Compare commits
14 Commits
0.13.1
...
generic-se
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
541c22cb13 | ||
|
|
06f2ba19b4 | ||
|
|
5690c4ed89 | ||
|
|
62953e9ecf | ||
|
|
5142eea2eb | ||
|
|
5dd9e4b0e0 | ||
|
|
4ec4f09b35 | ||
|
|
e24819a405 | ||
|
|
d0d1fa9835 | ||
|
|
da1229814c | ||
|
|
d82df1273c | ||
|
|
9fef4b7d02 | ||
|
|
4359536a17 | ||
|
|
03d43132bc |
53
.github/workflows/main.yml
vendored
53
.github/workflows/main.yml
vendored
@@ -50,28 +50,31 @@ jobs:
|
||||
strategy:
|
||||
matrix:
|
||||
xssl_versions:
|
||||
- { version: "master", continue: true, libressl: true }
|
||||
- { version: "OPENBSD_7_4", continue: true, libressl: true }
|
||||
- { version: "v3.8.1", continue: true, libressl: true }
|
||||
- { version: "OPENBSD_7_3", continue: true, libressl: true }
|
||||
- { version: "OPENBSD_7_2", continue: true, libressl: true }
|
||||
- { version: "OPENBSD_7_1", continue: true, libressl: true }
|
||||
- { version: "master", continue: true, libressl: true }
|
||||
- { version: "OPENBSD_7_5", continue: true, libressl: true }
|
||||
- { version: "v3.9.2", continue: true, libressl: true }
|
||||
- { version: "OPENBSD_7_4", continue: true, libressl: true }
|
||||
- { version: "v3.8.4", continue: true, libressl: true }
|
||||
- { version: "OPENBSD_7_3", continue: true, libressl: true }
|
||||
- { version: "OPENBSD_7_2", continue: true, libressl: true }
|
||||
- { version: "OPENBSD_7_1", continue: true, libressl: true }
|
||||
# https://github.com/libressl-portable/portable/issues/760
|
||||
# - { version: "v3.5.2", continue: true, libressl: true }
|
||||
- { version: "OPENBSD_7_0", continue: true, libressl: true }
|
||||
- { version: "OPENBSD_7_0", continue: true, libressl: true }
|
||||
# OPENBSD_7_0 is basically the "fixed v3.4.3"
|
||||
# - { version: "v3.4.3", continue: true, libressl: true }
|
||||
- { version: "v3.4.2", continue: true, libressl: true }
|
||||
- { version: "OPENBSD_6_9", continue: true, libressl: true }
|
||||
- { version: "v3.1.5", continue: true, libressl: true }
|
||||
- { version: "v2.1.10", continue: true, libressl: true }
|
||||
- { version: "openssl-3.0", continue: true, libressl: false }
|
||||
- { version: "openssl-3.0.10", continue: false, libressl: false }
|
||||
- { version: "openssl-3.1", continue: true, libressl: false }
|
||||
- { version: "openssl-3.1.2", continue: false, libressl: false }
|
||||
valgrind:
|
||||
- { configure: '' , make: 'check' }
|
||||
- { configure: '--enable-valgrind' , make: 'check-valgrind' }
|
||||
# - { version: "v3.4.3", continue: true, libressl: true }
|
||||
- { version: "v3.4.2", continue: true, libressl: true }
|
||||
- { version: "OPENBSD_6_9", continue: true, libressl: true }
|
||||
- { version: "v3.1.5", continue: true, libressl: true }
|
||||
- { version: "v2.1.10", continue: true, libressl: true }
|
||||
- { version: "openssl-3.0", continue: true, libressl: false }
|
||||
- { version: "openssl-3.0.13", continue: false, libressl: false }
|
||||
- { version: "openssl-3.1", continue: true, libressl: false }
|
||||
- { version: "openssl-3.1.5", continue: false, libressl: false }
|
||||
- { version: "openssl-3.2", continue: true, libressl: false }
|
||||
- { version: "openssl-3.2.1", continue: false, libressl: false }
|
||||
- { version: "openssl-3.3", continue: true, libressl: false }
|
||||
- { version: "openssl-3.3.0", continue: false, libressl: false }
|
||||
name: xSSL tests
|
||||
continue-on-error: ${{ matrix.xssl_versions.continue }}
|
||||
steps:
|
||||
@@ -89,11 +92,19 @@ jobs:
|
||||
- name: Build the library
|
||||
run: |
|
||||
./bootstrap.sh
|
||||
./configure ${{ matrix.valgrind.configure }} PKG_CONFIG_PATH="${HOME}/xssl/lib/pkgconfig" CFLAGS="-Werror -g3" --prefix="${HOME}/xssl"
|
||||
PKG_CONFIG_PATH="${HOME}/xssl/lib/pkgconfig" ./configure CFLAGS="-Werror -g3" --prefix="${HOME}/xssl"
|
||||
make -j$(nproc)
|
||||
- name: Run tests
|
||||
run: |
|
||||
make -j$(nproc) ${{ matrix.valgrind.make }}
|
||||
LD_LIBRARY_PATH="${HOME}/xssl/lib" make -j$(nproc) check
|
||||
- name: Build the library with Valgrind enabled
|
||||
run: |
|
||||
./bootstrap.sh
|
||||
PKG_CONFIG_PATH="${HOME}/xssl/lib/pkgconfig" ./configure --enable-valgrind CFLAGS="-Werror -g3" --prefix="${HOME}/xssl"
|
||||
make -j$(nproc)
|
||||
- name: Run tests with Valgrind enabled
|
||||
run: |
|
||||
LD_LIBRARY_PATH="${HOME}/xssl/lib" make -j$(nproc) check-valgrind
|
||||
- name: Error logs
|
||||
if: ${{ failure() }}
|
||||
run: |
|
||||
|
||||
@@ -115,8 +115,8 @@ int main(int argc, char **argv)
|
||||
*/
|
||||
|
||||
/* setup authentication information */
|
||||
xmpp_conn_set_jid(conn, argv[1]);
|
||||
xmpp_conn_set_pass(conn, argv[2]);
|
||||
xmpp_conn_set_string(conn, XMPP_SETTING_JID, argv[1]);
|
||||
xmpp_conn_set_string(conn, XMPP_SETTING_PASS, argv[2]);
|
||||
|
||||
/* initiate connection */
|
||||
xmpp_connect_client(conn, NULL, 0, conn_handler, ctx);
|
||||
|
||||
@@ -116,9 +116,9 @@ int main(int argc, char **argv)
|
||||
|
||||
/* setup authentication information */
|
||||
if (jid)
|
||||
xmpp_conn_set_jid(conn, jid);
|
||||
xmpp_conn_set_string(conn, XMPP_SETTING_JID, jid);
|
||||
if (password)
|
||||
xmpp_conn_set_pass(conn, password);
|
||||
xmpp_conn_set_string(conn, XMPP_SETTING_PASS, password);
|
||||
|
||||
/* initiate connection */
|
||||
if (xmpp_connect_client(conn, host, port, conn_handler, ctx) == XMPP_EOK) {
|
||||
|
||||
@@ -293,20 +293,24 @@ create_connection:
|
||||
xmpp_conn_set_flags(conn, flags);
|
||||
|
||||
/* ask for a password if key is protected */
|
||||
xmpp_conn_set_password_callback(conn, password_callback, NULL);
|
||||
xmpp_conn_set_functionpointer(conn, XMPP_SETTING_PASSWORD_CALLBACK,
|
||||
password_callback);
|
||||
/* try at max 3 times in case the user enters the password wrong */
|
||||
xmpp_conn_set_password_retries(conn, 3);
|
||||
xmpp_conn_set_int(conn, XMPP_SETTING_PASSWORD_RETRIES, 3);
|
||||
/* setup authentication information */
|
||||
if (key)
|
||||
xmpp_conn_set_client_cert(conn, cert, key);
|
||||
if (key) {
|
||||
xmpp_conn_set_string(conn, XMPP_SETTING_CLIENT_CERT, cert);
|
||||
xmpp_conn_set_string(conn, XMPP_SETTING_CLIENT_KEY, key);
|
||||
}
|
||||
if (jid)
|
||||
xmpp_conn_set_jid(conn, jid);
|
||||
xmpp_conn_set_string(conn, XMPP_SETTING_JID, jid);
|
||||
if (password)
|
||||
xmpp_conn_set_pass(conn, password);
