Mercurial > pidgin.yaz
comparison libpurple/plugins/ssl/ssl-gnutls.c @ 19212:2c7c934bfb4e
- Fix x509_signed_by. Apparently I can't read documentation.
author | William Ehlhardt <williamehlhardt@gmail.com> |
---|---|
date | Mon, 13 Aug 2007 16:33:32 +0000 |
parents | 05ae340c42cc |
children | ab91044a914e |
comparison
equal
deleted
inserted
replaced
19211:8b2b9765fe64 | 19212:2c7c934bfb4e |
---|---|
646 x509_certificate_signed_by(PurpleCertificate * crt, | 646 x509_certificate_signed_by(PurpleCertificate * crt, |
647 PurpleCertificate * issuer) | 647 PurpleCertificate * issuer) |
648 { | 648 { |
649 gnutls_x509_crt_t crt_dat; | 649 gnutls_x509_crt_t crt_dat; |
650 gnutls_x509_crt_t issuer_dat; | 650 gnutls_x509_crt_t issuer_dat; |
651 unsigned int verify; /* used to store details from GnuTLS verifier */ | 651 unsigned int verify; /* used to store result from GnuTLS verifier */ |
652 int ret; | 652 int ret; |
653 | 653 |
654 /* TODO: Change this error checking? */ | 654 /* TODO: Change this error checking? */ |
655 g_return_val_if_fail(crt, FALSE); | 655 g_return_val_if_fail(crt, FALSE); |
656 g_return_val_if_fail(issuer, FALSE); | 656 g_return_val_if_fail(issuer, FALSE); |
670 | 670 |
671 if (ret < 0) { | 671 if (ret < 0) { |
672 purple_debug_error("gnutls/x509", | 672 purple_debug_error("gnutls/x509", |
673 "GnuTLS error %d while checking certificate issuer match.", | 673 "GnuTLS error %d while checking certificate issuer match.", |
674 ret); | 674 ret); |
675 } else { | |
676 gchar *crt_id, *issuer_id, *crt_issuer_id; | |
677 crt_id = purple_certificate_get_unique_id(crt); | |
678 issuer_id = purple_certificate_get_unique_id(issuer); | |
679 crt_issuer_id = | |
680 purple_certificate_get_issuer_unique_id(crt); | |
681 purple_debug_info("gnutls/x509", | |
682 "Certificate for %s claims to be " | |
683 "issued by %s, but the certificate " | |
684 "for %s does not match. A strcmp " | |
685 "says %d\n", | |
686 crt_id, crt_issuer_id, issuer_id, | |
687 strcmp(crt_issuer_id, issuer_id)); | |
688 g_free(crt_id); | |
689 g_free(issuer_id); | |
690 g_free(crt_issuer_id); | |
675 } | 691 } |
676 | 692 |
677 /* The issuer is not correct, or there were errors */ | 693 /* The issuer is not correct, or there were errors */ |
678 return FALSE; | 694 return FALSE; |
679 } | 695 } |
681 /* Now, check the signature */ | 697 /* Now, check the signature */ |
682 /* The second argument is a ptr to an array of "trusted" issuer certs, | 698 /* The second argument is a ptr to an array of "trusted" issuer certs, |
683 but we're only using one trusted one */ | 699 but we're only using one trusted one */ |
684 ret = gnutls_x509_crt_verify(crt_dat, &issuer_dat, 1, 0, &verify); | 700 ret = gnutls_x509_crt_verify(crt_dat, &issuer_dat, 1, 0, &verify); |
685 | 701 |
686 if (ret > 0) { | 702 if (ret != 0) { |
687 /* The certificate is good. */ | |
688 return TRUE; | |
689 } | |
690 else if (ret < 0) { | |
691 purple_debug_error("gnutls/x509", | 703 purple_debug_error("gnutls/x509", |
692 "Attempted certificate verification caused a GnuTLS error code %d. I will just say the signature is bad, but you should look into this.\n", ret); | 704 "Attempted certificate verification caused a GnuTLS error code %d. I will just say the signature is bad, but you should look into this.\n", ret); |
693 return FALSE; | 705 return FALSE; |
694 } | 706 } |
695 else { | 707 |
708 if (verify & GNUTLS_CERT_INVALID) { | |
696 /* Signature didn't check out, but at least | 709 /* Signature didn't check out, but at least |
697 there were no errors*/ | 710 there were no errors*/ |
711 gchar *crt_id = purple_certificate_get_unique_id(crt); | |
712 gchar *issuer_id = purple_certificate_get_issuer_unique_id(crt); | |
713 purple_debug_info("gnutls/x509", | |
714 "Bad signature for %s on %s\n", | |
715 issuer_id, crt_id); | |
716 g_free(crt_id); | |
717 g_free(issuer_id); | |
718 | |
698 return FALSE; | 719 return FALSE; |
699 } /* if (ret, etc.) */ | 720 } /* if (ret, etc.) */ |
700 | 721 |
701 /* Control does not reach this point */ | 722 /* If we got here, the signature is good */ |
723 return TRUE; | |
702 } | 724 } |
703 | 725 |
704 static GByteArray * | 726 static GByteArray * |
705 x509_sha1sum(PurpleCertificate *crt) | 727 x509_sha1sum(PurpleCertificate *crt) |
706 { | 728 { |