[geary/mjog/866-self-signed-certificates: 2/2] Application.CertificateManager: Check locally pinned certs for equality
- From: Michael Gratton <mjog src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [geary/mjog/866-self-signed-certificates: 2/2] Application.CertificateManager: Check locally pinned certs for equality
- Date: Sun, 5 Jul 2020 02:34:24 +0000 (UTC)
commit 0d957559bbb4be81870c9fafba1c74f0926f59a3
Author: Michael Gratton <mike vee net>
Date: Sun Jul 5 12:28:22 2020 +1000
Application.CertificateManager: Check locally pinned certs for equality
When checking if a certificate is pinned locally (i.e. when GCR support
is unavailable), ensure the presented cert is identical to the stored
cert.
Fixes #866
src/client/application/application-certificate-manager.vala | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
---
diff --git a/src/client/application/application-certificate-manager.vala
b/src/client/application/application-certificate-manager.vala
index 986ffb525..65f6af4fa 100644
--- a/src/client/application/application-certificate-manager.vala
+++ b/src/client/application/application-certificate-manager.vala
@@ -430,7 +430,7 @@ private class Application.TlsDatabase : GLib.TlsDatabase {
lock (this.pinned_certs) {
context = this.pinned_certs.get(id);
if (context != null) {
- is_pinned = true;
+ is_pinned = context.certificate.is_same(chain);
} else {
// Cert not found in memory, check with GCR if
// enabled.
@@ -453,7 +453,7 @@ private class Application.TlsDatabase : GLib.TlsDatabase {
this.store_dir, id, cancellable
);
this.pinned_certs.set(id, context);
- is_pinned = true;
+ is_pinned = context.certificate.is_same(chain);
} catch (GLib.IOError.NOT_FOUND err) {
// Cert was not found saved, so it not pinned
} catch (GLib.Error err) {
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]