mirror of
https://git.jabber.space/devs/cproof.git
synced 2026-07-18 14:06:21 +00:00
upstream: Retrieve and save new fingerprints from libstrophe. (0acea8d0d)
This commit is contained in:
13
configure.ac
13
configure.ac
@@ -175,6 +175,19 @@ AC_LINK_IFELSE([AC_LANG_SOURCE([[
|
||||
[AC_MSG_RESULT([yes])],
|
||||
[AC_MSG_ERROR([libstrophe is broken, check config.log for details])])
|
||||
|
||||
AC_MSG_CHECKING([whether libstrophe has XMPP_CERT_PUBKEY_FINGERPRINT_SHA256 support])
|
||||
AC_LINK_IFELSE([AC_LANG_SOURCE([[
|
||||
#include <strophe.h>
|
||||
|
||||
int main() {
|
||||
xmpp_tlscert_get_string(NULL, XMPP_CERT_PUBKEY_FINGERPRINT_SHA256);
|
||||
return 1;
|
||||
}
|
||||
]])],
|
||||
[AC_MSG_RESULT([yes])
|
||||
AC_DEFINE([HAVE_XMPP_CERT_PUBKEY_FINGERPRINT_SHA256], [1], [Have XMPP_CERT_PUBKEY_FINGERPRINT_SHA256])],
|
||||
[AC_MSG_RESULT(no)])
|
||||
|
||||
## Check for curses library
|
||||
PKG_CHECK_MODULES([ncursesw], [ncursesw],
|
||||
[NCURSES_CFLAGS="$ncursesw_CFLAGS"; NCURSES_LIBS="$ncursesw_LIBS"; CURSES="ncursesw"],
|
||||
|
||||
@@ -138,7 +138,7 @@ tlscerts_list(void)
|
||||
auto_gchar gchar* signaturealg = g_key_file_get_string(tlscerts, fingerprint, "signaturealg", NULL);
|
||||
|
||||
TLSCertificate* cert = tlscerts_new(fingerprint, version, serialnumber, subjectname, issuername, notbefore,
|
||||
notafter, keyalg, signaturealg, NULL);
|
||||
notafter, keyalg, signaturealg, NULL, NULL, NULL);
|
||||
|
||||
res = g_list_append(res, cert);
|
||||
}
|
||||
@@ -149,13 +149,17 @@ tlscerts_list(void)
|
||||
TLSCertificate*
|
||||
tlscerts_new(const char* fingerprint_sha1, int version, const char* serialnumber, const char* subjectname,
|
||||
const char* issuername, const char* notbefore, const char* notafter,
|
||||
const char* key_alg, const char* signature_alg, const char* pem)
|
||||
const char* key_alg, const char* signature_alg, const char* pem,
|
||||
const char* fingerprint_sha256, const char* pubkey_fingerprint)
|
||||
{
|
||||
TLSCertificate* cert = calloc(1, sizeof(TLSCertificate));
|
||||
|
||||
if (fingerprint_sha1) {
|
||||
cert->fingerprint_sha1 = strdup(fingerprint_sha1);
|
||||
}
|
||||
if (fingerprint_sha256) {
|
||||
cert->fingerprint_sha256 = strdup(fingerprint_sha256);
|
||||
}
|
||||
cert->version = version;
|
||||
if (serialnumber) {
|
||||
cert->serialnumber = strdup(serialnumber);
|
||||
@@ -181,6 +185,9 @@ tlscerts_new(const char* fingerprint_sha1, int version, const char* serialnumber
|
||||
if (pem) {
|
||||
cert->pem = strdup(pem);
|
||||
}
|
||||
if (pubkey_fingerprint) {
|
||||
cert->pubkey_fingerprint = strdup(pubkey_fingerprint);
|
||||
}
|
||||
|
||||
auto_gcharv gchar** fields = g_strsplit(subjectname, "/", 0);
|
||||
for (int i = 0; i < g_strv_length(fields); i++) {
|
||||
@@ -315,9 +322,8 @@ tlscerts_get_trusted(const char* fingerprint)
|
||||
auto_gchar gchar* keyalg = g_key_file_get_string(tlscerts, fingerprint, "keyalg", NULL);
|
||||
auto_gchar gchar* signaturealg = g_key_file_get_string(tlscerts, fingerprint, "signaturealg", NULL);
|
||||
|
||||
TLSCertificate* cert = tlscerts_new(fingerprint, version, serialnumber, subjectname, issuername, notbefore,
|
||||
notafter, keyalg, signaturealg, NULL);
|
||||
return cert;
|
||||
