Overview
Context
Changes
Modified src/XMPPConnection.h
from [3f70f40e9f]
to [abde314206].
| ︙ | | |
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
|
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
|
-
+
+
+
+
+
-
+
-
+
|
/**
* \brief Closes the stream to the XMPP service
*/
- (void)close;
/**
* \brief Checks the certificate presented by the server.
* \brief Checks the certificate presented by the server and sets the specified
* pointer to the reason why the certificate is not valid
*
* \param reason A pointer to an OFString which is set to a reason in case the
* certificate is not valid (otherwise, it does not touch it).
* Passing NULL means the reason is not stored anywhere.
* \throw SSLInvalidCertificateException Thrown if the certificate is invalid
* \return Whether the certificate is valid
*/
- (void)checkCertificate;
- (BOOL)checkCertificateAndGetReason: (OFString**)reason;
/**
* \brief Starts a loop handling incomming data.
*/
- (void)handleConnection;
/**
|
| ︙ | | |
Modified src/XMPPConnection.m
from [2fe019cc16]
to [4cfcab5b18].
| ︙ | | |
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
|
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
|
-
+
+
-
+
+
+
+
+
+
+
+
-
-
-
+
+
+
-
+
-
-
-
-
-
+
+
+
+
+
|
}
- (BOOL)streamOpen
{
return streamOpen;
}
- (void)checkCertificate
- (BOOL)checkCertificateAndGetReason: (OFString**)reason
{
X509Certificate *cert;
OFDictionary *SANs;
BOOL serviceSpecific = NO;
@try {
[sock verifyPeerCertificate];
[sock verifyPeerCertificate];
} @catch (SSLInvalidCertificateException *e) {
if (reason != NULL)
*reason = [[[e reason] copy] autorelease];
return NO;
}
cert = [sock peerCertificate];
SANs = [cert subjectAlternativeName];
if ([[SANs objectForKey: @"otherName"]
objectForKey: OID_SRVName] ||
[SANs objectForKey: @"dNSName"] ||
[SANs objectForKey: @"uniformResourceIdentifier"])
objectForKey: OID_SRVName] != nil ||
[SANs objectForKey: @"dNSName"] != nil ||
[SANs objectForKey: @"uniformResourceIdentifier"] != nil)
serviceSpecific = YES;
if ([cert hasSRVNameMatchingDomain: domainToASCII
service: @"xmpp-client"] ||
[cert hasDNSNameMatchingDomain: domainToASCII])
return;
return YES;
if (serviceSpecific ||
![cert hasCommonNameMatchingDomain: domainToASCII])
@throw [SSLInvalidCertificateException
exceptionWithClass: isa
reason: @"No matching identifier"];
if (!serviceSpecific &&
[cert hasCommonNameMatchingDomain: domainToASCII])
return YES;
return NO;
}
- (void)sendStanza: (OFXMLElement*)element
{
[delegates broadcastSelector: @selector(connection:didSendElement:)
withObject: self
withObject: element];
|
| ︙ | | |
Modified tests/test.m
from [92c191f042]
to [393e299430].
| ︙ | | |
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
-
|
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#include <assert.h>
#import <ObjFW/ObjFW.h>
#import <ObjOpenSSL/SSLInvalidCertificateException.h>
|
| ︙ | | |
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
|
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
|
+
-
-
+
+
-
-
-
+
-
-
+
+
-
+
|
of_log(@"Ping response: %@", resp);
}];
#endif
}
- (void)connectionDidUpgradeToTLS: (XMPPConnection*)conn_
{
OFString *reason;
@try {
[conn_ checkCertificate];
} @catch (SSLInvalidCertificateException *e) {
OFString *answer;
[of_stdout writeFormat: @"%@\n", e];
[of_stdout writeFormat: @"%@\n", reason];
[of_stdout writeString: @"Do you want to continue [y/N]? "];
answer = [of_stdin readLine];
if (![answer hasPrefix: @"y"])
@throw e;
|
| ︙ | | |