Mercurial > pidgin
comparison libpurple/certificate.c @ 27567:199cf148cdf8
Continue verification when we can't find a *cached* peer. Fixes #9664.
This should be a fatal condition and not finding a cached certificate
is *not* the same as "the certificate changed".
| author | Paul Aurich <paul@darkrain42.org> |
|---|---|
| date | Thu, 16 Jul 2009 02:46:36 +0000 |
| parents | 18a96fe78870 |
| children | 151ec92db74c |
comparison
equal
deleted
inserted
replaced
| 27566:d677981cf97e | 27567:199cf148cdf8 |
|---|---|
| 1216 /* Cleanup */ | 1216 /* Cleanup */ |
| 1217 g_free(primary); | 1217 g_free(primary); |
| 1218 } | 1218 } |
| 1219 | 1219 |
| 1220 static void | 1220 static void |
| 1221 x509_tls_cached_peer_cert_changed(PurpleCertificateVerificationRequest *vrq) | |
| 1222 { | |
| 1223 /* TODO: Prompt the user, etc. */ | |
| 1224 | |
| 1225 purple_debug_info("certificate/x509/tls_cached", | |
| 1226 "Certificate for %s does not match cached. " | |
| 1227 "Auto-rejecting!\n", | |
| 1228 vrq->subject_name); | |
| 1229 | |
| 1230 purple_certificate_verify_complete(vrq, PURPLE_CERTIFICATE_INVALID); | |
| 1231 return; | |
| 1232 } | |
| 1233 | |
| 1234 static void | |
| 1235 x509_tls_cached_unknown_peer(PurpleCertificateVerificationRequest *vrq); | 1221 x509_tls_cached_unknown_peer(PurpleCertificateVerificationRequest *vrq); |
| 1236 | 1222 |
| 1237 static void | 1223 static void |
| 1238 x509_tls_cached_cert_in_cache(PurpleCertificateVerificationRequest *vrq) | 1224 x509_tls_cached_cert_in_cache(PurpleCertificateVerificationRequest *vrq) |
| 1239 { | 1225 { |
| 1252 | 1238 |
| 1253 /* Load up the cached certificate */ | 1239 /* Load up the cached certificate */ |
| 1254 cached_crt = purple_certificate_pool_retrieve( | 1240 cached_crt = purple_certificate_pool_retrieve( |
| 1255 tls_peers, vrq->subject_name); | 1241 tls_peers, vrq->subject_name); |
| 1256 if ( !cached_crt ) { | 1242 if ( !cached_crt ) { |
| 1257 purple_debug_error("certificate/x509/tls_cached", | 1243 purple_debug_warning("certificate/x509/tls_cached", |
| 1258 "Lookup failed on cached certificate!\n" | 1244 "Lookup failed on cached certificate!\n" |
| 1259 "It was here just a second ago. Forwarding " | 1245 "Falling back to full verification.\n"); |
| 1260 "to cert_changed.\n"); | 1246 /* vrq now becomes the problem of unknown_peer */ |
| 1261 /* vrq now becomes the problem of cert_changed */ | 1247 x509_tls_cached_unknown_peer(vrq); |
| 1262 x509_tls_cached_peer_cert_changed(vrq); | |
| 1263 return; | 1248 return; |
| 1264 } | 1249 } |
| 1265 | 1250 |
| 1266 /* Now get SHA1 sums for both and compare them */ | 1251 /* Now get SHA1 sums for both and compare them */ |
| 1267 /* TODO: This is not an elegant way to compare certs */ | 1252 /* TODO: This is not an elegant way to compare certs */ |