Mercurial > pidgin.yaz
changeset 19687:936f4de347c3
- Add specific notification for self-signed certificates. Fixes #2874
author | William Ehlhardt <williamehlhardt@gmail.com> |
---|---|
date | Sun, 09 Sep 2007 06:58:06 +0000 |
parents | 5444ab83b30a |
children | 83dd81b7edc4 |
files | libpurple/certificate.c |
diffstat | 1 files changed, 24 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/libpurple/certificate.c Sun Sep 09 05:56:56 2007 +0000 +++ b/libpurple/certificate.c Sun Sep 09 06:58:06 2007 +0000 @@ -1256,6 +1256,9 @@ } /* For when we've never communicated with this party before */ +/* TODO: Need ways to specify possibly multiple problems with a cert, or at + least reprioritize them. For example, maybe the signature ought to be + checked BEFORE the hostname checking? */ static void x509_tls_cached_unknown_peer(PurpleCertificateVerificationRequest *vrq) { @@ -1296,7 +1299,27 @@ return; } /* if (name mismatch) */ - + /* TODO: Figure out a way to check for a bad signature, as opposed to + "not self-signed" */ + if ( purple_certificate_signed_by(peer_crt, peer_crt) ) { + gchar *msg; + + purple_debug_info("certificate/x509/tls_cached", + "Certificate for %s is self-signed.\n", + vrq->subject_name); + + /* Prompt the user to authenticate the certificate */ + /* vrq will be completed by user_auth */ + msg = g_strdup_printf(_("The certificate presented by \"%s\" " + "is self-signed. It cannot be " + "automatically checked."), + vrq->subject_name); + + x509_tls_cached_user_auth(vrq,msg); + + g_free(msg); + return; + } /* if (name mismatch) */ /* Next, check that the certificate chain is valid */ if ( ! purple_certificate_check_signature_chain(chain) ) {