Mercurial > pidgin.yaz

changeset 21929:cedbb3860134

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
If a peer certificate does not match our cached cert, do not auto reject it! - it's quite possible the certificate was renewed! This fixes the problems caused by jabber.org renewing their SSL certificate yesterday. Workaround for mortals is to remove the cached peer certificate, either from Tools->Certificates or by deleting ~/.purple/certificates/x509/tls_peers/jabber.org
author Stu Tomlinson <stu@nosnilmot.com>
date Sun, 23 Dec 2007 18:36:09 +0000
parents 3e8b31c76156
children 7d0ef1e3ac4f
files libpurple/certificate.c
diffstat 1 files changed, 5 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/libpurple/certificate.c	Sun Dec 23 17:30:09 2007 +0000
+++ b/libpurple/certificate.c	Sun Dec 23 18:36:09 2007 +0000
@@ -1228,6 +1228,9 @@
 }
 
 static void
+x509_tls_cached_unknown_peer(PurpleCertificateVerificationRequest *vrq);
+
+static void
 x509_tls_cached_cert_in_cache(PurpleCertificateVerificationRequest *vrq)
 {
 	/* TODO: Looking this up by name over and over is expensive.
@@ -1268,8 +1271,8 @@
 	} else {
 		purple_debug_info("certificate/x509/tls_cached",
 				  "Peer cert did NOT match cached\n");
-		/* vrq now becomes the problem of cert_changed */
-		x509_tls_cached_peer_cert_changed(vrq);
+		/* vrq now becomes the problem of the user */
+		x509_tls_cached_unknown_peer(vrq);
 	}
 	
 	purple_certificate_destroy(cached_crt);