ObjXMPP  Check-in [aa0dc6e2b4]

Overview
Comment:Let -[checkCertificate] return a BOOL and a reason.

Throwing an exception there was strange.

Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: aa0dc6e2b422ae5557cc327f71af2bd4048f9360d8eaacd1d1ad921c3a6f32f2
User & Date: js on 2012-02-03 15:46:06
Other Links: manifest | tags
Context
2012-02-03
16:26
Add xml:lang support. check-in: 93625a9695 user: js tags: trunk
15:46
Let -[checkCertificate] return a BOOL and a reason. check-in: aa0dc6e2b4 user: js tags: trunk
15:37
Hide undocumented classes again (oops) check-in: 1046e63df3 user: florob@babelmonkeys.de tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Modified src/XMPPConnection.h from [3f70f40e9f] to [abde314206]. 

214
215
216
217
218
219
220
221

222



223
224
225
226
227
228
229
230
231
232


/**
 * \brief Closes the stream to the XMPP service
 */
- (void)close;

/**
 * \brief Checks the certificate presented by the server.

 *



 * \throw SSLInvalidCertificateException Thrown if the certificate is invalid
 */
- (void)checkCertificate;

/**
 * \brief Starts a loop handling incomming data.
 */
- (void)handleConnection;

/**








|
>

>
>
>
|

|








214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236


/**
 * \brief Closes the stream to the XMPP service
 */
- (void)close;

/**
 * \brief Checks the certificate presented by the server and sets the specified
 *	  pointer to the reason why the certificate is not valid
 *
 * \param reason A pointer to an OFString which is set to a reason in case the
 *		 certificate is not valid (otherwise, it does not touch it).
 *		 Passing NULL means the reason is not stored anywhere.
 * \return Whether the certificate is valid
 */
- (BOOL)checkCertificateAndGetReason: (OFString**)reason;

/**
 * \brief Starts a loop handling incomming data.
 */
- (void)handleConnection;

/**

Modified src/XMPPConnection.m from [2fe019cc16] to [4cfcab5b18]. 

342
343
344
345
346
347
348
349
350
351
352
353
354

355







356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381

}

- (BOOL)streamOpen
{
	return streamOpen;
}

- (void)checkCertificate
{
	X509Certificate *cert;
	OFDictionary *SANs;
	BOOL serviceSpecific = NO;


	[sock verifyPeerCertificate];







	cert = [sock peerCertificate];
	SANs = [cert subjectAlternativeName];

	if ([[SANs objectForKey: @"otherName"]
		objectForKey: OID_SRVName] ||
	     [SANs objectForKey: @"dNSName"] ||
	     [SANs objectForKey: @"uniformResourceIdentifier"])
		serviceSpecific = YES;

	if ([cert hasSRVNameMatchingDomain: domainToASCII
				   service: @"xmpp-client"] ||
	    [cert hasDNSNameMatchingDomain: domainToASCII])
		return;

	if (serviceSpecific ||
	    ![cert hasCommonNameMatchingDomain: domainToASCII])
		@throw [SSLInvalidCertificateException
		    exceptionWithClass: isa
				reason: @"No matching identifier"];
}

- (void)sendStanza: (OFXMLElement*)element
{
	[delegates broadcastSelector: @selector(connection:didSendElement:)
			  withObject: self
			  withObject: element];








|





>
|
>
>
>
>
>
>
>




|
|
|





|

|
|
|
|
|








342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389

}

- (BOOL)streamOpen
{
	return streamOpen;
}

- (BOOL)checkCertificateAndGetReason: (OFString**)reason
{
	X509Certificate *cert;
	OFDictionary *SANs;
	BOOL serviceSpecific = NO;

	@try {
		[sock verifyPeerCertificate];
	} @catch (SSLInvalidCertificateException *e) {
		if (reason != NULL)
			*reason = [[[e reason] copy] autorelease];

		return NO;
	}

	cert = [sock peerCertificate];
	SANs = [cert subjectAlternativeName];

	if ([[SANs objectForKey: @"otherName"]
		objectForKey: OID_SRVName] != nil ||
	     [SANs objectForKey: @"dNSName"] != nil ||
	     [SANs objectForKey: @"uniformResourceIdentifier"] != nil)
		serviceSpecific = YES;

	if ([cert hasSRVNameMatchingDomain: domainToASCII
				   service: @"xmpp-client"] ||
	    [cert hasDNSNameMatchingDomain: domainToASCII])
		return YES;

	if (!serviceSpecific &&
	    [cert hasCommonNameMatchingDomain: domainToASCII])
		return YES;

	return NO;
}

- (void)sendStanza: (OFXMLElement*)element
{
	[delegates broadcastSelector: @selector(connection:didSendElement:)
			  withObject: self
			  withObject: element];

Modified tests/test.m from [92c191f042] to [393e299430]. 

20
21
22
23
24
25
26
27
28
29
30
31
32
33
34

 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */

#include <assert.h>

#import <ObjFW/ObjFW.h>
#import <ObjOpenSSL/SSLInvalidCertificateException.h>

#import "XMPPConnection.h"
#import "XMPPJID.h"
#import "XMPPStanza.h"
#import "XMPPIQ.h"
#import "XMPPMessage.h"
#import "XMPPPresence.h"








<








20
21
22
23
24
25
26

27
28
29
30
31
32
33

 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */

#include <assert.h>

#import <ObjFW/ObjFW.h>


#import "XMPPConnection.h"
#import "XMPPJID.h"
#import "XMPPStanza.h"
#import "XMPPIQ.h"
#import "XMPPMessage.h"
#import "XMPPPresence.h"

164
165
166
167
168
169
170

171
172
173
174
175
176
177
178
179
180

181
182
183
184
185
186
187

		of_log(@"Ping response: %@", resp);
	}];
#endif
}

- (void)connectionDidUpgradeToTLS: (XMPPConnection*)conn_
{

	@try {
		[conn_ checkCertificate];
	} @catch (SSLInvalidCertificateException *e) {
		OFString *answer;
		[of_stdout writeString: @"Couldn't verify certificate: "];
		[of_stdout writeFormat: @"%@\n", e];
		[of_stdout writeString: @"Do you want to continue [y/N]? "];
		answer = [of_stdin readLine];
		if (![answer hasPrefix: @"y"])
			@throw e;

	}
}

-         (void)roster: (XMPPRoster*)roster_
  didReceiveRosterItem: (XMPPRosterItem*)rosterItem
{
	of_log(@"Got roster push: %@", rosterItem);








>
|
|
<
<

|

|
|
<
>








163
164
165
166
167
168
169
170
171
172


173
174
175
176
177

178
179
180
181
182
183
184
185

		of_log(@"Ping response: %@", resp);
	}];
#endif
}

- (void)connectionDidUpgradeToTLS: (XMPPConnection*)conn_
{
	OFString *reason;

	if (![conn_ checkCertificateAndGetReason: &reason]) {


		[of_stdout writeString: @"Couldn't verify certificate: "];
		[of_stdout writeFormat: @"%@\n", reason];
		[of_stdout writeString: @"Do you want to continue [y/N]? "];

		if (![[of_stdin readLine] hasPrefix: @"y"])

			[OFApplication terminateWithStatus: 1];
	}
}

-         (void)roster: (XMPPRoster*)roster_
  didReceiveRosterItem: (XMPPRosterItem*)rosterItem
{
	of_log(@"Got roster push: %@", rosterItem);