GNOME.org
 

[geary/mjog/866-self-signed-certificates: 2/2] Application.CertificateManager: Check locally pinned certs for equality

commit 0d957559bbb4be81870c9fafba1c74f0926f59a3
Author: Michael Gratton <mike vee net>
Date:   Sun Jul 5 12:28:22 2020 +1000

    Application.CertificateManager: Check locally pinned certs for equality
    
    When checking if a certificate is pinned locally (i.e. when GCR support
    is unavailable), ensure the presented cert is identical to the stored
    cert.
    
    Fixes #866

 src/client/application/application-certificate-manager.vala | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
---
diff --git a/src/client/application/application-certificate-manager.vala 
b/src/client/application/application-certificate-manager.vala
index 986ffb525..65f6af4fa 100644
--- a/src/client/application/application-certificate-manager.vala
+++ b/src/client/application/application-certificate-manager.vala
@@ -430,7 +430,7 @@ private class Application.TlsDatabase : GLib.TlsDatabase {
         lock (this.pinned_certs) {
             context = this.pinned_certs.get(id);
             if (context != null) {
-                is_pinned = true;
+                is_pinned = context.certificate.is_same(chain);
             } else {
                 // Cert not found in memory, check with GCR if
                 // enabled.
@@ -453,7 +453,7 @@ private class Application.TlsDatabase : GLib.TlsDatabase {
                             this.store_dir, id, cancellable
                         );
                         this.pinned_certs.set(id, context);
-                        is_pinned = true;
+                        is_pinned = context.certificate.is_same(chain);
                     } catch (GLib.IOError.NOT_FOUND err) {
                         // Cert was not found saved, so it not pinned
                     } catch (GLib.Error err) {
[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]