From 4ddb99a82925a475cadd900bb76a9deab67bf045 Mon Sep 17 00:00:00 2001 From: Cosimo Cecchi Date: Mon, 13 Sep 2010 16:49:34 +0200 Subject: Update to new tp-spec draft --- extensions/Authentication_TLS_Certificate.xml | 177 +++++++++++++------------- 1 file changed, 85 insertions(+), 92 deletions(-) diff --git a/extensions/Authentication_TLS_Certificate.xml b/extensions/Authentication_TLS_Certificate.xml index 709ea282c..aafc00414 100644 --- a/extensions/Authentication_TLS_Certificate.xml +++ b/extensions/Authentication_TLS_Certificate.xml @@ -41,6 +41,77 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + + +

Struct representing one reason why a TLS certificate was rejected.

+

Since there can be multiple things wrong with a TLS certificate, + arrays of this type are used to represent lists of reasons for + rejection. In that case, the most important reason SHOULD be placed + first in the list.

+ + + + +

The value of the TLS_Certificate_Reject_Reason enumeration for + this certificate rejection. + + Clients that do not understand the Error member, + which may be implementation-specific, can use this property to + classify rejection reasons into common categories. + +

+ + + + + +

The DBus error name for this certificate rejection.

+

This MAY correspond to the value of the Reason member, + or MAY be a more specific D-Bus error name, perhaps implementation-specific.

+ + + + + +

Additional information about why the certificate was rejected. + This MAY also include one or more of the following well-known keys:

+

+

+
user-requested (b)
+
True if the error was due to an user-requested rejection of + the certificate; False if there was an unrecoverable error in the + verification process.
+
expected-hostname (s)
+
If the rejection reason is Hostname_Mismatch, the hostname that + the server certificate was expected to have.
+
certificate-hostname (s)
+
If the rejection reason is Hostname_Mismatch, the hostname of + the certificate that was presented. + +

For instance, if you try to connect to gmail.com but are presented + with a TLS certificate issued to evil.example.org, the error details + for Hostname_Mismatch MAY include:

+ 
+                {
+                  'expected-hostname': 'gmail.com',
+                  'certificate-hostname': 'evil.example.org',
+                }
+
+ +
+
debug-message (s)
+
Debugging information on the error, corresponding to the + message part of a D-Bus error message, which SHOULD NOT be + displayed to users under normal circumstances
+
+

+ + + + The possible states for a - +

If the State is Rejected, - the reason why the certificate was rejected; this MAY correspond to - the RejectReason, or MAY be a more - specific D-Bus error name, perhaps implementation-specific.

+ an array of TLS_Certificate_Rejection + structures containing the reason why the certificate is rejected.

If the State is not Rejected, this property is not meaningful, and SHOULD be set to an empty - string.

- - - - - -

If the State is Rejected, - additional information about why the certificate was rejected.

-

If the State is not Rejected, - this property is not meaningful and SHOULD be set to an empty - map.

-

The additional information MAY also include - one or more of the following well-known keys:

-
-
user-requested (b)
-
True if the error was due to an user-requested rejection of - the certificate; False if there was an unrecoverable error in the - verification process.
-
expected-hostname (s)
-
If the rejection reason is Hostname_Mismatch, the hostname that - the server certificate was expected to have.
-
certificate-hostname (s)
-
If the rejection reason is Hostname_Mismatch, the hostname of - the certificate that was presented. - -

For instance, if you try to connect to gmail.com but are presented - with a TLS certificate issued to evil.example.org, the error details - for Hostname_Mismatch MAY include:

- 
-              {
-                'expected-hostname': 'gmail.com',
-                'certificate-hostname': 'evil.example.org',
-              }
-
- -
-
debug-message (s)
-
Debugging information on the error, corresponding to the - message part of a D-Bus error message, which SHOULD NOT be - displayed to users under normal circumstances
-
- - - - - - If the State is Rejected, the - reason why the certificate was rejected. - - Clients that do not understand the RejectError, - which may be implementation-specific, can use this property to - classify rejection reasons into common categories. - - Otherwise, this property is not meaningful, and SHOULD be set to - Unknown. + array.

