ssl cient auth

Lucas Fisher lucas.fisher at
Sat Sep 3 17:31:54 EDT 2011

I have a working implementation of SSL client authentication in 
im.pidgin.cpw.ljfisher.ssl_client_auth.  It required a number of API additions 
and some changes. Anyone want to look at it for suitability for merging?

Currently only supports gnutls and requires cyrus sasl be enabled.

Summary of changes:
- Added PurplePrivateKey
- Added PurplePrivateKeyScheme
- Added PurplePrivateKeyPool
- Added PurplePkcs12Scheme
- Added a certificate pool for user certificates
- Added optional function to PurplePluginProtocolInfo to get the account 
options. Previously this was a field that was access directly. This allow 
dynamic generation of protocol options so I could return a list of 
certifiicates in the pool. The field is still valid so other plugins will 
continue to work.
- Added drop-down box to XMPP advanced accoutt options (via the new dynamic 
account options function) for selecting the certificate to use for 
-Modified purple_ssl_connect_* to take a certificate id to use for client side 
- Added fields to PurpleSslConnection for client keys and certs used for 
- enabled SASL external in jabber plugin
- Added support to gnutls ssl plugin for sending client cert.
- Added support to gnutls ssl plugin for PurplePkcs12Scheme and 
- Added extra tab to gtkcertmgr for user certificates

For convenience this will get you a diff of the heads of im.pidgin.pidgin and 
mtn diff -r 21f078cdce656c60707d6518904262ee44ac648c -r 

- testing
- clean out some dead code if the API changes are acceptable
- Enable password caching for at least the session to the private key password 
- Support for NSS if  necessary. Might be required for building on Windows?

More information about the Devel mailing list