|
||||
xmpp_conn_set_string(conn, XMPP_SETTING_PASS, password);
|
||||
|
||||
/* enable TCP keepalive, using canned callback function */
|
||||
if (tcp_keepalive)
|
||||
xmpp_conn_set_sockopt_callback(conn, xmpp_sockopt_cb_keepalive);
|
||||
xmpp_conn_set_functionpointer(conn, XMPP_SETTING_SOCKOPT_CALLBACK,
|
||||
xmpp_sockopt_cb_keepalive);
|
||||
|
||||
/* set Stream-Mangement state if available */
|
||||
if (sm_state) {
|
||||
|
||||
@@ -331,27 +331,31 @@ int main(int argc, char **argv)
|
||||
xmpp_conn_set_flags(conn, flags);
|
||||
/* configure TCP keepalive (optional) */
|
||||
if (tcp_keepalive)
|
||||
xmpp_conn_set_sockopt_callback(conn, sockopt_cb);
|
||||
xmpp_conn_set_functionpointer(conn, XMPP_SETTING_SOCKOPT_CALLBACK,
|
||||
sockopt_cb);
|
||||
|
||||
/* ask for a password if key is protected */
|
||||
xmpp_conn_set_password_callback(conn, password_callback, NULL);
|
||||
xmpp_conn_set_functionpointer(conn, XMPP_SETTING_PASSWORD_CALLBACK,
|
||||
password_callback);
|
||||
/* try at max 3 times in case the user enters the password wrong */
|
||||
xmpp_conn_set_password_retries(conn, 3);
|
||||
xmpp_conn_set_int(conn, XMPP_SETTING_PASSWORD_RETRIES, 3);
|
||||
/* setup authentication information */
|
||||
if (key) {
|
||||
xmpp_conn_set_client_cert(conn, cert, key);
|
||||
xmpp_conn_set_string(conn, XMPP_SETTING_CLIENT_CERT, cert);
|
||||
xmpp_conn_set_string(conn, XMPP_SETTING_CLIENT_KEY, key);
|
||||
}
|
||||
if (jid)
|
||||
xmpp_conn_set_jid(conn, jid);
|
||||
xmpp_conn_set_string(conn, XMPP_SETTING_JID, jid);
|
||||
if (password)
|
||||
xmpp_conn_set_pass(conn, password);
|
||||
xmpp_conn_set_string(conn, XMPP_SETTING_PASS, password);
|
||||
|
||||
if (certfail)
|
||||
xmpp_conn_set_certfail_handler(conn, certfail_handler);
|
||||
xmpp_conn_set_functionpointer(conn, XMPP_SETTING_CERTFAIL_HANDLER,
|
||||
certfail_handler);
|
||||
if (capath)
|
||||
xmpp_conn_set_capath(conn, capath);
|
||||
xmpp_conn_set_string(conn, XMPP_SETTING_CAPATH, capath);
|
||||
if (cafile)
|
||||
xmpp_conn_set_cafile(conn, cafile);
|
||||
xmpp_conn_set_string(conn, XMPP_SETTING_CAFILE, cafile);
|
||||
|
||||
/* initiate connection */
|
||||
if (xmpp_connect_client(conn, host, port, conn_handler, ctx) == XMPP_EOK) {
|
||||
|
||||
@@ -80,8 +80,8 @@ int main(int argc, char **argv)
|
||||
conn = xmpp_conn_new(ctx);
|
||||
|
||||
/* setup authentication information */
|
||||
xmpp_conn_set_jid(conn, jid);
|
||||
xmpp_conn_set_pass(conn, pass);
|
||||
xmpp_conn_set_string(conn, XMPP_SETTING_JID, jid);
|
||||
xmpp_conn_set_string(conn, XMPP_SETTING_PASS, pass);
|
||||
|
||||
/* initiate connection */
|
||||
xmpp_connect_component(conn, host, port, conn_handler, ctx);
|
||||
|
||||
@@ -342,7 +342,7 @@ int main(int argc, char **argv)
|
||||
|
||||
/* jid can be a jid or domain for "raw" connection */
|
||||
domain = xmpp_jid_domain(ctx, jid);
|
||||
xmpp_conn_set_jid(conn, domain);
|
||||
xmpp_conn_set_string(conn, XMPP_SETTING_JID, domain);
|
||||
xmpp_free(ctx, domain);
|
||||
|
||||
/* private data */
|
||||
|
||||
@@ -118,8 +118,8 @@ int main(int argc, char **argv)
|
||||
*/
|
||||
|
||||
/* setup authentication information */
|
||||
xmpp_conn_set_jid(conn, argv[1]);
|
||||
xmpp_conn_set_pass(conn, argv[2]);
|
||||
xmpp_conn_set_string(conn, XMPP_SETTING_JID, argv[1]);
|
||||
xmpp_conn_set_string(conn, XMPP_SETTING_PASS, argv[2]);
|
||||
|
||||
/* initiate connection */
|
||||
xmpp_connect_client(conn, NULL, 0, conn_handler, ctx);
|
||||
|
||||
@@ -269,8 +269,8 @@ int main(int argc, char **argv)
|
||||
log = xmpp_get_default_logger(XMPP_LEVEL_INFO);
|
||||
ctx = xmpp_ctx_new(NULL, log);
|
||||
conn = xmpp_conn_new(ctx);
|
||||
xmpp_conn_set_jid(conn, jid);
|
||||
xmpp_conn_set_pass(conn, pass);
|
||||
xmpp_conn_set_string(conn, XMPP_SETTING_JID, jid);
|
||||
xmpp_conn_set_string(conn, XMPP_SETTING_PASS, pass);
|
||||
vcard.ctx = ctx;
|
||||
xmpp_connect_client(conn, NULL, 0, conn_handler, &vcard);
|
||||
xmpp_run(ctx);
|
||||
|
||||
@@ -175,9 +175,11 @@ struct _xmpp_send_queue_t {
|
||||
#define SASL_MASK_EXTERNAL (1 << 6)
|
||||
#define SASL_MASK_SCRAMSHA1_PLUS (1 << 7)
|
||||
#define SASL_MASK_SCRAMSHA256_PLUS (1 << 8)
|
||||
#define SASL_MASK_SCRAMSHA512_PLUS (1 << 9)
|
||||
|
||||
#define SASL_MASK_SCRAM_PLUS \
|
||||
(SASL_MASK_SCRAMSHA1_PLUS | SASL_MASK_SCRAMSHA256_PLUS)
|
||||
#define SASL_MASK_SCRAM_PLUS \
|
||||
(SASL_MASK_SCRAMSHA1_PLUS | SASL_MASK_SCRAMSHA256_PLUS | \
|
||||
SASL_MASK_SCRAMSHA512_PLUS)
|
||||
#define SASL_MASK_SCRAM_WEAK \
|
||||
(SASL_MASK_SCRAMSHA1 | SASL_MASK_SCRAMSHA256 | SASL_MASK_SCRAMSHA512)
|
||||
#define SASL_MASK_SCRAM (SASL_MASK_SCRAM_PLUS | SASL_MASK_SCRAM_WEAK)
|
||||
@@ -278,7 +280,8 @@ struct _xmpp_conn_t {
|
||||
|
||||
struct {
|
||||
struct xmpp_compression *state;
|
||||
int allowed, supported, dont_reset;
|
||||
int allowed, dont_reset, level;
|
||||
int supported;
|
||||
} compression;
|
||||
|
||||
char *lang;
|
||||
|
||||
@@ -227,7 +227,7 @@ int compression_init(xmpp_conn_t *conn)
|
||||
|
||||
comp->compression.stream.next_out = comp->compression.buffer;
|
||||
comp->compression.stream.avail_out = STROPHE_COMPRESSION_BUFFER_SIZE;
|
||||
int ret = deflateInit(&comp->compression.stream, Z_DEFAULT_COMPRESSION);
|
||||
int ret = deflateInit(&comp->compression.stream, conn->compression.level);
|
||||
if (ret != Z_OK) {
|
||||
strophe_free_and_null(conn->ctx, comp->compression.buffer);
|
||||
conn->error = ret;
|
||||
|
||||
392
src/conn.c
392
src/conn.c
@@ -167,6 +167,8 @@ xmpp_conn_t *xmpp_conn_new(xmpp_ctx_t *ctx)
|
||||
tls_clear_password_cache(conn);
|
||||
conn->password_retries = 1;
|
||||
|
||||
conn->compression.level = -1;
|
||||
|
||||
conn->parser =
|
||||
parser_new(conn->ctx, _handle_stream_start, _handle_stream_end,
|
||||
_handle_stream_stanza, conn);
|
||||
@@ -217,32 +219,6 @@ xmpp_conn_t *xmpp_conn_clone(xmpp_conn_t *conn)
|
||||
return conn;
|
||||
}
|
||||
|
||||
/** Register sockopt callback
|
||||
* Set function to be called when a new socket is created to allow setting
|
||||
* socket options before connection is started.
|
||||
*
|
||||
* If the connection is already connected, this callback will be called
|
||||
* immediately.
|
||||
*
|
||||
* To set options that can only be applied to disconnected sockets, the
|
||||
* callback must be registered before connecting.
