From 82fa83288652fb6b856b442145b10791941f3113 Mon Sep 17 00:00:00 2001 From: Cosimo Cecchi Date: Wed, 8 Sep 2010 16:56:54 +0200 Subject: Move _get_certificate_hostname() out of the verifier --- libempathy/empathy-tls-verifier.c | 37 +------------------------------------ libempathy/empathy-utils.c | 35 +++++++++++++++++++++++++++++++++++ libempathy/empathy-utils.h | 4 ++++ 3 files changed, 40 insertions(+), 36 deletions(-) (limited to 'libempathy') diff --git a/libempathy/empathy-tls-verifier.c b/libempathy/empathy-tls-verifier.c index 000c9a35b..517ae9e5b 100644 --- a/libempathy/empathy-tls-verifier.c +++ b/libempathy/empathy-tls-verifier.c @@ -16,10 +16,6 @@ * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA - * - * Some snippets are taken from GnuTLS 2.8.6, which is distributed under the - * same GNU Lesser General Public License 2.1 (or later) version. See - * get_certified_hostname (). */ #include @@ -222,37 +218,6 @@ abort_verification (EmpathyTLSVerifier *self, tp_clear_object (&priv->verify_result); } -static gchar * -get_certified_hostname (gnutls_x509_crt_t cert) -{ - gchar dns_name[256]; - gsize dns_name_size; - gint idx; - gint res = 0; - - /* this snippet is taken from GnuTLS. - * see gnutls/lib/x509/rfc2818_hostname.c - */ - for (idx = 0; res >= 0; idx++) - { - dns_name_size = sizeof (dns_name); - res = gnutls_x509_crt_get_subject_alt_name (cert, idx, - dns_name, &dns_name_size, NULL); - - if (res == GNUTLS_SAN_DNSNAME || res == GNUTLS_SAN_IPADDRESS) - return g_strndup (dns_name, dns_name_size); - } - - dns_name_size = sizeof (dns_name); - res = gnutls_x509_crt_get_dn_by_oid (cert, GNUTLS_OID_X520_COMMON_NAME, - 0, 0, dns_name, &dns_name_size); - - if (res >= 0) - return g_strndup (dns_name, dns_name_size); - - return NULL; -} - static void real_start_verification (EmpathyTLSVerifier *self) { @@ -273,7 +238,7 @@ real_start_verification (EmpathyTLSVerifier *self) gchar *certified_hostname; reason = EMP_TLS_CERTIFICATE_REJECT_REASON_HOSTNAME_MISMATCH; - certified_hostname = get_certified_hostname (first_cert); + certified_hostname = empathy_get_x509_certificate_hostname (first_cert); tp_asv_set_string (priv->details, "expected-hostname", priv->hostname); tp_asv_set_string (priv->details, diff --git a/libempathy/empathy-utils.c b/libempathy/empathy-utils.c index 0ee1bbcc0..89dd8003c 100644 --- a/libempathy/empathy-utils.c +++ b/libempathy/empathy-utils.c @@ -20,6 +20,10 @@ * Authors: Richard Hult * Martyn Russell * Xavier Claessens + * + * Some snippets are taken from GnuTLS 2.8.6, which is distributed under the + * same GNU Lesser General Public License 2.1 (or later) version. See + * empathy_get_x509_certified_hostname (). */ #include "config.h" @@ -739,3 +743,34 @@ tp_chanel_group_change_reason_from_folks_groups_change_reason ( { return (TpChannelGroupChangeReason) reason; } + +gchar * +empathy_get_x509_certificate_hostname (gnutls_x509_crt_t cert) +{ + gchar dns_name[256]; + gsize dns_name_size; + gint idx; + gint res = 0; + + /* this snippet is taken from GnuTLS. + * see gnutls/lib/x509/rfc2818_hostname.c + */ + for (idx = 0; res >= 0; idx++) + { + dns_name_size = sizeof (dns_name); + res = gnutls_x509_crt_get_subject_alt_name (cert, idx, + dns_name, &dns_name_size, NULL); + + if (res == GNUTLS_SAN_DNSNAME || res == GNUTLS_SAN_IPADDRESS) + return g_strndup (dns_name, dns_name_size); + } + + dns_name_size = sizeof (dns_name); + res = gnutls_x509_crt_get_dn_by_oid (cert, GNUTLS_OID_X520_COMMON_NAME, + 0, 0, dns_name, &dns_name_size); + + if (res >= 0) + return g_strndup (dns_name, dns_name_size); + + return NULL; +} diff --git a/libempathy/empathy-utils.h b/libempathy/empathy-utils.h index f588479b4..7e856d344 100644 --- a/libempathy/empathy-utils.h +++ b/libempathy/empathy-utils.h @@ -29,6 +29,8 @@ #include #include +#include +#include #include #include #include @@ -97,6 +99,8 @@ gboolean empathy_folks_individual_contains_contact (FolksIndividual *individual) EmpathyContact * empathy_contact_dup_from_folks_individual (FolksIndividual *individual); TpChannelGroupChangeReason tp_chanel_group_change_reason_from_folks_groups_change_reason (FolksGroupsChangeReason reason); +gchar * empathy_get_x509_certificate_hostname (gnutls_x509_crt_t cert); + G_END_DECLS #endif /* __EMPATHY_UTILS_H__ */ -- cgit v1.2.3