From 2780fc2b0e5b13d4b9998895875359884686b3bf Mon Sep 17 00:00:00 2001 From: Yann Leboulanger Date: Sun, 23 Dec 2012 17:48:11 +0100 Subject: [PATCH] correctly handle SSL errors. Fixes #7252 --- src/common/connection.py | 48 ++++++++++++++++++++++------------------ 1 file changed, 27 insertions(+), 21 deletions(-) diff --git a/src/common/connection.py b/src/common/connection.py index d3ec7d6c7..4557596a6 100644 --- a/src/common/connection.py +++ b/src/common/connection.py @@ -1308,34 +1308,40 @@ class Connection(CommonConnection, ConnectionHandlers): try: errnum = con.Connection.ssl_errnum except AttributeError: - errnum = -1 # we don't have an errnum - if errnum > 0 and str(errnum) not in gajim.config.get_per('accounts', - self.name, 'ignore_ssl_errors').split(): - text = _('The authenticity of the %s certificate could be invalid.' - ) % hostname - if errnum in ssl_error: - text += _('\nSSL Error: %s') % ssl_error[errnum] - else: - text += _('\nUnknown SSL error: %d') % errnum - gajim.nec.push_incoming_event(SSLErrorEvent(None, conn=self, - error_text=text, error_num=errnum, - cert=con.Connection.ssl_cert_pem, - fingerprint=con.Connection.ssl_fingerprint_sha1, - certificate=con.Connection.ssl_certificate)) - return True + errnum = [] # we don't have an errnum + i = 0 + for er in errnum: + if er > 0 and str(er) not in gajim.config.get_per('accounts', + self.name, 'ignore_ssl_errors').split(): + text = _('The authenticity of the %s certificate could be ' + 'invalid.') % hostname + if er in ssl_error: + text += _('\nSSL Error: %s') % ssl_error[er] + else: + text += _('\nUnknown SSL error: %d') % er + gajim.nec.push_incoming_event(SSLErrorEvent(None, conn=self, + error_text=text, error_num=er, + cert=con.Connection.ssl_cert_pem[i], + fingerprint=con.Connection.ssl_fingerprint_sha1[i], + certificate=con.Connection.ssl_certificate[i])) + return True + i += 1 if hasattr(con.Connection, 'ssl_fingerprint_sha1'): saved_fingerprint = gajim.config.get_per('accounts', self.name, 'ssl_fingerprint_sha1') if saved_fingerprint: # Check sha1 fingerprint - if con.Connection.ssl_fingerprint_sha1 != saved_fingerprint: + if con.Connection.ssl_fingerprint_sha1[-1] != saved_fingerprint: gajim.nec.push_incoming_event(FingerprintErrorEvent(None, - conn=self, certificate=con.Connection.ssl_certificate, - new_fingerprint=con.Connection.ssl_fingerprint_sha1)) + conn=self, + certificate=con.Connection.ssl_certificate, + new_fingerprint=con.Connection.ssl_fingerprint_sha1[ + -1])) return True else: gajim.config.set_per('accounts', self.name, - 'ssl_fingerprint_sha1', con.Connection.ssl_fingerprint_sha1) + 'ssl_fingerprint_sha1', + con.Connection.ssl_fingerprint_sha1[-1]) if not check_X509.check_certificate(con.Connection.ssl_certificate, hostname) and '100' not in gajim.config.get_per('accounts', self.name, 'ignore_ssl_errors').split(): @@ -1344,8 +1350,8 @@ class Connection(CommonConnection, ConnectionHandlers): hostname gajim.nec.push_incoming_event(SSLErrorEvent(None, conn=self, error_text=txt, error_num=100, - cert=con.Connection.ssl_cert_pem, - fingerprint=con.Connection.ssl_fingerprint_sha1, + cert=con.Connection.ssl_cert_pem[-1], + fingerprint=con.Connection.ssl_fingerprint_sha1[-1], certificate=con.Connection.ssl_certificate)) return True