Mercurial > pidgin
changeset 19689:83dd81b7edc4
merge of '0c762d61f5be8c4ba458aa835171bbe53c00ca27'
and '3d9ad21b9c0c4d5a8c44a212c0a97e8b4c6dd0b6'
author | Mark Doliner <mark@kingant.net> |
---|---|
date | Sun, 09 Sep 2007 07:54:44 +0000 |
parents | b199a9be3e95 (current diff) 936f4de347c3 (diff) |
children | 084c10ed4083 |
files | |
diffstat | 1 files changed, 24 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/libpurple/certificate.c Sun Sep 09 07:52:44 2007 +0000 +++ b/libpurple/certificate.c Sun Sep 09 07:54:44 2007 +0000 @@ -1256,6 +1256,9 @@ } /* For when we've never communicated with this party before */ +/* TODO: Need ways to specify possibly multiple problems with a cert, or at + least reprioritize them. For example, maybe the signature ought to be + checked BEFORE the hostname checking? */ static void x509_tls_cached_unknown_peer(PurpleCertificateVerificationRequest *vrq) { @@ -1296,7 +1299,27 @@ return; } /* if (name mismatch) */ - + /* TODO: Figure out a way to check for a bad signature, as opposed to + "not self-signed" */ + if ( purple_certificate_signed_by(peer_crt, peer_crt) ) { + gchar *msg; + + purple_debug_info("certificate/x509/tls_cached", + "Certificate for %s is self-signed.\n", + vrq->subject_name); + + /* Prompt the user to authenticate the certificate */ + /* vrq will be completed by user_auth */ + msg = g_strdup_printf(_("The certificate presented by \"%s\" " + "is self-signed. It cannot be " + "automatically checked."), + vrq->subject_name); + + x509_tls_cached_user_auth(vrq,msg); + + g_free(msg); + return; + } /* if (name mismatch) */ /* Next, check that the certificate chain is valid */ if ( ! purple_certificate_check_signature_chain(chain) ) {