From 140a2bdaf5c17994c1392a7c662fc5d6739d4518 Mon Sep 17 00:00:00 2001
From: Yann Leboulanger <asterix@lagaule.org>
Date: Fri, 6 Jan 2012 09:45:11 +0100
Subject: [PATCH] check ssl certificate against hostname only if we use secured
 connection. Fixes #7071

---
 src/common/connection.py | 30 ++++++++++++++----------------
 1 file changed, 14 insertions(+), 16 deletions(-)

diff --git a/src/common/connection.py b/src/common/connection.py
index 965b8b7cd..1060b38f6 100644
--- a/src/common/connection.py
+++ b/src/common/connection.py
@@ -1304,24 +1304,22 @@ class Connection(CommonConnection, ConnectionHandlers):
             else:
                 gajim.config.set_per('accounts', self.name,
                     'ssl_fingerprint_sha1', con.Connection.ssl_fingerprint_sha1)
-        if not check_X509.check_certificate(con.Connection.ssl_certificate,
-        hostname) and '100' not in gajim.config.get_per('accounts', self.name,
-        'ignore_ssl_errors').split():
-            txt = _('The authenticity of the %s certificate could be invalid.'
-                '\nThe certificate does not cover this domain.') % hostname
-            gajim.nec.push_incoming_event(SSLErrorEvent(None, conn=self,
-                error_text=txt, error_num=100, cert=con.Connection.ssl_cert_pem,
-                fingerprint=con.Connection.ssl_fingerprint_sha1,
-                certificate=con.Connection.ssl_certificate))
-            return True
+            if not check_X509.check_certificate(con.Connection.ssl_certificate,
+            hostname) and '100' not in gajim.config.get_per('accounts',
+            self.name, 'ignore_ssl_errors').split():
+                txt = _('The authenticity of the %s certificate could be '
+                    'invalid.\nThe certificate does not cover this domain.') % \
+                    hostname
+                gajim.nec.push_incoming_event(SSLErrorEvent(None, conn=self,
+                    error_text=txt, error_num=100,
+                    cert=con.Connection.ssl_cert_pem,
+                    fingerprint=con.Connection.ssl_fingerprint_sha1,
+                    certificate=con.Connection.ssl_certificate))
+                return True
 
         self._register_handlers(con, con_type)
-        con.auth(
-                user=name,
-                password=self.password,
-                resource=self.server_resource,
-                sasl=1,
-                on_auth=self.__on_auth)
+        con.auth(user=name, password=self.password,
+            resource=self.server_resource, sasl=1, on_auth=self.__on_auth)
 
     def ssl_certificate_accepted(self):
         if not self.connection: