summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTobias Markmann <tm@ayena.de>2016-02-08 15:06:54 (GMT)
committerTobias Markmann <tm@ayena.de>2016-02-08 15:06:54 (GMT)
commit27211ac2ca11c6ac259bc09bb81a7ed297a9d07d (patch)
tree6663eb8edcbc44f1c9af3777805404adc5d92a9b /Swiften/QA/TLSTest
parentde378c0b47268aea03177165156627659e28dde3 (diff)
downloadswift-27211ac2ca11c6ac259bc09bb81a7ed297a9d07d.zip
swift-27211ac2ca11c6ac259bc09bb81a7ed297a9d07d.tar.bz2
Treat cert verify errors as non-fatal in OS X TLS backend
Our TLS backends need to tread TLS verification errors, e.g. outdated certificate, untrusted CA, non-matching host, etc., as non-fatal, so the application can apply custom key pinning verification or similar. This patch changes the OS X SecureTransport backend to behave accordingly and adjusts the CertificateErrorTest to mirror this behavior. This commit also fixes a double-free in SecureTransportCertificate. Test-Information: Connected to a host with an untrusted CA and non-matching domain in the certificate and was prompted with the Swift certificate trust dialog on OS X 10.11.3. Swiften/QA/TLSTest run successfully on OS X 10.11.3. Change-Id: I4c8ce2178540d79a5f328e2e0558d4deb4295134
Diffstat (limited to 'Swiften/QA/TLSTest')
-rw-r--r--Swiften/QA/TLSTest/CertificateErrorTest.cpp14
1 files changed, 7 insertions, 7 deletions
diff --git a/Swiften/QA/TLSTest/CertificateErrorTest.cpp b/Swiften/QA/TLSTest/CertificateErrorTest.cpp
index e69af0b..3b33e8e 100644
--- a/Swiften/QA/TLSTest/CertificateErrorTest.cpp
+++ b/Swiften/QA/TLSTest/CertificateErrorTest.cpp
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015 Isode Limited.
+ * Copyright (c) 2015-2016 Isode Limited.
* All rights reserved.
* See the COPYING file for more information.
*/
@@ -13,8 +13,8 @@
#include <Swiften/Base/Log.h>
#include <Swiften/EventLoop/DummyEventLoop.h>
-#include <Swiften/IDN/PlatformIDNConverter.h>
#include <Swiften/IDN/IDNConverter.h>
+#include <Swiften/IDN/PlatformIDNConverter.h>
#include <Swiften/Network/BoostConnectionFactory.h>
#include <Swiften/Network/BoostIOServiceThread.h>
#include <Swiften/Network/HostAddressPort.h>
@@ -122,7 +122,7 @@ class CertificateErrorTest : public CppUnit::TestFixture {
connectToServer(connection, "test5.tls-o-matic.com", 405);
- CPPUNIT_ASSERT_EQUAL(true, connectFinishedWithError_);
+ CPPUNIT_ASSERT_EQUAL(false, connectFinishedWithError_);
CPPUNIT_ASSERT(context->getPeerCertificateVerificationError());
CPPUNIT_ASSERT_EQUAL(CertificateVerificationError::NotYetValid, context->getPeerCertificateVerificationError()->getType());
}
@@ -133,7 +133,7 @@ class CertificateErrorTest : public CppUnit::TestFixture {
connectToServer(connection, "test6.tls-o-matic.com", 406);
- CPPUNIT_ASSERT_EQUAL(true, connectFinishedWithError_);
+ CPPUNIT_ASSERT_EQUAL(false, connectFinishedWithError_);
CPPUNIT_ASSERT(context->getPeerCertificateVerificationError());
CPPUNIT_ASSERT_EQUAL(CertificateVerificationError::Expired, context->getPeerCertificateVerificationError()->getType());
}
@@ -144,7 +144,7 @@ class CertificateErrorTest : public CppUnit::TestFixture {
connectToServer(connection, "test7.tls-o-matic.com", 407);
- CPPUNIT_ASSERT_EQUAL(true, connectFinishedWithError_);
+ CPPUNIT_ASSERT_EQUAL(false, connectFinishedWithError_);
CPPUNIT_ASSERT(context->getPeerCertificateVerificationError());
CPPUNIT_ASSERT_EQUAL(CertificateVerificationError::Untrusted, context->getPeerCertificateVerificationError()->getType());
}
@@ -156,7 +156,7 @@ class CertificateErrorTest : public CppUnit::TestFixture {
connectToServer(connection, "test14.tls-o-matic.com", 414);
- CPPUNIT_ASSERT_EQUAL(true, connectFinishedWithError_);
+ CPPUNIT_ASSERT_EQUAL(false, connectFinishedWithError_);
CPPUNIT_ASSERT(context->getPeerCertificateVerificationError());
CPPUNIT_ASSERT_EQUAL(CertificateVerificationError::InvalidPurpose, context->getPeerCertificateVerificationError()->getType());
}
@@ -179,7 +179,7 @@ class CertificateErrorTest : public CppUnit::TestFixture {
connectToServer(connection, "revoked.grc.com", 443);
- CPPUNIT_ASSERT_EQUAL(true, connectFinishedWithError_);
+ CPPUNIT_ASSERT_EQUAL(false, connectFinishedWithError_);
CPPUNIT_ASSERT(context->getPeerCertificateVerificationError());
CPPUNIT_ASSERT_EQUAL(CertificateVerificationError::Revoked, context->getPeerCertificateVerificationError()->getType());
}