update die to nbxmpp update

src/common/connection.py

@@ -61,6 +61,9 @@ from common import exceptions
 from common import check_X509
 from common.connection_handlers import *
 
+if gajim.HAVE_PYOPENSSL:
+    import OpenSSL.crypto
+
 from nbxmpp import Smacks
 from string import Template
 import logging
@@ -1382,49 +1385,48 @@ class Connection(CommonConnection, ConnectionHandlers):
         try:
             errnum = con.Connection.ssl_errnum
         except AttributeError:
-            errnum = [] # we don't have an errnum
+            errnum = 0
-        for i, er in enumerate(errnum):
+        cert = con.Connection.ssl_certificate
-            if er > 0 and str(er) not in gajim.config.get_per('accounts',
+        if errnum > 0 and str(errnum) not in gajim.config.get_per('accounts',
         self.name, 'ignore_ssl_errors').split():
-                text = _('The authenticity of the %s certificate could be '
+            text = _('The authenticity of the %s certificate could be invalid'
-                    'invalid.') % hostname
+                ) % hostname
-                if er in ssl_error:
+            if errnum in ssl_error:
-                    text += _('\nSSL Error: <b>%s</b>') % ssl_error[er]
+                text += _('\nSSL Error: <b>%s</b>') % ssl_error[errnum]
             else:
-                    text += _('\nUnknown SSL error: %d') % er
+                text += _('\nUnknown SSL error: %d') % errnum
+            fingerprint = cert.digest('sha1')
+            pem = OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM,
+                cert)
             gajim.nec.push_incoming_event(SSLErrorEvent(None, conn=self,
-                    error_text=text, error_num=er,
+                error_text=text, error_num=errnum, cert=pem,
-                    cert=con.Connection.ssl_cert_pem[i],
+                fingerprint=fingerprint, certificate=cert))
-                    fingerprint=con.Connection.ssl_fingerprint_sha1[i],
-                    certificate=con.Connection.ssl_certificate[i]))
             return True
-        if len(con.Connection.ssl_fingerprint_sha1):
+        if cert:
+            fingerprint = cert.digest('sha1')
             saved_fingerprint = gajim.config.get_per('accounts', self.name,
                 'ssl_fingerprint_sha1')
             if saved_fingerprint:
                 # Check sha1 fingerprint
-                if con.Connection.ssl_fingerprint_sha1[-1] != saved_fingerprint:
+                if fingerprint != saved_fingerprint:
                     gajim.nec.push_incoming_event(FingerprintErrorEvent(None,
-                        conn=self,
+                        conn=self, certificate=cert,
-                        certificate=con.Connection.ssl_certificate[-1],
+                        new_fingerprint=fingerprint))
-                        new_fingerprint=con.Connection.ssl_fingerprint_sha1[
-                        -1]))
                     return True
             else:
                 gajim.config.set_per('accounts', self.name,
-                    'ssl_fingerprint_sha1',
+                    'ssl_fingerprint_sha1', fingerprint)
-                    con.Connection.ssl_fingerprint_sha1[-1])
+            if not check_X509.check_certificate(cert, hostname) and \
-            if not check_X509.check_certificate(con.Connection.ssl_certificate[
+            '100' not in gajim.config.get_per('accounts', self.name,
-            -1], hostname) and '100' not in gajim.config.get_per('accounts',
+            'ignore_ssl_errors').split():
-            self.name, 'ignore_ssl_errors').split():
+                pem = OpenSSL.crypto.dump_certificate(
+                    OpenSSL.crypto.FILETYPE_PEM, cert)
                 txt = _('The authenticity of the %s certificate could be '
                     'invalid.\nThe certificate does not cover this domain.') %\
                     hostname
                 gajim.nec.push_incoming_event(SSLErrorEvent(None, conn=self,
-                    error_text=txt, error_num=100,
+                    error_text=txt, error_num=100, cert=pem,
-                    cert=con.Connection.ssl_cert_pem[-1],
+                    fingerprint=fingerprint, certificate=cert))
-                    fingerprint=con.Connection.ssl_fingerprint_sha1[-1],
-                    certificate=con.Connection.ssl_certificate[-1]))
                 return True
 
         self._register_handlers(con, con_type)

src/common/connection_handlers_events.py

@@ -1625,20 +1625,19 @@ class NewAccountConnectedEvent(nec.NetworkIncomingEvent):
         try:
             self.errnum = self.conn.connection.Connection.ssl_errnum
         except AttributeError:
-            self.errnum = [] # we don't have an errnum
+            self.errnum = 0 # we don't have an errnum
         self.ssl_msg = ''
-        for er in self.errnum:
+        if self.errnum > 0:
-            if er > 0:
             from common.connection import ssl_error
             self.ssl_msg = ssl_error.get(er, _('Unknown SSL error: %d') % \
-                    er)
+                self.errnum)
         self.ssl_cert = ''
         if len(self.conn.connection.Connection.ssl_cert_pem):
             self.ssl_cert = self.conn.connection.Connection.ssl_cert_pem
         self.ssl_fingerprint = ''
-        if len(self.conn.connection.Connection.ssl_fingerprint_sha1):
+        if self.conn.connection.Connection.ssl_certificate:
             self.ssl_fingerprint = \
-                self.conn.connection.Connection.ssl_fingerprint_sha1
+                self.conn.connection.Connection.ssl_certificate.digest('sha1')
         return True
 
 class NewAccountNotConnectedEvent(nec.NetworkIncomingEvent):

src/common/gajim.py

@@ -171,6 +171,17 @@ else:
     if subprocess.call(gpg_cmd, shell=True):
         HAVE_GPG = False
 
+HAVE_PYOPENSSL = True
+try:
+    import OpenSSL.SSL
+    import OpenSSL.crypto
+    ver = OpenSSL.__version__
+    ver_l = [int(i) for i in ver.split('.')]
+    if ver_l < [0, 12]:
+        raise ImportError
+except Exception:
+    HAVE_PYOPENSSL = False
+
 HAVE_FARSTREAM = True
 try:
     raise ImportError