[geary/wip/20-cert-pinning: 30/32] Don't block handling GTlsConnection::accept-certificate

From: Michael Gratton <mjog src gnome org>
To: commits-list gnome org
Cc:
Subject: [geary/wip/20-cert-pinning: 30/32] Don't block handling GTlsConnection::accept-certificate
Date: Tue, 8 Jan 2019 13:02:06 +0000 (UTC)

commit d0933f529ccbf55beda77c901ffd52190e4981a1
Author: Michael Gratton <mike vee net>
Date:   Tue Jan 8 23:52:54 2019 +1100

    Don't block handling GTlsConnection::accept-certificate
    
    The docs for accept-certificate require that clients do not block while
    handling it, and Geary will typically prompt the user when handling it.
    
    This fix schedules handling the signal to be executed seperately on the
    main loop.

 src/engine/api/geary-endpoint.vala | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)
---
diff --git a/src/engine/api/geary-endpoint.vala b/src/engine/api/geary-endpoint.vala
index c85cd38c..4968751a 100644
--- a/src/engine/api/geary-endpoint.vala
+++ b/src/engine/api/geary-endpoint.vala
@@ -166,7 +166,7 @@ public class Geary.Endpoint : BaseObject {
         tls_cx.accept_certificate.connect(on_accept_certificate);
     }
 
-    private bool report_tls_warnings(GLib.TlsConnection cx,
+    private void report_tls_warnings(GLib.TlsConnection cx,
                                      GLib.TlsCertificate cert,
                                      GLib.TlsCertificateFlags warnings) {
         // TODO: Report or verify flags with user, but for now merely
@@ -181,8 +181,6 @@ public class Geary.Endpoint : BaseObject {
         untrusted_certificate = cert;
 
         untrusted_host(cx);
-
-        return false;
     }
 
     private string tls_flags_to_string(TlsCertificateFlags flags) {
@@ -213,7 +211,15 @@ public class Geary.Endpoint : BaseObject {
     private bool on_accept_certificate(GLib.TlsConnection cx,
                                        GLib.TlsCertificate cert,
                                        GLib.TlsCertificateFlags flags) {
-        return report_tls_warnings(cx, cert, flags);
+        // Per the docs for GTlsConnection.accept-certificate,
+        // handling this signal must not block, so do this when idle
+        GLib.Idle.add(() => {
+                report_tls_warnings(cx, cert, flags);
+                return GLib.Source.REMOVE;
+            },
+            GLib.Priority.HIGH
+        );
+        return false;
     }
 
 }

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]