|
||||
*
|
||||
* @param conn The Strophe connection object this callback is being registered
|
||||
* for
|
||||
* @param callback a xmpp_sockopt_callback callback function that will receive
|
||||
* notifications of connection status
|
||||
*
|
||||
* @ingroup Connections
|
||||
*/
|
||||
|
||||
void xmpp_conn_set_sockopt_callback(xmpp_conn_t *conn,
|
||||
xmpp_sockopt_callback callback)
|
||||
{
|
||||
conn->sockopt_cb = callback;
|
||||
if (conn->state != XMPP_STATE_DISCONNECTED)
|
||||
callback(conn, &conn->sock);
|
||||
}
|
||||
|
||||
/** Release a Strophe connection object.
|
||||
* Decrement the reference count by one for a connection, freeing the
|
||||
* connection object if the count reaches 0.
|
||||
@@ -366,6 +342,204 @@ int xmpp_conn_release(xmpp_conn_t *conn)
|
||||
return released;
|
||||
}
|
||||
|
||||
/** Configure a connection-related int setting
|
||||
*
|
||||
* `setting` can be one of:
|
||||
* - \ref XMPP_SETTING_PASSWORD_RETRIES
|
||||
* Set the number of retry attempts to decrypt a private key file. \n
|
||||
* In case the user enters the password manually it can be useful to
|
||||
* directly retry if the decryption of the key file failed.
|
||||
*
|
||||
* - \ref XMPP_SETTING_COMPRESSION_LEVEL
|
||||
* Set the compression level. \n
|
||||
* For zlib the valid range is `-1` to `9`.
|
||||
*
|
||||
* @param conn a Strophe connection object
|
||||
* @param setting The setting that shall be configured
|
||||
* @param value The value, the settings should get
|
||||
*
|
||||
* @ingroup Connections
|
||||
*/
|
||||
void xmpp_conn_set_int(xmpp_conn_t *conn,
|
||||
xmpp_conn_setting_t setting,
|
||||
int value)
|
||||
{
|
||||
switch (setting) {
|
||||
case XMPP_SETTING_PASSWORD_RETRIES:
|
||||
if (value <= 0)
|
||||
conn->password_retries = 1;
|
||||
else
|
||||
conn->password_retries = value;
|
||||
break;
|
||||
case XMPP_SETTING_COMPRESSION_LEVEL:
|
||||
conn->compression.level = value;
|
||||
break;
|
||||
default:
|
||||
strophe_warn(conn->ctx, "xmpp", "Invalid Int setting %d", setting);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
/** Configure a connection-related string setting
|
||||
*
|
||||
* `setting` can be one of:
|
||||
* - \ref XMPP_SETTING_JID
|
||||
* Set the JID of the user that will be bound to the connection. \n
|
||||
* This should not be used after a connection is created. \n
|
||||
* If the supplied JID is missing the node, SASL ANONYMOUS authentication
|
||||
* will be used.
|
||||
*
|
||||
* - \ref XMPP_SETTING_PASS
|
||||
* Set the password used to authenticate the connection.
|
||||
*
|
||||
* - \ref XMPP_SETTING_CAFILE
|
||||
* Set CAfile.
|
||||
*
|
||||
* - \ref XMPP_SETTING_CAPATH
|
||||
* Set CApath.
|
||||
*
|
||||
* - \ref XMPP_SETTING_CLIENT_CERT
|
||||
* Set the Client Certificate or PKCS#12 encoded file that will be bound to
|
||||
* the connection. \n
|
||||
* This should not be used after a connection is created. \n
|
||||
* In case the PKCS#12 file is encrypted, a callback must be set via
|
||||
* \ref xmpp_conn_set_functionpointer with the option
|
||||
* \ref XMPP_SETTING_PASSWORD_CALLBACK so the TLS stack can retrieve the
|
||||
* password.
|
||||
*
|
||||
* - \ref XMPP_SETTING_CLIENT_KEY
|
||||
* Set the Private Key that will be bound to the connection. \n
|
||||
* This should not be used after a connection is created. \n
|
||||
* In case the Private Key is encrypted, a callback must be set via
|
||||
* \ref xmpp_conn_set_functionpointer with the option
|
||||
* \ref XMPP_SETTING_PASSWORD_CALLBACK so the TLS stack can retrieve the
|
||||
* password.
|
||||
*
|
||||
*
|
||||
*
|
||||
* If any value was previously set, it will be discarded.
|
||||
* The function will make a copy of the value given.
|
||||
*
|
||||
* @param conn a Strophe connection object
|
||||
* @param setting The setting that shall be configured
|
||||
* @param value The value, the settings should get
|
||||
*
|
||||
* @ingroup Connections
|
||||
*/
|
||||
void xmpp_conn_set_string(xmpp_conn_t *conn,
|
||||
xmpp_conn_setting_t setting,
|
||||
const char *value)
|
||||
{
|
||||
char **target;
|
||||
switch (setting) {
|
||||
case XMPP_SETTING_JID:
|
||||
target = &conn->jid;
|
||||
break;
|
||||
case XMPP_SETTING_PASS:
|
||||
target = &conn->pass;
|
||||
break;
|
||||
case XMPP_SETTING_CAFILE:
|
||||
target = &conn->tls_cafile;
|
||||
break;
|
||||
case XMPP_SETTING_CAPATH:
|
||||
target = &conn->tls_capath;
|
||||
break;
|
||||
case XMPP_SETTING_CLIENT_CERT:
|
||||
target = &conn->tls_client_cert;
|
||||
break;
|
||||
case XMPP_SETTING_CLIENT_KEY:
|
||||
target = &conn->tls_client_key;
|
||||
break;
|
||||
default:
|
||||
strophe_warn(conn->ctx, "xmpp", "Invalid String setting %d", setting);
|
||||
return;
|
||||
}
|
||||
|
||||
if (*target)
|
||||
strophe_free(conn->ctx, *target);
|
||||
*target = NULL;
|
||||
if (value) {
|
||||
*target = strophe_strdup(conn->ctx, value);
|
||||
}
|
||||
}
|
||||
|
||||
/** Configure a connection-related pointer setting
|
||||
*
|
||||
* `setting` can be one of:
|
||||
* - \ref XMPP_SETTING_PASSWORD_CALLBACK_USERDATA
|
||||
* Set the userdata pointer that is pass when the password-retrieval
|
||||
* callback is called. \ref XMPP_SETTING_PASSWORD_CALLBACK
|
||||
*
|
||||
* @param conn a Strophe connection object
|
||||
* @param setting The setting that shall be configured
|
||||
* @param value The value, the settings should get
|
||||
*
|
||||
* @ingroup Connections
|
||||
*/
|
||||
void xmpp_conn_set_pointer(xmpp_conn_t *conn,
|
||||
xmpp_conn_setting_t setting,
|
||||
void *value)
|
||||
{
|
||||
switch (setting) {
|
||||
case XMPP_SETTING_PASSWORD_CALLBACK_USERDATA:
|
||||
conn->password_callback_userdata = value;
|
||||
break;
|
||||
default:
|
||||
strophe_warn(conn->ctx, "xmpp", "Invalid Pointer setting %d", setting);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
/** Configure a connection-related functionpointer setting
|
||||
*
|
||||
* `setting` can be one of:
|
||||
* - \ref XMPP_SETTING_PASSWORD_CALLBACK
|
||||
* Set the Callback function which will be called when the TLS stack can't
|
||||
* decrypt a password protected key file. The userdata pointer can be set
|
||||
* via \ref xmpp_conn_set_pointer with the setting
|
||||
* \ref XMPP_SETTING_PASSWORD_CALLBACK_USERDATA
|
||||
*
|
||||
* - \ref XMPP_SETTING_CERTFAIL_HANDLER
|
||||
* Set the Handler function which will be called when the TLS stack can't
|
||||
* verify the CA of the server we're trying to connect to.
|
||||
*
|
||||
* - \ref XMPP_SETTING_SOCKOPT_CALLBACK
|
||||
* Set function to be called when a new socket is created to allow setting
|
||||
* socket options before connection is started. \n
|
||||
* If the connection is already connected, this callback will be called
|
||||
* immediately. \n
|
||||
* To set options that can only be applied to disconnected sockets, the
|
||||
* callback must be registered before connecting.
