replace certificate_check_jabbername by certificate_check_name

2024-08-15 03:25:10 +00:00 · 2011-08-01 10:22:52 +02:00 · 2011-08-01 10:22:52 +02:00 · 3c20b2cd37
commit 3c20b2cd37
parent 85b4d2f1dc
5 changed files with 84 additions and 6 deletions
--- a/world/net/jabber/active.c
+++ b/world/net/jabber/active.c
@ -315,7 +315,7 @@ tls_logon(result) {
 	mixed cert = tls_certificate(ME, 0);
 	P3(("active::certinfo %O\n", cert))
 	if (mappingp(cert)) {
-	    unless (certificate_check_jabbername(hostname, cert)) {
+	    unless (certificate_check_name(hostname, cert, "xmpp-server")) {
 #ifdef _flag_report_bogus_certificates
 		monitor_report("_error_invalid_certificate_identity",
 			       sprintf("%O presented a certificate that "
--- a/world/net/jabber/common.c
+++ b/world/net/jabber/common.c
@ -393,6 +393,7 @@ xmpp_error(node, xmpperror) {
    return 0;
 }

+// deprecated - use certificate_check_name from library/tls.c instead
 #ifdef WANT_S2S_TLS
 certificate_check_jabbername(name, cert) {
    mixed t;
--- a/world/net/jabber/gateway.c
+++ b/world/net/jabber/gateway.c
@ -291,8 +291,8 @@ jabberMsg(XMLNode node) {
 	// paranoia note: as with XEP 0178 we might want to check dns anyway to
 	// 	protect against stolen certificates
 	if (mappingp(certinfo) && certinfo[0] == 0 
-	    && node["@from"] && certificate_check_jabbername(node["@from"], certinfo)) {
-		P0(("dialback without dialback %O\n", certinfo))
+	    && node["@from"] && certificate_check_name(node["@from"], certinfo, "xmpp-server")) {
+		P2(("dialback without dialback %O\n", certinfo))
 		verify_connection(node["@to"], node["@from"], "valid"); 
 	} else {
 		sendmsg(origin,
@ -414,7 +414,7 @@ jabberMsg(XMLNode node) {
 		 */
 		int success = 0;

-		success = certificate_check_jabbername(t, certinfo);
+		success = certificate_check_name(t, certinfo, "xmpp-server");
 		if (success) {
 		    emitraw("<success xmlns='" NS_XMPP "xmpp-sasl'/>");
 		    P2(("successful sasl external authentication with "
@ -542,8 +542,8 @@ open_stream(XMLNode node) {
 		    // sasl external if we know that it will succeed
 		    // later on
 		    if (node["@from"] &&
-			    certificate_check_jabbername(node["@from"],
-						     certinfo)) {
+			    certificate_check_name(node["@from"],
+						     certinfo, "xmpp-server")) {
 			packet += "<mechanisms xmlns='" NS_XMPP "xmpp-sasl'>";
 			packet += "<mechanism>EXTERNAL</mechanism>";
 			packet += "</mechanisms>";
--- a/world/net/jabber/server.c
+++ b/world/net/jabber/server.c
@ -485,6 +485,8 @@ open_stream(XMLNode node) {
 		    // sasl anonymous
 		      "<mechanism>ANONYMOUS</mechanism>";
 #endif
+		// here it makes sense to use check_jabbername 
+		// but that is currently unused anyway
 #if __EFUN_DEFINED__(tls_available)
 		if (tls_available() && tls_query_connection_state(ME) > 0
 			&& mappingp(certinfo) && certinfo[0] == 0