Mercurial > pidgin.yaz
diff libpurple/certificate.c @ 19008:7fd9bd55f8d0
- Add certificate_check_subject_name and associated machinery
- Update GnuTLS to support the above
- tls_cached verifier now uses check_subject_name instead of strcmp
author | William Ehlhardt <williamehlhardt@gmail.com> |
---|---|
date | Mon, 09 Jul 2007 03:47:36 +0000 |
parents | b207701cb5a3 |
children | b64aa0222a7a |
line wrap: on
line diff
--- a/libpurple/certificate.c Mon Jul 09 03:26:18 2007 +0000 +++ b/libpurple/certificate.c Mon Jul 09 03:47:36 2007 +0000 @@ -186,6 +186,24 @@ return subject_name; } +gboolean +purple_certificate_check_subject_name(PurpleCertificate *crt, const gchar *name) +{ + PurpleCertificateScheme *scheme; + + g_return_val_if_fail(crt, FALSE); + g_return_val_if_fail(crt->scheme, FALSE); + g_return_val_if_fail(name, FALSE); + + scheme = crt->scheme; + + /* TODO: Instead of failing, maybe use get_subject_name and strcmp? */ + g_return_val_if_fail(scheme->check_subject_name, FALSE); + + return (scheme->check_subject_name)(crt, name); +} + + gchar * purple_certificate_pool_mkpath(PurpleCertificatePool *pool, const gchar *id) { @@ -481,8 +499,7 @@ cn = purple_certificate_get_subject_name(crt); /* Determine whether the name matches */ - /* TODO: Worry about strcmp safety? */ - if (!strcmp(cn, vrq->subject_name)) { + if (purple_certificate_check_subject_name(crt, vrq->subject_name)) { cn_match = _(""); } else { cn_match = _("(DOES NOT MATCH)");