Swift
summaryrefslogtreecommitdiffstats
path: root/Swiften/Client/ClientSession.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'Swiften/Client/ClientSession.cpp')
-rw-r--r--Swiften/Client/ClientSession.cpp18
1 files changed, 15 insertions, 3 deletions
diff --git a/Swiften/Client/ClientSession.cpp b/Swiften/Client/ClientSession.cpp
index a199a84..9e6db5d 100644
--- a/Swiften/Client/ClientSession.cpp
+++ b/Swiften/Client/ClientSession.cpp
@@ -37,6 +37,7 @@
#include "Swiften/SASL/DIGESTMD5ClientAuthenticator.h"
#include "Swiften/Session/SessionStream.h"
#include "Swiften/TLS/CertificateTrustChecker.h"
+#include "Swiften/TLS/ServerIdentityVerifier.h"
namespace Swift {
@@ -330,16 +331,27 @@ void ClientSession::handleTLSEncrypted() {
Certificate::ref certificate = stream->getPeerCertificate();
boost::shared_ptr<CertificateVerificationError> verificationError = stream->getPeerCertificateVerificationError();
if (verificationError) {
- if (certificateTrustChecker && certificateTrustChecker->isCertificateTrusted(certificate, localJID.getDomain())) {
+ checkTrustOrFinish(certificate, verificationError);
+ }
+ else {
+ ServerIdentityVerifier identityVerifier(localJID);
+ if (identityVerifier.certificateVerifies(certificate)) {
continueAfterTLSEncrypted();
}
else {
- finishSession(verificationError);
+ boost::shared_ptr<CertificateVerificationError> identityError(new CertificateVerificationError(CertificateVerificationError::InvalidServerIdentity));
+ checkTrustOrFinish(certificate, identityError);
}
}
- else {
+}
+
+void ClientSession::checkTrustOrFinish(Certificate::ref certificate, boost::shared_ptr<CertificateVerificationError> error) {
+ if (certificateTrustChecker && certificateTrustChecker->isCertificateTrusted(certificate, localJID.getDomain())) {
continueAfterTLSEncrypted();
}
+ else {
+ finishSession(error);
+ }
}
void ClientSession::continueAfterTLSEncrypted() {