87
public async TlsClientConnection starttls_handshake_async(IOStream base_stream,
88
SocketConnectable connectable, Cancellable? cancellable = null) throws Error {
89
TlsClientConnection tls_cx = TlsClientConnection.new(base_stream, connectable);
90
prepare_tls_cx(tls_cx, true);
92
yield tls_cx.handshake_async(Priority.DEFAULT, cancellable);
97
private void on_socket_client_event(SocketClientEvent event, SocketConnectable? connectable,
99
// get TlsClientConnection to bind signals and set flags prior to handshake
100
if (event == SocketClientEvent.TLS_HANDSHAKING)
101
prepare_tls_cx((TlsClientConnection) ios, false);
104
private void prepare_tls_cx(TlsClientConnection tls_cx, bool starttls) {
105
tls_cx.use_ssl3 = force_ssl3;
106
tls_cx.set_validation_flags(tls_validation_flags);
108
// Vala doesn't do delegates in a ternary operator very well
110
tls_cx.accept_certificate.connect(on_accept_starttls_certificate);
112
tls_cx.accept_certificate.connect(on_accept_ssl_certificate);
115
private bool on_accept_starttls_certificate(TlsConnection cx, TlsCertificate cert, TlsCertificateFlags flags) {
116
return report_tls_warnings("STARTTLS", flags);
119
private bool on_accept_ssl_certificate(TlsConnection cx, TlsCertificate cert, TlsCertificateFlags flags) {
120
return report_tls_warnings("SSL", flags);
123
private bool report_tls_warnings(string cx_type, TlsCertificateFlags warnings) {
124
// TODO: Report or verify flags with user, but for now merely log for informational/debugging
125
// reasons and accede
126
message("%s TLS warnings connecting to %s: %Xh (%s)", cx_type, to_string(), warnings,
127
tls_flags_to_string(warnings));
132
private string tls_flags_to_string(TlsCertificateFlags flags) {
133
StringBuilder builder = new StringBuilder();
134
for (int pos = 0; pos < sizeof (TlsCertificateFlags) * 8; pos++) {
135
TlsCertificateFlags flag = flags & (1 << pos);
137
if (!String.is_empty(builder.str))
138
builder.append(" | ");
140
builder.append(tls_flag_to_string(flag));
144
return !String.is_empty(builder.str) ? builder.str : "(none)";
147
// Vala to_string() for Flags enums currently doesn't work -- bummer...
148
// Should only be called when a single flag is set, otherwise returns a string indicating an
150
public string tls_flag_to_string(TlsCertificateFlags flag) {
152
case TlsCertificateFlags.BAD_IDENTITY:
153
return "BAD_IDENTITY";
155
case TlsCertificateFlags.EXPIRED:
158
case TlsCertificateFlags.GENERIC_ERROR:
159
return "GENERIC_ERROR";
161
case TlsCertificateFlags.INSECURE:
164
case TlsCertificateFlags.NOT_ACTIVATED:
165
return "NOT_ACTIVATED";
167
case TlsCertificateFlags.REVOKED:
170
case TlsCertificateFlags.UNKNOWN_CA:
174
return "(unknown=%Xh)".printf(flag);
85
179
* Returns true if a STARTTLS command should be attempted on the connection:
86
180
* (a) STARTTLS is reported available (a parameter specified by the caller to this method),