[evolution-data-server/gnome-40] ESourceWebDAV: Fallback to SHA1 on SSL trust verification if needed

From: Milan Crha <mcrha src gnome org>
To: commits-list gnome org
Cc:
Subject: [evolution-data-server/gnome-40] ESourceWebDAV: Fallback to SHA1 on SSL trust verification if needed
Date: Mon, 29 Mar 2021 14:06:11 +0000 (UTC)

commit 649aaa623f436bcc901e837c03a633894305402c
Author: Milan Crha <mcrha redhat com>
Date:   Mon Mar 29 15:55:26 2021 +0200

    ESourceWebDAV: Fallback to SHA1 on SSL trust verification if needed
    
    When a Flatpak application compiles against the evolution-data-server,
    which still uses SHA1, but the host version uses SHA256, then the verification
    always fails due to SHA version mismatch. It's because the hash to store
    is computed by the client (inside the Flatpak), but the connection itself,
    with the hash verification, is done on the host.
    
    This covers only the case with older version of the data server in Flatpak.
    The opposite case would require a change on the host system.

 src/libedataserver/e-source-webdav.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)
---
diff --git a/src/libedataserver/e-source-webdav.c b/src/libedataserver/e-source-webdav.c
index 657d41da2..c4762895e 100644
--- a/src/libedataserver/e-source-webdav.c
+++ b/src/libedataserver/e-source-webdav.c
@@ -1520,7 +1520,12 @@ e_source_webdav_verify_ssl_trust (ESourceWebdav *extension,
        if (decode_ssl_trust (extension, &response, &old_host, &old_hash)) {
                gchar *hash;
 
-               hash = g_compute_checksum_for_data (G_CHECKSUM_SHA256, bytes->data, bytes->len);
+               /* This is required for Flatpak, which can be built with eds before the 3.40, where
+                  had been changed to use SHA256. */
+               if (old_hash && strlen (old_hash) == g_checksum_type_get_length (G_CHECKSUM_SHA1) * 2)
+                       hash = g_compute_checksum_for_data (G_CHECKSUM_SHA1, bytes->data, bytes->len);
+               else
+                       hash = g_compute_checksum_for_data (G_CHECKSUM_SHA256, bytes->data, bytes->len);
 
                if (response != E_TRUST_PROMPT_RESPONSE_UNKNOWN &&
                    g_strcmp0 (old_host, host) == 0 &&

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]