|
||||
*
|
||||
* @param conn a Strophe connection object
|
||||
* @param setting The setting that shall be configured
|
||||
* @param value The value, the settings should get
|
||||
*
|
||||
* @ingroup Connections
|
||||
*/
|
||||
void xmpp_conn_set_functionpointer_impl(xmpp_conn_t *conn,
|
||||
xmpp_conn_setting_t setting,
|
||||
xmpp_conn_pfn_t value)
|
||||
{
|
||||
switch (setting) {
|
||||
case XMPP_SETTING_PASSWORD_CALLBACK:
|
||||
conn->password_callback = (xmpp_password_callback)value;
|
||||
break;
|
||||
case XMPP_SETTING_CERTFAIL_HANDLER:
|
||||
conn->certfail_handler = (xmpp_certfail_handler)value;
|
||||
break;
|
||||
case XMPP_SETTING_SOCKOPT_CALLBACK:
|
||||
conn->sockopt_cb = (xmpp_sockopt_callback)value;
|
||||
if (conn->state != XMPP_STATE_DISCONNECTED)
|
||||
conn->sockopt_cb(conn, &conn->sock);
|
||||
break;
|
||||
default:
|
||||
strophe_warn(conn->ctx, "xmpp", "Invalid Functionpointer setting %d",
|
||||
setting);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
/** Get the JID which is or will be bound to the connection.
|
||||
*
|
||||
* @param conn a Strophe connection object
|
||||
@@ -397,66 +571,6 @@ const char *xmpp_conn_get_bound_jid(const xmpp_conn_t *conn)
|
||||
return conn->bound_jid;
|
||||
}
|
||||
|
||||
/** Set the JID of the user that will be bound to the connection.
|
||||
* If any JID was previously set, it will be discarded. This should not be
|
||||
* be used after a connection is created. The function will make a copy of
|
||||
* the JID string. If the supplied JID is missing the node, SASL
|
||||
* ANONYMOUS authentication will be used.
|
||||
*
|
||||
* @param conn a Strophe connection object
|
||||
* @param jid a full or bare JID
|
||||
*
|
||||
* @ingroup Connections
|
||||
*/
|
||||
void xmpp_conn_set_jid(xmpp_conn_t *conn, const char *jid)
|
||||
{
|
||||
if (conn->jid)
|
||||
strophe_free(conn->ctx, conn->jid);
|
||||
conn->jid = strophe_strdup(conn->ctx, jid);
|
||||
}
|
||||
|
||||
/** Set the Handler function which will be called when the TLS stack can't
|
||||
* verify the CA of the server we're trying to connect to.
|
||||
*
|
||||
* @param conn a Strophe connection object
|
||||
* @param hndl certfail Handler function
|
||||
*
|
||||
* @ingroup TLS
|
||||
*/
|
||||
void xmpp_conn_set_certfail_handler(xmpp_conn_t *const conn,
|
||||
xmpp_certfail_handler hndl)
|
||||
{
|
||||
conn->certfail_handler = hndl;
|
||||
}
|
||||
|
||||
/** Set the CAfile
|
||||
*
|
||||
* @param conn a Strophe connection object
|
||||
* @param path path to a certificate file
|
||||
*
|
||||
* @ingroup TLS
|
||||
*/
|
||||
void xmpp_conn_set_cafile(xmpp_conn_t *const conn, const char *path)
|
||||
{
|
||||
if (conn->tls_cafile)
|
||||
strophe_free(conn->ctx, conn->tls_cafile);
|
||||
conn->tls_cafile = strophe_strdup(conn->ctx, path);
|
||||
}
|
||||
|
||||
/** Set the CApath
|
||||
*
|
||||
* @param conn a Strophe connection object
|
||||
* @param path path to a folder containing certificates
|
||||
*
|
||||
* @ingroup TLS
|
||||
*/
|
||||
void xmpp_conn_set_capath(xmpp_conn_t *const conn, const char *path)
|
||||
{
|
||||
if (conn->tls_capath)
|
||||
strophe_free(conn->ctx, conn->tls_capath);
|
||||
conn->tls_capath = strophe_strdup(conn->ctx, path);
|
||||
}
|
||||
|
||||
/** Retrieve the peer certificate
|
||||
*
|
||||
* The returned Certificate object must be free'd by calling
|
||||
@@ -473,41 +587,6 @@ xmpp_tlscert_t *xmpp_conn_get_peer_cert(xmpp_conn_t *const conn)
|
||||
return tls_peer_cert(conn);
|
||||
}
|
||||
|
||||
/** Set the Callback function which will be called when the TLS stack can't
|
||||
* decrypt a password protected key file.
|
||||
*
|
||||
* @param conn a Strophe connection object
|
||||
* @param cb The callback function that shall be called
|
||||
* @param userdata An opaque data pointer that will be passed to the callback
|
||||
*
|
||||
* @ingroup TLS
|
||||
*/
|
||||
void xmpp_conn_set_password_callback(xmpp_conn_t *conn,
|
||||
xmpp_password_callback cb,
|
||||
void *userdata)
|
||||
{
|
||||
conn->password_callback = cb;
|
||||
conn->password_callback_userdata = userdata;
|
||||
}
|
||||
|
||||
/** Set the number of retry attempts to decrypt a private key file.
|
||||
*
|
||||
* In case the user enters the password manually it can be useful to
|
||||
* directly retry if the decryption of the key file failed.
|
||||
*
|
||||
* @param conn a Strophe connection object
|
||||
* @param retries The number of retries that should be tried
|
||||
*
|
||||
* @ingroup TLS
|
||||
*/
|
||||
void xmpp_conn_set_password_retries(xmpp_conn_t *conn, unsigned int retries)
|
||||
{
|
||||
if (retries == 0)
|
||||
conn->password_retries = 1;
|
||||
else
|
||||
conn->password_retries = retries;
|
||||
}
|
||||
|
||||
/** Retrieve the path of the key file that shall be unlocked.
|
||||
*
|
||||
* This makes usually sense to be called from the
|
||||
@@ -524,49 +603,6 @@ const char *xmpp_conn_get_keyfile(const xmpp_conn_t *conn)
|
||||
return conn->tls_client_key;
|
||||
}
|
||||
|
||||
/** Set the Client Certificate and Private Key or PKCS#12 encoded file that
|
||||
* will be bound to the connection. If any of them was previously set, it
|
||||
* will be discarded. This should not be used after a connection is created.
|
||||
* The function will make a copy of the strings passed in.
|
||||
*
|
||||
* In case the Private Key is encrypted, a callback must be set via
|
||||
* \ref xmpp_conn_set_password_callback so the TLS stack can retrieve the
|
||||
* password.
|
||||
*
|
||||
* In case one wants to use a PKCS#12 encoded file, it should be passed via
|
||||
* the `cert` parameter and `key` should be NULL. Passing a PKCS#12 file in
|
||||
* `key` is deprecated.
|
||||
*
|
||||
* @param conn a Strophe connection object
|
||||
* @param cert path to a certificate file or a P12 file
|
||||
* @param key path to a private key file or a P12 file
|
||||
*
|
||||
* @ingroup TLS
|
||||
*/
|
||||
void xmpp_conn_set_client_cert(xmpp_conn_t *const conn,
|
||||
const char *const cert,
|
||||
const char *const key)
|
||||
{
|
||||
strophe_debug(conn->ctx, "conn", "set client cert %s %s", cert, key);
|
||||
if (conn->tls_client_cert)
|
||||
strophe_free(conn->ctx, conn->tls_client_cert);
|
||||
conn->tls_client_cert = NULL;
|
||||
if (conn->tls_client_key)
|
||||
strophe_free(conn->ctx, conn->tls_client_key);
|
||||
conn->tls_client_key = NULL;
|
||||
if (cert && key) {
|
||||
conn->tls_client_cert = strophe_strdup(conn->ctx, cert);
|
||||
conn->tls_client_key = strophe_strdup(conn->ctx, key);
|
||||
} else if (cert && !key) {
|
||||
conn->tls_client_cert = strophe_strdup(conn->ctx, cert);
|
||||
} else if (!cert && key) {
|
||||
strophe_warn(conn->ctx, "xmpp",
|
||||
"xmpp_conn_set_client_cert: Passing PKCS#12 in 'key' "
|
||||
"parameter is deprecated. Use 'cert' instead");
|
||||
conn->tls_client_cert = strophe_strdup(conn->ctx, key);
|
||||
}
|
||||
}
|
||||
|
||||
/** Get the number of xmppAddr entries in the client certificate.
|
||||
*
|
||||
* @param conn a Strophe connection object
|
||||
@@ -607,22 +643,6 @@ const char *xmpp_conn_get_pass(const xmpp_conn_t *conn)
|
||||
return conn->pass;
|
||||
}
|
||||
|
||||
/** Set the password used to authenticate the connection.
|
||||
* If any password was previously set, it will be discarded. The function
|
||||
* will make a copy of the password string.
