changeset 2248:377b6a52b25f

Prepare for loudmouth with sha256 support (>=1.5.3)
author franky
date Sat, 13 Feb 2016 11:05:07 +0100
parents fe89cdd66446
children bbed6973987a
files mcabber/configure.ac mcabber/mcabber/utils.c mcabber/mcabber/utils.h mcabber/mcabber/xmpp.c mcabber/mcabberrc.example
diffstat 5 files changed, 34 insertions(+), 5 deletions(-) [+]
line wrap: on
line diff
--- a/mcabber/configure.ac	Wed Feb 10 23:15:20 2016 +0100
+++ b/mcabber/configure.ac	Sat Feb 13 11:05:07 2016 +0100
@@ -156,6 +156,12 @@
 
 # Check for loudmouth
 PKG_CHECK_MODULES(LOUDMOUTH, loudmouth-1.0 >= 1.4.2)
+PKG_CHECK_MODULES(LOUDMOUTH_SHA256, [loudmouth-1.0 >= 1.5.3],
+                  AC_DEFINE([LOUDMOUTH_USES_SHA256], 1,
+                           [loudmouth is now using a new digest]
+                           ),
+                  []
+                 ) 
 
 # Check for lm_ssl_set_cipher_list in loudmouth
 AC_CHECK_LIB(loudmouth-1, lm_ssl_set_cipher_list,
--- a/mcabber/mcabber/utils.c	Wed Feb 10 23:15:20 2016 +0100
+++ b/mcabber/mcabber/utils.c	Sat Feb 13 11:05:07 2016 +0100
@@ -155,6 +155,7 @@
   return g_strdup(fname);
 }
 
+#ifndef LOUDMOUTH_USES_SHA256
 //  fingerprint_to_hex(fprstr, hex, fpr_len)
 // Convert the binary fingerprint fprstr (which is fpr_len bytes long)
 // to a NULL-terminated hexadecimal string hex.
@@ -199,6 +200,7 @@
   }
   return TRUE;
 }
+#endif
 
 static gboolean tracelog_create(void)
 {
--- a/mcabber/mcabber/utils.h	Wed Feb 10 23:15:20 2016 +0100
+++ b/mcabber/mcabber/utils.h	Sat Feb 13 11:05:07 2016 +0100
@@ -21,8 +21,10 @@
                   const char *resource);
 gboolean jid_equal(const char *jid1, const char *jid2);
 
+#ifndef LOUDMOUTH_USES_SHA256
 void fingerprint_to_hex(const char *fpr,     char *hex, size_t fpr_len);
 gboolean hex_to_fingerprint(const char *hex, char *fpr, size_t fpr_len);
+#endif
 
 void ut_init_debug(void);
 void ut_write_log(unsigned int flag, const char *data);
--- a/mcabber/mcabber/xmpp.c	Wed Feb 10 23:15:20 2016 +0100
+++ b/mcabber/mcabber/xmpp.c	Sat Feb 13 11:05:07 2016 +0100
@@ -44,7 +44,9 @@
 
 #define RECONNECTION_TIMEOUT    60L
 
-#define FINGERPRINT_LENGTH      16  //  Currently Loudmouth only supports MD5
+#ifndef LOUDMOUTH_USES_SHA256
+#define FINGERPRINT_LENGTH      16  // old loudmouth still uses MD5 :(
+#endif
 
 LmConnection* lconnection = NULL;
 static guint AutoConnection;
@@ -723,13 +725,19 @@
                  "Certificate hostname does not match expected hostname!");
     break;
   case LM_SSL_STATUS_CERT_FINGERPRINT_MISMATCH: {
+#ifndef LOUDMOUTH_USES_SHA256
       char fpr[3*FINGERPRINT_LENGTH] = {0};
       fingerprint_to_hex(lm_ssl_get_fingerprint(ssl), fpr, FINGERPRINT_LENGTH);
+#endif
       scr_LogPrint(LPRINT_LOGNORM,
                 "Certificate fingerprint does not match expected fingerprint!");
+#ifndef LOUDMOUTH_USES_SHA256
       scr_LogPrint(LPRINT_LOGNORM, "Remote fingerprint: %s", fpr);
+#else
+      scr_LogPrint(LPRINT_LOGNORM, "Remote fingerprint: %s", lm_ssl_get_fingerprint(ssl));
+#endif
 
