Mercurial > pidgin
changeset 27668:b29eac4769e9
merge of '16bc7e72b5dd239ce65c63a388c2d39efc5b7c32'
and '31cfeb857db37f5ed2d12cf084073349436c89e5'
author | Paul Aurich <paul@darkrain42.org> |
---|---|
date | Wed, 22 Jul 2009 04:15:02 +0000 |
parents | 151ec92db74c (diff) 9f9e70099573 (current diff) |
children | 4c5f35f2b1ff 32ef0358b469 |
files | |
diffstat | 2 files changed, 75 insertions(+), 4 deletions(-) [+] |
line wrap: on
line diff
--- a/libpurple/certificate.c Wed Jul 22 03:15:48 2009 +0000 +++ b/libpurple/certificate.c Wed Jul 22 04:15:02 2009 +0000 @@ -195,6 +195,8 @@ GList *cur; PurpleCertificate *crt, *issuer; gchar *uid; + time_t now, activation, expiration; + gboolean ret; g_return_val_if_fail(chain, FALSE); @@ -211,6 +213,8 @@ return TRUE; } + now = time(NULL); + /* Load crt with the first certificate */ crt = (PurpleCertificate *)(chain->data); /* And start with the second certificate in the chain */ @@ -218,9 +222,29 @@ issuer = (PurpleCertificate *)(cur->data); + uid = purple_certificate_get_unique_id(issuer); + + ret = purple_certificate_get_times(issuer, &activation, &expiration); + if (!ret || now < activation || now > expiration) { + if (!ret) + purple_debug_error("certificate", + "...Failed to get validity times for certificate %s\n" + "Chain is INVALID\n", uid); + else if (now > expiration) + purple_debug_error("certificate", + "...Issuer %s expired at %s\nChain is INVALID\n", + uid, ctime(&expiration)); + else + purple_debug_error("certificate", + "...Not-yet-activated issuer %s will be valid at %s\n" + "Chain is INVALID\n", uid, ctime(&activation)); + + g_free(uid); + return FALSE; + } + /* Check the signature for this link */ if (! purple_certificate_signed_by(crt, issuer) ) { - uid = purple_certificate_get_unique_id(issuer); purple_debug_error("certificate", "...Bad or missing signature by %s\nChain is INVALID\n", uid); @@ -229,7 +253,6 @@ return FALSE; } - uid = purple_certificate_get_unique_id(issuer); purple_debug_info("certificate", "...Good signature by %s\n", uid); @@ -362,7 +385,6 @@ return (scheme->get_times)(crt, activation, expiration); } - gchar * purple_certificate_pool_mkpath(PurpleCertificatePool *pool, const gchar *id) { @@ -1461,6 +1483,8 @@ { const gchar *tls_peers_name = "tls_peers"; /* Name of local cache */ PurpleCertificatePool *tls_peers; + time_t now, activation, expiration; + gboolean ret; g_return_if_fail(vrq); @@ -1468,6 +1492,46 @@ "Starting verify for %s\n", vrq->subject_name); + /* + * Verify the first certificate (the main one) has been activated and + * isn't expired, i.e. activation < now < expiration. + */ + now = time(NULL); + ret = purple_certificate_get_times(vrq->cert_chain->data, &activation, + &expiration); + if (!ret || now > expiration || now < activation) { + gchar *secondary; + + if (!ret) + purple_debug_error("certificate/x509/tls_cached", + "Failed to get validity times for certificate %s\n", + vrq->subject_name); + else if (now > expiration) + purple_debug_error("certificate/x509/tls_cached", + "Certificate %s expired at %s\n", + vrq->subject_name, ctime(&expiration)); + else + purple_debug_error("certificate/x509/tls_cached", + "Certificate %s is not yet valid, will be at %s\n", + vrq->subject_name, ctime(&activation)); + + /* FIXME 2.6.1 */ + secondary = g_strdup_printf(_("The certificate chain presented" + " for %s is not valid."), + vrq->subject_name); + + purple_notify_error(NULL, /* TODO: Probably wrong. */ + _("SSL Certificate Error"), + _("Invalid certificate chain"), + secondary ); + g_free(secondary); + + /* Okay, we're done here */ + purple_certificate_verify_complete(vrq, + PURPLE_CERTIFICATE_INVALID); + return; + } + tls_peers = purple_certificate_find_pool(x509_tls_cached.scheme_name,tls_peers_name); if (!tls_peers) {
--- a/libpurple/protocols/jabber/jabber.c Wed Jul 22 03:15:48 2009 +0000 +++ b/libpurple/protocols/jabber/jabber.c Wed Jul 22 04:15:02 2009 +0000 @@ -457,14 +457,21 @@ void jabber_send_signal_cb(PurpleConnection *pc, xmlnode **packet, gpointer unused) { + JabberStream *js; char *txt; int len; if (NULL == packet) return; + js = purple_connection_get_protocol_data(pc); + if (js->use_bosh) + if (g_str_equal((*packet)->name, "message") || + g_str_equal((*packet)->name, "iq") || + g_str_equal((*packet)->name, "presence")) + xmlnode_set_namespace(*packet, "jabber:client"); txt = xmlnode_to_str(*packet, &len); - jabber_send_raw(purple_connection_get_protocol_data(pc), txt, len); + jabber_send_raw(js, txt, len); g_free(txt); }