# HG changeset patch # User Mark Doliner # Date 1189324484 0 # Node ID 83dd81b7edc49eb04fbe7b618682bf0dc477b759 # Parent b199a9be3e959cf193ae6f202693042feea69ffe# Parent 936f4de347c320c27dca3952762bb44a48dbdc5f merge of '0c762d61f5be8c4ba458aa835171bbe53c00ca27' and '3d9ad21b9c0c4d5a8c44a212c0a97e8b4c6dd0b6' diff -r b199a9be3e95 -r 83dd81b7edc4 libpurple/certificate.c --- a/libpurple/certificate.c Sun Sep 09 07:52:44 2007 +0000 +++ b/libpurple/certificate.c Sun Sep 09 07:54:44 2007 +0000 @@ -1256,6 +1256,9 @@ } /* For when we've never communicated with this party before */ +/* TODO: Need ways to specify possibly multiple problems with a cert, or at + least reprioritize them. For example, maybe the signature ought to be + checked BEFORE the hostname checking? */ static void x509_tls_cached_unknown_peer(PurpleCertificateVerificationRequest *vrq) { @@ -1296,7 +1299,27 @@ return; } /* if (name mismatch) */ - + /* TODO: Figure out a way to check for a bad signature, as opposed to + "not self-signed" */ + if ( purple_certificate_signed_by(peer_crt, peer_crt) ) { + gchar *msg; + + purple_debug_info("certificate/x509/tls_cached", + "Certificate for %s is self-signed.\n", + vrq->subject_name); + + /* Prompt the user to authenticate the certificate */ + /* vrq will be completed by user_auth */ + msg = g_strdup_printf(_("The certificate presented by \"%s\" " + "is self-signed. It cannot be " + "automatically checked."), + vrq->subject_name); + + x509_tls_cached_user_auth(vrq,msg); + + g_free(msg); + return; + } /* if (name mismatch) */ /* Next, check that the certificate chain is valid */ if ( ! purple_certificate_check_signature_chain(chain) ) {