| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
tls-unique binding type does not work properly with TLSv1.3 thus
new bindign type tls-exporter is proposed as a new default binding
type for TLSv1.3. As of Sept 2020 it is not yet adopted as a draft
standard therefore it is not yet publicly available in Glib API.
This commit uses hidden experimental tls-exporter tls binding type
in glib-networking.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Set default biding type to tls-unique - if it's not supported by
GIO (Glib or Glib-networking) will just keep binding in disabled state.
* Add ability to override default binding type via env var
WOCKY_CHANNEL_BINDING_TYPE - accepts enum nicks: disabled, none,
tls-unique, tls-server-end-point.
* Add plain simple (and by default disabled) fallback to
tls-server-end-point. To enable set the ENV var above to corresponding
value.
* Since we cannot be sure the certificate digest is correct (sha256)
we rather use DISABLED versus NONE in fallback mode.
|
|
|
|
|
|
|
| |
* Enable all SHA1 and SHA2 Hashing algorithms in SCRAM mechanism
ordered from highest to lowest, with PLUS version above.
* Shift default SCRAM algorithm from SHA1 to SHA256.
* Upgrade tests to expect now preferred/default SHA256 method
|
|
|
|
|
| |
Move to Glib GChecksum and GHmac implementation, add hash-algo
property to select algorithm, default to SHA1 to preserve compatibility
|
|
|
|
|
|
|
| |
* Set default biding type to disabled - binding data and type should
be set by auth handler from available at TLS layer
* When binding type is disabled gs2_flags is set to 'n' which preserves
existing functionality
|
|
|
|
|
|
|
|
|
| |
* Switch to G_ADD_PRIVATE and *_get_instance_private to define
and assign object instance's private struct.
* Switch to GTask from deprecated GSimpleAsyncResult for async
operations. GTask has a bit different asynchronous execution
order.
* Fix tests for new GTask order and concurrency.
|
|
|
|
|
| |
* Clean up Dan's FIXME comments (it's still not FIXed in GIO)
* Move verification where it supposed to be - GTlsDatabase
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
A few minor things, marked DANWFIXME, are unimplemented
https://bugs.freedesktop.org/show_bug.cgi?id=31447
|
|
|
|
|
|
|
| |
to match gio TLS, and because there's not much use in the separation
anyway
https://bugs.freedesktop.org/show_bug.cgi?id=31447
|
|
|
|
|
|
|
|
| |
This is how gio TLS does it, among other reasons because it lets you
use the SNI extension to tell the server which certificate it should
present.
https://bugs.freedesktop.org/show_bug.cgi?id=31447
|
| |
|
|
|
|
|
|
|
| |
* Localize variables in wocky-connector.c and wocky-jabber-auth.c
* Add fallthrough marker to wocky-jingle-session.c
* remove double const in wocky-data-form.c
* fix pointer dereference in wocky-sasl-digest-md5.c
|
| |
|
| |
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The wocky http proxy has now moved in GIO, so we no longer need
to maintain it here. I have kept the unit test for the moment,
to verify that the code in gio works the same as the one that
we used to ship in wocky.
There was one difference in the code from GIO, though. It includes
"Basic" as part of the authorization string. According to RFC this
is correct, so it looks like the wocky proxy client code was doing
this wrong. I have updated the test to reflect that.
Additionally, this commit removes support for building GIO proxy
support depending on whether GIO is recent enough or not.
We can now safely depend unconditionally on a recent enough version.
https://bugs.freedesktop.org/show_bug.cgi?id=94031
Reviewed-by: Diane Trout <diane@ghic.org>
|
| |
| |
| |
| |
| | |
It looks like gnutls has just renamed their struct types to have a _t
at the end of their name
|
| |
| |
| |
| |
| |
| |
| |
| | |
* Replace with new call soup_session_new ();
* Indicate minimum libsoup version
https://bugs.freedesktop.org/show_bug.cgi?id=96383
Reviewed-by: George Kiagiadakis <gkiagia@tolabaki.gr>
|
| |
| |
| |
| |
| | |
* Replace with new call soup_session_new ();
* Indicate minimum libsoup version
|
| | |
|
| |
| |
| |
| |
| | |
The caller of this function may pass NULL as @error so we shouldn't rely on
it.
|
| | |
|
| | |
|
|\ \
| |/ |
|
| |
| |
| |
| |
| | |
This callback can deal with self being destroyed but it was trying to
access self->priv before early returning.
|
|\ \
| |/ |
|
| |
| |
| |
| |
| |
| |
| | |
Recent (Markdown-based) gtk-doc doesn't like <code> spanning
more than one line, causing a build failure.
