changeset
merge of '8602c97fd552e40b0e5159f3a539c285d6f26d56'
Tue, 21 Jul 2009 06:48:31 +0000
- author
- Paul Aurich <darkrain42@pidgin.im>
- date
- Tue, 21 Jul 2009 06:48:31 +0000
- changeset 27920
- c4a459efb7b4
- parent 27919
- 8602c97fd552 (current diff)
- parent 27918
- b32f476d9e35 (diff)
- child 27921
- f5046606533f
merge of '8602c97fd552e40b0e5159f3a539c285d6f26d56'
and 'b32f476d9e354d6d834ef8ed816badcec5485b74'
--- a/libpurple/plugins/ssl/ssl-gnutls.c Tue Jul 21 06:16:43 2009 +0000 +++ b/libpurple/plugins/ssl/ssl-gnutls.c Tue Jul 21 06:48:31 2009 +0000 @@ -668,6 +668,8 @@ gnutls_x509_crt issuer_dat; unsigned int verify; /* used to store result from GnuTLS verifier */ int ret; + gchar *crt_id = NULL; + gchar *issuer_id = NULL; g_return_val_if_fail(crt, FALSE); g_return_val_if_fail(issuer, FALSE); @@ -728,13 +730,29 @@ return FALSE; } + if (verify & GNUTLS_CERT_INSECURE_ALGORITHM) { + /* + * A certificate in the chain is signed with an insecure + * algorithm. Put a warning into the log to make this error + * perfectly clear as soon as someone looks at the debug log is + * generated. + */ + crt_id = purple_certificate_get_unique_id(crt); + issuer_id = purple_certificate_get_issuer_unique_id(crt); + purple_debug_warning("gnutls/x509", + "Insecure hash algorithm used by %s to sign %s\n", + issuer_id, crt_id); + } + if (verify & GNUTLS_CERT_INVALID) { /* Signature didn't check out, but at least there were no errors*/ - gchar *crt_id = purple_certificate_get_unique_id(crt); - gchar *issuer_id = purple_certificate_get_issuer_unique_id(crt); - purple_debug_info("gnutls/x509", - "Bad signature for %s on %s\n", + if (!crt_id) + crt_id = purple_certificate_get_unique_id(crt); + if (!issuer_id) + issuer_id = purple_certificate_get_issuer_unique_id(crt); + purple_debug_error("gnutls/x509", + "Bad signature from %s on %s\n", issuer_id, crt_id); g_free(crt_id); g_free(issuer_id);
--- a/libpurple/protocols/jabber/jabber.c Tue Jul 21 06:16:43 2009 +0000 +++ b/libpurple/protocols/jabber/jabber.c Tue Jul 21 06:48:31 2009 +0000 @@ -699,6 +699,8 @@ js->gc->inpa = 0; js->gsc = purple_ssl_connect_with_host_fd(js->gc->account, js->fd, jabber_login_callback_ssl, jabber_ssl_connect_failure, js->certificate_CN, js->gc); + /* The fd is no longer our concern */ + js->fd = -1; } static gboolean jabber_login_connect(JabberStream *js, const char *domain, const char *host, int port,
