ability to see certificate information when fingerprint changes. see #3998

src/common/connection.py

@@ -1281,7 +1281,7 @@ class Connection(CommonConnection, ConnectionHandlers):
                 # Check sha1 fingerprint
                 if con.Connection.ssl_fingerprint_sha1 != saved_fingerprint:
                     gajim.nec.push_incoming_event(FingerprintErrorEvent(None,
-                        conn=self,
+                        conn=self, certificate=con.Connection.ssl_certificate,
                         new_fingerprint=con.Connection.ssl_fingerprint_sha1))
                     return True
             else:

src/common/xmpp/tls_nb.py

@@ -449,6 +449,7 @@ class NonBlockingTLS(PlugIn):
         # Exceptions can't propagate up through this callback, so print them here.
         try:
             self._owner.ssl_fingerprint_sha1 = cert.digest('sha1')
+            self._owner.ssl_certificate = cert
             if errnum == 0:
                 return True
             self._owner.ssl_errnum = errnum

src/dialogs.py

@@ -5606,3 +5606,51 @@ class VoIPCallReceivedDialog(object):
                     session.reject_content(content)
 
         dialog.destroy()
+
+class CertificatDialog(InformationDialog):
+    def __init__(self, parent, account, cert):
+        issuer = cert.get_issuer()
+        subject = cert.get_subject()
+        InformationDialog.__init__(self,
+            _('Certificate for account %s') % account, _('''<b>Issued to:</b>
+Common Name (CN): %(scn)s
+Organization (O): %(sorg)s
+Organizationl Unit (OU): %(sou)s
+Serial Number: %(sn)s
+
+<b>Issued by:</b>
+Common Name (CN): %(icn)s
+Organization (O): %(iorg)s
+Organizationl Unit (OU): %(iou)s
+
+<b>Validity:</b>
+Issued on: %(io)s
+Expires on: %(eo)s
+
+<b>Fingerprint</b>
+SHA1 Fingerprint: %(sha1)s''') % {
+            'scn': subject.commonName, 'sorg': subject.organizationName,
+            'sou': subject.organizationalUnitName,
+            'sn': cert.get_serial_number(), 'icn': issuer.commonName,
+            'iorg': issuer.organizationName,
+            'iou': issuer.organizationalUnitName,
+            'io': cert.get_notBefore(), 'eo': cert.get_notAfter(),
+            'sha1': cert.digest('sha1')})
+        self.set_transient_for(parent)
+
+
+class CheckFingerprintDialog(YesNoDialog):
+    def __init__(self, pritext='', sectext='', checktext='',
+    on_response_yes=None, on_response_no=None, account=None, certificate=None):
+        self.account = account
+        self.cert = certificate
+        YesNoDialog.__init__(self, pritext, sectext, checktext, on_response_yes,
+            on_response_no)
+        b = gtk.Button('View cert...')
+        b.connect('clicked', self.on_cert_clicked)
+        b.show_all()
+        area = self.get_action_area()
+        area.pack_start(b)
+
+    def on_cert_clicked(self, button):
+        d = CertificatDialog(self, self.account, self.cert)

src/gui_interface.py

@@ -1250,8 +1250,9 @@ class Interface:
             self.instances[account]['online_dialog']['fingerprint_error'].\
                 destroy()
         self.instances[account]['online_dialog']['fingerprint_error'] = \
-            dialogs.YesNoDialog(pritext, sectext, on_response_yes=on_yes,
-            on_response_no=on_no)
+            dialogs.CheckFingerprintDialog(pritext, sectext, on_response_yes=on_yes,
+            on_response_no=on_no, account=obj.conn.name,
+            certificate=obj.certificate)
 
     def handle_event_plain_connection(self, obj):
         # ('PLAIN_CONNECTION', account, (connection))