... which aliases `XMPP_CONN_FLAG_LEGACY_SSL`. This was called 'legacy',
when everyone thought STARTTLS is the future, but that turned out
differently and direct TLS is recommended nowadays.
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
`MAX_NUM_DNSNAMES` was replaced by a dynamically sized array, but the
documentation hasn't been updated.
Fixes: f23ac83 ("add callback functionality on certificate verification failure")
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
Mingw doesn't find netinet/in.h which is not supposed to be used for a
windows build. This header is conditionally compiled when _MSC_VER is
not defined, however, mingw defines only _WIN32 and not the _MSC_VER.
Add also _WIN32 to the condition, so mingw ignores the header and relies
on winsock2.h from common.h->sock.h.
Fixes#265.
[0] decided that `rettype (*foo)();` must now be interpreted as
`rettype (*foo)(void);`. Luckily it also allows now to store function
pointers in a `void*` (c.f. Ch. J.5.7).
[0]: https://www.open-std.org/jtc1/sc22/wg14/www/docs/n3096.pdf
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
`xmpp_run_once()` uses `FD_SET()` to determine which sockets to `select()`
on. The socket gets initialized to `INVALID_SOCKET = -1` inside
`xmpp_conn_new()` which leads to a buffer overflow once `FD_SET()` is
called.
This is only exposed when enabling a higher optimization level, which
was only done in the `release-test` CI job.
* Fix this testcase by initializing the socket to a possible value.
* Build the Valgrind CI jobs with `-O2`.
* Make the output of the `release-test` more verbose.
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
* Refactor `xmpp_sm_state_restore()`
Add new internal functions to load u32 and string values. This also brings
length checks in order to verify we don't read more sm_state than there
potentially is and type checks to ensure we have the correct CBOR types.
Each element is added to the queue right after creation, so it won't leak
in case creating its content fails.
* Refactor `sm_state_serialize()`
* Store & restore ints as/from big endian, CBOR requires that
* Bring API names in line with the usual naming
* Auto-format sources
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
It is useful in some applications to get a snapshot of the stream
management state for storage outside the process, in order to recover
from crashes and other things. The get_sm_state already present is not
suitable for this because it returns a live object tied in to the
current context and such, and containing much unneeded internal-api
data.
Introduce xmpp_sm_state_set_callback which is called every time the
state changes with a serialized state, and a dual xmpp_sm_state_restore
which takes in this serialized state and sets up a new sm_state based on
that.
The serialization is considered opaque from the PoV of the API, but is
based on CBOR to facilitate easy debugging.
Building the SSL library is too much overhead, let's do this only once
and re-build and run libstrophe with Valgrind enabled in the same runner.
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
In case we're in disconnected state, allow the user to drop the first
element of the send queue, even if it was already in progress
to be written.
Before this patch, the first element could not be retrieved at all, even
after a disconnect.
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
We have to reset the `r_sent` flag in case we drop the `<r>` stanza,
otherwise the SM `h` request mechanism stops working.
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
The code-path which checks whether the server requires an "xmpp-session"
was untested and therefore the connection-callback handler was triggered
twice with the state `XMPP_CONN_CONNECT`. This happened if the server
supports stream-management and requires a session.
Reported via https://github.com/profanity-im/profanity/issues/1954
Fixup of c7d410f38b
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
`rc` must be reset in order to make the `do-while` loop work in case
there's no `sockopt_cb` set.
Fixup of f3460460e9
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
Introduce a `conn_interface` to simplify the decision logic which API
we must call.
This also fixes some bugs of the previous commit.
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
* Delay the notification of the library user that the connection was
successful, until SM is reported by the server as enabled.
* Clear the SM queue in case resumption failed.
* Improve some debug statements & comments.
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
Instead of setting each element individually to 0 or NULL, use memset.
This also fixes the missing initialization of `conn->sm_disable`.
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
In case a connection is established, but the stream negotiation has not
completed yet, a user may think that they can start sending data,
but this is not the case.
All of the following quotes originate in RFC6120.
As of Ch. 8:
> After a client and a server (or two servers) have completed stream
> negotiation, either party can send XML stanzas.
As of Ch. 7.3.1:
> The parties to a stream MUST consider resource binding as
> mandatory-to-negotiate.
As of Ch. 6.3.1:
> The parties to a stream MUST consider SASL as mandatory-to-negotiate.
As of Ch. 4.3.5:
> The initiating entity MUST NOT attempt to send XML stanzas to entities
> other than itself (i.e., the client's connected resource or any other
> authenticated resource of the client's account) or the server to which
> it is connected until stream negotiation has been completed.
> Even if the initiating entity does attempt to do so, the receiving
> entity MUST NOT accept such stanzas and MUST close the stream with a
> <not-authorized/> stream error [...]
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>