[geary/wip/20-cert-pinning] Handle untrusted certs when adding a editing account server details
- From: Michael Gratton <mjog src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [geary/wip/20-cert-pinning] Handle untrusted certs when adding a editing account server details
- Date: Wed, 9 Jan 2019 02:14:56 +0000 (UTC)
commit e346aa4644bd3a25379543b4d6fa57d722bf21cd
Author: Michael Gratton <mike vee net>
Date: Wed Jan 9 13:00:54 2019 +1100
Handle untrusted certs when adding a editing account server details
Move common code for prompting for cert errors to the account editor,
use that when validating an account from the server pane.
meson_options.txt | 4 +-
src/client/accounts/accounts-editor-add-pane.vala | 30 ++++--------
.../accounts/accounts-editor-servers-pane.vala | 54 +++++++++++++++++++---
src/client/accounts/accounts-editor.vala | 28 +++++++++++
4 files changed, 87 insertions(+), 29 deletions(-)
---
diff --git a/meson_options.txt b/meson_options.txt
index 234e979d..5fe1f799 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -1,6 +1,6 @@
-option('valadoc', type: 'boolean', value: false, description: 'Whether to build the documentaton (requires
valadoc).')
+option('valadoc', type: 'boolean', value: true, description: 'Whether to build the documentaton (requires
valadoc).')
option('contractor', type: 'boolean', value: false, description: 'Whether to install the contractor file
(Elementary OS-specific).')
option('poodle', type: 'boolean', value: true, description: 'Whether to apply the POODLE SSLv3 fix.')
-option('ref_tracking', type: 'boolean', value: false, description: 'Whether to use explicit reference
tracking.')
+option('ref_tracking', type: 'boolean', value: true, description: 'Whether to use explicit reference
tracking.')
option('iso_639_xml', type: 'string', value: '', description: 'Full path to the ISO 639 XML file.')
option('iso_3166_xml', type: 'string', value: '', description: 'Full path to the ISO 3166 XML file.')
diff --git a/src/client/accounts/accounts-editor-add-pane.vala
b/src/client/accounts/accounts-editor-add-pane.vala
index b3d452c3..328c1ff2 100644
--- a/src/client/accounts/accounts-editor-add-pane.vala
+++ b/src/client/accounts/accounts-editor-add-pane.vala
@@ -218,9 +218,9 @@ internal class Accounts.EditorAddPane : Gtk.Grid, EditorPane {
// Translators: In-app notification label
message = _("Check your sending login and password");
} catch (GLib.TlsError.BAD_CERTIFICATE err) {
- debug("Error validating SMTP certifiate: %s", err.message);
// Nothing to do here, since the untrusted host
// handler will be dealing with it
+ debug("Error validating IMAP certifiate: %s", err.message);
} catch (GLib.Error err) {
Geary.ErrorContext context = new Geary.ErrorContext(err);
debug("Error validating SMTP service: %s",
@@ -244,6 +244,10 @@ internal class Accounts.EditorAddPane : Gtk.Grid, EditorPane {
to_focus = this.email.value;
// Translators: In-app notification label
message = _("Check your email address and password");
+ } catch (GLib.TlsError.BAD_CERTIFICATE err) {
+ // Nothing to do here, since the untrusted host
+ // handler will be dealing with it
+ debug("Error validating SMTP certifiate: %s", err.message);
} catch (GLib.Error err) {
Geary.ErrorContext context = new Geary.ErrorContext(err);
debug("Error validating SMTP service: %s",
@@ -420,29 +424,15 @@ internal class Accounts.EditorAddPane : Gtk.Grid, EditorPane {
Geary.ServiceInformation service,
Geary.Endpoint endpoint,
GLib.TlsConnection cx) {
- this.editor.certificates.prompt_pin_certificate.begin(
- this.editor, account, service, endpoint, true, null,
+ this.editor.prompt_pin_certificate.begin(
+ account, service, endpoint, null,
(obj, res) => {
try {
- this.editor.certificates.prompt_pin_certificate.end(res);
- } catch (Application.CertificateManagerError.UNTRUSTED err) {
- // All good, just drop back into the editor window.
- return;
- } catch (Application.CertificateManagerError.STORE_FAILED err) {
+ this.editor.prompt_pin_certificate.end(res);
+ } catch (Application.CertificateManagerError err) {
// All good, just drop back into the editor
- // window. XXX show error info bar rather than a
- // notification
- this.editor.add_notification(
- new InAppNotification(
- // Translators: In-app notification label,
- // when the app had a problem pinning an
- // otherwise untrusted TLS certificate
- _("Failed to store certificate")
- )
- );
+ // window.
