Mercurial > pidgin.yaz
changeset 18955:f393eddab077
- ssl-gnutls plugin uses Verifiers now
author | William Ehlhardt <williamehlhardt@gmail.com> |
---|---|
date | Tue, 26 Jun 2007 23:54:44 +0000 |
parents | d07258902ff3 |
children | 014e0cd9e471 |
files | libpurple/plugins/ssl/ssl-gnutls.c |
diffstat | 1 files changed, 39 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/libpurple/plugins/ssl/ssl-gnutls.c Tue Jun 26 23:45:43 2007 +0000 +++ b/libpurple/plugins/ssl/ssl-gnutls.c Tue Jun 26 23:54:44 2007 +0000 @@ -84,6 +84,25 @@ gnutls_certificate_free_credentials(xcred); } +static void +ssl_gnutls_verified_cb(PurpleCertificateVerificationStatus st, + gpointer userdata) +{ + PurpleSslConnection *gsc = (PurpleSslConnection *) userdata; + + if (st == PURPLE_CERTIFICATE_VALID) { + /* Certificate valid? Good! Do the connection! */ + gsc->connect_cb(gsc->connect_cb_data, gsc, PURPLE_INPUT_READ); + } else { + /* Otherwise, signal an error */ + if(gsc->error_cb != NULL) + gsc->error_cb(gsc, PURPLE_SSL_CERTIFICATE_INVALID, + gsc->connect_cb_data); + purple_ssl_close(gsc); + } +} + + static void ssl_gnutls_handshake_cb(gpointer data, gint source, PurpleInputCondition cond) @@ -203,7 +222,26 @@ } } - gsc->connect_cb(gsc->connect_cb_data, gsc, cond); + + /* TODO: The following logic should really be in libpurple */ + /* If a Verifier was given, hand control over to it */ + if (gsc->verifier) { + GList *peers; + /* First, get the peer cert chain */ + peers = purple_ssl_get_peer_certificates(gsc); + + /* Now kick off the verification process */ + purple_certificate_verify(gsc->verifier, + gsc->host, + peers, + ssl_gnutls_verified_cb, + gsc); + + } else { + /* Otherwise, just call the "connection complete" + callback */ + gsc->connect_cb(gsc->connect_cb_data, gsc, cond); + } } }