Mercurial > pidgin.yaz

comparison libpurple/certificate.c @ 28320:6dd97a284d65

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Better errors for certificate expiration/activation checking.
author Paul Aurich <paul@darkrain42.org>
date Wed, 22 Jul 2009 04:24:06 +0000
parents 151ec92db74c
children b131c68822ce
comparison
equal deleted inserted replaced
28319:32ef0358b469 28320:6dd97a284d65
1500 ret = purple_certificate_get_times(vrq->cert_chain->data, &activation, 1500 ret = purple_certificate_get_times(vrq->cert_chain->data, &activation,
1501 &expiration); 1501 &expiration);
1502 if (!ret || now > expiration || now < activation) { 1502 if (!ret || now > expiration || now < activation) {
1503 gchar *secondary; 1503 gchar *secondary;
1504 1504
1505 if (!ret) 1505 if (!ret) {
1506 purple_debug_error("certificate/x509/tls_cached", 1506 purple_debug_error("certificate/x509/tls_cached",
1507 "Failed to get validity times for certificate %s\n", 1507 "Failed to get validity times for certificate %s\n",
1508 vrq->subject_name); 1508 vrq->subject_name);
1509 else if (now > expiration) 1509 secondary = g_strdup_printf(_("Failed to validate expiration time "
1510 "for %s"), vrq->subject_name);
1511 } else if (now > expiration) {
1510 purple_debug_error("certificate/x509/tls_cached", 1512 purple_debug_error("certificate/x509/tls_cached",
1511 "Certificate %s expired at %s\n", 1513 "Certificate %s expired at %s\n",
1512 vrq->subject_name, ctime(&expiration)); 1514 vrq->subject_name, ctime(&expiration));
1513 else 1515 secondary = g_strdup_printf(_("The certificate for %s is expired."),
1516 vrq->subject_name);
1517 } else {
1514 purple_debug_error("certificate/x509/tls_cached", 1518 purple_debug_error("certificate/x509/tls_cached",
1515 "Certificate %s is not yet valid, will be at %s\n", 1519 "Certificate %s is not yet valid, will be at %s\n",
1516 vrq->subject_name, ctime(&activation)); 1520 vrq->subject_name, ctime(&activation));
1517 1521 secondary = g_strdup_printf(_("The certificate for %s should not "
1518 /* FIXME 2.6.1 */ 1522 "yet be in use."), vrq->subject_name);
1519 secondary = g_strdup_printf(_("The certificate chain presented" 1523 }
1520 " for %s is not valid."),
1521 vrq->subject_name);
1522 1524
1523 purple_notify_error(NULL, /* TODO: Probably wrong. */ 1525 purple_notify_error(NULL, /* TODO: Probably wrong. */
1524 _("SSL Certificate Error"), 1526 _("SSL Certificate Error"),
1525 _("Invalid certificate chain"), 1527 _("Invalid certificate chain"),
1526 secondary ); 1528 secondary );
1527 g_free(secondary); 1529 g_free(secondary);
1528 1530
1529 /* Okay, we're done here */ 1531 /* Okay, we're done here */
1530 purple_certificate_verify_complete(vrq, 1532 purple_certificate_verify_complete(vrq,
1531 PURPLE_CERTIFICATE_INVALID); 1533 PURPLE_CERTIFICATE_INVALID);
1532 return; 1534 return;
1533 } 1535 }
1534 1536
1535 tls_peers = purple_certificate_find_pool(x509_tls_cached.scheme_name,tls_peers_name); 1537 tls_peers = purple_certificate_find_pool(x509_tls_cached.scheme_name,tls_peers_name);
1536 1538