Swift
summaryrefslogtreecommitdiffstats
path: root/Swiften/Client
diff options
context:
space:
mode:
Diffstat (limited to 'Swiften/Client')
-rw-r--r--Swiften/Client/ClientSession.cpp9
-rw-r--r--Swiften/Client/ClientSession.h2
2 files changed, 6 insertions, 5 deletions
diff --git a/Swiften/Client/ClientSession.cpp b/Swiften/Client/ClientSession.cpp
index 8be8a8c..c2dc3ae 100644
--- a/Swiften/Client/ClientSession.cpp
+++ b/Swiften/Client/ClientSession.cpp
@@ -365,35 +365,36 @@ void ClientSession::sendCredentials(const SafeByteArray& password) {
state = Authenticating;
authenticator->setCredentials(localJID.getNode(), password);
stream->writeElement(boost::make_shared<AuthRequest>(authenticator->getName(), authenticator->getResponse()));
}
void ClientSession::handleTLSEncrypted() {
checkState(Encrypting);
Certificate::ref certificate = stream->getPeerCertificate();
+ std::vector<Certificate::ref> certificateChain = stream->getPeerCertificateChain();
boost::shared_ptr<CertificateVerificationError> verificationError = stream->getPeerCertificateVerificationError();
if (verificationError) {
- checkTrustOrFinish(certificate, verificationError);
+ checkTrustOrFinish(certificate, certificateChain, verificationError);
}
else {
ServerIdentityVerifier identityVerifier(localJID);
if (identityVerifier.certificateVerifies(certificate)) {
continueAfterTLSEncrypted();
}
else {
- checkTrustOrFinish(certificate, boost::make_shared<CertificateVerificationError>(CertificateVerificationError::InvalidServerIdentity));
+ checkTrustOrFinish(certificate, certificateChain, boost::make_shared<CertificateVerificationError>(CertificateVerificationError::InvalidServerIdentity));
}
}
}
-void ClientSession::checkTrustOrFinish(Certificate::ref certificate, boost::shared_ptr<CertificateVerificationError> error) {
- if (certificateTrustChecker && certificateTrustChecker->isCertificateTrusted(certificate)) {
+void ClientSession::checkTrustOrFinish(Certificate::ref certificate, const std::vector<Certificate::ref>& certificateChain, boost::shared_ptr<CertificateVerificationError> error) {
+ if (certificateTrustChecker && certificateTrustChecker->isCertificateTrusted(certificate, certificateChain)) {
continueAfterTLSEncrypted();
}
else {
finishSession(error);
}
}
void ClientSession::continueAfterTLSEncrypted() {
state = WaitingForStreamStart;
diff --git a/Swiften/Client/ClientSession.h b/Swiften/Client/ClientSession.h
index b67b23d..9c4b980 100644
--- a/Swiften/Client/ClientSession.h
+++ b/Swiften/Client/ClientSession.h
@@ -148,19 +148,19 @@ namespace Swift {
void handleTLSEncrypted();
bool checkState(State);
void continueSessionInitialization();
void requestAck();
void handleStanzaAcked(boost::shared_ptr<Stanza> stanza);
void ack(unsigned int handledStanzasCount);
void continueAfterTLSEncrypted();
- void checkTrustOrFinish(Certificate::ref certificate, boost::shared_ptr<CertificateVerificationError> error);
+ void checkTrustOrFinish(Certificate::ref certificate, const std::vector<Certificate::ref>& certificateChain, boost::shared_ptr<CertificateVerificationError> error);
private:
JID localJID;
State state;
boost::shared_ptr<SessionStream> stream;
bool allowPLAINOverNonTLS;
bool useStreamCompression;
UseTLS useTLS;
bool useAcks;