Reviewed-by: Guillaume Desmottes
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The callback returns FALSE so the source will be invalidated.
Recent GLib now raises a critical when attempting to remove an invalid ID,
making some jingle tests failing.
(cherry picked from commit 01fbaec365cc58d6f3de46ce3f54f6413f3ec0f9)
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
The callback returns FALSE so the source will be invalidated.
Recent GLib now raises a critical when attempting to remove an invalid ID,
making some jingle tests failing.
|
| |
| |
| |
| |
| | |
Looks like it's been replaced by gnutls_certificate_credentials_t since a
while.
|
| | |
|
| |
| |
| |
| | |
https://bugs.freedesktop.org/show_bug.cgi?id=66262
|
| |
| |
| |
| | |
https://bugs.freedesktop.org/show_bug.cgi?id=66262
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This reverts commit d8fcf78cf9bbad0b822b3368479cea532f11dc83.
I didn't mean to merge this patch, since it is still pending the
testing/checking Simon mentions on
<https://bugs.freedesktop.org/show_bug.cgi?id=65657#c2>. But I guess it
was locally applied when I merged Tobias' patch.
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There seems to be a race condition in Jitsi: if we send a transport-info
full of candidates immediately after sending a session-info, it
sometimes seems to miss the candidates we send it. Waiting until after
it acks our session-initiate seems to do the trick. This is only visible
in an application which only ever sends a single local candidate,
immediately after initiating; it is probably masked in Telepathy by new
candidates trickling in after the call starts as we get STUN replies.
The previous code would call _transmit_candidates when accepting a call,
too, but I don't think this is necessary: in the case where the call is
incoming, wocky_jingle_content_add_candidate() will tell the transport
to send out new candidates as they are added because the state is >
EMPTY.
https://bugs.freedesktop.org/show_bug.cgi?id=65657
|
|
|
|
|
|
|
|
|
| |
Some were already checked, but as assertions: this is
(now) public library API, so downgrade to g_return_if_fail().
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=65131
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Xavier Claessens <xavier.claessens@collabora.co.uk>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
wocky_jingle_session_parse() advances the session's state
machine. In particular, it may cause termination, which
causes the session to be removed from the factory's
hash table, which may cause its last ref to be released.
Until recently, this would have gone unnoticed, but
wocky_jingle_session_acknowledge_iq() now emits a signal
from the session (to check whether it has the "is Google
webmail" quirk), and that causes a check that it is in fact
still a valid session object.
Also correct a misleading comment spotted while debugging
this: priv->sessions owns both key and sess.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=65131
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Xavier Claessens <xavier.claessens@collabora.co.uk>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Google webmail client currently starts calls like this:
<iq type="set" ...>
<jingle xmlns="urn:xmpp:jingle:1'"
action="session-initiate" ...>...</jingle>
<session xmlns="http://www.google.com/session"
type="initiate" ...>...</session>
</iq>
(This isn't valid XMPP Core, because 'An IQ stanza of type "get"
or "set" MUST contain exactly one child element', but we can
tolerate it.)
When called, it also echoes the contents of the sender's IQ back to the
sender. It appears that this is how, when it makes an outgoing call,
it determines which dialect the recipient wants to use: the recipient
echoes the appropriate child element.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=65131
Reviewed-by: Xavier Claessens <xavier.claessens@collabora.co.uk>
|
|
|
|
|
|
|
|
| |
This avoids compilation failing because the new(ish) g_thread_new
wasn't available in our target version. telepathy-gabble indirectly
depends on GLib 2.32 anyway, via telepathy-glib 0.20.
Reviewed-by: Xavier Claessens <xavier.claessens@collabora.co.uk>
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
It's checked elsewhere for XMPP 1.0 servers, which can either
use "old SSL" or perform STARTTLS. Legacy Jabber can only use
"old SSL", which is similar to https - connect to a separate port,
typically 5223, and start speaking SSL - so if the connection was
ever going to be encrypted, by this point it already would be.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=65036
Reviewed-by: Sjoerd Simons <sjoerd.simons@collabora.co.uk>
|
| | |
|
|\ \
| |/ |
|