diff options
author | Remko Tronçon <git@el-tramo.be> | 2010-12-05 18:06:41 (GMT) |
---|---|---|
committer | Remko Tronçon <git@el-tramo.be> | 2010-12-05 18:06:41 (GMT) |
commit | f32492bec456866fb5101274e6789efc59a47bdc (patch) | |
tree | 5fad08517a769afe3943a7dcbfef2c4c2b3ea850 /Swiften | |
parent | fc585cd8313fec545b4cdae4fe4fed1f75626409 (diff) | |
download | swift-f32492bec456866fb5101274e6789efc59a47bdc.zip swift-f32492bec456866fb5101274e6789efc59a47bdc.tar.bz2 |
Added plumbing for persistent certificate trust checking.
Diffstat (limited to 'Swiften')
-rw-r--r-- | Swiften/Client/ClientSession.cpp | 2 | ||||
-rw-r--r-- | Swiften/TLS/BlindCertificateTrustChecker.h | 2 | ||||
-rw-r--r-- | Swiften/TLS/CertificateTrustChecker.h | 2 | ||||
-rw-r--r-- | Swiften/TLS/OpenSSL/OpenSSLCertificate.cpp | 8 |
4 files changed, 9 insertions, 5 deletions
diff --git a/Swiften/Client/ClientSession.cpp b/Swiften/Client/ClientSession.cpp index 9e6db5d..13816d3 100644 --- a/Swiften/Client/ClientSession.cpp +++ b/Swiften/Client/ClientSession.cpp @@ -346,7 +346,7 @@ void ClientSession::handleTLSEncrypted() { } void ClientSession::checkTrustOrFinish(Certificate::ref certificate, boost::shared_ptr<CertificateVerificationError> error) { - if (certificateTrustChecker && certificateTrustChecker->isCertificateTrusted(certificate, localJID.getDomain())) { + if (certificateTrustChecker && certificateTrustChecker->isCertificateTrusted(certificate)) { continueAfterTLSEncrypted(); } else { diff --git a/Swiften/TLS/BlindCertificateTrustChecker.h b/Swiften/TLS/BlindCertificateTrustChecker.h index fc7fbe8..d9db14c 100644 --- a/Swiften/TLS/BlindCertificateTrustChecker.h +++ b/Swiften/TLS/BlindCertificateTrustChecker.h @@ -19,7 +19,7 @@ namespace Swift { */ class BlindCertificateTrustChecker : public CertificateTrustChecker { public: - virtual bool isCertificateTrusted(Certificate::ref, const String&) { + virtual bool isCertificateTrusted(Certificate::ref) { return true; } }; diff --git a/Swiften/TLS/CertificateTrustChecker.h b/Swiften/TLS/CertificateTrustChecker.h index 7400dac..c248e4a 100644 --- a/Swiften/TLS/CertificateTrustChecker.h +++ b/Swiften/TLS/CertificateTrustChecker.h @@ -24,6 +24,6 @@ namespace Swift { * trusted. This usually happens when a certificate's validation * fails, to check whether to proceed with the connection or not. */ - virtual bool isCertificateTrusted(Certificate::ref certificate, const String& domain) = 0; + virtual bool isCertificateTrusted(Certificate::ref certificate) = 0; }; } diff --git a/Swiften/TLS/OpenSSL/OpenSSLCertificate.cpp b/Swiften/TLS/OpenSSL/OpenSSLCertificate.cpp index 347d6ef..6a3d688 100644 --- a/Swiften/TLS/OpenSSL/OpenSSLCertificate.cpp +++ b/Swiften/TLS/OpenSSL/OpenSSLCertificate.cpp @@ -4,9 +4,10 @@ * See Documentation/Licenses/GPLv3.txt for more information. */ -#include "Swiften/TLS/OpenSSL/OpenSSLCertificate.h" +#include <Swiften/TLS/OpenSSL/OpenSSLCertificate.h> -#include "Swiften/Base/ByteArray.h" +#include <Swiften/Base/ByteArray.h> +#include <Swiften/Base/Log.h> #undef X509_NAME // Windows.h defines this, and for some reason, it doesn't get undeffed properly in x509.h #include <openssl/x509v3.h> @@ -27,6 +28,9 @@ OpenSSLCertificate::OpenSSLCertificate(const ByteArray& der) { const unsigned char* p = reinterpret_cast<const unsigned char*>(der.getData()); #endif cert = boost::shared_ptr<X509>(d2i_X509(NULL, &p, der.getSize()), X509_free); + if (!cert) { + SWIFT_LOG(warning) << "Error creating certificate from DER data" << std::endl; + } parse(); } |