diff options
author | Remko Tronçon <git@el-tramo.be> | 2012-05-12 18:24:40 (GMT) |
---|---|---|
committer | Remko Tronçon <git@el-tramo.be> | 2012-05-12 18:24:40 (GMT) |
commit | 1bebb951f1a398038a602ea8ac1fc1cbc92959c1 (patch) | |
tree | 93539d7642383786bbf952e947861a3afbb48fa0 /Swiften/Client | |
parent | 159e773b156f531575d0d7e241e2d20c85ee6d7c (diff) | |
download | swift-contrib-1bebb951f1a398038a602ea8ac1fc1cbc92959c1.zip swift-contrib-1bebb951f1a398038a602ea8ac1fc1cbc92959c1.tar.bz2 |
Remove peer certificate from APIs.
The peer certificate chain contains the peer certificate, so this was
redundant.
Diffstat (limited to 'Swiften/Client')
-rw-r--r-- | Swiften/Client/ClientSession.cpp | 11 | ||||
-rw-r--r-- | Swiften/Client/ClientSession.h | 2 |
2 files changed, 6 insertions, 7 deletions
diff --git a/Swiften/Client/ClientSession.cpp b/Swiften/Client/ClientSession.cpp index c2dc3ae..7e1f517 100644 --- a/Swiften/Client/ClientSession.cpp +++ b/Swiften/Client/ClientSession.cpp @@ -370,25 +370,24 @@ void ClientSession::sendCredentials(const SafeByteArray& password) { void ClientSession::handleTLSEncrypted() { checkState(Encrypting); - Certificate::ref certificate = stream->getPeerCertificate(); std::vector<Certificate::ref> certificateChain = stream->getPeerCertificateChain(); boost::shared_ptr<CertificateVerificationError> verificationError = stream->getPeerCertificateVerificationError(); if (verificationError) { - checkTrustOrFinish(certificate, certificateChain, verificationError); + checkTrustOrFinish(certificateChain, verificationError); } else { ServerIdentityVerifier identityVerifier(localJID); - if (identityVerifier.certificateVerifies(certificate)) { + if (!certificateChain.empty() && identityVerifier.certificateVerifies(certificateChain[0])) { continueAfterTLSEncrypted(); } else { - checkTrustOrFinish(certificate, certificateChain, boost::make_shared<CertificateVerificationError>(CertificateVerificationError::InvalidServerIdentity)); + checkTrustOrFinish(certificateChain, boost::make_shared<CertificateVerificationError>(CertificateVerificationError::InvalidServerIdentity)); } } } -void ClientSession::checkTrustOrFinish(Certificate::ref certificate, const std::vector<Certificate::ref>& certificateChain, boost::shared_ptr<CertificateVerificationError> error) { - if (certificateTrustChecker && certificateTrustChecker->isCertificateTrusted(certificate, certificateChain)) { +void ClientSession::checkTrustOrFinish(const std::vector<Certificate::ref>& certificateChain, boost::shared_ptr<CertificateVerificationError> error) { + if (certificateTrustChecker && certificateTrustChecker->isCertificateTrusted(certificateChain)) { continueAfterTLSEncrypted(); } else { diff --git a/Swiften/Client/ClientSession.h b/Swiften/Client/ClientSession.h index 9c4b980..66a90ed 100644 --- a/Swiften/Client/ClientSession.h +++ b/Swiften/Client/ClientSession.h @@ -154,7 +154,7 @@ namespace Swift { void handleStanzaAcked(boost::shared_ptr<Stanza> stanza); void ack(unsigned int handledStanzasCount); void continueAfterTLSEncrypted(); - void checkTrustOrFinish(Certificate::ref certificate, const std::vector<Certificate::ref>& certificateChain, boost::shared_ptr<CertificateVerificationError> error); + void checkTrustOrFinish(const std::vector<Certificate::ref>& certificateChain, boost::shared_ptr<CertificateVerificationError> error); private: JID localJID; |