aboutsummaryrefslogtreecommitdiff
path: root/xmpp-vala/src/core
diff options
context:
space:
mode:
authorfiaxh <git@lightrise.org>2020-12-31 19:00:54 +0100
committerfiaxh <git@lightrise.org>2020-12-31 19:04:02 +0100
commit81a55052707d460a7f437b664682817c2c99dce6 (patch)
tree0d2b184a98d5a62d47beb2a4a09a13a4ea6e12a4 /xmpp-vala/src/core
parent99e98ac8d97296b0a34351d3bc8b155b0c8fc6db (diff)
downloaddino-81a55052707d460a7f437b664682817c2c99dce6.tar.gz
dino-81a55052707d460a7f437b664682817c2c99dce6.zip
Allow certificates from unknown CAs from .onion domains
It's barely possible for .onion servers to provide a non-self-signed cert. But that's fine because encryption is provided independently though TOR. see #958
Diffstat (limited to 'xmpp-vala/src/core')
-rw-r--r--xmpp-vala/src/core/direct_tls_xmpp_stream.vala11
-rw-r--r--xmpp-vala/src/core/io_xmpp_stream.vala4
-rw-r--r--xmpp-vala/src/core/starttls_xmpp_stream.vala7
-rw-r--r--xmpp-vala/src/core/stream_connect.vala8
-rw-r--r--xmpp-vala/src/core/tls_xmpp_stream.vala8
-rw-r--r--xmpp-vala/src/core/xmpp_stream.vala6
6 files changed, 32 insertions, 12 deletions
diff --git a/xmpp-vala/src/core/direct_tls_xmpp_stream.vala b/xmpp-vala/src/core/direct_tls_xmpp_stream.vala
index 1d2f7339..1c262598 100644
--- a/xmpp-vala/src/core/direct_tls_xmpp_stream.vala
+++ b/xmpp-vala/src/core/direct_tls_xmpp_stream.vala
@@ -2,11 +2,13 @@ public class Xmpp.DirectTlsXmppStream : TlsXmppStream {
string host;
uint16 port;
+ TlsXmppStream.OnInvalidCert on_invalid_cert_outer;
- public DirectTlsXmppStream(Jid remote, string host, uint16 port) {
- this.remote_name = remote;
+ public DirectTlsXmppStream(Jid remote_name, string host, uint16 port, TlsXmppStream.OnInvalidCert on_invalid_cert) {
+ base(remote_name);
this.host = host;
this.port = port;
+ this.on_invalid_cert_outer = on_invalid_cert;
}
public override async void connect() throws IOStreamError {
@@ -15,10 +17,11 @@ public class Xmpp.DirectTlsXmppStream : TlsXmppStream {
debug("Connecting to %s %i (tls)", host, port);
IOStream? io_stream = yield client.connect_to_host_async(host, port);
TlsConnection tls_connection = TlsClientConnection.new(io_stream, new NetworkAddress(remote_name.to_string(), port));
- #if ALPN_SUPPORT
+#if ALPN_SUPPORT
tls_connection.set_advertised_protocols(new string[]{"xmpp-client"});
- #endif
+#endif
tls_connection.accept_certificate.connect(on_invalid_certificate);
+ tls_connection.accept_certificate.connect(on_invalid_cert_outer);
reset_stream(tls_connection);
yield setup();
diff --git a/xmpp-vala/src/core/io_xmpp_stream.vala b/xmpp-vala/src/core/io_xmpp_stream.vala
index 56efd7cd..02653720 100644
--- a/xmpp-vala/src/core/io_xmpp_stream.vala
+++ b/xmpp-vala/src/core/io_xmpp_stream.vala
@@ -11,6 +11,10 @@ public abstract class Xmpp.IoXmppStream : XmppStream {
internal WriteNodeFunc? write_obj = null;
+ protected IoXmppStream(Jid remote_name) {
+ base(remote_name);
+ }
+
public override async void disconnect() throws IOStreamError, XmlError, IOError {
disconnected = true;
if (writer == null || reader == null || stream == null) {
diff --git a/xmpp-vala/src/core/starttls_xmpp_stream.vala b/xmpp-vala/src/core/starttls_xmpp_stream.vala
index 3df0dffb..401d7295 100644
--- a/xmpp-vala/src/core/starttls_xmpp_stream.vala
+++ b/xmpp-vala/src/core/starttls_xmpp_stream.vala
@@ -4,11 +4,13 @@ public class Xmpp.StartTlsXmppStream : TlsXmppStream {
string host;
uint16 port;
+ TlsXmppStream.OnInvalidCert on_invalid_cert_outer;
- public StartTlsXmppStream(Jid remote, string host, uint16 port) {
- this.remote_name = remote;
+ public StartTlsXmppStream(Jid remote, string host, uint16 port, TlsXmppStream.OnInvalidCert on_invalid_cert) {