return;
- } catch (Application.CertificateManagerError err) {
- debug("Unexptected error pinning cert: %s", err.message);
}
// Kick off another attempt to validate
diff --git a/src/client/accounts/accounts-editor-servers-pane.vala
b/src/client/accounts/accounts-editor-servers-pane.vala
index 31e682f8..92616062 100644
--- a/src/client/accounts/accounts-editor-servers-pane.vala
+++ b/src/client/accounts/accounts-editor-servers-pane.vala
@@ -233,19 +233,31 @@ internal class Accounts.EditorServersPane :
}
private async bool validate(GLib.Cancellable? cancellable) {
- string message = "";
+ // Use a copy here so we can handle any prompting needed
+ // (auth, certs) directly, rather than through the main window
+ Geary.AccountInformation local_account =
+ new Geary.AccountInformation.copy(this.account);
+ local_account.untrusted_host.connect(on_untrusted_host);
+
+ string? message = null;
bool imap_valid = false;
try {
yield this.engine.validate_imap(
- this.account, this.incoming_mutable, cancellable
+ local_account, this.incoming_mutable, cancellable
);
imap_valid = true;
} catch (Geary.ImapError.UNAUTHENTICATED err) {
debug("Error authenticating IMAP service: %s", err.message);
// Translators: In-app notification label
message = _("Check your receiving login and password");
+ } catch (GLib.TlsError.BAD_CERTIFICATE err) {
+ // Nothing to do here, since the untrusted host
+ // handler will be dealing with it
+ debug("Error validating IMAP certifiate: %s", err.message);
} catch (GLib.Error err) {
- debug("Error validating IMAP service: %s", err.message);
+ Geary.ErrorContext context = new Geary.ErrorContext(err);
+ debug("Error validating IMAP service: %s",
+ context.format_full_error());
// Translators: In-app notification label
message = _("Check your receiving server details");
}
@@ -255,7 +267,7 @@ internal class Accounts.EditorServersPane :
debug("Validating SMTP...");
try {
yield this.engine.validate_smtp(
- this.account,
+ local_account,
this.outgoing_mutable,
this.incoming_mutable.credentials,
cancellable
@@ -269,13 +281,21 @@ internal class Accounts.EditorServersPane :
this.outgoing_auth.value.source = Geary.Credentials.Requirement.CUSTOM;
// Translators: In-app notification label
message = _("Check your sending login and password");
+ } catch (GLib.TlsError.BAD_CERTIFICATE err) {
+ // Nothing to do here, since the untrusted host
+ // handler will be dealing with it
+ debug("Error validating SMTP certifiate: %s", err.message);
} catch (GLib.Error err) {
- debug("Error validating SMTP service: %s", err.message);
- // Translators: In-app notification label
- message = _("Check your sending server details");
+ Geary.ErrorContext context = new Geary.ErrorContext(err);
+ debug("Error validating SMTP service: %s",
+ context.format_full_error());
+ // Translators: In-app notification label
+ message = _("Check your sending server details");
}
}
+ local_account.untrusted_host.disconnect(on_untrusted_host);
+
bool is_valid = imap_valid && smtp_valid;
debug("Validation complete, is valid: %s", is_valid.to_string());
@@ -352,6 +372,26 @@ internal class Accounts.EditorServersPane :
}
}
+ private void on_untrusted_host(Geary.AccountInformation account,
+ Geary.ServiceInformation service,
+ Geary.Endpoint endpoint,
+ GLib.TlsConnection cx) {
+ this.editor.prompt_pin_certificate.begin(
+ account, service, endpoint, null,
+ (obj, res) => {
+ try {
+ this.editor.prompt_pin_certificate.end(res);
+ } catch (Application.CertificateManagerError err) {
+ // All good, just drop back into the editor
+ // window.
+ return;
+ }
+
+ // Kick off another attempt to save
+ this.save.begin(null);
+ });
+ }
+
[GtkCallback]
private void on_cancel_button_clicked() {
this.editor.pop();
diff --git a/src/client/accounts/accounts-editor.vala b/src/client/accounts/accounts-editor.vala
index 02344aed..c64a36f3 100644
--- a/src/client/accounts/accounts-editor.vala
+++ b/src/client/accounts/accounts-editor.vala
@@ -132,6 +132,34 @@ public class Accounts.Editor : Gtk.Dialog {
notification.show();
}
+ internal async void prompt_pin_certificate(Geary.AccountInformation account,
+ Geary.ServiceInformation service,
+ Geary.Endpoint endpoint,
+ GLib.Cancellable? cancellable)
+ throws Application.CertificateManagerError {
+ try {
+ yield this.certificates.prompt_pin_certificate(
+ this, account, service, endpoint, true, cancellable
+ );
+ } catch (Application.CertificateManagerError.UNTRUSTED err) {
+ throw err;
+ } catch (Application.CertificateManagerError.STORE_FAILED err) {
+ // XXX show error info bar rather than a notification?
+ add_notification(
+ new InAppNotification(
+ // Translators: In-app notification label, when
+ // the app had a problem pinning an otherwise
+ // untrusted TLS certificate
+ _("Failed to store certificate")
+ )
+ );
+ throw err;
+ } catch (Application.CertificateManagerError err) {
+ debug("Unexpected error pinning cert: %s", err.message);
+ throw err;
+ }
+ }
+
internal GLib.SimpleAction get_action(string name) {
return (GLib.SimpleAction) this.actions.lookup_action(name);
}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
