE;
 
+	priv->is_finalizing = TRUE;
+
 	account = purple_connection_get_account(gc);
 
 	purple_debug_info("connection", "Disconnecting connection %p\n", gc);
diff --git a/libpurple/core.c b/libpurple/core.c
--- a/libpurple/core.c
+++ b/libpurple/core.c
@@ -258,9 +258,9 @@ purple_core_quit(void)
 	purple_http_uninit();
 	purple_idle_uninit();
 	purple_pounces_uninit();
+	purple_conversations_uninit();
 	purple_blist_uninit();
 	purple_notify_uninit();
-	purple_conversations_uninit();
 	purple_connections_uninit();
 	purple_buddy_icons_uninit();
 	purple_savedstatuses_uninit();
diff --git a/libpurple/plugins/ssl/ssl-nss.c b/libpurple/plugins/ssl/ssl-nss.c
--- a/libpurple/plugins/ssl/ssl-nss.c
+++ b/libpurple/plugins/ssl/ssl-nss.c
@@ -155,75 +155,25 @@ ssl_nss_init_nss(void)
 }
 
 static SECStatus
-ssl_auth_cert(void *arg, PRFileDesc *socket, PRBool checksig,
-			  PRBool is_server)
+ssl_auth_cert(void *arg, PRFileDesc *socket, PRBool checksig, PRBool is_server)
 {
+	/* We just skip cert verification here, and will verify the whole chain
+	 * in ssl_nss_handshake_cb, after the handshake is complete.
+	 *
+	 * The problem is, purple_certificate_verify is asynchronous and
+	 * ssl_auth_cert should return the result synchronously (it may ask the
+	 * user, if an unknown certificate should be trusted or not).
+	 *
+	 * Ideally, SSL_AuthCertificateHook/ssl_auth_cert should decide
+	 * immediately, if the certificate chain is already trusted and possibly
+	 * SSL_BadCertHook to deal with unknown certificates.
+	 *
+	 * Current implementation may not be ideal, but is no less secure in
+	 * terms of MITM attack.
+	 */
 	return SECSuccess;
-
-#if 0
-	CERTCertificate *cert;
-	void *pinArg;
-	SECStatus status;
-
-	cert = SSL_PeerCertificate(socket);
-	pinArg = SSL_RevealPinArg(socket);
-
-	status = CERT_VerifyCertNow((CERTCertDBHandle *)arg, cert, checksig,
-								certUsageSSLClient, pinArg);
-
-	if (status != SECSuccess) {
-		purple_debug_error("nss", "CERT_VerifyCertNow failed\n");
-		CERT_DestroyCertificate(cert);
-		return status;
-	}
-
-	CERT_DestroyCertificate(cert);
-	return SECSuccess;
-#endif
 }
 
-#if 0
-static SECStatus
-ssl_bad_cert(void *arg, PRFileDesc *socket)
-{
-	SECStatus status = SECFailure;
-	PRErrorCode err;
-
-	if (arg == NULL)
-		return status;
-
-	*(PRErrorCode *)arg = err = PORT_GetError();
-
-	switch (err)
-	{
-		case SEC_ERROR_INVALID_AVA:
-		case SEC_ERROR_INVALID_TIME:
-		case SEC_ERROR_BAD_SIGNATURE:
-		case SEC_ERROR_EXPIRED_CERTIFICATE:
-		case SEC_ERROR_UNKNOWN_ISSUER:
-		case SEC_ERROR_UNTRUSTED_CERT:
-		case SEC_ERROR_CERT_VALID:
-		case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
-		case SEC_ERROR_CRL_EXPIRED:
-		case SEC_ERROR_CRL_BAD_SIGNATURE:
-		case SEC_ERROR_EXTENSION_VALUE_INVALID:
-		case SEC_ERROR_CA_CERT_INVALID:
-		case SEC_ERROR_CERT_USAGES_INVALID:
-		case SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION:
-			status = SECSuccess;
-			break;
-
-		default:
-			status = SECFailure;
-			break;
-	}
-
-	purple_debug_error("nss", "Bad certificate: %d\n", err);
-
-	return status;
-}
-#endif
-
 static gboolean
 ssl_nss_init(void)
 {
@@ -362,7 +312,10 @@ ssl_nss_handshake_cb(gpointer data, int 
 		purple_certificate_destroy_list(peers);
 	} else {
 		/* Otherwise, just call the "connection complete"
-		   callback */
+		 * callback. The verification was already done with
+		 * SSL_AuthCertificate, the default verifier
+		 * (SSL_AuthCertificateHook was not called in ssl_nss_connect).
+		 */
 		gsc->connect_cb(gsc->connect_cb_data, gsc, cond);
 	}
 }
@@ -427,13 +380,10 @@ ssl_nss_connect(PurpleSslConnection *gsc
 	SSL_OptionSet(nss_data->in, SSL_SECURITY,            PR_TRUE);
 	SSL_OptionSet(nss_data->in, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE);
 