|
||||
*
|
||||
* @param conn a Strophe connection object
|
||||
* @param pass the password
|
||||
*
|
||||
* @ingroup Connections
|
||||
*/
|
||||
void xmpp_conn_set_pass(xmpp_conn_t *conn, const char *pass)
|
||||
{
|
||||
if (conn->pass)
|
||||
strophe_free(conn->ctx, conn->pass);
|
||||
conn->pass = pass ? strophe_strdup(conn->ctx, pass) : NULL;
|
||||
}
|
||||
|
||||
/** Get the strophe context that the connection is associated with.
|
||||
* @param conn a Strophe connection object
|
||||
*
|
||||
@@ -1092,6 +1112,7 @@ int conn_tls_start(xmpp_conn_t *conn)
|
||||
}
|
||||
|
||||
if (conn->tls != NULL) {
|
||||
struct conn_interface old_intf = conn->intf;
|
||||
conn->intf = tls_intf;
|
||||
conn->intf.conn = conn;
|
||||
if (tls_start(conn->tls)) {
|
||||
@@ -1102,6 +1123,7 @@ int conn_tls_start(xmpp_conn_t *conn)
|
||||
tls_free(conn->tls);
|
||||
conn->tls = NULL;
|
||||
conn->tls_failed = 1;
|
||||
conn->intf = old_intf;
|
||||
}
|
||||
}
|
||||
if (rc != 0) {
|
||||
@@ -1435,6 +1457,7 @@ char *xmpp_conn_send_queue_drop_element(xmpp_conn_t *conn,
|
||||
xmpp_queue_element_t which)
|
||||
{
|
||||
xmpp_send_queue_t *t;
|
||||
int disconnected = conn->state == XMPP_STATE_DISCONNECTED;
|
||||
|
||||
/* Fast return paths */
|
||||
/* empty queue */
|
||||
@@ -1443,7 +1466,7 @@ char *xmpp_conn_send_queue_drop_element(xmpp_conn_t *conn,
|
||||
/* one element in queue */
|
||||
if (conn->send_queue_head == conn->send_queue_tail) {
|
||||
/* head is already sent out partially */
|
||||
if (conn->send_queue_head->wip)
|
||||
if (conn->send_queue_head->wip && !disconnected)
|
||||
return NULL;
|
||||
/* the element is no USER element */
|
||||
if (conn->send_queue_head->owner != XMPP_QUEUE_USER)
|
||||
@@ -1467,7 +1490,7 @@ char *xmpp_conn_send_queue_drop_element(xmpp_conn_t *conn,
|
||||
return NULL;
|
||||
|
||||
/* head is already sent out partially */
|
||||
if (t == conn->send_queue_head && t->wip)
|
||||
if (t == conn->send_queue_head && t->wip && !disconnected)
|
||||
t = t->next;
|
||||
|
||||
/* search forward to find the first USER element */
|
||||
@@ -1481,8 +1504,11 @@ char *xmpp_conn_send_queue_drop_element(xmpp_conn_t *conn,
|
||||
/* In case there exists a SM stanza that is linked to the
|
||||
* one we're currently dropping, also delete that one.
|
||||
*/
|
||||
if (t->next && t->next->userdata == t)
|
||||
if (t->next && t->next->userdata == t) {
|
||||
strophe_free(conn->ctx, _drop_send_queue_element(conn, t->next));
|
||||
/* reset the flag, so we restart to send `<r>` stanzas */
|
||||
conn->sm_state->r_sent = 0;
|
||||
}
|
||||
/* Finally drop the element */
|
||||
return _drop_send_queue_element(conn, t);
|
||||
}
|
||||
|
||||
185
src/deprecated.c
185
src/deprecated.c
@@ -19,6 +19,7 @@
|
||||
*/
|
||||
|
||||
#include "common.h"
|
||||
#include <limits.h>
|
||||
|
||||
/** Allocate memory in a Strophe context.
|
||||
* All Strophe functions will use this to allocate memory.
|
||||
@@ -86,6 +87,10 @@ char *xmpp_strndup(const xmpp_ctx_t *ctx, const char *s, size_t len)
|
||||
return strophe_strndup(ctx, s, len);
|
||||
}
|
||||
|
||||
/** Write to the log.
|
||||
*
|
||||
* @ingroup Deprecated
|
||||
*/
|
||||
void xmpp_log(const xmpp_ctx_t *ctx,
|
||||
xmpp_log_level_t level,
|
||||
const char *area,
|
||||
@@ -217,6 +222,10 @@ char *xmpp_strtok_r(char *s, const char *delim, char **saveptr)
|
||||
return strophe_strtok_r(s, delim, saveptr);
|
||||
}
|
||||
|
||||
/** snprintf(3) implementation.
|
||||
*
|
||||
* @ingroup Deprecated
|
||||
*/
|
||||
int xmpp_snprintf(char *str, size_t count, const char *fmt, ...)
|
||||
{
|
||||
va_list ap;
|
||||
@@ -228,11 +237,184 @@ int xmpp_snprintf(char *str, size_t count, const char *fmt, ...)
|
||||
return ret;
|
||||
}
|
||||
|
||||
/** vsnprintf(3) implementation.
|
||||
*
|
||||
* @ingroup Deprecated
|
||||
*/
|
||||
int xmpp_vsnprintf(char *str, size_t count, const char *fmt, va_list arg)
|
||||
{
|
||||
return strophe_vsnprintf(str, count, fmt, arg);
|
||||
}
|
||||
|
||||
/** Set the JID of the user that will be bound to the connection.
|
||||
* If any JID was previously set, it will be discarded. This should not be
|
||||
* be used after a connection is created. The function will make a copy of
|
||||
* the JID string. If the supplied JID is missing the node, SASL
|
||||
* ANONYMOUS authentication will be used.
|
||||
*
|
||||
* @param conn a Strophe connection object
|
||||
* @param jid a full or bare JID
|
||||
*
|
||||
* @ingroup Deprecated
|
||||
*/
|
||||
void xmpp_conn_set_jid(xmpp_conn_t *conn, const char *jid)
|
||||
{
|
||||
xmpp_conn_set_string(conn, XMPP_SETTING_JID, jid);
|
||||
}
|
||||
|
||||
/** Set the password used to authenticate the connection.
|
||||
* If any password was previously set, it will be discarded. The function
|
||||
* will make a copy of the password string.
|
||||
*
|
||||
* @param conn a Strophe connection object
|
||||
* @param pass the password
|
||||
*
|
||||
* @ingroup Deprecated
|
||||
*/
|
||||
void xmpp_conn_set_pass(xmpp_conn_t *conn, const char *pass)
|
||||
{
|
||||
xmpp_conn_set_string(conn, XMPP_SETTING_PASS, pass);
|
||||
}
|
||||
|
||||
/** Set the CAfile
|
||||
*
|
||||
* @param conn a Strophe connection object
|
||||
* @param path path to a certificate file
|
||||
*
|
||||
* @ingroup Deprecated
|
||||
*/
|
||||
void xmpp_conn_set_cafile(xmpp_conn_t *const conn, const char *path)
|
||||
{
|
||||
xmpp_conn_set_string(conn, XMPP_SETTING_CAFILE, path);
|
||||
}
|
||||
|
||||
/** Set the CApath
|
||||
*
|
||||
* @param conn a Strophe connection object
|
||||
* @param path path to a folder containing certificates
|
||||
*
|
||||
* @ingroup Deprecated
|
||||
*/
|
||||
void xmpp_conn_set_capath(xmpp_conn_t *const conn, const char *path)
|
||||
{
|
||||
xmpp_conn_set_string(conn, XMPP_SETTING_CAPATH, path);
|
||||
}
|
||||
|
||||
/** Set the Client Certificate and Private Key or PKCS#12 encoded file that
|
||||
* will be bound to the connection. If any of them was previously set, it
|
||||
* will be discarded. This should not be used after a connection is created.
|
||||
* The function will make a copy of the strings passed in.
|
||||
*
|
||||
* In case the Private Key is encrypted, a callback must be set via
|
||||
* \ref xmpp_conn_set_password_callback so the TLS stack can retrieve the
|
||||
* password.
|
||||
*
|
||||
* In case one wants to use a PKCS#12 encoded file, it should be passed via
|
||||
* the `cert` parameter and `key` should be NULL. Passing a PKCS#12 file in
|
||||
* `key` is deprecated.
|
||||
*
|
||||
* @param conn a Strophe connection object
|
||||
* @param cert path to a certificate file or a P12 file
|
||||
* @param key path to a private key file or a P12 file
|
||||
*
|
||||
* @ingroup Deprecated
|
||||
*/
|
||||
void xmpp_conn_set_client_cert(xmpp_conn_t *const conn,
|
||||
const char *const cert,
|
||||
const char *const key)
|
||||
{
|
||||
strophe_debug(conn->ctx, "conn", "set client cert %s %s", cert, key);
|
||||
if (!cert && key) {
|
||||
xmpp_conn_set_string(conn, XMPP_SETTING_CLIENT_CERT, key);
|
||||
strophe_warn(conn->ctx, "xmpp",
|
||||
"xmpp_conn_set_client_cert: Passing PKCS#12 in 'key' "
|
||||
"parameter is deprecated. Use 'cert' instead");
|
||||
} else {
|
||||
xmpp_conn_set_string(conn, XMPP_SETTING_CLIENT_CERT, cert);
|
||||
xmpp_conn_set_string(conn, XMPP_SETTING_CLIENT_KEY, key);
|
||||
}
|
||||
}
|
||||
|
||||
/** Set the number of retry attempts to decrypt a private key file.
