From a8cc94c188c085e8788e072017ef21d7b7812a55 Mon Sep 17 00:00:00 2001 From: fiaxh Date: Thu, 4 Jan 2018 21:13:44 +0100 Subject: Show error on invalid TLS certificate --- xmpp-vala/src/core/stanza_reader.vala | 8 ++++--- xmpp-vala/src/core/stanza_writer.vala | 2 +- xmpp-vala/src/core/xmpp_stream.vala | 43 +++++++++++++++++++---------------- xmpp-vala/src/module/tls.vala | 4 ---- 4 files changed, 29 insertions(+), 28 deletions(-) (limited to 'xmpp-vala') diff --git a/xmpp-vala/src/core/stanza_reader.vala b/xmpp-vala/src/core/stanza_reader.vala index 4b4d98ab..6a7520ba 100644 --- a/xmpp-vala/src/core/stanza_reader.vala +++ b/xmpp-vala/src/core/stanza_reader.vala @@ -7,12 +7,12 @@ public const string XML_URI = "http://www.w3.org/XML/1998/namespace"; public const string JABBER_URI = "jabber:client"; public errordomain XmlError { - XML_ERROR, NS_DICT_ERROR, UNSUPPORTED, EOF, BAD_XML, - IO_ERROR + IO, + TLS } public class StanzaReader { @@ -52,8 +52,10 @@ public class StanzaReader { buffer_fill = (int) yield ((!)input).read_async(buffer, GLib.Priority.DEFAULT, cancellable); if (buffer_fill == 0) throw new XmlError.EOF("End of input stream reached."); buffer_pos = 0; + } catch (TlsError e) { + throw new XmlError.TLS("TlsError: %s".printf(e.message)); } catch (GLib.IOError e) { - throw new XmlError.IO_ERROR("IOError in GLib: %s".printf(e.message)); + throw new XmlError.IO("GLib.IOError: %s".printf(e.message)); } } diff --git a/xmpp-vala/src/core/stanza_writer.vala b/xmpp-vala/src/core/stanza_writer.vala index 270d898d..62c870de 100644 --- a/xmpp-vala/src/core/stanza_writer.vala +++ b/xmpp-vala/src/core/stanza_writer.vala @@ -30,7 +30,7 @@ public class StanzaWriter { sfw.sfun(); } } catch (GLib.Error e) { - throw new XmlError.IO_ERROR(@"IOError in GLib: $(e.message)"); + throw new XmlError.IO(@"IOError in GLib: $(e.message)"); } finally { running = false; } diff --git a/xmpp-vala/src/core/xmpp_stream.vala b/xmpp-vala/src/core/xmpp_stream.vala index ea186a72..6d4b9c64 100644 --- a/xmpp-vala/src/core/xmpp_stream.vala +++ b/xmpp-vala/src/core/xmpp_stream.vala @@ -6,8 +6,8 @@ public errordomain IOStreamError { READ, WRITE, CONNECT, - DISCONNECT - + DISCONNECT, + TLS } public class XmppStream { @@ -58,10 +58,13 @@ public class XmppStream { IOStream? stream = null; if (best_provider != null) { stream = yield best_provider.connect(this); - } else { + } + if (stream != null) { stream = yield (new SocketClient()).connect_async(new NetworkService("xmpp-client", "tcp", this.remote_name)); } - if (stream == null) throw new IOStreamError.CONNECT("client.connect() returned null"); + if (stream == null) { + throw new IOStreamError.CONNECT("client.connect() returned null"); + } reset_stream((!)stream); } catch (Error e) { stderr.printf("CONNECTION LOST?\n"); @@ -154,7 +157,10 @@ public class XmppStream { } public void detach_modules() { - foreach (XmppStreamModule module in modules) module.detach(this); + foreach (XmppStreamModule module in modules) { + if (!(module is XmppStreamNegotiationModule) && !negotiation_complete) continue; + module.detach(this); + } } public T? get_module(ModuleIdentity? identity) { @@ -238,23 +244,18 @@ public class XmppStream { } private bool negotiation_modules_done() throws IOStreamError { - if (!setup_needed) { - bool mandatory_outstanding = false; - foreach (XmppStreamModule module in modules) { - if (module is XmppStreamNegotiationModule) { - XmppStreamNegotiationModule negotiation_module = (XmppStreamNegotiationModule) module; - if (negotiation_module.mandatory_outstanding(this)) mandatory_outstanding = true; - } - } - if (!is_negotiation_active()) { - if (mandatory_outstanding) { - throw new IOStreamError.CONNECT("mandatory-to-negotiate feature not negotiated"); - } else { - return true; + if (setup_needed) return false; + if (is_negotiation_active()) return false; + + foreach (XmppStreamModule module in modules) { + if (module is XmppStreamNegotiationModule) { + XmppStreamNegotiationModule negotiation_module = (XmppStreamNegotiationModule) module; + if (negotiation_module.mandatory_outstanding(this)) { + throw new IOStreamError.CONNECT("mandatory-to-negotiate feature not negotiated: " + negotiation_module.get_id()); } } } - return false; + return true; } private void attach_non_negotation_modules() { @@ -281,7 +282,9 @@ public class XmppStream { StanzaNode node = yield ((!)reader).read_root_node(); log.node("IN ROOT", node); return node; - } catch (XmlError e) { + } catch (XmlError.TLS e) { + throw new IOStreamError.TLS(e.message); + } catch (Error e) { throw new IOStreamError.READ(e.message); } } diff --git a/xmpp-vala/src/module/tls.vala b/xmpp-vala/src/module/tls.vala index dcd7ab40..5defc72c 100644 --- a/xmpp-vala/src/module/tls.vala +++ b/xmpp-vala/src/module/tls.vala @@ -27,10 +27,6 @@ namespace Xmpp.Tls { var io_stream = stream.get_stream(); if (io_stream == null) return; var conn = TlsClientConnection.new(io_stream, identity); - // TODO: Add certificate error handling, that is, allow the - // program to handle certificate errors. The certificate - // *is checked* by TlsClientConnection, and connection is - // not allowed to continue in case that there is an error. stream.reset_stream(conn); var flag = stream.get_flag(Flag.IDENTITY); -- cgit v1.2.3-54-g00ecf