Mercurial > pidgin.yaz
diff libpurple/plugins/ssl/ssl-gnutls.c @ 19008:7fd9bd55f8d0
- Add certificate_check_subject_name and associated machinery
- Update GnuTLS to support the above
- tls_cached verifier now uses check_subject_name instead of strcmp
| author | William Ehlhardt <williamehlhardt@gmail.com> |
|---|---|
| date | Mon, 09 Jul 2007 03:47:36 +0000 |
| parents | 8228c5b1d181 |
| children | 5157ebe90b93 |
line wrap: on
line diff
--- a/libpurple/plugins/ssl/ssl-gnutls.c Mon Jul 09 03:26:18 2007 +0000 +++ b/libpurple/plugins/ssl/ssl-gnutls.c Mon Jul 09 03:47:36 2007 +0000 @@ -711,6 +711,24 @@ return cn; } +static gboolean +x509_check_name (PurpleCertificate *crt, const gchar *name) +{ + gnutls_x509_crt_t crt_dat; + + g_return_val_if_fail(crt, FALSE); + g_return_val_if_fail(crt->scheme == &x509_gnutls, FALSE); + g_return_val_if_fail(name, FALSE); + + crt_dat = *( (gnutls_x509_crt_t *) crt->data ); + + if (gnutls_x509_crt_check_hostname(crt_dat, name)) { + return TRUE; + } else { + return FALSE; + } +} + /* X.509 certificate operations provided by this plugin */ /* TODO: Flesh this out! */ static PurpleCertificateScheme x509_gnutls = { @@ -723,6 +741,7 @@ NULL, /* Unique ID */ NULL, /* Issuer Unique ID */ x509_common_name, /* Subject name */ + x509_check_name, /* Check subject name */ NULL, /* Activation time */ NULL /* Expiration time */ };