Verify certificates for HTTPS BOSH connections

Test-Information: Tested against a BOSH server with a valid HTTPS certificate and against a BOSH server with an expired HTTPS certificate. Tested on macOS 10.12.3 with Qt 5.5.1. Change-Id: I9989389b271961fc4d66db56198b32715af52ae7
author: Tobias Markmann <tm@ayena.de> 2017-03-19 16:27:06 (GMT)
committer: Tobias Markmann <tm@ayena.de> 2017-04-04 09:14:16 (GMT)
commit: ad66cc53f7e7ce860aee5b71b871a0ae9f8d357d (patch)
tree: bc655727b49d9308f220574c89aa9911fc30ed92 /Swiften/Network/BOSHConnectionPool.cpp
parent: 38f35935581b826940a10246b0a624c643dccc2e (diff)
download: swift-ad66cc53f7e7ce860aee5b71b871a0ae9f8d357d.zip
swift-ad66cc53f7e7ce860aee5b71b871a0ae9f8d357d.tar.bz2
1 files changed, 1 insertions, 0 deletions
diff --git a/Swiften/Network/BOSHConnectionPool.cpp b/Swiften/Network/BOSHConnectionPool.cpp
index e4ca471..8a75e81 100644
--- a/Swiften/Network/BOSHConnectionPool.cpp
+++ b/Swiften/Network/BOSHConnectionPool.cpp
@@ -115,60 +115,61 @@ void BOSHConnectionPool::close() {
     else {
         pendingTerminate = true;
         std::vector<BOSHConnection::ref> connectionCopies = connections;
         for (auto&& connection : connectionCopies) {
             if (connection) {
                 connection->disconnect();
             }
         }
     }
 }
 
 void BOSHConnectionPool::handleSessionStarted(const std::string& sessionID, size_t requests) {
     sid = sessionID;
     requestLimit = requests;
     onSessionStarted();
 }
 
 void BOSHConnectionPool::handleConnectFinished(bool error, BOSHConnection::ref connection) {
     if (error) {
         onSessionTerminated(std::make_shared<BOSHError>(BOSHError::UndefinedCondition));
         /*TODO: We can probably manage to not terminate the stream here and use the rid/ack retry
          * logic to just swallow the error and try again (some number of tries).
          */
     }
     else {
         if (connection->getPeerCertificate() && pinnedCertificateChain_.empty()) {
             pinnedCertificateChain_ = connection->getPeerCertificateChain();
         }
         if (!pinnedCertificateChain_.empty()) {
             lastVerificationError_ = connection->getPeerCertificateVerificationError();
+            onTLSConnectionEstablished();
         }
 
         if (sid.empty()) {
             connection->startStream(to, rid);
         }
         if (pendingRestart) {
             restartStream();
         }
         tryToSendQueuedData();
     }
 }
 
 BOSHConnection::ref BOSHConnectionPool::getSuitableConnection() {
     BOSHConnection::ref suitableConnection;
     for (auto&& connection : connections) {
         if (connection->isReadyToSend()) {
             suitableConnection = connection;
             break;
         }
     }
 
     if (!suitableConnection && connections.size() < requestLimit) {
         /* This is not a suitable connection because it won't have yet connected and added TLS if needed. */
         BOSHConnection::ref newConnection = createConnection();
         newConnection->setSID(sid);
     }
     assert(connections.size() <= requestLimit);
     assert((!suitableConnection) || suitableConnection->isReadyToSend());
     return suitableConnection;
 }
author	Tobias Markmann <tm@ayena.de>	2017-03-19 16:27:06 (GMT)
committer	Tobias Markmann <tm@ayena.de>	2017-04-04 09:14:16 (GMT)
commit	ad66cc53f7e7ce860aee5b71b871a0ae9f8d357d (patch)
tree	bc655727b49d9308f220574c89aa9911fc30ed92 /Swiften/Network/BOSHConnectionPool.cpp
parent	38f35935581b826940a10246b0a624c643dccc2e (diff)
download	swift-ad66cc53f7e7ce860aee5b71b871a0ae9f8d357d.zip swift-ad66cc53f7e7ce860aee5b71b871a0ae9f8d357d.tar.bz2