+ base(remote);
this.host = host;
this.port = port;
+ this.on_invalid_cert_outer = on_invalid_cert;
}
public override async void connect() throws IOStreamError {
@@ -40,6 +42,7 @@ public class Xmpp.StartTlsXmppStream : TlsXmppStream {
reset_stream(conn);
conn.accept_certificate.connect(on_invalid_certificate);
+ conn.accept_certificate.connect(on_invalid_cert_outer);
} catch (Error e) {
stderr.printf("Failed to start TLS: %s\n", e.message);
}
diff --git a/xmpp-vala/src/core/stream_connect.vala b/xmpp-vala/src/core/stream_connect.vala
index a7615e9f..9a3dac76 100644
--- a/xmpp-vala/src/core/stream_connect.vala
+++ b/xmpp-vala/src/core/stream_connect.vala
@@ -8,12 +8,12 @@ namespace Xmpp {
}
public class XmppStreamResult {
- public XmppStream? stream { get; set; }
+ public TlsXmppStream? stream { get; set; }
public TlsCertificateFlags? tls_errors { get; set; }
public IOStreamError? io_error { get; set; }
}
- public async XmppStreamResult establish_stream(Jid bare_jid, Gee.List<XmppStreamModule> modules, string? log_options) {
+ public async XmppStreamResult establish_stream(Jid bare_jid, Gee.List<XmppStreamModule> modules, string? log_options, TlsXmppStream.OnInvalidCert on_invalid_cert) {
Jid remote = bare_jid.domain_jid;
//Lookup xmpp-client and xmpps-client SRV records
@@ -58,9 +58,9 @@ namespace Xmpp {
foreach (SrvTargetInfo target in targets) {
try {
if (target.service == "xmpp-client") {
- stream = new StartTlsXmppStream(remote, target.host, target.port);
+ stream = new StartTlsXmppStream(remote, target.host, target.port, on_invalid_cert);
} else {
- stream = new DirectTlsXmppStream(remote, target.host, target.port);
+ stream = new DirectTlsXmppStream(remote, target.host, target.port, on_invalid_cert);
}
stream.log = new XmppLog(bare_jid.to_string(), log_options);
diff --git a/xmpp-vala/src/core/tls_xmpp_stream.vala b/xmpp-vala/src/core/tls_xmpp_stream.vala
index 956a9a22..f47b3c80 100644
--- a/xmpp-vala/src/core/tls_xmpp_stream.vala
+++ b/xmpp-vala/src/core/tls_xmpp_stream.vala
@@ -2,6 +2,12 @@ public abstract class Xmpp.TlsXmppStream : IoXmppStream {
public TlsCertificateFlags? errors;
+ public delegate bool OnInvalidCert(GLib.TlsConnection conn, GLib.TlsCertificate peer_cert, GLib.TlsCertificateFlags errors);
+
+ protected TlsXmppStream(Jid remote_name) {
+ base(remote_name);
+ }
+
protected bool on_invalid_certificate(TlsCertificate peer_cert, TlsCertificateFlags errors) {
this.errors = errors;
@@ -13,7 +19,7 @@ public abstract class Xmpp.TlsXmppStream : IoXmppStream {
error_str += @"$(f), ";
}
}
- warning(@"Tls Certificate Errors: $(error_str)");
+ warning(@"[%p, %s] Tls Certificate Errors: %s", this, this.remote_name, error_str);
return false;
}
} \ No newline at end of file
diff --git a/xmpp-vala/src/core/xmpp_stream.vala b/xmpp-vala/src/core/xmpp_stream.vala
index 99dbffe6..0f0793e9 100644
--- a/xmpp-vala/src/core/xmpp_stream.vala
+++ b/xmpp-vala/src/core/xmpp_stream.vala
@@ -34,6 +34,10 @@ public abstract class Xmpp.XmppStream {
protected bool setup_needed = false;
protected bool disconnected = false;
+ protected XmppStream(Jid remote_name) {
+ this.remote_name = remote_name;
+ }
+
public abstract async void connect() throws IOStreamError;
public abstract async void disconnect() throws IOStreamError, XmlError, IOError;
@@ -41,7 +45,7 @@ public abstract class Xmpp.XmppStream {
public abstract async StanzaNode read() throws IOStreamError;
[Version (deprecated = true, deprecated_since = "0.1", replacement = "write_async")]
- public abstract void write(StanzaNode node);
+ public abstract void write(StanzaNode node);
public abstract async void write_async(StanzaNode node) throws IOStreamError;