diff options
Diffstat (limited to 'Swiften/TLS')
-rw-r--r-- | Swiften/TLS/SecureTransport/SecureTransportContext.mm | 18 |
1 files changed, 15 insertions, 3 deletions
diff --git a/Swiften/TLS/SecureTransport/SecureTransportContext.mm b/Swiften/TLS/SecureTransport/SecureTransportContext.mm index 970d270..1ed636b 100644 --- a/Swiften/TLS/SecureTransport/SecureTransportContext.mm +++ b/Swiften/TLS/SecureTransport/SecureTransportContext.mm @@ -262,11 +262,23 @@ void SecureTransportContext::verifyServerCertificate() { verificationError_ = std::make_shared<CertificateVerificationError>(CertificateVerificationError::UnknownError); } break; - case kSecTrustResultOtherError: + case kSecTrustResultInvalid: verificationError_ = std::make_shared<CertificateVerificationError>(CertificateVerificationError::UnknownError); break; - default: - SWIFT_LOG(warning) << "Unhandled trust result " << trustResult << "." << std::endl; + case kSecTrustResultConfirm: + // TODO: Confirmation from the user is required before proceeding. + verificationError_ = std::make_shared<CertificateVerificationError>(CertificateVerificationError::UnknownError); + break; + case kSecTrustResultDeny: + // The user specified that the certificate should not be trusted. + verificationError_ = std::make_shared<CertificateVerificationError>(CertificateVerificationError::Untrusted); + break; + case kSecTrustResultFatalTrustFailure: + // Trust denied; no simple fix is available. + verificationError_ = std::make_shared<CertificateVerificationError>(CertificateVerificationError::UnknownError); + break; + case kSecTrustResultOtherError: + verificationError_ = std::make_shared<CertificateVerificationError>(CertificateVerificationError::UnknownError); break; } |