summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat (limited to 'Swiften')
-rw-r--r--Swiften/Client/ClientSession.cpp9
-rw-r--r--Swiften/Client/ClientSession.h2
-rw-r--r--Swiften/TLS/BlindCertificateTrustChecker.h2
-rw-r--r--Swiften/TLS/CertificateTrustChecker.h6
4 files changed, 12 insertions, 7 deletions
diff --git a/Swiften/Client/ClientSession.cpp b/Swiften/Client/ClientSession.cpp
index 8be8a8c..c2dc3ae 100644
--- a/Swiften/Client/ClientSession.cpp
+++ b/Swiften/Client/ClientSession.cpp
@@ -371,9 +371,10 @@ void ClientSession::handleTLSEncrypted() {
checkState(Encrypting);
Certificate::ref certificate = stream->getPeerCertificate();
+ std::vector<Certificate::ref> certificateChain = stream->getPeerCertificateChain();
boost::shared_ptr<CertificateVerificationError> verificationError = stream->getPeerCertificateVerificationError();
if (verificationError) {
- checkTrustOrFinish(certificate, verificationError);
+ checkTrustOrFinish(certificate, certificateChain, verificationError);
}
else {
ServerIdentityVerifier identityVerifier(localJID);
@@ -381,13 +382,13 @@ void ClientSession::handleTLSEncrypted() {
continueAfterTLSEncrypted();
}
else {
- checkTrustOrFinish(certificate, boost::make_shared<CertificateVerificationError>(CertificateVerificationError::InvalidServerIdentity));
+ checkTrustOrFinish(certificate, certificateChain, boost::make_shared<CertificateVerificationError>(CertificateVerificationError::InvalidServerIdentity));
}
}
}
-void ClientSession::checkTrustOrFinish(Certificate::ref certificate, boost::shared_ptr<CertificateVerificationError> error) {
- if (certificateTrustChecker && certificateTrustChecker->isCertificateTrusted(certificate)) {
+void ClientSession::checkTrustOrFinish(Certificate::ref certificate, const std::vector<Certificate::ref>& certificateChain, boost::shared_ptr<CertificateVerificationError> error) {
+ if (certificateTrustChecker && certificateTrustChecker->isCertificateTrusted(certificate, certificateChain)) {
continueAfterTLSEncrypted();
}
else {
diff --git a/Swiften/Client/ClientSession.h b/Swiften/Client/ClientSession.h
index b67b23d..9c4b980 100644
--- a/Swiften/Client/ClientSession.h
+++ b/Swiften/Client/ClientSession.h
@@ -154,7 +154,7 @@ namespace Swift {
void handleStanzaAcked(boost::shared_ptr<Stanza> stanza);
void ack(unsigned int handledStanzasCount);
void continueAfterTLSEncrypted();
- void checkTrustOrFinish(Certificate::ref certificate, boost::shared_ptr<CertificateVerificationError> error);
+ void checkTrustOrFinish(Certificate::ref certificate, const std::vector<Certificate::ref>& certificateChain, boost::shared_ptr<CertificateVerificationError> error);
private:
JID localJID;
diff --git a/Swiften/TLS/BlindCertificateTrustChecker.h b/Swiften/TLS/BlindCertificateTrustChecker.h
index 3177322..9ed7ff2 100644
--- a/Swiften/TLS/BlindCertificateTrustChecker.h
+++ b/Swiften/TLS/BlindCertificateTrustChecker.h
@@ -19,7 +19,7 @@ namespace Swift {
*/
class BlindCertificateTrustChecker : public CertificateTrustChecker {
public:
- virtual bool isCertificateTrusted(Certificate::ref) {
+ virtual bool isCertificateTrusted(Certificate::ref, const std::vector<Certificate::ref>&) {
return true;
}
};
diff --git a/Swiften/TLS/CertificateTrustChecker.h b/Swiften/TLS/CertificateTrustChecker.h
index 06c0c32..91cc530 100644
--- a/Swiften/TLS/CertificateTrustChecker.h
+++ b/Swiften/TLS/CertificateTrustChecker.h
@@ -10,6 +10,7 @@
#include <string>
#include <Swiften/TLS/Certificate.h>
+#include <vector>
namespace Swift {
/**
@@ -23,7 +24,10 @@ namespace Swift {
* This method is called to find out whether a certificate is
* trusted. This usually happens when a certificate's validation
* fails, to check whether to proceed with the connection or not.
+ *
+ * certificateChain contains the chain of certificates, if available.
+ * This chain includes certificate.
*/
- virtual bool isCertificateTrusted(Certificate::ref certificate) = 0;
+ virtual bool isCertificateTrusted(Certificate::ref certificate, const std::vector<Certificate::ref>& certificateChain) = 0;
};
}