changeset 27986:29e1cc634466

merge of 'b4330cb0af1a74cd8826d08447a38a366f1be3fc' and 'cc1c38e65de5e260ddb2bf7ccca720025570ef47'
author Paul Aurich <paul@darkrain42.org>
date Tue, 21 Jul 2009 06:48:31 +0000
parents f3809e302ec7 (current diff) 96c38fe2cb00 (diff)
children 993483dda1b8
files
diffstat 2 files changed, 24 insertions(+), 4 deletions(-) [+]
line wrap: on
line diff
--- a/libpurple/plugins/ssl/ssl-gnutls.c	Tue Jul 21 06:16:43 2009 +0000
+++ b/libpurple/plugins/ssl/ssl-gnutls.c	Tue Jul 21 06:48:31 2009 +0000
@@ -668,6 +668,8 @@
 	gnutls_x509_crt issuer_dat;
 	unsigned int verify; /* used to store result from GnuTLS verifier */
 	int ret;
+	gchar *crt_id = NULL;
+	gchar *issuer_id = NULL;
 
 	g_return_val_if_fail(crt, FALSE);
 	g_return_val_if_fail(issuer, FALSE);
@@ -728,13 +730,29 @@
 		return FALSE;
 	}
 
+	if (verify & GNUTLS_CERT_INSECURE_ALGORITHM) {
+		/*
+		 * A certificate in the chain is signed with an insecure
+		 * algorithm. Put a warning into the log to make this error
+		 * perfectly clear as soon as someone looks at the debug log is
+		 * generated.
+		 */
+		crt_id = purple_certificate_get_unique_id(crt);
+		issuer_id = purple_certificate_get_issuer_unique_id(crt);
+		purple_debug_warning("gnutls/x509",
+				"Insecure hash algorithm used by %s to sign %s\n",
+				issuer_id, crt_id);
+	}
+
 	if (verify & GNUTLS_CERT_INVALID) {
 		/* Signature didn't check out, but at least
 		   there were no errors*/
-		gchar *crt_id = purple_certificate_get_unique_id(crt);
-		gchar *issuer_id = purple_certificate_get_issuer_unique_id(crt);
-		purple_debug_info("gnutls/x509",
-				  "Bad signature for %s on %s\n",
+		if (!crt_id)
+			crt_id = purple_certificate_get_unique_id(crt);
+		if (!issuer_id)
+			issuer_id = purple_certificate_get_issuer_unique_id(crt);
+		purple_debug_error("gnutls/x509",
+				  "Bad signature from %s on %s\n",
 				  issuer_id, crt_id);
 		g_free(crt_id);
 		g_free(issuer_id);
--- a/libpurple/protocols/jabber/jabber.c	Tue Jul 21 06:16:43 2009 +0000
+++ b/libpurple/protocols/jabber/jabber.c	Tue Jul 21 06:48:31 2009 +0000
@@ -699,6 +699,8 @@
 	js->gc->inpa = 0;
 	js->gsc = purple_ssl_connect_with_host_fd(js->gc->account, js->fd,
 			jabber_login_callback_ssl, jabber_ssl_connect_failure, js->certificate_CN, js->gc);
+	/* The fd is no longer our concern */
+	js->fd = -1;
 }
 
 static gboolean jabber_login_connect(JabberStream *js, const char *domain, const char *host, int port,