diff options
author | Remko Tronçon <git@el-tramo.be> | 2012-05-12 18:09:25 (GMT) |
---|---|---|
committer | Remko Tronçon <git@el-tramo.be> | 2012-05-12 18:09:25 (GMT) |
commit | 159e773b156f531575d0d7e241e2d20c85ee6d7c (patch) | |
tree | 9116f69b5f20ec07060b73308427ab524305344f /Swiften | |
parent | 0f91f88ac69644fb7e7bdbf601b7e098194490fa (diff) | |
download | swift-159e773b156f531575d0d7e241e2d20c85ee6d7c.zip swift-159e773b156f531575d0d7e241e2d20c85ee6d7c.tar.bz2 |
Show Certificate dialog from certificate error window.
Diffstat (limited to 'Swiften')
-rw-r--r-- | Swiften/Client/ClientSession.cpp | 9 | ||||
-rw-r--r-- | Swiften/Client/ClientSession.h | 2 | ||||
-rw-r--r-- | Swiften/TLS/BlindCertificateTrustChecker.h | 2 | ||||
-rw-r--r-- | Swiften/TLS/CertificateTrustChecker.h | 6 |
4 files changed, 12 insertions, 7 deletions
diff --git a/Swiften/Client/ClientSession.cpp b/Swiften/Client/ClientSession.cpp index 8be8a8c..c2dc3ae 100644 --- a/Swiften/Client/ClientSession.cpp +++ b/Swiften/Client/ClientSession.cpp @@ -371,9 +371,10 @@ void ClientSession::handleTLSEncrypted() { checkState(Encrypting); Certificate::ref certificate = stream->getPeerCertificate(); + std::vector<Certificate::ref> certificateChain = stream->getPeerCertificateChain(); boost::shared_ptr<CertificateVerificationError> verificationError = stream->getPeerCertificateVerificationError(); if (verificationError) { - checkTrustOrFinish(certificate, verificationError); + checkTrustOrFinish(certificate, certificateChain, verificationError); } else { ServerIdentityVerifier identityVerifier(localJID); @@ -381,13 +382,13 @@ void ClientSession::handleTLSEncrypted() { continueAfterTLSEncrypted(); } else { - checkTrustOrFinish(certificate, boost::make_shared<CertificateVerificationError>(CertificateVerificationError::InvalidServerIdentity)); + checkTrustOrFinish(certificate, certificateChain, boost::make_shared<CertificateVerificationError>(CertificateVerificationError::InvalidServerIdentity)); } } } -void ClientSession::checkTrustOrFinish(Certificate::ref certificate, boost::shared_ptr<CertificateVerificationError> error) { - if (certificateTrustChecker && certificateTrustChecker->isCertificateTrusted(certificate)) { +void ClientSession::checkTrustOrFinish(Certificate::ref certificate, const std::vector<Certificate::ref>& certificateChain, boost::shared_ptr<CertificateVerificationError> error) { + if (certificateTrustChecker && certificateTrustChecker->isCertificateTrusted(certificate, certificateChain)) { continueAfterTLSEncrypted(); } else { diff --git a/Swiften/Client/ClientSession.h b/Swiften/Client/ClientSession.h index b67b23d..9c4b980 100644 --- a/Swiften/Client/ClientSession.h +++ b/Swiften/Client/ClientSession.h @@ -154,7 +154,7 @@ namespace Swift { void handleStanzaAcked(boost::shared_ptr<Stanza> stanza); void ack(unsigned int handledStanzasCount); void continueAfterTLSEncrypted(); - void checkTrustOrFinish(Certificate::ref certificate, boost::shared_ptr<CertificateVerificationError> error); + void checkTrustOrFinish(Certificate::ref certificate, const std::vector<Certificate::ref>& certificateChain, boost::shared_ptr<CertificateVerificationError> error); private: JID localJID; diff --git a/Swiften/TLS/BlindCertificateTrustChecker.h b/Swiften/TLS/BlindCertificateTrustChecker.h index 3177322..9ed7ff2 100644 --- a/Swiften/TLS/BlindCertificateTrustChecker.h +++ b/Swiften/TLS/BlindCertificateTrustChecker.h @@ -19,7 +19,7 @@ namespace Swift { */ class BlindCertificateTrustChecker : public CertificateTrustChecker { public: - virtual bool isCertificateTrusted(Certificate::ref) { + virtual bool isCertificateTrusted(Certificate::ref, const std::vector<Certificate::ref>&) { return true; } }; diff --git a/Swiften/TLS/CertificateTrustChecker.h b/Swiften/TLS/CertificateTrustChecker.h index 06c0c32..91cc530 100644 --- a/Swiften/TLS/CertificateTrustChecker.h +++ b/Swiften/TLS/CertificateTrustChecker.h @@ -10,6 +10,7 @@ #include <string> #include <Swiften/TLS/Certificate.h> +#include <vector> namespace Swift { /** @@ -23,7 +24,10 @@ namespace Swift { * This method is called to find out whether a certificate is * trusted. This usually happens when a certificate's validation * fails, to check whether to proceed with the connection or not. + * + * certificateChain contains the chain of certificates, if available. + * This chain includes certificate. */ - virtual bool isCertificateTrusted(Certificate::ref certificate) = 0; + virtual bool isCertificateTrusted(Certificate::ref certificate, const std::vector<Certificate::ref>& certificateChain) = 0; }; } |