Mercurial > pidgin.yaz

comparison libpurple/plugins/ssl/ssl-gnutls.c @ 19212:2c7c934bfb4e

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
- Fix x509_signed_by. Apparently I can't read documentation.
author William Ehlhardt <williamehlhardt@gmail.com>
date Mon, 13 Aug 2007 16:33:32 +0000
parents 05ae340c42cc
children ab91044a914e
comparison
equal deleted inserted replaced
19211:8b2b9765fe64 19212:2c7c934bfb4e
646 x509_certificate_signed_by(PurpleCertificate * crt, 646 x509_certificate_signed_by(PurpleCertificate * crt,
647 PurpleCertificate * issuer) 647 PurpleCertificate * issuer)
648 { 648 {
649 gnutls_x509_crt_t crt_dat; 649 gnutls_x509_crt_t crt_dat;
650 gnutls_x509_crt_t issuer_dat; 650 gnutls_x509_crt_t issuer_dat;
651 unsigned int verify; /* used to store details from GnuTLS verifier */ 651 unsigned int verify; /* used to store result from GnuTLS verifier */
652 int ret; 652 int ret;
653 653
654 /* TODO: Change this error checking? */ 654 /* TODO: Change this error checking? */
655 g_return_val_if_fail(crt, FALSE); 655 g_return_val_if_fail(crt, FALSE);
656 g_return_val_if_fail(issuer, FALSE); 656 g_return_val_if_fail(issuer, FALSE);
670 670
671 if (ret < 0) { 671 if (ret < 0) {
672 purple_debug_error("gnutls/x509", 672 purple_debug_error("gnutls/x509",
673 "GnuTLS error %d while checking certificate issuer match.", 673 "GnuTLS error %d while checking certificate issuer match.",
674 ret); 674 ret);
675 } else {
676 gchar *crt_id, *issuer_id, *crt_issuer_id;
677 crt_id = purple_certificate_get_unique_id(crt);
678 issuer_id = purple_certificate_get_unique_id(issuer);
679 crt_issuer_id =
680 purple_certificate_get_issuer_unique_id(crt);
681 purple_debug_info("gnutls/x509",
682 "Certificate for %s claims to be "
683 "issued by %s, but the certificate "
684 "for %s does not match. A strcmp "
685 "says %d\n",
686 crt_id, crt_issuer_id, issuer_id,
687 strcmp(crt_issuer_id, issuer_id));
688 g_free(crt_id);
689 g_free(issuer_id);
690 g_free(crt_issuer_id);
675 } 691 }
676 692
677 /* The issuer is not correct, or there were errors */ 693 /* The issuer is not correct, or there were errors */
678 return FALSE; 694 return FALSE;
679 } 695 }
681 /* Now, check the signature */ 697 /* Now, check the signature */
682 /* The second argument is a ptr to an array of "trusted" issuer certs, 698 /* The second argument is a ptr to an array of "trusted" issuer certs,
683 but we're only using one trusted one */ 699 but we're only using one trusted one */
684 ret = gnutls_x509_crt_verify(crt_dat, &issuer_dat, 1, 0, &verify); 700 ret = gnutls_x509_crt_verify(crt_dat, &issuer_dat, 1, 0, &verify);
685 701
686 if (ret > 0) { 702 if (ret != 0) {
687 /* The certificate is good. */
688 return TRUE;
689 }
690 else if (ret < 0) {
691 purple_debug_error("gnutls/x509", 703 purple_debug_error("gnutls/x509",
692 "Attempted certificate verification caused a GnuTLS error code %d. I will just say the signature is bad, but you should look into this.\n", ret); 704 "Attempted certificate verification caused a GnuTLS error code %d. I will just say the signature is bad, but you should look into this.\n", ret);
693 return FALSE; 705 return FALSE;
694 } 706 }
695 else { 707
708 if (verify & GNUTLS_CERT_INVALID) {
696 /* Signature didn't check out, but at least 709 /* Signature didn't check out, but at least
697 there were no errors*/ 710 there were no errors*/
711 gchar *crt_id = purple_certificate_get_unique_id(crt);
712 gchar *issuer_id = purple_certificate_get_issuer_unique_id(crt);
713 purple_debug_info("gnutls/x509",
714 "Bad signature for %s on %s\n",
715 issuer_id, crt_id);
716 g_free(crt_id);
717 g_free(issuer_id);
718
698 return FALSE; 719 return FALSE;
699 } /* if (ret, etc.) */ 720 } /* if (ret, etc.) */
700 721
701 /* Control does not reach this point */ 722 /* If we got here, the signature is good */
723 return TRUE;
702 } 724 }
703 725
704 static GByteArray * 726 static GByteArray *
705 x509_sha1sum(PurpleCertificate *crt) 727 x509_sha1sum(PurpleCertificate *crt)
706 { 728 {