Mercurial > pidgin.yaz
changeset 19077:8275c3cbc9da
- Add purple_certificate_check_signature_chain
author | William Ehlhardt <williamehlhardt@gmail.com> |
---|---|
date | Tue, 07 Aug 2007 04:53:50 +0000 |
parents | daa68185a018 |
children | 3987f76c0e4b |
files | libpurple/certificate.c libpurple/certificate.h |
diffstat | 2 files changed, 48 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/libpurple/certificate.c Tue Aug 07 04:31:01 2007 +0000 +++ b/libpurple/certificate.c Tue Aug 07 04:53:50 2007 +0000 @@ -167,6 +167,40 @@ return (scheme->signed_by)(crt, issuer); } +gboolean +purple_certificate_check_signature_chain(GList *chain) +{ + GList *cur; + PurpleCertificate *crt, *issuer; + + g_return_val_if_fail(chain, FALSE); + + /* If this is a single-certificate chain, say that it is valid */ + if (chain->next == NULL) { + return TRUE; + } + + /* Load crt with the first certificate */ + crt = (PurpleCertificate *)(chain->data); + /* And start with the second certificate in the chain */ + for ( cur = chain->next; cur; cur = cur->next ) { + + issuer = (PurpleCertificate *)(cur->data); + + /* Check the signature for this link */ + if (! purple_certificate_signed_by(crt, issuer) ) { + return FALSE; + } + + /* The issuer is now the next crt whose signature is to be + checked */ + crt = issuer; + } + + /* If control reaches this point, the chain is valid */ + return TRUE; +} + PurpleCertificate * purple_certificate_import(PurpleCertificateScheme *scheme, const gchar *filename) {
--- a/libpurple/certificate.h Tue Aug 07 04:31:01 2007 +0000 +++ b/libpurple/certificate.h Tue Aug 07 04:53:50 2007 +0000 @@ -424,6 +424,20 @@ purple_certificate_signed_by(PurpleCertificate *crt, PurpleCertificate *issuer); /** + * Check that a certificate chain is valid + * + * Uses purple_certificate_signed_by() to verify that each PurpleCertificate + * in the chain carries a valid signature from the next. A single-certificate + * chain is considered to be valid. + * + * @param chain List of PurpleCertificate instances comprising the chain, + * in the order certificate, issuer, issuer's issuer, etc. + * @return TRUE if the chain is valid. See description. + */ +gboolean +purple_certificate_check_signature_chain(GList *chain); + +/** * Imports a PurpleCertificate from a file * * @param scheme Scheme to import under