Mercurial > pidgin.yaz
diff libpurple/certificate.c @ 27643:199cf148cdf8
Continue verification when we can't find a *cached* peer. Fixes #9664.
This should be a fatal condition and not finding a cached certificate
is *not* the same as "the certificate changed".
author | Paul Aurich <paul@darkrain42.org> |
---|---|
date | Thu, 16 Jul 2009 02:46:36 +0000 |
parents | 18a96fe78870 |
children | e1cd44c7c7af 151ec92db74c |
line wrap: on
line diff
--- a/libpurple/certificate.c Thu Jul 16 02:20:40 2009 +0000 +++ b/libpurple/certificate.c Thu Jul 16 02:46:36 2009 +0000 @@ -1218,20 +1218,6 @@ } static void -x509_tls_cached_peer_cert_changed(PurpleCertificateVerificationRequest *vrq) -{ - /* TODO: Prompt the user, etc. */ - - purple_debug_info("certificate/x509/tls_cached", - "Certificate for %s does not match cached. " - "Auto-rejecting!\n", - vrq->subject_name); - - purple_certificate_verify_complete(vrq, PURPLE_CERTIFICATE_INVALID); - return; -} - -static void x509_tls_cached_unknown_peer(PurpleCertificateVerificationRequest *vrq); static void @@ -1254,12 +1240,11 @@ cached_crt = purple_certificate_pool_retrieve( tls_peers, vrq->subject_name); if ( !cached_crt ) { - purple_debug_error("certificate/x509/tls_cached", + purple_debug_warning("certificate/x509/tls_cached", "Lookup failed on cached certificate!\n" - "It was here just a second ago. Forwarding " - "to cert_changed.\n"); - /* vrq now becomes the problem of cert_changed */ - x509_tls_cached_peer_cert_changed(vrq); + "Falling back to full verification.\n"); + /* vrq now becomes the problem of unknown_peer */ + x509_tls_cached_unknown_peer(vrq); return; }