|
||||
*
|
||||
* In case the user enters the password manually it can be useful to
|
||||
* directly retry if the decryption of the key file failed.
|
||||
*
|
||||
* @param conn a Strophe connection object
|
||||
* @param retries The number of retries that should be tried
|
||||
*
|
||||
* @ingroup Deprecated
|
||||
*/
|
||||
void xmpp_conn_set_password_retries(xmpp_conn_t *conn, unsigned int retries)
|
||||
{
|
||||
int val;
|
||||
if (retries > INT_MAX) {
|
||||
val = INT_MAX;
|
||||
strophe_warn(conn->ctx, "xmpp", "retries capped from %u to %d", retries,
|
||||
val);
|
||||
} else {
|
||||
val = (int)retries;
|
||||
}
|
||||
xmpp_conn_set_int(conn, XMPP_SETTING_PASSWORD_RETRIES, val);
|
||||
}
|
||||
|
||||
/** Set the Callback function which will be called when the TLS stack can't
|
||||
* decrypt a password protected key file.
|
||||
*
|
||||
* @param conn a Strophe connection object
|
||||
* @param cb The callback function that shall be called
|
||||
* @param userdata An opaque data pointer that will be passed to the callback
|
||||
*
|
||||
* @ingroup Deprecated
|
||||
*/
|
||||
void xmpp_conn_set_password_callback(xmpp_conn_t *conn,
|
||||
xmpp_password_callback cb,
|
||||
void *userdata)
|
||||
{
|
||||
xmpp_conn_set_functionpointer(conn, XMPP_SETTING_PASSWORD_CALLBACK, cb);
|
||||
xmpp_conn_set_pointer(conn, XMPP_SETTING_PASSWORD_CALLBACK_USERDATA,
|
||||
userdata);
|
||||
}
|
||||
|
||||
/** Set the Handler function which will be called when the TLS stack can't
|
||||
* verify the CA of the server we're trying to connect to.
|
||||
*
|
||||
* @param conn a Strophe connection object
|
||||
* @param hndl certfail Handler function
|
||||
*
|
||||
* @ingroup Deprecated
|
||||
*/
|
||||
void xmpp_conn_set_certfail_handler(xmpp_conn_t *const conn,
|
||||
xmpp_certfail_handler hndl)
|
||||
{
|
||||
xmpp_conn_set_functionpointer(conn, XMPP_SETTING_CERTFAIL_HANDLER, hndl);
|
||||
}
|
||||
|
||||
/** Register sockopt callback
|
||||
* Set function to be called when a new socket is created to allow setting
|
||||
* socket options before connection is started.
|
||||
*
|
||||
* If the connection is already connected, this callback will be called
|
||||
* immediately.
|
||||
*
|
||||
* To set options that can only be applied to disconnected sockets, the
|
||||
* callback must be registered before connecting.
|
||||
*
|
||||
* @param conn The Strophe connection object this callback is being registered
|
||||
* for
|
||||
* @param callback a xmpp_sockopt_callback callback function that will receive
|
||||
* notifications of connection status
|
||||
*
|
||||
* @ingroup Deprecated
|
||||
*/
|
||||
|
||||
void xmpp_conn_set_sockopt_callback(xmpp_conn_t *conn,
|
||||
xmpp_sockopt_callback callback)
|
||||
{
|
||||
xmpp_conn_set_functionpointer(conn, XMPP_SETTING_SOCKOPT_CALLBACK,
|
||||
callback);
|
||||
}
|
||||
|
||||
/** Set TCP keepalive parameters
|
||||
* Turn on TCP keepalive and set timeout and interval. Zero timeout
|
||||
* disables TCP keepalives. The parameters are applied immediately for
|
||||
@@ -253,7 +435,8 @@ void xmpp_conn_set_keepalive(xmpp_conn_t *conn, int timeout, int interval)
|
||||
conn->ka_timeout = timeout;
|
||||
conn->ka_interval = interval;
|
||||
conn->ka_count = 0;
|
||||
xmpp_conn_set_sockopt_callback(conn, xmpp_sockopt_cb_keepalive);
|
||||
xmpp_conn_set_functionpointer(conn, XMPP_SETTING_SOCKOPT_CALLBACK,
|
||||
xmpp_sockopt_cb_keepalive);
|
||||
}
|
||||
|
||||
/** Disable TLS for this connection, called by users of the library.
|
||||
|
||||
11
src/scram.c
11
src/scram.c
@@ -78,12 +78,23 @@ const struct hash_alg scram_sha512 = {
|
||||
(void (*)(void *, const uint8_t *, size_t))sha512_process,
|
||||
(void (*)(void *, uint8_t *))sha512_done};
|
||||
|
||||
const struct hash_alg scram_sha512_plus = {
|
||||
"SCRAM-SHA-512-PLUS",
|
||||
SASL_MASK_SCRAMSHA512_PLUS,
|
||||
SHA512_DIGEST_SIZE,
|
||||
(void (*)(const uint8_t *, size_t, uint8_t *))sha512_hash,
|
||||
(void (*)(void *))sha512_init,
|
||||
(void (*)(void *, const uint8_t *, size_t))sha512_process,
|
||||
(void (*)(void *, uint8_t *))sha512_done};
|
||||
|
||||
/* The order of this list defines the order in which the SCRAM algorithms are
|
||||
* tried if the server supports them.
|
||||
* Their order is derived from
|
||||
* https://datatracker.ietf.org/doc/html/draft-ietf-kitten-password-storage
|
||||
*/
|
||||
const struct hash_alg *scram_algs[] = {
|
||||
/* *1 */
|
||||
&scram_sha512_plus,
|
||||
/* *1 */
|
||||
&scram_sha256_plus,
|
||||
/* *1 */
|
||||
|
||||
@@ -123,7 +123,8 @@ static void sock_getaddrinfo(xmpp_sock_t *xsock)
|
||||
rc = getaddrinfo(xsock->srv_rr_cur->target, service, &hints,
|
||||
&xsock->ainfo_list);
|
||||
if (rc != 0) {
|
||||
strophe_debug(xsock->ctx, "sock", "getaddrinfo() failed with %d",
|
||||
strophe_debug(xsock->ctx, "sock",
|
||||
"getaddrinfo() failed with %s (%d)", gai_strerror(rc),
|
||||
rc);
|
||||
xsock->ainfo_list = NULL;
|
||||
}
|
||||
@@ -236,7 +237,7 @@ sock_t sock_connect(xmpp_sock_t *xsock)
|
||||
if (rc != 0) {
|
||||
strophe_debug(xsock->ctx, "sock",
|
||||
"User's setsockopt callback"
|
||||
"failed with %d (errno=%d)",
|
||||
" failed with %d (errno=%d)",
|
||||
rc, errno);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -51,8 +51,10 @@
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER < 0x30000000L
|
||||
#define STROPHE_ERR_func_error_string(e) ERR_func_error_string(e)
|
||||
#define STROPHE_SSL_get1_peer_certificate(s) SSL_get_peer_certificate(s)
|
||||
#else
|
||||
#define STROPHE_ERR_func_error_string(e) ""
|
||||
#define STROPHE_SSL_get1_peer_certificate(s) SSL_get1_peer_certificate(s)
|
||||
#endif
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
@@ -109,6 +111,7 @@ struct _tls {
|
||||
X509 *client_cert;
|
||||
void *channel_binding_data;
|
||||
size_t channel_binding_size;
|
||||
FILE *keylogfile;
|
||||
int lasterror;
|
||||
};
|
||||
|
||||
@@ -556,6 +559,36 @@ static int _tls_password_callback(char *buf, int size, int rwflag, void *u)
|
||||
return tls_caching_password_callback(buf, size, u);
|
||||
}
