[empathy] libempathy: Store pinned certificate for end entity cert in the chain.
- From: Stefan Walter <stefw src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [empathy] libempathy: Store pinned certificate for end entity cert in the chain.
- Date: Fri, 24 Dec 2010 14:06:44 +0000 (UTC)
commit 36c700d49ac25f40e7ce47784fdf199c17ae8261
Author: Stef Walter <stefw collabora co uk>
Date: Mon Dec 13 20:34:56 2010 +0000
libempathy: Store pinned certificate for end entity cert in the chain.
https://bugzilla.gnome.org/show_bug.cgi?id=636258
libempathy/empathy-tls-verifier.c | 27 +++++++++++++++++++++------
1 files changed, 21 insertions(+), 6 deletions(-)
---
diff --git a/libempathy/empathy-tls-verifier.c b/libempathy/empathy-tls-verifier.c
index 183ce66..057c412 100644
--- a/libempathy/empathy-tls-verifier.c
+++ b/libempathy/empathy-tls-verifier.c
@@ -214,13 +214,20 @@ abort_verification (EmpathyTLSVerifier *self,
}
static void
+debug_certificate (GcrCertificate *cert)
+{
+ gchar *subject = gcr_certificate_get_subject_dn (cert);
+ DEBUG ("Certificate: %s", subject);
+ g_free (subject);
+}
+
+static void
debug_certificate_chain (GcrCertificateChain *chain)
{
GEnumClass *enum_class;
GEnumValue *enum_value;
gint idx, length;
GcrCertificate *cert;
- gchar *subject;
enum_class = G_ENUM_CLASS
(g_type_class_peek (GCR_TYPE_CERTIFICATE_CHAIN_STATUS));
@@ -233,9 +240,7 @@ debug_certificate_chain (GcrCertificateChain *chain)
for (idx = 0; idx < length; ++idx)
{
cert = gcr_certificate_chain_get_certificate (chain, idx);
- subject = gcr_certificate_get_subject_dn (cert);
- DEBUG (" Certificate: %s", subject);
- g_free (subject);
+ debug_certificate (cert);
}
}
@@ -541,12 +546,22 @@ empathy_tls_verifier_store_exception (EmpathyTLSVerifier *self)
g_object_get (priv->certificate, "cert-data", &cert_data, NULL);
g_return_if_fail (cert_data);
- data = g_ptr_array_index (cert_data, cert_data->len - 1);
+ if (!cert_data->len)
+ {
+ DEBUG ("No certificate to pin.");
+ return;
+ }
+
+ /* The first certificate in the chain is for the host */
+ data = g_ptr_array_index (cert_data, 0);
cert = gcr_simple_certificate_new ((gpointer)data->data, data->len);
+ DEBUG ("Storing pinned certificate:");
+ debug_certificate (cert);
+
if (!gcr_trust_add_pinned_certificate (cert, GCR_PURPOSE_CLIENT_AUTH,
priv->hostname, NULL, &error))
- DEBUG ("Can't store the certificate exeption: %s", error->message);
+ DEBUG ("Can't store the pinned certificate: %s", error->message);
g_object_unref (cert);
g_boxed_free (TP_ARRAY_TYPE_UCHAR_ARRAY_LIST, cert_data);
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]