pidgin/pidgin

certificate: Use SHA256 fingerprints instead of SHA1
release-2.x.y
2017-03-06, dx
b3d0ba7c75f6
certificate: Use SHA256 fingerprints instead of SHA1

This meant adding a get_fingerprint_sha256 function to the certificate scheme
structs, which meant adding a struct_size member because we ran out of reserved
members there.

The API-facing purple_certificate_get_fingerprint_sha256() has a fallback
parameter to use sha1 if the SSL plugin doesn't implement this function
(probably an outdated installation, or a third party SSL plugin). When using
the function for display purposes, the fallback is disabled and it returns
NULL, but when using it to compare certificates it's better to have at least
the SHA1.

In functions like purple_certificate_display_x509(), some slight changes to
translatable strings would have been required. Since we're in a string freeze
right now, I avoided those by concatenating a language-neutral "SHA256: %s" at
the end of those messages. The SHA1 line used the word "fingerprint" but we
can't reuse that translation. This should be cleaned up after the release.
/**
* @file stun.h STUN API
* @ingroup core
*/
/* purple
*
* Purple is the legal property of its developers, whose names are too numerous
* to list here. Please refer to the COPYRIGHT file distributed with this
* source distribution.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA
*/
#ifndef _PURPLE_STUN_H_
#define _PURPLE_STUN_H_
#ifdef __cplusplus
extern "C" {
#endif
/**************************************************************************/
/** @name STUN API */
/**************************************************************************/
/*@{*/
typedef struct _PurpleStunNatDiscovery PurpleStunNatDiscovery;
typedef enum {
PURPLE_STUN_STATUS_UNDISCOVERED = -1,
PURPLE_STUN_STATUS_UNKNOWN, /* no STUN server reachable */
PURPLE_STUN_STATUS_DISCOVERING,
PURPLE_STUN_STATUS_DISCOVERED
} PurpleStunStatus;
typedef enum {
PURPLE_STUN_NAT_TYPE_PUBLIC_IP,
PURPLE_STUN_NAT_TYPE_UNKNOWN_NAT,
PURPLE_STUN_NAT_TYPE_FULL_CONE,
PURPLE_STUN_NAT_TYPE_RESTRICTED_CONE,
PURPLE_STUN_NAT_TYPE_PORT_RESTRICTED_CONE,
PURPLE_STUN_NAT_TYPE_SYMMETRIC
} PurpleStunNatType;
struct _PurpleStunNatDiscovery {
PurpleStunStatus status;
PurpleStunNatType type;
char publicip[16];
char *servername;
time_t lookup_time;
};
typedef void (*StunCallback) (PurpleStunNatDiscovery *);
/**
* Starts a NAT discovery. It returns a PurpleStunNatDiscovery if the discovery
* is already done. Otherwise the callback is called when the discovery is over
* and NULL is returned.
*
* @param cb The callback to call when the STUN discovery is finished if the
* discovery would block. If the discovery is done, this is NOT
* called.
*
* @return a PurpleStunNatDiscovery which includes the public IP and the type
* of NAT or NULL is discovery would block
*/
PurpleStunNatDiscovery *purple_stun_discover(StunCallback cb);
void purple_stun_init(void);
/*@}*/
#ifdef __cplusplus
}
#endif
#endif /* _PURPLE_STUN_H_ */