paying more attention to TLS

world/net/jabber/active.c

@@ -315,7 +315,7 @@ tls_logon(result) {
 	mixed cert = tls_certificate(ME, 0);
 	P3(("active::certinfo %O\n", cert))
 	if (mappingp(cert)) {
-	    unless (certificate_check_name(hostname, cert, "xmpp-server")) {
+	    unless (tls_check_certificate_data(cert, hostname, "xmpp-server")) {
 #ifdef _flag_report_bogus_certificates
 		monitor_report("_error_invalid_certificate_identity",
 			       sprintf("%O presented a certificate that "

world/net/jabber/common.c

@@ -393,7 +393,8 @@ xmpp_error(node, xmpperror) {
     return 0;
 }
 
-// deprecated - use certificate_check_name from library/tls.c instead
+// deprecated - use tls_check_certificate_data from library/tls.c instead
+// is this being used at all?
 #ifdef WANT_S2S_TLS
 certificate_check_jabbername(name, cert) {
     mixed t;

world/net/jabber/gateway.c

@@ -291,7 +291,7 @@ jabberMsg(XMLNode node) {
 	// paranoia note: as with XEP 0178 we might want to check dns anyway to
 	// 	protect against stolen certificates
 	if (mappingp(certinfo) && certinfo[0] == 0 
-	    && node["@from"] && certificate_check_name(node["@from"], certinfo, "xmpp-server")) {
+	    && node["@from"] && tls_check_certificate_data(certinfo, node["@from"], "xmpp-server")) {
 		P2(("dialback without dialback %O\n", certinfo))
 		verify_connection(node["@to"], node["@from"], "valid"); 
 	} else {
@@ -414,7 +414,7 @@ jabberMsg(XMLNode node) {
 		 */
 		int success = 0;
 
-		success = certificate_check_name(t, certinfo, "xmpp-server");
+		success = tls_check_certificate_data(certinfo, t, "xmpp-server");
 		if (success) {
 		    emitraw("<success xmlns='" NS_XMPP "xmpp-sasl'/>");
 		    P2(("successful sasl external authentication with "
@@ -542,8 +542,8 @@ open_stream(XMLNode node) {
 		    // sasl external if we know that it will succeed
 		    // later on
 		    if (node["@from"] &&
-			    certificate_check_name(node["@from"],
-						     certinfo, "xmpp-server")) {
+			    tls_check_certificate_data(certinfo, node["@from"],
+						     "xmpp-server")) {
 			packet += "<mechanisms xmlns='" NS_XMPP "xmpp-sasl'>";
 			packet += "<mechanism>EXTERNAL</mechanism>";
 			packet += "</mechanisms>";

world/net/jabber/server.c

@@ -490,6 +490,7 @@ open_stream(XMLNode node) {
 #if __EFUN_DEFINED__(tls_available)
 		if (tls_available() && tls_query_connection_state(ME) > 0
 			&& mappingp(certinfo) && certinfo[0] == 0
+			// why do we use the old one here?
 			&& certificate_check_jabbername(0, certinfo)) {
 		    features += "<mechanism>EXTERNAL</mechanism>";
 		}