-      scr_LogPrint(LPRINT_LOGNORM, "Expected fingerprint: %s",
+      scr_LogPrint(LPRINT_LOGNORM, "Expect fingerprint: %s",
                    settings_opt_get("ssl_fingerprint"));
 
       return LM_SSL_RESPONSE_STOP;
@@ -752,10 +760,15 @@
 {
   LmSSL *lssl;
   if ((lssl = lm_connection_get_ssl(connection)) != NULL) {
+#ifndef LOUDMOUTH_USES_SHA256
     char fpr[3*FINGERPRINT_LENGTH] = {0};
     fingerprint_to_hex(lm_ssl_get_fingerprint(lssl), fpr, FINGERPRINT_LENGTH);
     scr_LogPrint(LPRINT_LOGNORM, "Connection established.\n"
                  "Remote fingerprint: %s", fpr);
+#else
+    scr_LogPrint(LPRINT_LOGNORM, "Connection established.\n"
+                 "Remote fingerprint: %s", lm_ssl_get_fingerprint(lssl));
+#endif
   }
 
   if (success) {
@@ -1757,7 +1770,9 @@
 {
   const char *userjid, *password, *resource, *servername, *ssl_fpr;
   char *dynresource = NULL;
+#ifndef LOUDMOUTH_USES_SHA256
   char fpr[FINGERPRINT_LENGTH] = {0};
+#endif
   const char *proxy_host;
   const char *resource_prefix = PACKAGE_NAME;
   char *fjid;
@@ -1902,6 +1917,7 @@
     port = (ssl ? LM_CONNECTION_DEFAULT_PORT_SSL : LM_CONNECTION_DEFAULT_PORT);
   lm_connection_set_port(lconnection, port);
 
+#ifndef LOUDMOUTH_USES_SHA256
   if (ssl_fpr && (!hex_to_fingerprint(ssl_fpr, fpr, FINGERPRINT_LENGTH))) {
     scr_LogPrint(LPRINT_LOGNORM, "** Please set the fingerprint in the format "
                  "97:5C:00:3F:1D:77:45:25:E2:C5:70:EC:83:C8:87:EE");
@@ -1909,6 +1925,9 @@
   }
 
   lssl = lm_ssl_new((ssl_fpr ? fpr : NULL), ssl_cb, NULL, NULL);
+#else
+  lssl = lm_ssl_new(ssl_fpr, ssl_cb, NULL, NULL);
+#endif
   if (lssl) {
 #ifdef HAVE_LM_SSL_CIPHER_LIST
     const char *ssl_ciphers = settings_opt_get("ssl_ciphers");
--- a/mcabber/mcabberrc.example	Wed Feb 10 23:15:20 2016 +0100
+++ b/mcabber/mcabberrc.example	Sat Feb 13 11:05:07 2016 +0100
@@ -61,9 +61,9 @@
 # ssl certificate matches ssl_fingerprint.
 # You can get the fingerprint of your server either with gnutls or openssl:
 # 1. gnutls-cli -p 5223 $your_server
-# 2. openssl s_client -connect $your_server:5223 | \
-#    openssl x509 -fingerprint -md5 -noout
-#set ssl_fingerprint = 97:5C:00:3F:1D:77:45:25:E2:C5:70:EC:83:C8:87:EE
+# 2. openssl s_client -starttls xmpp -connect $yourserver:5222 | \
+#    openssl x509 -fingerprint -sha256 -noout
+#set ssl_fingerprint = SHA256:647d2eef7f972001d4fe8b6bedb3007d095dcd982ebb6773c6fb74adb8cc27c0
 # Set ssl_ignore_checks to 1 to disable all certificate checks except the
 # fingerprint check.
 #set ssl_ignore_checks = 0