changeset 19688:83dd81b7edc4

merge of '0c762d61f5be8c4ba458aa835171bbe53c00ca27' and '3d9ad21b9c0c4d5a8c44a212c0a97e8b4c6dd0b6'
author Mark Doliner <mark@kingant.net>
date Sun, 09 Sep 2007 07:54:44 +0000
parents b199a9be3e95 (current diff) 936f4de347c3 (diff)
children 084c10ed4083
files
diffstat 1 files changed, 24 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/libpurple/certificate.c	Sun Sep 09 07:52:44 2007 +0000
+++ b/libpurple/certificate.c	Sun Sep 09 07:54:44 2007 +0000
@@ -1256,6 +1256,9 @@
 }
 
 /* For when we've never communicated with this party before */
+/* TODO: Need ways to specify possibly multiple problems with a cert, or at
+   least  reprioritize them. For example, maybe the signature ought to be
+   checked BEFORE the hostname checking? */
 static void
 x509_tls_cached_unknown_peer(PurpleCertificateVerificationRequest *vrq)
 {
@@ -1296,7 +1299,27 @@
 		return;
 	} /* if (name mismatch) */
 
-			
+	/* TODO: Figure out a way to check for a bad signature, as opposed to
+	   "not self-signed" */
+	if ( purple_certificate_signed_by(peer_crt, peer_crt) ) {
+		gchar *msg;
+		
+		purple_debug_info("certificate/x509/tls_cached",
+				  "Certificate for %s is self-signed.\n",
+				  vrq->subject_name);
+
+		/* Prompt the user to authenticate the certificate */
+		/* vrq will be completed by user_auth */
+		msg = g_strdup_printf(_("The certificate presented by \"%s\" "
+					"is self-signed. It cannot be "
+					"automatically checked."),
+				      vrq->subject_name);
+				      
+		x509_tls_cached_user_auth(vrq,msg);
+
+		g_free(msg);
+		return;
+	} /* if (name mismatch) */
 	
 	/* Next, check that the certificate chain is valid */
 	if ( ! purple_certificate_check_signature_chain(chain) ) {