# HG changeset patch
# User William Ehlhardt <williamehlhardt@gmail.com>
# Date 1189321086 0
# Node ID 936f4de347c320c27dca3952762bb44a48dbdc5f
# Parent  5444ab83b30ad842df95509b4f8aa54f32554868
- Add specific notification for self-signed certificates. Fixes #2874

diff -r 5444ab83b30a -r 936f4de347c3 libpurple/certificate.c
--- a/libpurple/certificate.c	Sun Sep 09 05:56:56 2007 +0000
+++ b/libpurple/certificate.c	Sun Sep 09 06:58:06 2007 +0000
@@ -1256,6 +1256,9 @@
 }
 
 /* For when we've never communicated with this party before */
+/* TODO: Need ways to specify possibly multiple problems with a cert, or at
+   least  reprioritize them. For example, maybe the signature ought to be
+   checked BEFORE the hostname checking? */
 static void
 x509_tls_cached_unknown_peer(PurpleCertificateVerificationRequest *vrq)
 {
@@ -1296,7 +1299,27 @@
 		return;
 	} /* if (name mismatch) */
 
-			
+	/* TODO: Figure out a way to check for a bad signature, as opposed to
+	   "not self-signed" */
+	if ( purple_certificate_signed_by(peer_crt, peer_crt) ) {
+		gchar *msg;
+		
+		purple_debug_info("certificate/x509/tls_cached",
+				  "Certificate for %s is self-signed.\n",
+				  vrq->subject_name);
+
+		/* Prompt the user to authenticate the certificate */
+		/* vrq will be completed by user_auth */
+		msg = g_strdup_printf(_("The certificate presented by \"%s\" "
+					"is self-signed. It cannot be "
+					"automatically checked."),
+				      vrq->subject_name);
+				      
+		x509_tls_cached_user_auth(vrq,msg);
+
+		g_free(msg);
+		return;
+	} /* if (name mismatch) */
 	
 	/* Next, check that the certificate chain is valid */
 	if ( ! purple_certificate_check_signature_chain(chain) ) {