comparison: libpurple/certificate.c
libpurple/certificate.c
- changeset 19715
- b548029f18aa
- parent 19697
- 276fb2a3d805
- child 19727
- 4b40eed9fe69
equal
deleted
inserted
replaced
| 19714:b424012723a8 | 19715:b548029f18aa |
|---|---|
| 1203 GByteArray *peer_fpr, *cached_fpr; | 1203 GByteArray *peer_fpr, *cached_fpr; |
| 1204 | 1204 |
| 1205 /* Load up the cached certificate */ | 1205 /* Load up the cached certificate */ |
| 1206 cached_crt = purple_certificate_pool_retrieve( | 1206 cached_crt = purple_certificate_pool_retrieve( |
| 1207 tls_peers, vrq->subject_name); | 1207 tls_peers, vrq->subject_name); |
| 1208 g_assert(cached_crt); | 1208 if ( !cached_crt ) { |
| 1209 purple_debug_error("certificate/x509/tls_cached", | |
| 1210 "Lookup failed on cached certificate!\n" | |
| 1211 "It was here just a second ago. Forwarding " | |
| 1212 "to cert_changed.\n"); | |
| 1213 /* vrq now becomes the problem of cert_changed */ | |
| 1214 x509_tls_cached_peer_cert_changed(vrq); | |
| 1215 } | |
| 1209 | 1216 |
| 1210 /* Now get SHA1 sums for both and compare them */ | 1217 /* Now get SHA1 sums for both and compare them */ |
| 1211 /* TODO: This is not an elegant way to compare certs */ | 1218 /* TODO: This is not an elegant way to compare certs */ |
| 1212 peer_fpr = purple_certificate_get_fingerprint_sha1(peer_crt); | 1219 peer_fpr = purple_certificate_get_fingerprint_sha1(peer_crt); |
| 1213 cached_fpr = purple_certificate_get_fingerprint_sha1(cached_crt); | 1220 cached_fpr = purple_certificate_get_fingerprint_sha1(cached_crt); |
| 1336 return; | 1343 return; |
| 1337 } | 1344 } |
| 1338 | 1345 |
| 1339 ca_crt = purple_certificate_pool_retrieve(ca, ca_id); | 1346 ca_crt = purple_certificate_pool_retrieve(ca, ca_id); |
| 1340 g_free(ca_id); | 1347 g_free(ca_id); |
| 1341 g_assert(ca_crt); | 1348 if (!ca_crt) { |
| 1349 purple_debug_error("certificate/x509/tls_cached", | |
| 1350 "Certificate authority disappeared out " | |
| 1351 "underneath me!\n"); | |
| 1352 purple_certificate_verify_complete(vrq, | |
| 1353 PURPLE_CERTIFICATE_INVALID); | |
| 1354 return; | |
| 1355 } | |
| 1342 | 1356 |
| 1343 /* Check the signature */ | 1357 /* Check the signature */ |
| 1344 if ( !purple_certificate_signed_by(end_crt, ca_crt) ) { | 1358 if ( !purple_certificate_signed_by(end_crt, ca_crt) ) { |
| 1345 /* TODO: If signed_by ever returns a reason, maybe mention | 1359 /* TODO: If signed_by ever returns a reason, maybe mention |
| 1346 that, too. */ | 1360 that, too. */ |
| 1373 /* Look up the local cache and store it there for future use */ | 1387 /* Look up the local cache and store it there for future use */ |
| 1374 tls_peers = purple_certificate_find_pool(x509_tls_cached.scheme_name, | 1388 tls_peers = purple_certificate_find_pool(x509_tls_cached.scheme_name, |
| 1375 "tls_peers"); | 1389 "tls_peers"); |
| 1376 | 1390 |
| 1377 if (tls_peers) { | 1391 if (tls_peers) { |
| 1378 g_assert(purple_certificate_pool_store(tls_peers, | 1392 if (!purple_certificate_pool_store(tls_peers,vrq->subject_name, |
| 1379 vrq->subject_name, | 1393 peer_crt) ) { |
| 1380 peer_crt) ); | 1394 purple_debug_error("certificate/x509/tls_cached", |
| 1395 "FAILED to cache peer certificate\n"); | |
| 1396 } | |
| 1381 } else { | 1397 } else { |
| 1382 purple_debug_error("certificate/x509/tls_cached", | 1398 purple_debug_error("certificate/x509/tls_cached", |
| 1383 "Unable to locate tls_peers certificate " | 1399 "Unable to locate tls_peers certificate " |
| 1384 "cache.\n"); | 1400 "cache.\n"); |
| 1385 } | 1401 } |
| 1788 { | 1804 { |
| 1789 gchar *sha_asc; | 1805 gchar *sha_asc; |
| 1790 GByteArray *sha_bin; | 1806 GByteArray *sha_bin; |
| 1791 gchar *cn; | 1807 gchar *cn; |
| 1792 time_t activation, expiration; | 1808 time_t activation, expiration; |
| 1793 /* Length of these buffers is dictated by 'man ctime_r' */ | |
| 1794 gchar *activ_str, *expir_str; | 1809 gchar *activ_str, *expir_str; |
| 1795 gchar *secondary; | 1810 gchar *secondary; |
| 1796 | 1811 |
| 1797 /* Pull out the SHA1 checksum */ | 1812 /* Pull out the SHA1 checksum */ |
| 1798 sha_bin = purple_certificate_get_fingerprint_sha1(crt); | 1813 sha_bin = purple_certificate_get_fingerprint_sha1(crt); |
| 1805 cn = purple_certificate_get_subject_name(crt); | 1820 cn = purple_certificate_get_subject_name(crt); |
| 1806 | 1821 |
| 1807 /* Get the certificate times */ | 1822 /* Get the certificate times */ |
| 1808 /* TODO: Check the times against localtime */ | 1823 /* TODO: Check the times against localtime */ |
| 1809 /* TODO: errorcheck? */ | 1824 /* TODO: errorcheck? */ |
| 1810 g_assert(purple_certificate_get_times(crt, &activation, &expiration)); | 1825 if (!purple_certificate_get_times(crt, &activation, &expiration)) { |
| 1826 purple_debug_error("certificate", | |
| 1827 "Failed to get certificate times!\n"); | |
| 1828 activation = expiration = 0; | |
| 1829 } | |
| 1811 activ_str = g_strdup(ctime(&activation)); | 1830 activ_str = g_strdup(ctime(&activation)); |
| 1812 expir_str = g_strdup(ctime(&expiration)); | 1831 expir_str = g_strdup(ctime(&expiration)); |
| 1813 | 1832 |
| 1814 /* Make messages */ | 1833 /* Make messages */ |
| 1815 secondary = g_strdup_printf(_("Common name: %s\n\n" | 1834 secondary = g_strdup_printf(_("Common name: %s\n\n" |
