Mercurial > pidgin
comparison libpurple/certificate.c @ 27567:199cf148cdf8
Continue verification when we can't find a *cached* peer. Fixes #9664.
This should be a fatal condition and not finding a cached certificate
is *not* the same as "the certificate changed".
author | Paul Aurich <paul@darkrain42.org> |
---|---|
date | Thu, 16 Jul 2009 02:46:36 +0000 |
parents | 18a96fe78870 |
children | 151ec92db74c |
comparison
equal
deleted
inserted
replaced
27566:d677981cf97e | 27567:199cf148cdf8 |
---|---|
1216 /* Cleanup */ | 1216 /* Cleanup */ |
1217 g_free(primary); | 1217 g_free(primary); |
1218 } | 1218 } |
1219 | 1219 |
1220 static void | 1220 static void |
1221 x509_tls_cached_peer_cert_changed(PurpleCertificateVerificationRequest *vrq) | |
1222 { | |
1223 /* TODO: Prompt the user, etc. */ | |
1224 | |
1225 purple_debug_info("certificate/x509/tls_cached", | |
1226 "Certificate for %s does not match cached. " | |
1227 "Auto-rejecting!\n", | |
1228 vrq->subject_name); | |
1229 | |
1230 purple_certificate_verify_complete(vrq, PURPLE_CERTIFICATE_INVALID); | |
1231 return; | |
1232 } | |
1233 | |
1234 static void | |
1235 x509_tls_cached_unknown_peer(PurpleCertificateVerificationRequest *vrq); | 1221 x509_tls_cached_unknown_peer(PurpleCertificateVerificationRequest *vrq); |
1236 | 1222 |
1237 static void | 1223 static void |
1238 x509_tls_cached_cert_in_cache(PurpleCertificateVerificationRequest *vrq) | 1224 x509_tls_cached_cert_in_cache(PurpleCertificateVerificationRequest *vrq) |
1239 { | 1225 { |
1252 | 1238 |
1253 /* Load up the cached certificate */ | 1239 /* Load up the cached certificate */ |
1254 cached_crt = purple_certificate_pool_retrieve( | 1240 cached_crt = purple_certificate_pool_retrieve( |
1255 tls_peers, vrq->subject_name); | 1241 tls_peers, vrq->subject_name); |
1256 if ( !cached_crt ) { | 1242 if ( !cached_crt ) { |
1257 purple_debug_error("certificate/x509/tls_cached", | 1243 purple_debug_warning("certificate/x509/tls_cached", |
1258 "Lookup failed on cached certificate!\n" | 1244 "Lookup failed on cached certificate!\n" |
1259 "It was here just a second ago. Forwarding " | 1245 "Falling back to full verification.\n"); |
1260 "to cert_changed.\n"); | 1246 /* vrq now becomes the problem of unknown_peer */ |
1261 /* vrq now becomes the problem of cert_changed */ | 1247 x509_tls_cached_unknown_peer(vrq); |
1262 x509_tls_cached_peer_cert_changed(vrq); | |
1263 return; | 1248 return; |
1264 } | 1249 } |
1265 | 1250 |
1266 /* Now get SHA1 sums for both and compare them */ | 1251 /* Now get SHA1 sums for both and compare them */ |
1267 /* TODO: This is not an elegant way to compare certs */ | 1252 /* TODO: This is not an elegant way to compare certs */ |