Mercurial > pidgin.yaz
changeset 27986:29e1cc634466
merge of 'b4330cb0af1a74cd8826d08447a38a366f1be3fc'
and 'cc1c38e65de5e260ddb2bf7ccca720025570ef47'
author | Paul Aurich <paul@darkrain42.org> |
---|---|
date | Tue, 21 Jul 2009 06:48:31 +0000 |
parents | f3809e302ec7 (current diff) 96c38fe2cb00 (diff) |
children | 993483dda1b8 |
files | |
diffstat | 2 files changed, 24 insertions(+), 4 deletions(-) [+] |
line wrap: on
line diff
--- a/libpurple/plugins/ssl/ssl-gnutls.c Tue Jul 21 06:16:43 2009 +0000 +++ b/libpurple/plugins/ssl/ssl-gnutls.c Tue Jul 21 06:48:31 2009 +0000 @@ -668,6 +668,8 @@ gnutls_x509_crt issuer_dat; unsigned int verify; /* used to store result from GnuTLS verifier */ int ret; + gchar *crt_id = NULL; + gchar *issuer_id = NULL; g_return_val_if_fail(crt, FALSE); g_return_val_if_fail(issuer, FALSE); @@ -728,13 +730,29 @@ return FALSE; } + if (verify & GNUTLS_CERT_INSECURE_ALGORITHM) { + /* + * A certificate in the chain is signed with an insecure + * algorithm. Put a warning into the log to make this error + * perfectly clear as soon as someone looks at the debug log is + * generated. + */ + crt_id = purple_certificate_get_unique_id(crt); + issuer_id = purple_certificate_get_issuer_unique_id(crt); + purple_debug_warning("gnutls/x509", + "Insecure hash algorithm used by %s to sign %s\n", + issuer_id, crt_id); + } + if (verify & GNUTLS_CERT_INVALID) { /* Signature didn't check out, but at least there were no errors*/ - gchar *crt_id = purple_certificate_get_unique_id(crt); - gchar *issuer_id = purple_certificate_get_issuer_unique_id(crt); - purple_debug_info("gnutls/x509", - "Bad signature for %s on %s\n", + if (!crt_id) + crt_id = purple_certificate_get_unique_id(crt); + if (!issuer_id) + issuer_id = purple_certificate_get_issuer_unique_id(crt); + purple_debug_error("gnutls/x509", + "Bad signature from %s on %s\n", issuer_id, crt_id); g_free(crt_id); g_free(issuer_id);
--- a/libpurple/protocols/jabber/jabber.c Tue Jul 21 06:16:43 2009 +0000 +++ b/libpurple/protocols/jabber/jabber.c Tue Jul 21 06:48:31 2009 +0000 @@ -699,6 +699,8 @@ js->gc->inpa = 0; js->gsc = purple_ssl_connect_with_host_fd(js->gc->account, js->fd, jabber_login_callback_ssl, jabber_ssl_connect_failure, js->certificate_CN, js->gc); + /* The fd is no longer our concern */ + js->fd = -1; } static gboolean jabber_login_connect(JabberStream *js, const char *domain, const char *host, int port,