diff options
author | Remko Tronçon <git@el-tramo.be> | 2010-11-10 21:02:12 (GMT) |
---|---|---|
committer | Remko Tronçon <git@el-tramo.be> | 2010-11-11 12:50:12 (GMT) |
commit | 91b828a6e94f15c675e03baff4d45a7feb939eb9 (patch) | |
tree | 2ca432e79b05b58235b0f791fc8e4a6dd0e96db7 /Swiften/Client/ClientSession.cpp | |
parent | 2fec654b2345ba974b843a0868d580f9c12fdfea (diff) | |
download | swift-contrib-91b828a6e94f15c675e03baff4d45a7feb939eb9.zip swift-contrib-91b828a6e94f15c675e03baff4d45a7feb939eb9.tar.bz2 |
Added server identity check.
Diffstat (limited to 'Swiften/Client/ClientSession.cpp')
-rw-r--r-- | Swiften/Client/ClientSession.cpp | 18 |
1 files changed, 15 insertions, 3 deletions
diff --git a/Swiften/Client/ClientSession.cpp b/Swiften/Client/ClientSession.cpp index a199a84..9e6db5d 100644 --- a/Swiften/Client/ClientSession.cpp +++ b/Swiften/Client/ClientSession.cpp @@ -37,6 +37,7 @@ #include "Swiften/SASL/DIGESTMD5ClientAuthenticator.h" #include "Swiften/Session/SessionStream.h" #include "Swiften/TLS/CertificateTrustChecker.h" +#include "Swiften/TLS/ServerIdentityVerifier.h" namespace Swift { @@ -330,16 +331,27 @@ void ClientSession::handleTLSEncrypted() { Certificate::ref certificate = stream->getPeerCertificate(); boost::shared_ptr<CertificateVerificationError> verificationError = stream->getPeerCertificateVerificationError(); if (verificationError) { - if (certificateTrustChecker && certificateTrustChecker->isCertificateTrusted(certificate, localJID.getDomain())) { + checkTrustOrFinish(certificate, verificationError); + } + else { + ServerIdentityVerifier identityVerifier(localJID); + if (identityVerifier.certificateVerifies(certificate)) { continueAfterTLSEncrypted(); } else { - finishSession(verificationError); + boost::shared_ptr<CertificateVerificationError> identityError(new CertificateVerificationError(CertificateVerificationError::InvalidServerIdentity)); + checkTrustOrFinish(certificate, identityError); } } - else { +} + +void ClientSession::checkTrustOrFinish(Certificate::ref certificate, boost::shared_ptr<CertificateVerificationError> error) { + if (certificateTrustChecker && certificateTrustChecker->isCertificateTrusted(certificate, localJID.getDomain())) { continueAfterTLSEncrypted(); } + else { + finishSession(error); + } } void ClientSession::continueAfterTLSEncrypted() { |