do not warn when tls cert changes for a valid one

2016-04-02 14:06:20 +02:00 · 2016-04-02 14:06:20 +02:00 · 759cfc6336
parent 41bd11fdee
commit 759cfc6336
2 changed files with 18 additions and 17 deletions
--- a/src/common/connection.py
+++ b/src/common/connection.py
@ -1461,28 +1461,28 @@ class Connection(CommonConnection, ConnectionHandlers):
            if saved_fingerprint_sha1:
                # Check sha1 fingerprint
                if fingerprint_sha1 != saved_fingerprint_sha1:
-                    gajim.nec.push_incoming_event(FingerprintErrorEvent(None,
-                        conn=self, certificate=cert,
-                        new_fingerprint_sha1=fingerprint_sha1,
-                        new_fingerprint_sha256=fingerprint_sha256))
-                    return True
-            else:
-                gajim.config.set_per('accounts', self.name,
-                    'ssl_fingerprint_sha1', fingerprint_sha1)
+                    if not check_X509.check_certificate(cert, hostname):
+                        gajim.nec.push_incoming_event(FingerprintErrorEvent(
+                            None, conn=self, certificate=cert,
+                            new_fingerprint_sha1=fingerprint_sha1,
+                            new_fingerprint_sha256=fingerprint_sha256))
+                        return True
+            gajim.config.set_per('accounts', self.name, 'ssl_fingerprint_sha1',
+                fingerprint_sha1)

            saved_fingerprint_sha256 = gajim.config.get_per('accounts', self.name,
                'ssl_fingerprint_sha256')
            if saved_fingerprint_sha256:
                # Check sha256 fingerprint
                if fingerprint_sha256 != saved_fingerprint_sha256:
-                    gajim.nec.push_incoming_event(FingerprintErrorEvent(None,
-                        conn=self, certificate=con.Connection.ssl_certificate,
-                        new_fingerprint_sha1=fingerprint_sha1,
-                        new_fingerprint_sha256=fingerprint_sha256))
-                    return True
-            else:
-                gajim.config.set_per('accounts', self.name,
-                    'ssl_fingerprint_sha256', fingerprint_sha256)
+                    if not check_X509.check_certificate(cert, hostname):
+                        gajim.nec.push_incoming_event(FingerprintErrorEvent(
+                            None, conn=self, certificate=cert,
+                            new_fingerprint_sha1=fingerprint_sha1,
+                            new_fingerprint_sha256=fingerprint_sha256))
+                        return True
+            gajim.config.set_per('accounts', self.name,
+                'ssl_fingerprint_sha256', fingerprint_sha256)

            if not check_X509.check_certificate(cert, hostname) and \
            '100' not in gajim.config.get_per('accounts', self.name,
--- a/src/gui_interface.py
+++ b/src/gui_interface.py
@ -1419,7 +1419,8 @@ class Interface:

        pritext = _('SSL certificate error')
        sectext = _('It seems the SSL certificate of account %(account)s has '
-            'changed or your connection is being hacked.\n\nOld SHA-1 fingerprint: '
+            'changed and is not valid or your connection is being hacked.\n\n'
+            'Old SHA-1 fingerprint: '
            '%(old_sha1)s\nOld SHA-256 fingerprint: %(old_sha256)s\n\n'
            'New SHA-1 fingerprint: %(new_sha1)s\nNew SHA-256 fingerprint: '
            '%(new_sha256)s\n\nDo you still want to connect '