Mercurial > pidgin.yaz
comparison libpurple/certificate.c @ 28320:6dd97a284d65
Better errors for certificate expiration/activation checking.
author | Paul Aurich <paul@darkrain42.org> |
---|---|
date | Wed, 22 Jul 2009 04:24:06 +0000 |
parents | 151ec92db74c |
children | b131c68822ce |
comparison
equal
deleted
inserted
replaced
28319:32ef0358b469 | 28320:6dd97a284d65 |
---|---|
1500 ret = purple_certificate_get_times(vrq->cert_chain->data, &activation, | 1500 ret = purple_certificate_get_times(vrq->cert_chain->data, &activation, |
1501 &expiration); | 1501 &expiration); |
1502 if (!ret || now > expiration || now < activation) { | 1502 if (!ret || now > expiration || now < activation) { |
1503 gchar *secondary; | 1503 gchar *secondary; |
1504 | 1504 |
1505 if (!ret) | 1505 if (!ret) { |
1506 purple_debug_error("certificate/x509/tls_cached", | 1506 purple_debug_error("certificate/x509/tls_cached", |
1507 "Failed to get validity times for certificate %s\n", | 1507 "Failed to get validity times for certificate %s\n", |
1508 vrq->subject_name); | 1508 vrq->subject_name); |
1509 else if (now > expiration) | 1509 secondary = g_strdup_printf(_("Failed to validate expiration time " |
1510 "for %s"), vrq->subject_name); | |
1511 } else if (now > expiration) { | |
1510 purple_debug_error("certificate/x509/tls_cached", | 1512 purple_debug_error("certificate/x509/tls_cached", |
1511 "Certificate %s expired at %s\n", | 1513 "Certificate %s expired at %s\n", |
1512 vrq->subject_name, ctime(&expiration)); | 1514 vrq->subject_name, ctime(&expiration)); |
1513 else | 1515 secondary = g_strdup_printf(_("The certificate for %s is expired."), |
1516 vrq->subject_name); | |
1517 } else { | |
1514 purple_debug_error("certificate/x509/tls_cached", | 1518 purple_debug_error("certificate/x509/tls_cached", |
1515 "Certificate %s is not yet valid, will be at %s\n", | 1519 "Certificate %s is not yet valid, will be at %s\n", |
1516 vrq->subject_name, ctime(&activation)); | 1520 vrq->subject_name, ctime(&activation)); |
1517 | 1521 secondary = g_strdup_printf(_("The certificate for %s should not " |
1518 /* FIXME 2.6.1 */ | 1522 "yet be in use."), vrq->subject_name); |
1519 secondary = g_strdup_printf(_("The certificate chain presented" | 1523 } |
1520 " for %s is not valid."), | |
1521 vrq->subject_name); | |
1522 | 1524 |
1523 purple_notify_error(NULL, /* TODO: Probably wrong. */ | 1525 purple_notify_error(NULL, /* TODO: Probably wrong. */ |
1524 _("SSL Certificate Error"), | 1526 _("SSL Certificate Error"), |
1525 _("Invalid certificate chain"), | 1527 _("Invalid certificate chain"), |
1526 secondary ); | 1528 secondary ); |
1527 g_free(secondary); | 1529 g_free(secondary); |
1528 | 1530 |
1529 /* Okay, we're done here */ | 1531 /* Okay, we're done here */ |
1530 purple_certificate_verify_complete(vrq, | 1532 purple_certificate_verify_complete(vrq, |
1531 PURPLE_CERTIFICATE_INVALID); | 1533 PURPLE_CERTIFICATE_INVALID); |
1532 return; | 1534 return; |
1533 } | 1535 } |
1534 | 1536 |
1535 tls_peers = purple_certificate_find_pool(x509_tls_cached.scheme_name,tls_peers_name); | 1537 tls_peers = purple_certificate_find_pool(x509_tls_cached.scheme_name,tls_peers_name); |
1536 | 1538 |