ssl cient auth
lucas.fisher at gmail.com
Sat Sep 3 17:31:54 EDT 2011
I have a working implementation of SSL client authentication in
im.pidgin.cpw.ljfisher.ssl_client_auth. It required a number of API additions
and some changes. Anyone want to look at it for suitability for merging?
Currently only supports gnutls and requires cyrus sasl be enabled.
Summary of changes:
- Added PurplePrivateKey
- Added PurplePrivateKeyScheme
- Added PurplePrivateKeyPool
- Added PurplePkcs12Scheme
- Added a certificate pool for user certificates
- Added optional function to PurplePluginProtocolInfo to get the account
options. Previously this was a field that was access directly. This allow
dynamic generation of protocol options so I could return a list of
certifiicates in the pool. The field is still valid so other plugins will
continue to work.
- Added drop-down box to XMPP advanced accoutt options (via the new dynamic
account options function) for selecting the certificate to use for
-Modified purple_ssl_connect_* to take a certificate id to use for client side
- Added fields to PurpleSslConnection for client keys and certs used for
- enabled SASL external in jabber plugin
- Added support to gnutls ssl plugin for sending client cert.
- Added support to gnutls ssl plugin for PurplePkcs12Scheme and
- Added extra tab to gtkcertmgr for user certificates
For convenience this will get you a diff of the heads of im.pidgin.pidgin and
mtn diff -r 21f078cdce656c60707d6518904262ee44ac648c -r
- clean out some dead code if the API changes are acceptable
- Enable password caching for at least the session to the private key password
- Support for NSS if necessary. Might be required for building on Windows?
More information about the Devel