summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTobias Markmann <tm@ayena.de>2016-09-29 11:11:09 (GMT)
committerKevin Smith <kevin.smith@isode.com>2016-09-29 12:27:43 (GMT)
commit2bf44a1d641c3bc35546cb49d3766f2962f9a984 (patch)
tree999b3b082ebeaeca8c4db817f87b3570346ae6c1 /Swiften/TLS/SecureTransport/SecureTransportContext.mm
parentc966e43b2852e69da1ed3cac9e11c1b026d4f4a9 (diff)
downloadswift-2bf44a1d641c3bc35546cb49d3766f2962f9a984.zip
swift-2bf44a1d641c3bc35546cb49d3766f2962f9a984.tar.bz2
Explicitly handle all possible SecTrustResultType enum values
Test-Information: Unit tests pass on macOS 10.12. Change-Id: I32f884e2525b6200e5fb3f04d58f77304d16daa0
Diffstat (limited to 'Swiften/TLS/SecureTransport/SecureTransportContext.mm')
-rw-r--r--Swiften/TLS/SecureTransport/SecureTransportContext.mm18
1 files changed, 15 insertions, 3 deletions
diff --git a/Swiften/TLS/SecureTransport/SecureTransportContext.mm b/Swiften/TLS/SecureTransport/SecureTransportContext.mm
index 970d270..1ed636b 100644
--- a/Swiften/TLS/SecureTransport/SecureTransportContext.mm
+++ b/Swiften/TLS/SecureTransport/SecureTransportContext.mm
@@ -262,11 +262,23 @@ void SecureTransportContext::verifyServerCertificate() {
verificationError_ = std::make_shared<CertificateVerificationError>(CertificateVerificationError::UnknownError);
}
break;
- case kSecTrustResultOtherError:
+ case kSecTrustResultInvalid:
verificationError_ = std::make_shared<CertificateVerificationError>(CertificateVerificationError::UnknownError);
break;
- default:
- SWIFT_LOG(warning) << "Unhandled trust result " << trustResult << "." << std::endl;
+ case kSecTrustResultConfirm:
+ // TODO: Confirmation from the user is required before proceeding.
+ verificationError_ = std::make_shared<CertificateVerificationError>(CertificateVerificationError::UnknownError);
+ break;
+ case kSecTrustResultDeny:
+ // The user specified that the certificate should not be trusted.
+ verificationError_ = std::make_shared<CertificateVerificationError>(CertificateVerificationError::Untrusted);
+ break;
+ case kSecTrustResultFatalTrustFailure:
+ // Trust denied; no simple fix is available.
+ verificationError_ = std::make_shared<CertificateVerificationError>(CertificateVerificationError::UnknownError);
+ break;
+ case kSecTrustResultOtherError:
+ verificationError_ = std::make_shared<CertificateVerificationError>(CertificateVerificationError::UnknownError);
break;
}