copyleftie
/
gajim-plural
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

correctly handle SSL errors. Fixes #7252

This commit is contained in:
Yann Leboulanger 2012-12-23 17:48:11 +01:00
parent 8f71d9f219
commit da75bf846b
1 changed files with 27 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
src/common/connection.py
View File

@ -1308,34 +1308,40 @@ class Connection(CommonConnection, ConnectionHandlers):
try: try:
errnum = con.Connection.ssl_errnum errnum = con.Connection.ssl_errnum
except AttributeError: except AttributeError:
errnum = -1 # we don't have an errnum errnum = [] # we don't have an errnum
if errnum > 0 and str(errnum) not in gajim.config.get_per('accounts', i = 0
self.name, 'ignore_ssl_errors').split(): for er in errnum:
text = _('The authenticity of the %s certificate could be invalid.' if er > 0 and str(er) not in gajim.config.get_per('accounts',
) % hostname self.name, 'ignore_ssl_errors').split():
if errnum in ssl_error: text = _('The authenticity of the %s certificate could be '
text += _('\nSSL Error: <b>%s</b>') % ssl_error[errnum] 'invalid.') % hostname
else: if er in ssl_error:
text += _('\nUnknown SSL error: %d') % errnum text += _('\nSSL Error: <b>%s</b>') % ssl_error[er]
gajim.nec.push_incoming_event(SSLErrorEvent(None, conn=self, else:
error_text=text, error_num=errnum, text += _('\nUnknown SSL error: %d') % er
cert=con.Connection.ssl_cert_pem, gajim.nec.push_incoming_event(SSLErrorEvent(None, conn=self,
fingerprint=con.Connection.ssl_fingerprint_sha1, error_text=text, error_num=er,
certificate=con.Connection.ssl_certificate)) cert=con.Connection.ssl_cert_pem[i],
return True fingerprint=con.Connection.ssl_fingerprint_sha1[i],
certificate=con.Connection.ssl_certificate[i]))
return True
i += 1
if hasattr(con.Connection, 'ssl_fingerprint_sha1'): if hasattr(con.Connection, 'ssl_fingerprint_sha1'):
saved_fingerprint = gajim.config.get_per('accounts', self.name, saved_fingerprint = gajim.config.get_per('accounts', self.name,
'ssl_fingerprint_sha1') 'ssl_fingerprint_sha1')
if saved_fingerprint: if saved_fingerprint:
# Check sha1 fingerprint # Check sha1 fingerprint
if con.Connection.ssl_fingerprint_sha1 != saved_fingerprint: if con.Connection.ssl_fingerprint_sha1[-1] != saved_fingerprint:
gajim.nec.push_incoming_event(FingerprintErrorEvent(None, gajim.nec.push_incoming_event(FingerprintErrorEvent(None,
conn=self, certificate=con.Connection.ssl_certificate, conn=self,
new_fingerprint=con.Connection.ssl_fingerprint_sha1)) certificate=con.Connection.ssl_certificate,
new_fingerprint=con.Connection.ssl_fingerprint_sha1[
-1]))
return True return True
else: else:
gajim.config.set_per('accounts', self.name, gajim.config.set_per('accounts', self.name,
'ssl_fingerprint_sha1', con.Connection.ssl_fingerprint_sha1) 'ssl_fingerprint_sha1',
con.Connection.ssl_fingerprint_sha1[-1])
if not check_X509.check_certificate(con.Connection.ssl_certificate, if not check_X509.check_certificate(con.Connection.ssl_certificate,
hostname) and '100' not in gajim.config.get_per('accounts', hostname) and '100' not in gajim.config.get_per('accounts',
self.name, 'ignore_ssl_errors').split(): self.name, 'ignore_ssl_errors').split():
@ -1344,8 +1350,8 @@ class Connection(CommonConnection, ConnectionHandlers):
hostname hostname
gajim.nec.push_incoming_event(SSLErrorEvent(None, conn=self, gajim.nec.push_incoming_event(SSLErrorEvent(None, conn=self,
error_text=txt, error_num=100, error_text=txt, error_num=100,
cert=con.Connection.ssl_cert_pem, cert=con.Connection.ssl_cert_pem[-1],
fingerprint=con.Connection.ssl_fingerprint_sha1, fingerprint=con.Connection.ssl_fingerprint_sha1[-1],
certificate=con.Connection.ssl_certificate)) certificate=con.Connection.ssl_certificate))
return True return True