copyleftie
/
gajim-plural
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

check ssl certificate against hostname only if we use secured connection. Fixes #7071

This commit is contained in:
Yann Leboulanger 2012-01-06 09:45:11 +01:00
parent d2c108d928
commit 140a2bdaf5
1 changed files with 14 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
src/common/connection.py
View File

@ -1304,24 +1304,22 @@ class Connection(CommonConnection, ConnectionHandlers):
else: else:
gajim.config.set_per('accounts', self.name, gajim.config.set_per('accounts', self.name,
'ssl_fingerprint_sha1', con.Connection.ssl_fingerprint_sha1) 'ssl_fingerprint_sha1', con.Connection.ssl_fingerprint_sha1)
if not check_X509.check_certificate(con.Connection.ssl_certificate, if not check_X509.check_certificate(con.Connection.ssl_certificate,
hostname) and '100' not in gajim.config.get_per('accounts', self.name, hostname) and '100' not in gajim.config.get_per('accounts',
'ignore_ssl_errors').split(): self.name, 'ignore_ssl_errors').split():
txt = _('The authenticity of the %s certificate could be invalid.' txt = _('The authenticity of the %s certificate could be '
'\nThe certificate does not cover this domain.') % hostname 'invalid.\nThe certificate does not cover this domain.') % \
gajim.nec.push_incoming_event(SSLErrorEvent(None, conn=self, hostname
error_text=txt, error_num=100, cert=con.Connection.ssl_cert_pem, gajim.nec.push_incoming_event(SSLErrorEvent(None, conn=self,
fingerprint=con.Connection.ssl_fingerprint_sha1, error_text=txt, error_num=100,
certificate=con.Connection.ssl_certificate)) cert=con.Connection.ssl_cert_pem,
return True fingerprint=con.Connection.ssl_fingerprint_sha1,
certificate=con.Connection.ssl_certificate))
return True
self._register_handlers(con, con_type) self._register_handlers(con, con_type)
con.auth( con.auth(user=name, password=self.password,
user=name, resource=self.server_resource, sasl=1, on_auth=self.__on_auth)
password=self.password,
resource=self.server_resource,
sasl=1,
on_auth=self.__on_auth)
def ssl_certificate_accepted(self): def ssl_certificate_accepted(self):
if not self.connection: if not self.connection: