Mercurial > pidgin
changeset 21929:cedbb3860134
If a peer certificate does not match our cached cert, do not auto reject it!
- it's quite possible the certificate was renewed! This fixes the problems
caused by jabber.org renewing their SSL certificate yesterday. Workaround
for mortals is to remove the cached peer certificate, either from Tools->Certificates
or by deleting ~/.purple/certificates/x509/tls_peers/jabber.org
author | Stu Tomlinson <stu@nosnilmot.com> |
---|---|
date | Sun, 23 Dec 2007 18:36:09 +0000 |
parents | 3e8b31c76156 |
children | 7d0ef1e3ac4f |
files | libpurple/certificate.c |
diffstat | 1 files changed, 5 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/libpurple/certificate.c Sun Dec 23 17:30:09 2007 +0000 +++ b/libpurple/certificate.c Sun Dec 23 18:36:09 2007 +0000 @@ -1228,6 +1228,9 @@ } static void +x509_tls_cached_unknown_peer(PurpleCertificateVerificationRequest *vrq); + +static void x509_tls_cached_cert_in_cache(PurpleCertificateVerificationRequest *vrq) { /* TODO: Looking this up by name over and over is expensive. @@ -1268,8 +1271,8 @@ } else { purple_debug_info("certificate/x509/tls_cached", "Peer cert did NOT match cached\n"); - /* vrq now becomes the problem of cert_changed */ - x509_tls_cached_peer_cert_changed(vrq); + /* vrq now becomes the problem of the user */ + x509_tls_cached_unknown_peer(vrq); } purple_certificate_destroy(cached_crt);