return tlscerts_new(fingerprint, version, serialnumber, subjectname, issuername, notbefore,
|
||||
notafter, keyalg, signaturealg, NULL, NULL, NULL);
|
||||
}
|
||||
|
||||
char*
|
||||
@@ -361,6 +367,8 @@ tlscerts_free(TLSCertificate* cert)
|
||||
free(cert->notbefore);
|
||||
free(cert->notafter);
|
||||
free(cert->fingerprint_sha1);
|
||||
free(cert->fingerprint_sha256);
|
||||
free(cert->pubkey_fingerprint);
|
||||
|
||||
free(cert->key_alg);
|
||||
free(cert->signature_alg);
|
||||
|
||||
@@ -63,16 +63,19 @@ typedef struct tls_cert_t
|
||||
char* notbefore;
|
||||
char* notafter;
|
||||
char* fingerprint_sha1;
|
||||
char* fingerprint_sha256;
|
||||
char* key_alg;
|
||||
char* signature_alg;
|
||||
char* pem;
|
||||
char* pubkey_fingerprint;
|
||||
} TLSCertificate;
|
||||
|
||||
void tlscerts_init(void);
|
||||
|
||||
TLSCertificate* tlscerts_new(const char* fingerprint_sha1, int version, const char* serialnumber, const char* subjectname,
|
||||
const char* issuername, const char* notbefore, const char* notafter,
|
||||
const char* key_alg, const char* signature_alg, const char* pem);
|
||||
const char* key_alg, const char* signature_alg, const char* pem,
|
||||
const char* fingerprint_sha256, const char* pubkey_fingerprint);
|
||||
|
||||
void tlscerts_set_current(const TLSCertificate* cert);
|
||||
|
||||
|
||||
@@ -90,6 +90,13 @@ cons_show(const char* const msg, ...)
|
||||
va_end(arg);
|
||||
}
|
||||
|
||||
#define cons_show_if_set(fmt, elmnt) \
|
||||
do { \
|
||||
if (elmnt) { \
|
||||
cons_show(fmt, elmnt); \
|
||||
} \
|
||||
} while (0)
|
||||
|
||||
void
|
||||
cons_show_padded(int pad, const char* const msg, ...)
|
||||
{
|
||||
@@ -260,7 +267,9 @@ cons_show_tlscert(const TLSCertificate* cert)
|
||||
cons_show(" Start : %s", cert->notbefore);
|
||||
cons_show(" End : %s", cert->notafter);
|
||||
|
||||
cons_show(" Fingerprint : %s", cert->fingerprint_sha1);
|
||||
cons_show_if_set(" Fingerprint SHA1 : %s", cert->fingerprint_sha1);
|
||||
cons_show_if_set(" Fingerprint SHA256 : %s", cert->fingerprint_sha256);
|
||||
cons_show_if_set(" Pubkey Fingerprint : %s", cert->pubkey_fingerprint);
|
||||
}
|
||||
|
||||
void
|
||||
|
||||
@@ -1080,6 +1080,10 @@ _connection_certfail_cb(const xmpp_tlscert_t* xmpptlscert, const char* errormsg)
|
||||
TLSCertificate*
|
||||
_xmppcert_to_profcert(const xmpp_tlscert_t* xmpptlscert)
|
||||
{
|
||||
const char* pubkey_fp = NULL;
|
||||
#ifdef HAVE_XMPP_CERT_PUBKEY_FINGERPRINT_SHA256
|
||||
pubkey_fp = xmpp_tlscert_get_string(xmpptlscert, XMPP_CERT_PUBKEY_FINGERPRINT_SHA256);
|
||||
#endif
|
||||
int version = (int)strtol(
|
||||
xmpp_tlscert_get_string(xmpptlscert, XMPP_CERT_VERSION), NULL, 10);
|
||||
return tlscerts_new(
|
||||
@@ -1092,7 +1096,9 @@ _xmppcert_to_profcert(const xmpp_tlscert_t* xmpptlscert)
|
||||
xmpp_tlscert_get_string(xmpptlscert, XMPP_CERT_NOTAFTER),
|
||||
xmpp_tlscert_get_string(xmpptlscert, XMPP_CERT_KEYALG),
|
||||
xmpp_tlscert_get_string(xmpptlscert, XMPP_CERT_SIGALG),
|
||||
xmpp_tlscert_get_pem(xmpptlscert));
|
||||
xmpp_tlscert_get_pem(xmpptlscert),
|
||||
xmpp_tlscert_get_string(xmpptlscert, XMPP_CERT_FINGERPRINT_SHA256),
|
||||
pubkey_fp);
|
||||
}
|
||||
|
||||
static void
|
||||
|
||||
Reference in New Issue
Block a user