# HG changeset patch
# User Stu Tomlinson <stu@nosnilmot.com>
# Date 1198434969 0
# Node ID cedbb3860134e94fa6a0dc17cf111349e29ab988
# Parent  3e8b31c761564314fc71bc78e682017f5ab7923a
If a peer certificate does not match our cached cert, do not auto reject it!
- it's quite possible the certificate was renewed! This fixes the problems
caused by jabber.org renewing their SSL certificate yesterday. Workaround
for mortals is to remove the cached peer certificate, either from Tools->Certificates
or by deleting ~/.purple/certificates/x509/tls_peers/jabber.org

diff -r 3e8b31c76156 -r cedbb3860134 libpurple/certificate.c
--- a/libpurple/certificate.c	Sun Dec 23 17:30:09 2007 +0000
+++ b/libpurple/certificate.c	Sun Dec 23 18:36:09 2007 +0000
@@ -1228,6 +1228,9 @@
 }
 
 static void
+x509_tls_cached_unknown_peer(PurpleCertificateVerificationRequest *vrq);
+
+static void
 x509_tls_cached_cert_in_cache(PurpleCertificateVerificationRequest *vrq)
 {
 	/* TODO: Looking this up by name over and over is expensive.
@@ -1268,8 +1271,8 @@
 	} else {
 		purple_debug_info("certificate/x509/tls_cached",
 				  "Peer cert did NOT match cached\n");
-		/* vrq now becomes the problem of cert_changed */
-		x509_tls_cached_peer_cert_changed(vrq);
+		/* vrq now becomes the problem of the user */
+		x509_tls_cached_unknown_peer(vrq);
 	}
 	
 	purple_certificate_destroy(cached_crt);