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10101000L
|
||||
static void _keylog_cb(const SSL *ssl, const char *line)
|
||||
{
|
||||
xmpp_conn_t *conn = SSL_get_app_data(ssl);
|
||||
fwrite(line, strlen(line), 1, conn->tls->keylogfile);
|
||||
fputc('\n', conn->tls->keylogfile);
|
||||
fflush(conn->tls->keylogfile);
|
||||
}
|
||||
#endif
|
||||
|
||||
static void _try_open_keylogfile(tls_t *tls)
|
||||
{
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10101000L
|
||||
const char *first_line = "# SSL Key logfile generated by libstrophe\n";
|
||||
const char *SSLKEYLOGFILE = getenv("SSLKEYLOGFILE");
|
||||
if (!SSLKEYLOGFILE || *SSLKEYLOGFILE == '\0')
|
||||
return;
|
||||
tls->keylogfile = fopen(SSLKEYLOGFILE, "abe");
|
||||
if (!tls->keylogfile) {
|
||||
strophe_warn(tls->ctx, "tls", "Could not open SSL keylog file %s",
|
||||
SSLKEYLOGFILE);
|
||||
return;
|
||||
}
|
||||
fwrite(first_line, strlen(first_line), 1, tls->keylogfile);
|
||||
SSL_CTX_set_keylog_callback(tls->ssl_ctx, _keylog_cb);
|
||||
#else
|
||||
UNUSED(tls);
|
||||
#endif
|
||||
}
|
||||
|
||||
tls_t *tls_new(xmpp_conn_t *conn)
|
||||
{
|
||||
tls_t *tls = strophe_alloc(conn->ctx, sizeof(*tls));
|
||||
@@ -699,6 +732,8 @@ tls_t *tls_new(xmpp_conn_t *conn)
|
||||
ret = SSL_set_fd(tls->ssl, conn->sock);
|
||||
if (ret <= 0)
|
||||
goto err_free_ssl;
|
||||
|
||||
_try_open_keylogfile(tls);
|
||||
}
|
||||
|
||||
return tls;
|
||||
@@ -717,6 +752,8 @@ err:
|
||||
|
||||
void tls_free(tls_t *tls)
|
||||
{
|
||||
if (tls->keylogfile)
|
||||
fclose(tls->keylogfile);
|
||||
strophe_free(tls->ctx, tls->channel_binding_data);
|
||||
SSL_free(tls->ssl);
|
||||
X509_free(tls->client_cert);
|
||||
@@ -727,7 +764,7 @@ void tls_free(tls_t *tls)
|
||||
xmpp_tlscert_t *tls_peer_cert(xmpp_conn_t *conn)
|
||||
{
|
||||
if (conn && conn->tls && conn->tls->ssl) {
|
||||
X509 *cert = SSL_get_peer_certificate(conn->tls->ssl);
|
||||
X509 *cert = STROPHE_SSL_get1_peer_certificate(conn->tls->ssl);
|
||||
if (cert) {
|
||||
xmpp_tlscert_t *tlscert = _x509_to_tlscert(conn->ctx, cert);
|
||||
X509_free(cert);
|
||||
@@ -999,7 +1036,7 @@ static void _tls_dump_cert_info(tls_t *tls)
|
||||
X509 *cert;
|
||||
char *name;
|
||||
|
||||
cert = SSL_get_peer_certificate(tls->ssl);
|
||||
cert = STROPHE_SSL_get1_peer_certificate(tls->ssl);
|
||||
if (cert == NULL)
|
||||
strophe_debug(tls->ctx, "tls", "Certificate was not presented by peer");
|
||||
else {
|
||||
|
||||
93
strophe.h
93
strophe.h
@@ -371,37 +371,70 @@ typedef int (*xmpp_sockopt_callback)(xmpp_conn_t *conn, void *sock);
|
||||
/* an example callback that sets basic keepalive parameters */
|
||||
int xmpp_sockopt_cb_keepalive(xmpp_conn_t *conn, void *sock);
|
||||
|
||||
void xmpp_send_error(xmpp_conn_t *conn, xmpp_error_type_t type, char *text);
|
||||
xmpp_conn_t *xmpp_conn_new(xmpp_ctx_t *ctx);
|
||||
xmpp_conn_t *xmpp_conn_clone(xmpp_conn_t *conn);
|
||||
int xmpp_conn_release(xmpp_conn_t *conn);
|
||||
|
||||
/** Connection settings
|
||||
*/
|
||||
typedef enum xmpp_conn_setting_t {
|
||||
/* String values */
|
||||
XMPP_SETTING_JID = 0x0, /**< JID */
|
||||
XMPP_SETTING_PASS, /**< Password */
|
||||
XMPP_SETTING_CAFILE, /**< CAfile */
|
||||
XMPP_SETTING_CAPATH, /**< CApath */
|
||||
XMPP_SETTING_CLIENT_CERT, /**< Client Certificate */
|
||||
XMPP_SETTING_CLIENT_KEY, /**< Key of Client Certificate */
|
||||
|
||||
/* Int values */
|
||||
XMPP_SETTING_PASSWORD_RETRIES = 0x40, /**< Number of retry attempts to
|
||||
decrypt a private key file. */
|
||||
XMPP_SETTING_COMPRESSION_LEVEL, /**< Compression level. */
|
||||
|
||||
/* Pointer values */
|
||||
XMPP_SETTING_PASSWORD_CALLBACK_USERDATA = 0x80, /**< Userdata for password
|
||||
callback function */
|
||||
|
||||
/* Functionpointer values */
|
||||
XMPP_SETTING_PASSWORD_CALLBACK = 0xC0, /**< Callback function to retrieve
|
||||
password for key file. */
|
||||
XMPP_SETTING_CERTFAIL_HANDLER, /**< Handler function when certificate chain
|
||||
can't be verified */
|
||||
XMPP_SETTING_SOCKOPT_CALLBACK, /**< Callback function when a new socket is
|
||||
created. */
|
||||
} xmpp_conn_setting_t;
|
||||
|
||||
void xmpp_conn_set_int(xmpp_conn_t *conn,
|
||||
xmpp_conn_setting_t setting,
|
||||
int value);
|
||||
void xmpp_conn_set_string(xmpp_conn_t *conn,
|
||||
xmpp_conn_setting_t setting,
|
||||
const char *value);
|
||||
void xmpp_conn_set_pointer(xmpp_conn_t *conn,
|
||||
xmpp_conn_setting_t setting,
|
||||
void *value);
|
||||
/* Provide a wrapper macro, so users don't have to cast their function pointer
|
||||
* type manually. */
|
||||
typedef int (*xmpp_conn_pfn_t)();
|
||||
#define xmpp_conn_set_functionpointer(c, s, p) \
|
||||
do { \
|
||||
xmpp_conn_set_functionpointer_impl(c, s, (xmpp_conn_pfn_t)p); \
|
||||
} while (0)
|
||||
void xmpp_conn_set_functionpointer_impl(xmpp_conn_t *conn,
|
||||
xmpp_conn_setting_t setting,
|
||||
xmpp_conn_pfn_t pfn);
|
||||
|
||||
long xmpp_conn_get_flags(const xmpp_conn_t *conn);
|
||||
int xmpp_conn_set_flags(xmpp_conn_t *conn, long flags);
|
||||
const char *xmpp_conn_get_jid(const xmpp_conn_t *conn);
|
||||
const char *xmpp_conn_get_bound_jid(const xmpp_conn_t *conn);
|
||||
void xmpp_conn_set_jid(xmpp_conn_t *conn, const char *jid);
|
||||
void xmpp_conn_set_cafile(xmpp_conn_t *const conn, const char *path);
|
||||
void xmpp_conn_set_capath(xmpp_conn_t *const conn, const char *path);
|
||||
void xmpp_conn_set_certfail_handler(xmpp_conn_t *const conn,
|
||||
xmpp_certfail_handler hndl);
|
||||
xmpp_tlscert_t *xmpp_conn_get_peer_cert(xmpp_conn_t *const conn);
|
||||
void xmpp_conn_set_password_callback(xmpp_conn_t *conn,
|
||||
xmpp_password_callback cb,
|
||||
void *userdata);
|
||||
void xmpp_conn_set_password_retries(xmpp_conn_t *conn, unsigned int retries);
|
||||
const char *xmpp_conn_get_keyfile(const xmpp_conn_t *conn);
|
||||
void xmpp_conn_set_client_cert(xmpp_conn_t *conn,
|
||||
const char *cert,
|
||||
const char *key);
|
||||
unsigned int xmpp_conn_cert_xmppaddr_num(xmpp_conn_t *conn);
|
||||
char *xmpp_conn_cert_xmppaddr(xmpp_conn_t *conn, unsigned int n);
|
||||