-	SSL_AuthCertificateHook(nss_data->in,
-							(SSLAuthCertificate)ssl_auth_cert,
-							(void *)CERT_GetDefaultCertDB());
-#if 0
-	/* No point in hooking BadCert, since ssl_auth_cert always succeeds */
-	SSL_BadCertHook(nss_data->in, (SSLBadCertHandler)ssl_bad_cert, NULL);
-#endif
+	/* If we have our internal verifier set up, use it. Otherwise,
+	 * use default. */
+	if (gsc->verifier != NULL)
+		SSL_AuthCertificateHook(nss_data->in, ssl_auth_cert, NULL);
 
 	if(gsc->host)
 		SSL_SetURL(nss_data->in, gsc->host);
diff --git a/pidgin/gtkconv.c b/pidgin/gtkconv.c
--- a/pidgin/gtkconv.c
+++ b/pidgin/gtkconv.c
@@ -4375,7 +4375,7 @@ tab_complete_process_item(int *most_matc
 	char *nick_partial;
 	gsize name_len = g_utf8_strlen(name, -1);
 
-	if ((glong)entered_chars > name_len)
+	if (entered_chars > name_len)
 		return;
 
 	nick_partial = g_utf8_substring(name, 0, entered_chars);
@@ -4474,7 +4474,7 @@ tab_complete(PurpleConversation *conv)
 		ch2 = g_utf8_find_next_char(ch, NULL);
 	}
 
-	if (caret >= 2 && *ch == ':' && (*ch2 == ' ' || g_utf8_get_char(ch2) == 0xA0))
+	if (caret >= 2 && *ch == ':' && g_unichar_isspace(g_utf8_get_char(ch2)))
 		colon = 2;
 	else if (caret >= 1 && content[caret - 1] == ':')
 		colon = 1;
@@ -4485,7 +4485,7 @@ tab_complete(PurpleConversation *conv)
 	/* find the start of the word that we're tabbing. */
 	ch = g_utf8_offset_to_pointer(content, caret);
 	while ((ch = g_utf8_find_prev_char(content, ch))) {
-		if (*ch != ' ' && g_utf8_get_char(ch) != 0xA0)
+		if (!g_unichar_isspace(g_utf8_get_char(ch)))
 			--word_start;
 		else
 			break;
@@ -4575,9 +4575,9 @@ tab_complete(PurpleConversation *conv)
 			if (caret < content_len) {
 				tmp = g_strdup_printf("%s: ", (char *)matches->data);
 			} else {
-				char utf[6] = {0};
-				g_unichar_to_utf8(0xA0, utf);
-				tmp = g_strdup_printf("%s:%s", (char *)matches->data, utf);
+				char nbsp[6] = {0};
+				g_unichar_to_utf8(0xA0, nbsp);
+				tmp = g_strdup_printf("%s:%s", (char *)matches->data, nbsp);
 			}
 
 			modified = g_strdup_printf("%s%s", tmp, sub2);
@@ -5657,13 +5657,6 @@ setup_common_pane(PidginConversation *gt
 
 	if (!chat) {
 		/* For sending typing notifications for IMs */
-#if 0
-		/* TODO WebKit */
-		g_signal_connect(G_OBJECT(gtkconv->entry_buffer), "insert_text",
-						 G_CALLBACK(insert_text_cb), gtkconv);
-		g_signal_connect(G_OBJECT(gtkconv->entry_buffer), "delete_range",
-						 G_CALLBACK(delete_text_cb), gtkconv);
-#endif
 		gtkconv->u.im->typing_timer = 0;
 		gtkconv->u.im->animate = purple_prefs_get_bool(PIDGIN_PREFS_ROOT "/conversations/im/animate_buddy_icons");
 		gtkconv->u.im->show_icon = TRUE;



More information about the Commits mailing list