+

The first rejection in the list MAY be assumed to be + the most important; if the array contains more than one + element, the CM MAY either use the values after the first, + or ignore them.

 @@ -252,19 +267,9 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. The State of this certificate has changed to Rejected. - - - The new value of RejectReason. - - - - - The new value of RejectError. - - - + - The new value of RejectDetails + The new value of the Rejections property. @@ -279,22 +284,10 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. Rejects this certificate. - - - The new value of RejectReason. - - - - - The new value of RejectError. - - - + - The new value of RejectDetails. + The new value of the Rejections property. -- cgit v1.2.3 From d70bd8a286c4756409437e40a0a6a38108079b06 Mon Sep 17 00:00:00 2001 From: Cosimo Cecchi Date: Mon, 13 Sep 2010 17:21:09 +0200 Subject: Update Empathy to the new draft API --- libempathy/empathy-tls-certificate.c | 27 ++++++++++++++++++++++++--- 1 file changed, 24 insertions(+), 3 deletions(-) diff --git a/libempathy/empathy-tls-certificate.c b/libempathy/empathy-tls-certificate.c index ca107008a..9af3a3613 100644 --- a/libempathy/empathy-tls-certificate.c +++ b/libempathy/empathy-tls-certificate.c @@ -374,6 +374,25 @@ empathy_tls_certificate_accept_finish (EmpathyTLSCertificate *self, return TRUE; } +static GPtrArray * +build_rejections_array (EmpTLSCertificateRejectReason reason, + GHashTable *details) +{ + GPtrArray *retval; + GValueArray *rejection; + + retval = g_ptr_array_new (); + rejection = tp_value_array_build (3, + G_TYPE_UINT, reason, + G_TYPE_STRING, reject_reason_get_dbus_error (reason), + TP_HASH_TYPE_STRING_VARIANT_MAP, details, + NULL); + + g_ptr_array_add (retval, rejection); + + return retval; +} + void empathy_tls_certificate_reject_async (EmpathyTLSCertificate *self, EmpTLSCertificateRejectReason reason, @@ -381,20 +400,22 @@ empathy_tls_certificate_reject_async (EmpathyTLSCertificate *self, GAsyncReadyCallback callback, gpointer user_data) { - const gchar *dbus_error; + GPtrArray *rejections; GSimpleAsyncResult *reject_result; g_assert (EMPATHY_IS_TLS_CERTIFICATE (self)); DEBUG ("Rejecting TLS certificate with reason %u", reason); - dbus_error = reject_reason_get_dbus_error (reason); + rejections = build_rejections_array (reason, details); reject_result = g_simple_async_result_new (G_OBJECT (self), callback, user_data, empathy_tls_certificate_reject_async); emp_cli_authentication_tls_certificate_call_reject (TP_PROXY (self), - -1, reason, dbus_error, details, cert_proxy_reject_cb, + -1, rejections, cert_proxy_reject_cb, reject_result, g_object_unref, G_OBJECT (self)); + + g_ptr_array_unref (rejections); } gboolean -- cgit v1.2.3 From 923c077b85f4a6607e7e2ba0ea3a7f1c8b7d7ea1 Mon Sep 17 00:00:00 2001 From: Cosimo Cecchi Date: Mon, 13 Sep 2010 18:18:06 +0200 Subject: Use tp_clear_boxed() to free the Rejection array --- libempathy/empathy-tls-certificate.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libempathy/empathy-tls-certificate.c b/libempathy/empathy-tls-certificate.c index 9af3a3613..931bbcc64 100644 --- a/libempathy/empathy-tls-certificate.c +++ b/libempathy/empathy-tls-certificate.c @@ -415,7 +415,8 @@ empathy_tls_certificate_reject_async (EmpathyTLSCertificate *self, -1, rejections, cert_proxy_reject_cb, reject_result, g_object_unref, G_OBJECT (self)); - g_ptr_array_unref (rejections); + tp_clear_boxed (EMP_ARRAY_TYPE_TLS_CERTIFICATE_REJECTION_LIST, + &rejections); } gboolean -- cgit v1.2.3