const char *xmpp_conn_get_pass(const xmpp_conn_t *conn);
|
||||
void xmpp_conn_set_pass(xmpp_conn_t *conn, const char *pass);
|
||||
xmpp_ctx_t *xmpp_conn_get_context(xmpp_conn_t *conn);
|
||||
int xmpp_conn_is_secured(xmpp_conn_t *conn);
|
||||
void xmpp_conn_set_sockopt_callback(xmpp_conn_t *conn,
|
||||
xmpp_sockopt_callback callback);
|
||||
int xmpp_conn_is_connecting(xmpp_conn_t *conn);
|
||||
int xmpp_conn_is_connected(xmpp_conn_t *conn);
|
||||
int xmpp_conn_is_disconnected(xmpp_conn_t *conn);
|
||||
@@ -445,6 +478,7 @@ int xmpp_conn_tls_start(xmpp_conn_t *conn);
|
||||
void xmpp_disconnect(xmpp_conn_t *conn);
|
||||
|
||||
void xmpp_send(xmpp_conn_t *conn, xmpp_stanza_t *stanza);
|
||||
void xmpp_send_error(xmpp_conn_t *conn, xmpp_error_type_t type, char *text);
|
||||
|
||||
void xmpp_send_raw_string(xmpp_conn_t *conn, const char *fmt, ...);
|
||||
void xmpp_send_raw(xmpp_conn_t *conn, const char *data, size_t len);
|
||||
@@ -712,6 +746,7 @@ void xmpp_rand_nonce(xmpp_rand_t *rand, char *output, size_t len);
|
||||
* deprecation */
|
||||
#include <stdarg.h>
|
||||
|
||||
#if !defined(XMPP_DEPRECATED)
|
||||
/**
|
||||
* XMPP_DEPRECATED(x) macro to show a compiler warning for deprecated API
|
||||
* functions
|
||||
@@ -730,6 +765,7 @@ void xmpp_rand_nonce(xmpp_rand_t *rand, char *output, size_t len);
|
||||
#else
|
||||
#define XMPP_DEPRECATED(x)
|
||||
#endif
|
||||
#endif
|
||||
|
||||
XMPP_DEPRECATED(internal) void *xmpp_alloc(const xmpp_ctx_t *ctx, size_t size);
|
||||
XMPP_DEPRECATED(internal)
|
||||
@@ -769,6 +805,31 @@ void xmpp_conn_set_keepalive(xmpp_conn_t *conn, int timeout, int interval);
|
||||
XMPP_DEPRECATED(xmpp_conn_set_flags)
|
||||
void xmpp_conn_disable_tls(xmpp_conn_t *conn);
|
||||
|
||||
XMPP_DEPRECATED(xmpp_conn_set_string)
|
||||
void xmpp_conn_set_jid(xmpp_conn_t *conn, const char *jid);
|
||||
XMPP_DEPRECATED(xmpp_conn_set_string)
|
||||
void xmpp_conn_set_pass(xmpp_conn_t *conn, const char *pass);
|
||||
XMPP_DEPRECATED(xmpp_conn_set_string)
|
||||
void xmpp_conn_set_cafile(xmpp_conn_t *const conn, const char *path);
|
||||
XMPP_DEPRECATED(xmpp_conn_set_string)
|
||||
void xmpp_conn_set_capath(xmpp_conn_t *const conn, const char *path);
|
||||
XMPP_DEPRECATED(xmpp_conn_set_string)
|
||||
void xmpp_conn_set_client_cert(xmpp_conn_t *conn,
|
||||
const char *cert,
|
||||
const char *key);
|
||||
XMPP_DEPRECATED(xmpp_conn_set_int)
|
||||
void xmpp_conn_set_password_retries(xmpp_conn_t *conn, unsigned int retries);
|
||||
XMPP_DEPRECATED(xmpp_conn_set_functionpointer)
|
||||
void xmpp_conn_set_password_callback(xmpp_conn_t *conn,
|
||||
xmpp_password_callback cb,
|
||||
void *userdata);
|
||||
XMPP_DEPRECATED(xmpp_conn_set_functionpointer)
|
||||
void xmpp_conn_set_certfail_handler(xmpp_conn_t *const conn,
|
||||
xmpp_certfail_handler hndl);
|
||||
XMPP_DEPRECATED(xmpp_conn_set_functionpointer)
|
||||
void xmpp_conn_set_sockopt_callback(xmpp_conn_t *conn,
|
||||
xmpp_sockopt_callback callback);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
@@ -7,6 +7,7 @@
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <limits.h>
|
||||
|
||||
#undef HAVE_VSNPRINTF
|
||||
#undef HAVE_SNPRINTF
|
||||
@@ -28,7 +29,14 @@ int main(void)
|
||||
char *int_fmt[] = {"%-1.5d", "%1.5d", "%123.9d", "%5.5d",
|
||||
"%10.5d", "% 10.5d", "%+22.33d", "%01.3d",
|
||||
"%4d", "0x%x", "0x%04x", NULL};
|
||||
long int_nums[] = {-1, 134, 91340, 341, 0203, 0x76543210, 0};
|
||||
int int_nums[] = {-1, 134, 91340, 341, 0203,
|
||||
0x76543210, INT_MIN, INT_MAX, 0};
|
||||
char *long_fmt[] = {"%-1.5ld", "%1.5ld", "%123.9ld", "%5.5ld",
|
||||
"%10.5ld", "% 10.5ld", "%+22.33ld", "%01.3ld",
|
||||
"%4ld", "0x%lx", "0x%04lx", NULL};
|
||||
long long_nums[] = {-1L, 134L, 91340L,
|
||||
341L, 0203L, 0xFEDCBA9876543210L,
|
||||
LONG_MIN, LONG_MAX, 0L};
|
||||
int x, y;
|
||||
int fail = 0;
|
||||
int num = 0;
|
||||
@@ -60,6 +68,19 @@ int main(void)
|
||||
}
|
||||
num++;
|
||||
}
|
||||
|
||||
for (x = 0; long_fmt[x] != NULL; x++)
|
||||
for (y = 0; long_nums[y] != 0; y++) {
|
||||
strophe_snprintf(buf1, sizeof(buf1), long_fmt[x], long_nums[y]);
|
||||
sprintf(buf2, long_fmt[x], long_nums[y]);
|
||||
if (strcmp(buf1, buf2)) {
|
||||
printf("xmpp_snprintf doesn't match Format: "
|
||||
"%s\n\txmpp_snprintf = %s\n\tsprintf = %s\n",
|
||||
long_fmt[x], buf1, buf2);
|
||||
fail++;
|
||||
}
|
||||
num++;
|
||||
}
|
||||
printf("%d tests failed out of %d.\n", fail, num);
|
||||
return fail != 0 ? 1 : 0;
|
||||
}
|
||||
|
||||
@@ -16,6 +16,7 @@
|
||||
#include <string.h>
|
||||
#include <sys/param.h>
|
||||
|
||||
#define XMPP_DEPRECATED(x)
|
||||
#include "strophe.h"
|
||||
|
||||
#include "test.h"
|
||||
@@ -41,12 +42,14 @@ int main()
|
||||
} client_cert[] = {
|
||||
{0, "tests/cert.pem", "tests/key.pem"},
|
||||
{1, "tests/cert.pem", "tests/key_encrypted.pem"},
|
||||
{0, NULL, "tests/cert.emptypass.pfx"},
|
||||
{0, NULL, "tests/cert.nopass.pfx"},
|
||||
{1, NULL, "tests/cert.pfx"},
|
||||
{0, "tests/cert.emptypass.pfx", NULL},
|
||||
{0, "tests/cert.nopass.pfx", NULL},
|
||||
{1, "tests/cert.pfx", NULL},
|
||||
/* Backward compatibility checks for change introduced in #208
|
||||
* To be removed, once xmpp_conn_set_client_cert() is gone */
|
||||
{0, NULL, "tests/cert.emptypass.pfx"},
|
||||
{0, NULL, "tests/cert.nopass.pfx"},
|
||||
{1, NULL, "tests/cert.pfx"},
|
||||
};
|
||||
|
||||
const char *srcdir;
|
||||
@@ -78,9 +81,15 @@ int main()
|
||||
keyfile = NULL;
|
||||
|
||||
if (client_cert[m].needs_callback)
|
||||
xmpp_conn_set_password_callback(conn, password_callback, NULL);
|
||||
xmpp_conn_set_functionpointer(conn, XMPP_SETTING_PASSWORD_CALLBACK,
|
||||
password_callback);
|
||||
|
||||
xmpp_conn_set_client_cert(conn, certfile, keyfile);
|
||||
if (certfile) {
|
||||
xmpp_conn_set_string(conn, XMPP_SETTING_CLIENT_CERT, certfile);
|
||||
xmpp_conn_set_string(conn, XMPP_SETTING_CLIENT_KEY, keyfile);
|
||||
} else {
|
||||
xmpp_conn_set_client_cert(conn, certfile, keyfile);
|
||||
}
|
||||
|
||||
xmppaddr_num[0] = '0' + xmpp_conn_cert_xmppaddr_num(conn);
|
||||
|
||||
|
||||
Reference in New Issue
Block a user