Based on the differences to libmesode this functionality has been added.
It allows a library-user to set a callback for cases where the TLS stack
can't verify a received certificate and let the end-user decide what to
do.
examples/basic implements an example handler of said functionality.
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
This adds a new API function xmpp_ctx_set_verbosity() to set increased
verbosity levels.
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
While reading through the code this seemed logical to do.
I haven't seen this occuring in the wild!
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
This returns early in case
1. no log handler is set
2. the default log handler is set and the log level would result in nothing
being printed.
No need to snprintf() and whatnot if there's no consumer.
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
Put sending of data into its own function which takes ownership of the
data and therefor minimizes the number of allocations and frees.
This also slightly improves error handling and printing of debug
information.
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
If parser has an unfinished stanza with depth > 1, it can happen that
parser->stanza points to a child. Releasing the child doesn't free the
parent stanza.
Instead of releasing parser->stanza in parser_reset() and parser_free(),
find the top most parent and release the whole tree. Also add a test
case for this memory leak.
RFC6120 states that client SHOULD send the "from" attribute in <stream>.
Because of privacy concerns attribute "from" should be sent only after
TLS negotiation. This step ensures that the server is verified by its
certificate and protects JID from MITM attack.
Fixes#163.
Also should be helpful for #162.
Const variables in prototypes don't add much value, but make the code
larger and redundant. Remove these const keywords.
Note, this doesn't apply to pointers to const memory.
Make it possible to reset password to NULL. It is not required for
ANONYMOUS authentication. Also, report an error and disconnect if
password is not set and libstrophe should try authentication mechanisms
other than ANONYMOUS.
ctx.c contains a workaround for systems without va_copy() support.
Improve this workaround in the way which is described in the autoconf
manual.
Also check for va_copy declaration in configure time.
Fixes#160.
Compilers remove dead assignments in optimization phase. But SHA1 code
uses them for wiping of sensitive data. Fix this with the trick used
by openssl.
This function creates a stanza object from a string. The string must
contain a single complete stanza. Multiple stanzas will lead to memory
leak and this is not handled in the patch.
There are situations when applications need more predictable timed
handlers that don't depend on connection status. Other usecase of
the global handlers is to manage offline connections, for example,
reconnect after a disconnection.
Introduced UNUSED macro with cast to void in commoh.h for internal
use. Used cast to void directly in those files which do not
include common.h. Although this change doesn't fix semantic issues
with unused function parameters, it does explicitly mark all those
places, which might require attention in future.
HMAC was originally implemented for SHA1 digest according to RFC2104.
The RFC defined blocksize for all digests as 64 bytes. But RFC4868
requires blocksize for SHA384/SHA512 to be 128 bytes.
Extend HMAC implementation to support variable blocksize and fix it for
SHA384/SHA512.
* Add SCRAM_DIGEST_SIZE macro for maximum possible digest size. It will
avoid new buffer overflow errors when new digests are added.
* Fix buffer overflow in sasl_scram(). Buffers were allocated for SHA1
digest size.
* Fix bug with handler re-registration when a SASL SCRAM mechanism
fails.