diff options
| author | Stu Tomlinson <nosnilmot@pidgin.im> | 2007-12-23 18:36:09 +0000 |
|---|---|---|
| committer | Stu Tomlinson <nosnilmot@pidgin.im> | 2007-12-23 18:36:09 +0000 |
| commit | 99e439055335120402f3a9990040babc272687ec (patch) | |
| tree | c21409ede452a6633f13145c757d8bc4f30ac8f7 /libpurple | |
| parent | e75d945da133f9cba7a058fd14afefbbb4927d6f (diff) | |
| download | pidgin-99e439055335120402f3a9990040babc272687ec.tar.gz | |
If a peer certificate does not match our cached cert, do not auto reject it!
- it's quite possible the certificate was renewed! This fixes the problems
caused by jabber.org renewing their SSL certificate yesterday. Workaround
for mortals is to remove the cached peer certificate, either from Tools->Certificates
or by deleting ~/.purple/certificates/x509/tls_peers/jabber.org
Diffstat (limited to 'libpurple')
| -rw-r--r-- | libpurple/certificate.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/libpurple/certificate.c b/libpurple/certificate.c index 12a667612b..bbfb605491 100644 --- a/libpurple/certificate.c +++ b/libpurple/certificate.c @@ -1228,6 +1228,9 @@ x509_tls_cached_peer_cert_changed(PurpleCertificateVerificationRequest *vrq) } static void +x509_tls_cached_unknown_peer(PurpleCertificateVerificationRequest *vrq); + +static void x509_tls_cached_cert_in_cache(PurpleCertificateVerificationRequest *vrq) { /* TODO: Looking this up by name over and over is expensive. @@ -1268,8 +1271,8 @@ x509_tls_cached_cert_in_cache(PurpleCertificateVerificationRequest *vrq) } else { purple_debug_info("certificate/x509/tls_cached", "Peer cert did NOT match cached\n"); - /* vrq now becomes the problem of cert_changed */ - x509_tls_cached_peer_cert_changed(vrq); + /* vrq now becomes the problem of the user */ + x509_tls_cached_unknown_peer(vrq); } purple_certificate_destroy(cached_crt); |