Mercurial > pidgin

changeset 27668:b29eac4769e9

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
merge of '16bc7e72b5dd239ce65c63a388c2d39efc5b7c32' and '31cfeb857db37f5ed2d12cf084073349436c89e5'
author Paul Aurich <paul@darkrain42.org>
date Wed, 22 Jul 2009 04:15:02 +0000
parents 151ec92db74c (diff) 9f9e70099573 (current diff)
children 4c5f35f2b1ff 32ef0358b469
files
diffstat 2 files changed, 75 insertions(+), 4 deletions(-) [+]
line wrap: on
line diff
--- a/libpurple/certificate.c	Wed Jul 22 03:15:48 2009 +0000
+++ b/libpurple/certificate.c	Wed Jul 22 04:15:02 2009 +0000
@@ -195,6 +195,8 @@
 	GList *cur;
 	PurpleCertificate *crt, *issuer;
 	gchar *uid;
+	time_t now, activation, expiration;
+	gboolean ret;
 
 	g_return_val_if_fail(chain, FALSE);
 
@@ -211,6 +213,8 @@
 		return TRUE;
 	}
 
+	now = time(NULL);
+
 	/* Load crt with the first certificate */
 	crt = (PurpleCertificate *)(chain->data);
 	/* And start with the second certificate in the chain */
@@ -218,9 +222,29 @@
 
 		issuer = (PurpleCertificate *)(cur->data);
 
+		uid = purple_certificate_get_unique_id(issuer);
+
+		ret = purple_certificate_get_times(issuer, &activation, &expiration);
+		if (!ret || now < activation || now > expiration) { 
+			if (!ret)
+				purple_debug_error("certificate",
+						"...Failed to get validity times for certificate %s\n"
+						"Chain is INVALID\n", uid);
+			else if (now > expiration)
+				purple_debug_error("certificate",
+						"...Issuer %s expired at %s\nChain is INVALID\n",
+						uid, ctime(&expiration));
+			else
+				purple_debug_error("certificate",
+						"...Not-yet-activated issuer %s will be valid at %s\n"
+						"Chain is INVALID\n", uid, ctime(&activation));
+
+			g_free(uid);
+			return FALSE;
+		}
+
 		/* Check the signature for this link */
 		if (! purple_certificate_signed_by(crt, issuer) ) {
-			uid = purple_certificate_get_unique_id(issuer);
 			purple_debug_error("certificate",
 					  "...Bad or missing signature by %s\nChain is INVALID\n",
 					  uid);
@@ -229,7 +253,6 @@
 			return FALSE;
 		}
 
-		uid = purple_certificate_get_unique_id(issuer);
 		purple_debug_info("certificate",
 				  "...Good signature by %s\n",
 				  uid);
@@ -362,7 +385,6 @@
 	return (scheme->get_times)(crt, activation, expiration);
 }
 
-
 gchar *
 purple_certificate_pool_mkpath(PurpleCertificatePool *pool, const gchar *id)
 {
@@ -1461,6 +1483,8 @@
 {
 	const gchar *tls_peers_name = "tls_peers"; /* Name of local cache */
 	PurpleCertificatePool *tls_peers;
+	time_t now, activation, expiration;
+	gboolean ret;
 
 	g_return_if_fail(vrq);
 
@@ -1468,6 +1492,46 @@
 			  "Starting verify for %s\n",
 			  vrq->subject_name);
 
+	/*
+	 * Verify the first certificate (the main one) has been activated and
+	 * isn't expired, i.e. activation < now < expiration.
+	 */
+	now = time(NULL);
+	ret = purple_certificate_get_times(vrq->cert_chain->data, &activation,
+	                                   &expiration);
+	if (!ret || now > expiration || now < activation) {
+		gchar *secondary;
+
+		if (!ret)
+			purple_debug_error("certificate/x509/tls_cached",
+					"Failed to get validity times for certificate %s\n",
+					vrq->subject_name);
+		else if (now > expiration)
+			purple_debug_error("certificate/x509/tls_cached",
+					"Certificate %s expired at %s\n",
+					vrq->subject_name, ctime(&expiration));
+		else
+			purple_debug_error("certificate/x509/tls_cached",
+					"Certificate %s is not yet valid, will be at %s\n",
+					vrq->subject_name, ctime(&activation));
+
+		/* FIXME 2.6.1 */
+		secondary = g_strdup_printf(_("The certificate chain presented"
+					" for %s is not valid."),
+					vrq->subject_name);
+
+		purple_notify_error(NULL, /* TODO: Probably wrong. */
+					_("SSL Certificate Error"),
+					_("Invalid certificate chain"),
+					secondary );
+		g_free(secondary);
+
+		/* Okay, we're done here */
+		purple_certificate_verify_complete(vrq,
+						    PURPLE_CERTIFICATE_INVALID);
+		return;
+	}
+
 	tls_peers = purple_certificate_find_pool(x509_tls_cached.scheme_name,tls_peers_name);
 
 	if (!tls_peers) {
--- a/libpurple/protocols/jabber/jabber.c	Wed Jul 22 03:15:48 2009 +0000
+++ b/libpurple/protocols/jabber/jabber.c	Wed Jul 22 04:15:02 2009 +0000
@@ -457,14 +457,21 @@
 void jabber_send_signal_cb(PurpleConnection *pc, xmlnode **packet,
                            gpointer unused)
 {
+	JabberStream *js;
 	char *txt;
 	int len;
 
 	if (NULL == packet)
 		return;
 
+	js = purple_connection_get_protocol_data(pc);
+	if (js->use_bosh)
+		if (g_str_equal((*packet)->name, "message") ||
+				g_str_equal((*packet)->name, "iq") ||
+				g_str_equal((*packet)->name, "presence"))
+			xmlnode_set_namespace(*packet, "jabber:client");
 	txt = xmlnode_to_str(*packet, &len);
-	jabber_send_raw(purple_connection_get_protocol_data(pc), txt, len);
+	jabber_send_raw(js, txt, len);
 	g_free(txt);
 }