diff options
author | Ruslan N. Marchenko <me@ruff.mobi> | 2020-09-05 15:10:04 +0200 |
---|---|---|
committer | Ruslan N. Marchenko <me@ruff.mobi> | 2020-09-25 19:29:50 +0200 |
commit | 0d6cda99149d470c4968b1993a204b1b4f894339 (patch) | |
tree | a2c425605d201a8919debe23e052f1fa9b522ef3 | |
parent | 1438c5d1c23ceac605e0aec19ab550dea59c0e0b (diff) |
Add experimental SASL TLS channel binding type Exporter
tls-unique binding type does not work properly with TLSv1.3 thus
new bindign type tls-exporter is proposed as a new default binding
type for TLSv1.3. As of Sept 2020 it is not yet adopted as a draft
standard therefore it is not yet publicly available in Glib API.
This commit uses hidden experimental tls-exporter tls binding type
in glib-networking.
-rw-r--r-- | wocky/wocky-auth-registry.h | 1 | ||||
-rw-r--r-- | wocky/wocky-sasl-auth.c | 10 | ||||
-rw-r--r-- | wocky/wocky-sasl-scram.c | 4 |
3 files changed, 14 insertions, 1 deletions
diff --git a/wocky/wocky-auth-registry.h b/wocky/wocky-auth-registry.h index 433d408..28e89a5 100644 --- a/wocky/wocky-auth-registry.h +++ b/wocky/wocky-auth-registry.h @@ -85,6 +85,7 @@ typedef enum WOCKY_TLS_BINDING_NONE, WOCKY_TLS_BINDING_TLS_UNIQUE, WOCKY_TLS_BINDING_TLS_SERVER_END_POINT, + WOCKY_TLS_BINDING_TLS_EXPORTER, WOCKY_TLS_BINDING_INVALID_TYPE } WockyTLSBindingType; diff --git a/wocky/wocky-sasl-auth.c b/wocky/wocky-sasl-auth.c index 84c166f..ce7d294 100644 --- a/wocky/wocky-sasl-auth.c +++ b/wocky/wocky-sasl-auth.c @@ -690,7 +690,12 @@ wocky_tls_get_cb_data (WockyXmppConnection *conn, WockyTLSBindingType type) tc = G_TLS_CONNECTION (ios); g_object_unref (ios); -#if GLIB_VERSION_CUR_STABLE >= G_ENCODE_VERSION(2,66) + /* Unfortunatelly backend didn'make it into 2.66 so we need next minor */ +#if G_ENCODE_VERSION (GLIB_MAJOR_VERSION, GLIB_MINOR_VERSION) > G_ENCODE_VERSION(2,66) + /* We need this conversion and cast until Exporter is adopted by IETF and + * gets officially into public API. So far it is hidden experimental type. + * Once adopted we can simpy typedef WockyTLSBindingType to + * GTlsChannelBindingType */ switch (type) { case WOCKY_TLS_BINDING_TLS_UNIQUE: @@ -699,6 +704,9 @@ wocky_tls_get_cb_data (WockyXmppConnection *conn, WockyTLSBindingType type) case WOCKY_TLS_BINDING_TLS_SERVER_END_POINT: g_tls_cb_t = G_TLS_CHANNEL_BINDING_TLS_SERVER_END_POINT; break; + case WOCKY_TLS_BINDING_TLS_EXPORTER: + g_tls_cb_t = 100500; + break; default: DEBUG ("TLS channel binding is disabled or not supported[%d]", type); return NULL; diff --git a/wocky/wocky-sasl-scram.c b/wocky/wocky-sasl-scram.c index 1db29b1..9ed2859 100644 --- a/wocky/wocky-sasl-scram.c +++ b/wocky/wocky-sasl-scram.c @@ -315,6 +315,10 @@ scram_initial_response (WockyAuthHandler *handler, priv->gs2_flag = "p=tls-server-end-point,,"; g_assert (priv->cb_data != NULL); break; + case WOCKY_TLS_BINDING_TLS_EXPORTER: + priv->gs2_flag = "p=tls-exporter,,"; + g_assert (priv->cb_data != NULL); + break; default: g_assert_not_reached (); } |