summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRemko Tronçon <git@el-tramo.be>2010-12-05 18:06:41 (GMT)
committerRemko Tronçon <git@el-tramo.be>2010-12-05 18:06:41 (GMT)
commitf32492bec456866fb5101274e6789efc59a47bdc (patch)
tree5fad08517a769afe3943a7dcbfef2c4c2b3ea850 /Swiften
parentfc585cd8313fec545b4cdae4fe4fed1f75626409 (diff)
downloadswift-contrib-f32492bec456866fb5101274e6789efc59a47bdc.zip
swift-contrib-f32492bec456866fb5101274e6789efc59a47bdc.tar.bz2
Added plumbing for persistent certificate trust checking.
Diffstat (limited to 'Swiften')
-rw-r--r--Swiften/Client/ClientSession.cpp2
-rw-r--r--Swiften/TLS/BlindCertificateTrustChecker.h2
-rw-r--r--Swiften/TLS/CertificateTrustChecker.h2
-rw-r--r--Swiften/TLS/OpenSSL/OpenSSLCertificate.cpp8
4 files changed, 9 insertions, 5 deletions
diff --git a/Swiften/Client/ClientSession.cpp b/Swiften/Client/ClientSession.cpp
index 9e6db5d..13816d3 100644
--- a/Swiften/Client/ClientSession.cpp
+++ b/Swiften/Client/ClientSession.cpp
@@ -346,7 +346,7 @@ void ClientSession::handleTLSEncrypted() {
}
void ClientSession::checkTrustOrFinish(Certificate::ref certificate, boost::shared_ptr<CertificateVerificationError> error) {
- if (certificateTrustChecker && certificateTrustChecker->isCertificateTrusted(certificate, localJID.getDomain())) {
+ if (certificateTrustChecker && certificateTrustChecker->isCertificateTrusted(certificate)) {
continueAfterTLSEncrypted();
}
else {
diff --git a/Swiften/TLS/BlindCertificateTrustChecker.h b/Swiften/TLS/BlindCertificateTrustChecker.h
index fc7fbe8..d9db14c 100644
--- a/Swiften/TLS/BlindCertificateTrustChecker.h
+++ b/Swiften/TLS/BlindCertificateTrustChecker.h
@@ -19,7 +19,7 @@ namespace Swift {
*/
class BlindCertificateTrustChecker : public CertificateTrustChecker {
public:
- virtual bool isCertificateTrusted(Certificate::ref, const String&) {
+ virtual bool isCertificateTrusted(Certificate::ref) {
return true;
}
};
diff --git a/Swiften/TLS/CertificateTrustChecker.h b/Swiften/TLS/CertificateTrustChecker.h
index 7400dac..c248e4a 100644
--- a/Swiften/TLS/CertificateTrustChecker.h
+++ b/Swiften/TLS/CertificateTrustChecker.h
@@ -24,6 +24,6 @@ namespace Swift {
* trusted. This usually happens when a certificate's validation
* fails, to check whether to proceed with the connection or not.
*/
- virtual bool isCertificateTrusted(Certificate::ref certificate, const String& domain) = 0;
+ virtual bool isCertificateTrusted(Certificate::ref certificate) = 0;
};
}
diff --git a/Swiften/TLS/OpenSSL/OpenSSLCertificate.cpp b/Swiften/TLS/OpenSSL/OpenSSLCertificate.cpp
index 347d6ef..6a3d688 100644
--- a/Swiften/TLS/OpenSSL/OpenSSLCertificate.cpp
+++ b/Swiften/TLS/OpenSSL/OpenSSLCertificate.cpp
@@ -4,9 +4,10 @@
* See Documentation/Licenses/GPLv3.txt for more information.
*/
-#include "Swiften/TLS/OpenSSL/OpenSSLCertificate.h"
+#include <Swiften/TLS/OpenSSL/OpenSSLCertificate.h>
-#include "Swiften/Base/ByteArray.h"
+#include <Swiften/Base/ByteArray.h>
+#include <Swiften/Base/Log.h>
#undef X509_NAME // Windows.h defines this, and for some reason, it doesn't get undeffed properly in x509.h
#include <openssl/x509v3.h>
@@ -27,6 +28,9 @@ OpenSSLCertificate::OpenSSLCertificate(const ByteArray& der) {
const unsigned char* p = reinterpret_cast<const unsigned char*>(der.getData());
#endif
cert = boost::shared_ptr<X509>(d2i_X509(NULL, &p, der.getSize()), X509_free);
+ if (!cert) {
+ SWIFT_LOG(warning) << "Error creating certificate from DER data" << std::endl;
+ }
parse();
}