psyc-mirrors/psyced
1
0
Fork 0
mirror of git://git.psyced.org/git/psyced synced 2024-08-15 03:25:10 +00:00
Code Issues 2 Releases Wiki Activity

tls_check_certificate_data re-renamed to tls_check_service_identity and minor fixes

Browse source
This commit is contained in:
Philipp Hancke 2011-08-03 13:38:00 +02:00 committed by psyc://psyced.org/~lynX
parent 7897992f05
commit c650302885
6 changed files with 21 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

11
world/net/jabber/active.c
View file

@ -31,6 +31,7 @@ inherit NET_PATH "name";
volatile mixed gateways;
volatile mixed *dialback_queue;
volatile mapping certinfo;
volatile string streamid;
volatile float streamversion;
@ -312,10 +313,10 @@ tls_logon(result) {
//
// if the cert is ok, we can set authenticated to 1
// to skip dialback
mixed cert = tls_certificate(ME, 0);
P3(("active::certinfo %O\n", cert))
if (mappingp(cert)) {
unless (tls_check_certificate_data(cert, hostname, "xmpp-server")) {
certinfo = tls_certificate(ME, 0);
P3(("active::certinfo %O\n", certinfo))
if (mappingp(certinfo)) {
unless (tls_check_service_identity(hostname, certinfo, "xmpp-server")) {
#ifdef _flag_report_bogus_certificates
monitor_report("_error_invalid_certificate_identity",
sprintf("%O presented a certificate that "
@ -334,7 +335,7 @@ tls_logon(result) {
return 1;
#endif
}
else if (cert[0] != 0) {
else if (certinfo[0] != 0) {
#ifdef _flag_report_bogus_certificates
monitor_report("_error_untrusted_certificate",
sprintf("%O certificate could not be verified",