summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRemko Tronçon <git@el-tramo.be>2012-05-12 18:24:40 (GMT)
committerRemko Tronçon <git@el-tramo.be>2012-05-12 18:24:40 (GMT)
commit1bebb951f1a398038a602ea8ac1fc1cbc92959c1 (patch)
tree93539d7642383786bbf952e947861a3afbb48fa0 /Swiften/Client
parent159e773b156f531575d0d7e241e2d20c85ee6d7c (diff)
downloadswift-contrib-1bebb951f1a398038a602ea8ac1fc1cbc92959c1.zip
swift-contrib-1bebb951f1a398038a602ea8ac1fc1cbc92959c1.tar.bz2
Remove peer certificate from APIs.
The peer certificate chain contains the peer certificate, so this was redundant.
Diffstat (limited to 'Swiften/Client')
-rw-r--r--Swiften/Client/ClientSession.cpp11
-rw-r--r--Swiften/Client/ClientSession.h2
2 files changed, 6 insertions, 7 deletions
diff --git a/Swiften/Client/ClientSession.cpp b/Swiften/Client/ClientSession.cpp
index c2dc3ae..7e1f517 100644
--- a/Swiften/Client/ClientSession.cpp
+++ b/Swiften/Client/ClientSession.cpp
@@ -370,25 +370,24 @@ void ClientSession::sendCredentials(const SafeByteArray& password) {
void ClientSession::handleTLSEncrypted() {
checkState(Encrypting);
- Certificate::ref certificate = stream->getPeerCertificate();
std::vector<Certificate::ref> certificateChain = stream->getPeerCertificateChain();
boost::shared_ptr<CertificateVerificationError> verificationError = stream->getPeerCertificateVerificationError();
if (verificationError) {
- checkTrustOrFinish(certificate, certificateChain, verificationError);
+ checkTrustOrFinish(certificateChain, verificationError);
}
else {
ServerIdentityVerifier identityVerifier(localJID);
- if (identityVerifier.certificateVerifies(certificate)) {
+ if (!certificateChain.empty() && identityVerifier.certificateVerifies(certificateChain[0])) {
continueAfterTLSEncrypted();
}
else {
- checkTrustOrFinish(certificate, certificateChain, boost::make_shared<CertificateVerificationError>(CertificateVerificationError::InvalidServerIdentity));
+ checkTrustOrFinish(certificateChain, boost::make_shared<CertificateVerificationError>(CertificateVerificationError::InvalidServerIdentity));
}
}
}
-void ClientSession::checkTrustOrFinish(Certificate::ref certificate, const std::vector<Certificate::ref>& certificateChain, boost::shared_ptr<CertificateVerificationError> error) {
- if (certificateTrustChecker && certificateTrustChecker->isCertificateTrusted(certificate, certificateChain)) {
+void ClientSession::checkTrustOrFinish(const std::vector<Certificate::ref>& certificateChain, boost::shared_ptr<CertificateVerificationError> error) {
+ if (certificateTrustChecker && certificateTrustChecker->isCertificateTrusted(certificateChain)) {
continueAfterTLSEncrypted();
}
else {
diff --git a/Swiften/Client/ClientSession.h b/Swiften/Client/ClientSession.h
index 9c4b980..66a90ed 100644
--- a/Swiften/Client/ClientSession.h
+++ b/Swiften/Client/ClientSession.h
@@ -154,7 +154,7 @@ namespace Swift {
void handleStanzaAcked(boost::shared_ptr<Stanza> stanza);
void ack(unsigned int handledStanzasCount);
void continueAfterTLSEncrypted();
- void checkTrustOrFinish(Certificate::ref certificate, const std::vector<Certificate::ref>& certificateChain, boost::shared_ptr<CertificateVerificationError> error);
+ void checkTrustOrFinish(const std::vector<Certificate::ref>& certificateChain, boost::shared_ptr<CertificateVerificationError> error);
private:
JID localJID;